Privacy Policy
We are pleased to see your interest in our enterprise. Data protection holds a significant priority for nanOreg. Utilizing the nanOreg website can occur without revealing personal information. Nonetheless, if a user intends to access specific enterprise services through our website, there may be a need for processing personal data. Should such processing be required without a legal foundation, we will typically seek consent from the individual.Any processing of personal data, including a person's name, address, email, or phone number, will always adhere to the General Data Protection Regulation (GDPR) and the relevant data protection laws applicable to nanOreg. Through this data protection statement, we aim to inform the general public about the type, extent, and purpose of the personal data we gather, utilize, and handle. Additionally, this statement educates data subjects about their entitlements and rights.nanOreg, as the controller, has put in place various technical and organizational safeguards to ensure comprehensive protection of personal data processed on this website. Nevertheless, internet-based data transfers could potentially have vulnerabilities, implying that absolute protection cannot be guaranteed. For this reason, each data subject has the option to transmit personal data through alternative means, such as by phone.
1-Definitions
The data protection statement of nanOreg is constructed upon the terminology established by the European legislator for the enactment of the General Data Protection Regulation (GDPR). Our data protection statement is designed to be comprehensible and accessible to the general public, as well as our customers and business associates. To achieve this, we will begin by elucidating the key terms employed. Within this data protection statement, we utilize the subsequent terms:
a) Personal data Personal data pertains to any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is an individual who can be directly or indirectly identified, particularly through an identifier like a name, an identification number, location data, an online identifier, or through one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data subject A data subject refers to any identified or identifiable natural person, whose personal data is subject to processing by the entity accountable for such processing.
c) Processing Processing denotes any operation or series of operations conducted on personal data or sets of personal data, whether automated or not. These operations encompass activities such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, transmission-based disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
d) Restriction of processing Restriction of processing involves the designation of stored personal data with the intent of constraining their future processing.
e) Profiling Profiling signifies any form of automated processing of personal data that entails the use of said data to assess specific personal aspects associated with a natural person. This may include the analysis or prediction of facets related to the individual's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
f) Pseudonymisation entails processing personal data in a manner that makes it unfeasible to attribute said data to a particular data subject without supplementary information. This additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data remain unattributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing The controller or entity responsible for processing refers to the natural or legal person, public authority, agency, or other body that independently or jointly with others determines the objectives and methods of processing personal data. When the aims and methods of such processing are determined by Union or Member State law, the appointment of the controller or the specific criteria for such appointment may be stipulated by Union or Member State law.
h) Processor A processor designates a natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the controller.
i) Recipient A recipient refers to a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether or not a third party is involved. Nevertheless, public authorities that might receive personal data as part of a particular inquiry in accordance with Union or Member State law will not be considered recipients. Processing of such data by these public authorities should adhere to applicable data protection regulations in line with the purposes of the processing.
j) Third party A third party denotes a natural or legal person, public authority, agency, or entity distinct from the data subