June 15, 2023
General privacy policy
Responsible bodies within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (DSGVO), are:
NEXUS AG, Irmastrasse 1, 78166 Donaueschingen, Germany
NEXUS / ASTRAIA GmbH, Adalperostrasse 80, 85737 Ismaning, Germany
NEXUS / CLOUD IT GmbH, Irmastrasse 1, 78166 Donaueschingen, Germany
NEXUS Deutschland GmbH, Irmastrasse 1, 78166 Donaueschingen, Germany
NEXUS / DIGITAL PATHOLOGY GmbH, Irmastrasse 1, 78166 Donaueschingen, Germany
NEXUS Digitale Dokumentationssysteme Projektentwicklungsges.m.b.H., Güpferlingstr. 29, 1170 Vienna, Austria
NEXUS / DIS GmbH, Hanauer Landstr. 293, 60314 Frankfurt am Main, Germany
NEXUS / E&L GmbH, Hugo-Junkers-Strasse 13, 90411 Nümberg, Germany
NEXUS / IPS GmbH, Irmastrasse 1, 78166 Donaueschingen, Germany
NEXUS Medizinsoftware und Systeme AG, Kantonsstrasse 3, 6246 Altishofen, Switzerland
NEXUS / QM GmbH, Alusingen-Platz 1, 78224 Singen, Germany
NEXUS / REHA GmbH, Irmastrasse 1, 78166 Donaueschingen, Germany
NEXUS Schweiz AG, Kantonsstrasse 3, 6246 Altishofen, Switzerland
NEXUS SWISSLAB GmbH, Sachsendamm 2-7, 10829 Berlin, Germany
GePaDo - Software solutions for genetics - GmbH, Wartburgstrasse 46, 01309 Dresden, Germany
ifms GmbH, Sulzbachstrasse 39-41, 66111 Saarbrücken, Germany
With this data protection declaration, we would like to inform you which personal data we process as Nexus AG and the companies of the NEXUS Group. We inform you about the type, purpose and scope of the processing. This data protection declaration applies to all processing of personal data carried out by us within the scope of the services we provide, our websites (including, for example, external online presences such as social media profiles) and our websites.
Legal basis
The relevant legal basis is the European General Data Protection Regulation (GDPR), which is used as the legal basis for our processing. In addition, there are national data protection regulations and special laws that we use as a legal basis. We refer you to the legal basis used at the relevant points in this data protection declaration.
Security
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.
IP address shortening
If it is possible for us to do so or if it is not necessary to store the IP address, we will shorten your IP address or have it shortened.
SSL / TLS encryption/ https
To protect the transmission of confidential content, we use SSL or TLS encryption via HTTPS (prefix https:// in the address bar of your browser) on our website. This means that data you exchange with our website cannot be viewed by third parties.
Transmission of personal data
In the course of our processing, it may happen that data is transferred to other bodies within Nexus AG, other companies within the Nexus group of companies, legally independent organisations or persons, such as IT service providers or providers of services which are integrated into our website.
A transfer to recipients within or outside the NEXUS group of companies is also processing and is therefore always subject to a permissibility requirement through a legal basis. This applies to processing in Germany, the EU or in a third country outside the EU. If data is transferred, this is done in accordance with the legal requirements and we point out these legal bases to you at the appropriate point.
Irrespective of consents or legally or contractually required transfers, we only process data in third countries with a recognised level of data protection or appropriate guarantees are applied; in addition, where necessary, further measures are taken to safeguard the processing operations. We will point this out to you at the appropriate place.
Purposes of data processing by the controller and third parties
We process your personal data only for the purposes stated in this data protection declaration, which we explain to you at the appropriate point. We do not transfer your personal data to third parties for purposes other than those stated. We only pass on your personal data to third parties if:
· you have given your express consent to this,
· the processing is necessary for the performance of a contract with you,
· processing is necessary for compliance with a legal obligation,
· the processing is necessary to protect legitimate interests, and
· there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed.
Deletion and blocking of data
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for so long:
· as necessary to achieve the purposes stated herein,
· until consent to processing is withdrawn,
· as regulated by the storage periods provided for by law,
· or other permissions cease to apply.
After fulfilment of the respective purpose or expiry of these periods, the corresponding data will be deleted. If other legally permissible purposes prevent deletion, processing is limited to these purposes. This means that the data is blocked, e.g. data that must be retained for reasons of commercial or tax law.
Your data protection rights
You have the following rights:
· Information about your data stored with us and how it is processed,
· Correction of incorrect personal data,
· deletion of your data stored with us,
· restriction of data processing,
· objection to the processing of your data by us and
· Data portability, provided you have consented to the data processing or have concluded a contract with us.
Data Protection Officer
NEXUS AG
Data Protection Officer
Heiner-Fleischmann-Str. 9
D-74172 Neckarsulm
E-mail: datenschutz@nexus-ag.de
Updating the privacy policy
We regularly adapt our data protection declaration as soon as there are changes to the processing carried out by us or the relevant legal requirements change. We ask that you regularly inform yourself about the content of our data protection declaration.
NEXUS Jira Servicedesk und Online-Portal Confluence
The following notices provide an overview of how we process your personal data when you use our service desk/online portal and relates solely to this.
General information
Responsible body
Nexus Deutschland GmbH, Irmastrasse 1, 78166 Donaueschingen
Data Protection Officer
If you have any questions about data protection, please send us an e-mail:
datenschutz@nexus-ag.de
Data subjects' rights
You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.
To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.
Nature and purpose of the processing
The data in the NEXUS Jira service desk and online portal Confluence are used exclusively to process your service requests via our service desk and to communicate with you in this regard, to provide you with further information via our online portal in this context or to ensure the fault-free operation of the software platform.
For the operation of the website and for our services, various techniques and processing are necessary which are described in detail below.
Cookies
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's machine. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
SSL- / TLS encryption
To protect the transmission of confidential content, our website uses SSL or TLS encryption via HTTPS. This means that data you exchange with our website cannot be viewed by third parties.
Categories of personal data
The following categories of personal data are processed in the NEXUS Jira Service Desk and Confluence online portal
Contact details
- Email address of the NEXUS Jira service desk and online portal Confluence
- the last name of the person concerned, and
- the official contact information, email address, telephone number, department and address of the organisations.
Logging data
Every ticket request goes through this email address of the system. In addition ticket
- Time of day
- session ID and IP address
are stored.
If you enter personal data in the ticket text, this will also be saved. If you add an attachment to the ticket, this will also be saved. Please take this into account when communicating with our service desk. Always check whether the personal data is really absolutely necessary and anonymise it if not.
Legal basis
The legal basis for the processing of your personal data in the ticket system and the online portal is as follows:
- Art. 6 par. 1 lit. b DSGVO - the service contract concluded with the customer.
- Art. 6 par. 1 lit. a DSGVO - consent to the use of the service cookie.
- Art. 76 BDSG - logging for the secure operation of the application
Data collection
We collect your data
- directly from you, by providing it to us
- by third parties, such as your employer
- or automatically by our IT system when you visit our website. This is mainly technical data, such as IP addresses.
Recipient categories
Internal
Your data will be processed internally in our Service Desk department.
External
The service desk and the online portal are operated in the Nexus data centre. For this purpose, the data controller commissions the IT service provider from the Nexus group of companies with the hosting of the service desk and online portal software in the course of order processing in accordance with Art. 28 DSGVO. The data is only passed on for the specified purposes.
Order processor:
NEXUS Cloud GmbH, Irmastrasse 1, 78166 Donaueschingen.
Your data will not be passed on to any other recipients.
Third parties
There is no transfer to third parties.
Retention and deletion periods
We delete your personal data after the purpose has been fulfilled.
-
Retention period: 10 years after the ticket is closed, it is deleted.
Video conferencing applications | Microsoft Teams
General information
When you communicate with us via a video conferencing application such as Microsoft Teams, we process your data or information. This information may be personal data. The following notices provide an overview of how we process your personal data.
You can use Microsoft Teams if you have been provided with the relevant meeting ID and, if applicable, other access data for the meeting and join it via the Teams app. It is also possible to join a meeting without the Teams app. Teams can also be used via a browser version, which you can find on the Microsoft Teams website: https://www.microsoft.com/de-de/microsoft-365/microsoft-teams/group-chat-software.
In a Teams meeting, you also have the option to participate as a guest. In this case, you do not have to give your name. You can also use a pseudonym. Please note the compatibility of your browser: https://docs.microsoft.com/de-de/microsoftteams/unsupported-brow
Responsible body
See list of responsible bodies at the top of the page.
Please note additionally for Microsoft Teams:
When you access the Microsoft Teams website, the Microsoft Teams provider is the data controller. Responsible party:
Microsoft Corporation
One Microsoft Way Redmond
WA 98052-6399 USA
However, accessing the website is only necessary to download the software for using Microsoft Teams. The Microsoft Teams privacy notice can be found here:
Support-and-privacy-policy-of-microsoft-teams. https://support.microsoft.com/de-de/office/support-und-datenschutzbestimmungen-f%c3%bcr-die-kostenlose-version-von-microsoft-teams-9116c829-c8fa-4822-96a3-1e89b2911ba5?ui=de-de&rs=de-de&ad=de
Data Protection Officer
If you have any questions about data protection, please send us an e-mail:
datenschutz@nexus-ag.de
If you have any questions about the data protection of our service provider for Microsoft Teams, you can reach the Microsoft EU Data Protection Officer at the following contact.
Microsoft Place
South County Business Park, Leopardstown
Dublin 18, Ireland.
Telephone: +353 1 706 3117
Data subjects' rights
You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if necessary, to object to processing or to exercise your right of complaint with the competent supervisory authority.
To exercise your right, please contact our data protection officer as indicated above.
Nature and purpose of the processing
The data in the NEXUS Jira service desk and online portal Confluence are used exclusively to process your service requests via our service desk and to communicate with you in this regard, to provide you with further information via our online portal in this context or to ensure the fault-free operation of the software platform.
For the operation of the website and for our services, various techniques and processing are necessary which are described in detail below.
Nature and purpose of the processing
We use the "Microsoft Teams" video conferencing application for the purpose of conducting conference calls, online meetings, video conferences and/or webinars.
In the Microsoft stream cloud storage In our Microsoft Teams Admin Center, we have disabled allowing cloud recordings by default. Meeting content (including chats) is also not logged or recorded, these features are disabled by default.
To participate in a meeting, you can also use a pseudonym.
You can make use of the option to share your screen. In this case, users will become aware of the data and content you share via your screen.
You can use the option to set background effects, e.g. to hide your private environment.
Team data is encrypted during transmission. This includes message files (audio, video, etc.), meetings, chat messages and other content. Microsoft uses standard technologies to do this. You can find more information about the security of Microsoft Teams here https://docs.microsoft.com/de-de/microsoftteams/teams-security-guide
Categories of personal data
When you use Microsoft Teams, various types of data are processed. The scope of the data depends largely on the information you provide before or during participation in an online meeting. When using Microsoft Teams, data of the communication participants is processed and stored on the servers of the third-party provider used, insofar as it is data required for the communication process.
Relevant personal data categories may include in particular:
User data: Display name ("Display Name"), optionally, if applicable, e-mail address, profile picture, preferred language, master data (e.g. name, address), if applicable, pseudonyms, contact data (e.g. e-mail address, telephone number),
Content data: (e.g. text entries, photographs, videos), meta and communication data (e.g. device information, IP addresses).
Metadata: Date, time, meeting ID, phone numbers, location.
Legal basis
If personal data is processed by employees of Nexus Cloud IT GmbH (or affiliated companies), the following applies
· Section 26 para. 1 BDSG
is the legal basis for data processing. If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, performance or termination of the employment relationship, in the use of Microsoft Teams.
· Art. 6 para. 1 lit. f) DSGVO
is the legal basis for the data processing. Our interest lies in simplifying internal communication, processing enquiries, increasing efficiency and promoting cross-company or cross-location cooperation. There are no interests worthy of protection of a data subject that would conflict with the introduction/use of such a service.
Furthermore, the legal basis for data processing when conducting online meetings is
· Art. 6 para. 1 lit. b) DSGVO
insofar as the meetings are held within the framework of contractual relationships.
In some cases, we also process your data on the basis of consent pursuant to
· Art. 6 para. 1 lit. a) DSGVO.
This happens when the use of teams is initiated by you or when you voluntarily provide us with data that is not required for the implementation of the online service (optional information).
Data collection
The data is collected directly from you or provided by your employer.
Recipient categories
Personal data processed in connection with the use of teams will not be disclosed to third parties if it is not intended for disclosure. Often, the content of a meeting, for example, is used to communicate information to (potential) customers or third parties. The Microsoft Teams service provider necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with Microsoft Teams.
Data processing in third country
Microsoft Teams is a service provided by a service provider in the USA. Personal data may therefore also be processed in a third country. This may result in risks for users, as it may, for example, be more difficult to enforce the rights of the data subject. We have concluded an order processing agreement with the provider that complies with the requirements of Art. 28 DSGVO.
Order processor:
Microsoft Corporation
One Microsoft Way Redmond
WA 98052-6399 USA
There is no adequacy decision of the EU Commission for the transfer to the third country. The transfer takes place on the basis of Art. 46 DSGVO. We have concluded an order processing agreement with the service provider in accordance with Art. 28 DSGVO.
The transfer of data to a third country only takes place when the requirements of Art. 44 et seq. DSGVO are fulfilled. The present transfer of data to the USA takes place on the basis of standard data protection clauses, as well as the amended contractual conditions after the Schrems II ruling by Microsoft. In addition, Microsoft guarantees a claim for damages for the data subject of unlawful processing, the information of the data subject if Microsoft is obliged to hand over data by government orders, as well as the obligation of Microsoft to take legal action against the official orders to hand over the data.
Retention and deletion periods
The data will be deleted immediately after the purpose has been fulfilled. A purpose may exist if the data is still needed, for example, to fulfil contractual services, to enforce legal claims or to comply with legal obligations (e.g. retention periods).
If the data is deleted by the user, Microsoft will ensure that all copies of the personal data are deleted within 30 days.
If the use of Tams is terminated by the responsible entity, the relevant personal data will be deleted between 90 and 180 days after the service is discontinued. Further information can be found here: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy
Reference to a right to object to and revoke processing
The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit. a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.
If possible, please send the objection by e-mail to: datenschutz@nexus-ag.de
Data subjects' rights
As a data subject of a data processing of your personal data within the meaning of the EU General Data Protection Regulation (GDPR), you have the following rights.
- If personal data is collected directly from you, you must be informed of the processing at that time (Art. 13 GDPR).
- If your personal data are collected indirectly, you must be informed of this processing within one month, at the time of the first communication to you or at the time of disclosure. (Art. 14 GDPR)
- If your personal data are processed, you have the right to obtain information about the data stored about you (Art. 15 DSGVO).
- If inaccurate personal data is processed, you have the right to rectification and to be informed about the rectification or deletion of collected data (Art. 16 DSGVO).
- You can request the deletion (Art. 17 DSGVO) or restriction (Art. 18 DSGVO) of processing at any time.
- If your personal data are lawfully processed for legitimate interest, you may object to the processing at any time, with effect for the future (Art. 21 DSGVO).
- If your personal data are lawfully processed on the basis of your consent, you have the right to revoke this at any time with effect for the future (Art. 7 DSGVO).
- If you have consented to the data processing or a contract for data processing exists and the data processing is carried out with the help of automated procedures, you may have the right to data portability (Art. 20 GDPR).
- In the case of automated data processing concerning you - including profiling - you have the right not to be subject exclusively to the decision based on it if it produces legal effects or similar significant adverse effects against you. (Art. 22 DSGVO)
- Furthermore, you have the right to lodge a complaint with the competent supervisory authority**) (Art. 12 para. (4))
Explanation of your rights
If you make use of your above-mentioned rights, the data controller will check whether the legal requirements for this are met. For example, it will check whether other laws, such as retention obligations, might prevent the deletion of personal data. This check is always necessary and usually takes a certain amount of time. The check includes, for example, in the case of an objection in accordance with Article 21 (1) of the GDPR, a weighing up of your and our interests, or whether restrictions to the aforementioned rights may result from specialist legal standards for individual processing activities.
You can exercise your rights at any time by contacting the responsible office (-> link responsible offices NEXUS). In order to exercise your rights, please contact the controller or the data protection officer datenschutz@nexus-ag.de.
You can file a complaint with the competent supervisory authority at any time. The competent supervisory authority is the one responsible for the head office of the responsible body.
Website
General information
When you visit our website, information is processed using a wide variety of techniques. This information may be personal data. The following notice provides an overview of how we process your personal data when you visit our website and relates solely to that.
Responsible body
Nexus AG, Irmastrasse 1, 78166 Donaueschingen
Data Protection Officer
If you have any questions about data protection, please send us an e-mail: datenschutz@nexus-ag.de
Data subjects' rights
You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.
To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.
Nature and purpose of the processing
Our website provides you with information about NEXUS AG and the companies of the Nexus Group. When you visit us on our website, we process various personal data described in detail below. We use this data exclusively to be able to provide you with further information about our website in this context, to ensure the error-free operation of the software platform or for statistical purposes.
Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.
Server log files
The web space provider collects data on every access to the offer. The provider uses the information only for statistical evaluations for the purpose of the operation, security and optimisation of the offer. However, the provider reserves the right to subsequently check the log data if there is a justified suspicion of unlawful use due to concrete indications.
This data is not merged with other data sources.
Registration on this website
You can register on our website to use certain functions. The transmitted data is used exclusively for the purpose of using the respective offer or service. Mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.
In the event of important changes, for example for technical reasons, we will inform you by e-mail. The e-mail will be sent to the address given during registration.
Contact
Contacting us by e-mail/ contact form/ telephone
If you contact us by e-mail or telephone, the personal data you send us will be stored. We also have a contact form on our website that you can use to contact us. It is not possible to process your request without processing your personal data. The processing of personal data is solely for the purpose of dealing with your enquiry.
Newsletter
To send our newsletter, we need an e-mail address from you. Verification of the e-mail address provided is necessary and you must consent to receiving the newsletter. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
Google Analytics
Our website uses functions of the web analysis service Google Analytics.
Google Analytics uses cookies (see here) for recognition purposes, which are stored on your end device and enable an analysis of website usage. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. The server is usually located in the USA.
IP anonymisation
We use Google Analytics in conjunction with the IP anonymisation function. It ensures that Google truncates your IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before transmitting it to the USA. There may be exceptional cases where Google transfers the full IP address to a server in the USA and truncates it there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by Google Analytics is not merged with other Google data.
Social Media
We operate publicly accessible profiles on social networks. Social networks such as Facebook, Xing, etc. can comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. advertising banners). Visiting our social media presences may trigger processing operations relevant to data protection. On our websites, we only place social media in the form of direct links to our profiles of the respective social media presence. We use our social media presences as a separate information channel alongside our website and do not use any techniques to integrate them into our website offering.
If you visit our social media presence and are logged into your social media account, the operator of the social media portal can assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.
Please also note that we are not able to track all processing procedures on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
https://twitter.com/de/privacy
https://privacy.xing.com/de/datenschutzerklaerung
https://www.linkedin.com/legal/privacy-policy
We provide a separate privacy policy for our social media offerings.
Categories of personal data
The following categories of personal data are processed through our websites.
Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.
Server Logfiles
The access data include: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Contact
Contact email/ contact form/
Contact details: Email address, IP address, timestamp As well as, if applicable, if you wish to voluntarily inform us Title, first name, surname, organisation, function, street, postcode, town, telephone,
General information: Information entered in the free text field
Newsletter
Contact details: Email address
Google Analytics
During your visit to the website, the following data is recorded, among other things:
· Pages viewed
· Orders incl. the turnover and the products ordered
· The achievement of "website goals" (e.g. contact requests and newsletter sign-ups)
· Your behaviour on the pages (for example, clicks, scrolling behaviour and dwell time)
· Your approximate location (country and city)
· Your IP address (in shortened form, so that no clear allocation is possible)
· Technical information such as browser, internet provider, terminal device and screen resolution
· Source of origin of your visit (i.e. via which website or advertising material you came to us)
Social Media
We provide a separate privacy policy for our social media offerings.
Legal basis for the processing
The legal basis for the processing of your personal data on our website is as follows.
Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.
Server Logfiles
Art. 6 para. 1 lit. b DSGVO - fulfilment of a contract or pre-contractual measures
Registration on the website
Art. 6 para. 1 lit. a DSGVO - Consent
Kontakt
Kontaktaufnahme E-Mail/ Kontaktformular/
Art. 6 Abs. 1 Lit. a DSGVO – Einwilligung
Contact
Contact e-mail / contact form/
Art. 6 para. 1 lit. a DSGVO - Consent
Newsletter
Art. 6 para. 1 lit. a DSGVO – Consent
Google Analytics
Art. 6 para. 1 lit. a DSGVO - Consent
Social Media
We provide a separate privacy policy for our social media offerings.
Data collection
We collect your data
· directly from you by providing it to us
· or automatically by our IT system when you visit our website. This is primarily technical data, such as IP addresses.
Recipient categories
Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.
Server-Logfiles
Your data will be passed on to our hoster 1and1. This takes place within the framework of order processing in accordance with Art. 28 DSGVO.
Contractor: 1und1
1&1 Telecommunication SE
Address:
Elgendorfer Str. 57
56410 Montabaur
Your data will be processed exclusively for the named purpose and, if necessary, on behalf of the contractor, but will not be passed on to other recipients.
Contact
E- mail contact requests/ contact form
As a rule, your requests will be processed at Nexus AG. This also takes place within the framework of commissioned processing in accordance with Art. 28 DSGVO, the respective responsible office from the Nexus group of companies. In the case of enquiries that can only be answered by the respective specialist department of the Nexus group of companies, these will be forwarded to the respective responsible office.
The technical infrastructure for sending emails is provided by our Nexus technology in NEXUS Cloud IT GmbH. This takes place within the framework of order processing according to Art. 28 DSGVO.
Client: All responsible parties
Your data will be processed exclusively for the named purpose and, if applicable, on behalf of the client, but will not be passed on to other recipients.
Newsletter
Your data will be processed by Nexus AG. We use Newsletter2go as a tool for sending the newsletter. This takes place within the scope of an order processing according to Art. 28 DSGVO.
Contractor: Newsletter2go
SendinblueGmbH
Köpenicker Street 126
10179 Berlin
Your data will be processed exclusively for the named purpose and, if necessary, on behalf of the contractor, but will not be passed on to other recipients.
Google Analytics
Your data will be processed by Nexus AG. Your data will then be passed on to Google. This takes place within the framework of commissioned processing in accordance with Art. 28 DSGVO.
Contractor: Google
The provider of the web analytics service is Google Inc,
1600 Amphitheatre Parkway,
Mountain View,
CA 94043, USA.
Google submits to the Privacy Shield.
Social Media
We provide a separate privacy policy for our social media offerings.
Retention and deletion periods
Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.
Server Logfiles
The server log files are stored for a maximum of 7 days and then deleted. The data is stored for security reasons, e.g. to be able to clarify cases of misuse. If data must be retained for evidentiary reasons, it is exempt from deletion until the incident has been finally clarified.
Registration on the website
We store the data collected during registration for the period that you are registered on our website. Your data will be deleted if you cancel your registration. Legal retention periods remain unaffected.
Contact
Contact requests/ Contact form
Data transmitted via the contact form will remain with us until your enquiry has been conclusively clarified: Then they will be deleted unless further legal regulations contradict this.
Newsletter
We store the data entered during registration for the period that you are registered to receive our newsletter. In the event of unsubscription, the data entered during registration will be deleted immediately.
Google Analytics
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future website visits.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
Social Media
We provide a separate privacy policy for our social media offerings.
Reference to a right to object to and revoke processing
The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.
Google Analytics
If you do not agree to the collection of your data, you can prevent this by installing the browser add-on to deactivate Google Analytics.
(New) customer acquisition
General information
For (new) customer acquisition, we use various techniques to process information. This information may be personal data. The following information provides an overview of how we process your personal data when we contact you in the context of (new) customer acquisition and refers exclusively to this.
Responsible body
Nexus AG, Irmastrasse 1, 78166 Donaueschingen
Data Protection Officer
If you have any questions about data protection, please send us an e-mail:
datenschutz@nexus-ag.de
Data subjects' rights
You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.
To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.
Nature and purpose of the processing
We use personal data in the context of (new) customer acquisition. We obtain the data from publicly accessible sources, such as company websites. The personal data obtained in this way is used for the purpose of establishing contact and initiating business for campaigns to address new customers and to send information about our services, e.g. in telephone calls or mailings. Our mailings are optimised through tracking. However, only personal information is processed through tracking.
Categories of personal data
Data categories: Name, surname, e-mail address, degree programme
Legal basis
The legal basis for the processing of your personal data for the purpose of
(New) Customer Acquisition and Business Initiation is one of the following
· Art. 6 Para. 1 lit. f) DSGVO - processing for the protection of legitimate interests.
· Art. 6 Para. 1 lit. a) DSGVO – Consent
· Art. 6 Para. 1 lit. b) DSGVO - implementation of (pre-) contractual measures
Data collection
Your data is
- We collect your data from third parties, for example by searching public data sources such as your employer's website.
Recipient categories
Internal
Your data is processed internally in our marketing department.
Externally
We use the service provider Newsletter2Go and our Nexus internal IT service provider NEXUS Cloud IT GmbH to send our mailings. It may happen that our marketing department commissions a marketing department of another company of the NEXUS Group to carry out a campaign for capacity reasons. The responsible party commissions the service provider in the course of order processing according to Article 28 DSGVO with the processing of the campaign, the dispatch of the mailings and the provision of the IT infrastructure.
The transfer only takes place for the stated purposes.
Order processor:
Newsletter2GO
NEXUS / ASTRAIA
NEXUS / EPS
NEXUS / CHILI
NEXUS / E & L
NEXUS / MARABU GmbH
NEXUS / CLOUD IT GmbH, Irmastrasse 1, 78166 Donaueschingen, Germany
Your data will not be passed on to other recipients.
Third parties
There will be no transfer to third parties.
Retention and deletion periods
Contact details for campaigns are not subject to a retention obligation. Your personal data is therefore deleted immediately after the purpose has been fulfilled.
Data will be deleted after a campaign break of more than 17 months.
Reference to a right of objection and revocation against the processing
The data controller processes your data for the above-mentioned purpose. You have your own right of objection and revocation to this processing.
right of objection and revocation, the exercise of which will result in the termination of the purpose. If possible, please send the objection by e-mail to:
datenschutz@nexus-ag.de
If you justifiably object to or revoke the processing, we can include you in our blocking file (permissible according to Art. 21 Para. 3, Art. 17 para. 3 lit. b and Art. 6 para. 1 sentence 1 lit. f DSGVO). Should you also expressly wish for all your data to be deleted along with your objection, then we will also delete your data from the blocking file. This may result in that you may be contacted again in the future if - legally permissible - external data is used. be contacted again in the future.
Video surveillance
General information
When you visit our company premises, we may take pictures and video recordings of people such as employees and visitors at selected locations. This information may involve personal data. The following information provides an overview of how we process your personal data when you visit our company premises and refers exclusively to this.
Responsible body
Here, the list of the responsible bodies that are relevant should be inserted. It may be possible to include them from the responsible parties section, so that the maintenance effort can be reduced.
Data Protection Officer
If you have any questions about privacy, please email us:
datenschutz@nexus-ag.de
Data subjects' rights
You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.
To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.
Nature and purpose of the processing
We make picture and video recordings exclusively
· for the exercise of domiciliary rights,
· for the prevention of criminal offences or for the preservation of evidence in the case of criminal offences,
· for the assertion of legal claims,
to.
The data will only be passed on to third parties if we are legally obliged to do so.
Categories of personal data
When you enter our premises, the following categories of personal data are processed by us.
· Image and video recordings
Legal basis
Because there is a legitimate interest on our part to avert danger in order to ensure the smooth running of operations.[SD1]
· Art. 6 para. 1 lit. f DSGVO - Legitimate interest
Data collection
Recipient categories
Internal
Your data will only be processed by the management.
Externally
For video surveillance, we use the technology of our Nexus Group internal IT service provider. The controller commissions the service provider in the course of a commissioned processing according to Art. 28 DSGVO, with the provision of the IT infrastructure necessary for video surveillance.
The transfer only takes place for the specified purposes.
Order processor:
NEXUS Cloud GmbH, Irmastrasse 1, 78166 Donaueschingen.
Your data will not be passed on to other recipients.
Third parties
There is no transfer to third parties.
Retention and deletion periods
The data is deleted immediately after the purpose has been fulfilled and at the latest 72 hours after it has been collected.
Reference to a right of objection and revocation against processing
The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.
If possible, please send your objection by e-mail to: datenschutz@nexus-ag.de
Social Media
General information
When you visit our social media sites, information is processed using a wide variety of techniques. This information may be personal data. The following notice provides an overview of how we process your personal data when you visit our social media sites and relates solely to that.
Responsible body
Nexus AG, Irmastrasse 1, 78166 Donaueschingen, Germany.
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit.
Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Facebook Inc, Menlo Park, California, United States
XING AG, Dammtorstrasse 29–32, 20354 Hamburg, Germany
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
Youtube
Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland
Data Protection Officer
If you have any questions about data protection, please send us an e-mail:
datenschutz@nexus-ag.de
For details on how they handle your personal data, please see the privacy policy https://twitter.com/de/privacy
Details on how they handle your personal data can be found in the privacy policy https://de-de.facebook.com/policy.php
Details on how they handle your personal data can be found in the data protection declaration https://privacy.xing.com/de/datenschutzerklaerung
Linked in
For details on how they handle your personal data, please refer to the privacy policy https://www.linkedin.com/legal/privacy-policy
Youtube
For details on how they handle your personal data, please refer to the privacy policy https://policies.google.com/privacy?hl=de
Data subjects' rights
You have the right to obtain information about the nature, origin, recipient and purpose of the processing of your personal data free of charge at any time, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right to lodge a complaint with the competent supervisory authority.
In principle, you can assert your rights both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
To exercise your right against us, simply send an e-mail to datenschutz@nexus-ag.de.
Nature and purpose of the processing
A social media presence is an important element of our communication policy. We use our social media presence to be able to establish direct communication and interaction with you via other channels. Furthermore, we want you to be able to inform yourself about our products and services in an uncomplicated and up-to-date manner.
Legal basis of the processing
The legal basis for the processing of your personal data on our social media sites is as follows.
- Art. 6 para. 1 lit. f) EU-DSGVO - Legitimate Interest
- Art. 6 para. 1 lit a) DSGVO
For further processing operations, such as the detailed analysis of behaviour on the social media portals, also in connection with your personal registration there, are the responsibility of the providers of the social media providers themselves. Please obtain information about the types of data processed, the legal basis for these processing operations and their purposes from the providers themselves.
Data collection
We collect your data
· directly from you by providing it to us
· or automatically by the IT system of the provider of the social media platform when you visit the website.
Retention and deletion periods
Reference to a right of objection and revocation against the processing
The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.
In principle, data remain stored as long as they are necessary for the purpose of the service.
LinkedIn uses advertising cookies. If you would like to deactivate LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Contact form
We collect personal data if you voluntarily provide it when contacting us (e.g. via contact form or e-mail). Which data is collected can be seen from the respective input forms. We use the data you provide to process your enquiry. After complete processing of your enquiry, your data will be deleted after expiry of the legal retention periods, unless you have expressly consented to further use of your data.
Online events
General information
In order to conduct online events, we use various techniques to process information. This information may be personal data. The following notices provide an overview of, and relate solely to, how we process your personal data when we contact you as part of an online event.
Responsible body
Nexus AG, Irmastrasse 1, 78166 Donaueschingen
Data Protection Officer
If you have any questions about data protection, please send us an e-mail:
datenschutz@nexus-ag.de
Data subjects' rights
You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.
To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.
Nature and purpose of the processing
We use personal data within the framework of the implementation of online events. We receive the data directly from you during registration. The data is used for the purpose of contacting you within the framework of our online event.
Categories of personal data
Contact details
· Name
· Business e-mail address
· Company, function
Legal basis
The legal basis for the processing of your personal data in the context of the implementation of online events is the following
· Art. 6 para. 1 lit. a) DSGVO - Consent
Data collection
Your data is
· collected by us directly from you.
Recipient categories
Internal
Your data is processed internally in our marketing department.
Externally
We use the service provider Ticketareo to organise our online events. The responsible body commissions the service provider in the course of order processing in accordance with Art. 28 DSGVO.
Your data will not be passed on to any other recipients.
Third parties
There is no transfer to third parties.
Retention and deletion periods
Contact data for our online events are not subject to any retention obligation. Your personal data will therefore be deleted immediately after the purpose has been fulfilled. Data will be deleted after 17 months.
Reference to a right of withdrawal against processing
The data controller processes your data for the above-mentioned purpose. You have your own right of revocation against this processing, the exercise of which leads to the termination of the processing for this purpose. If possible, please send the revocation by e-mail to: datenschutz@nexus-ag.de
If you justifiably revoke the processing, we can include you in our blocking file (permissible according to Art. 21 para. 3, Art. 17 para. 3 lit. b and Art. 6 para. 1 sentence 1 lit. f DSGVO). If you expressly wish to have all your data deleted when you revoke your consent, we will also delete your data from the blocking file. This may mean that you can be contacted again in the future if - legally permissible - third-party data is used.
Face-to-face events
General information
In order to conduct face-to-face events, we use various techniques to process information. This information may be personal data. The following information provides an overview of how we process your personal data in the context of holding a face-to-face event and refers exclusively to the following.
Responsible body
Nexus AG, Irmastrasse 1, 78166 Donaueschingen
Data Protection Officer
If you have any questions about data protection, please send us an e-mail:
datenschutz@nexus-ag.de
Data subjects' rights
You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if necessary, to object to processing or to exercise your right of complaint with the responsible supervisory authority.
To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.
Nature and purpose of the processing
We use personal data in the context of holding classroom events. We receive the data directly from you, e.g. during registration. The data is processed for the purpose of preparing, conducting and following up on face-to-face events.
Categories of personal data
Contact details
· Name
· Salutation
· Business e-mail address
· Company, function
· photos*
· videos*
* Optional information
Legal basis
The legal basis for the processing of your personal data within the framework of the implementation of online events is the following
· Art. 6 para. 1 lit. a) DSGVO - Consent
· Art. 6 para. 1 lit. f) DSGVO - Legitimate interest
Data collection
Your data is
· collected by us directly from you.
Recipient categories
Internal
Your data is processed internally in our marketing department.
Externally
We use the service provider Ticketareo to organise our presence events. The data controller commissions the service provider in the course of commissioned processing in accordance with Art. 28 DSGVO.
Third parties
Photos and videos for social media (see Privacy Policy Social Media)
Retention and deletion periods
Contact data for our presence events are not subject to any retention obligation. We therefore delete your personal data immediately after the purpose has been fulfilled.
Data for social media remain stored as long as they are necessary for the purpose of the service, see Privacy Policy Social Media.
Reference to a right of withdrawal against processing
The data controller processes your data for the above-mentioned purpose. You have your own right of revocation against this processing, the exercise of which leads to the termination of the processing for this purpose. If possible, please send the revocation by e-mail to: datenschutz@nexus-ag.de
Please also note the enforceability of data subject rights against social media providers see Privacy Policy Social Media.
NEXUS / ACADEMY / Learning Management System
General information
NEXUS / ACADEMY is a learning platform that provides learning paths for in-company training. The learning platform is offered as software as a service. Various techniques are used to process information. This information may include personal data. The following information provides an overview of how we process your personal data in the context of NEXUS / ACADEMY and relates exclusively to this.
Responsible body
Nexus Deutschland GmbH, Irmastraße 1, 78166 Donaueschingen
Data Protection Officer
If you have any questions about data protection, please contact the contact named in the section "General data protection declaration -> Data protection officer".
Data subjects' rights
To exercise your rights, please contact the contact named in the chapter "General data protection declaration -> Data protection officer"
For further information on your rights, please refer to the chapter "General data protection declaration -> Your rights as a data subject"
Information on the right to object to and withdraw consent to processing
The controller processes your data for the above-mentioned purpose. The legal basis for this is Art. 6 para. 1 lit. a) or f) GDPR. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose. Please address your objection/revocation to our data protection officer. You can find the contact details in section "1.5 Data protection officer"
For further information on our service providers, please refer to their privacy policies. You will find a reference in section "5.2 Responsible body"
Nature and purpose of the processing
Your data will be processed for the purpose of preparing, conducting and following up on training courses in order to provide learning paths for in-company online training.
Categories of personal data
The following categories of personal data are processed.
Master data:
- Personal data (salutation, title, name, surname, e-mail address, learning outcomes)
- Partner data (salutation, title, name, surname, e-mail address, learning outcomes)
- Customer data (salutation, title, name, surname, e-mail address, learning outcomes)
Legal basis
Your data is processed on the basis of
- Art. 6 para. 1 lit. a) GDPR - Consent
- Art. 6 para. 1 lit. b) GDPR - fulfillment of a contract
- Art. 6 para. 1 lit. f) GDPR - Legitimate interest
processed.
The controller has a legitimate interest in
- Employees who are informed about current developments in the target markets, our own products or those of our partners,
- employee development to ensure personal and operational success.
Data collection
We collect your data
- directly from you,
- or these were collected by our clients and transmitted to us for order fulfillment.
Recipient categories
Your data will be processed internally in our training department.
Other categories of recipients are
- Online service provider
We use a service provider to provide the online platform for our training content. The controller commissions the service provider as part of order processing in accordance with Art. 28 GDPR.
imc information multimedia communication AG
Scheer Tower Uni-Campus Nord
D-66123 Saarbrücken
Retention and deletion periods
Your personal data will be deleted immediately after the purpose has been fulfilled. If you no longer participate in the NEXUS / Academy, your data will be automatically deleted after one month.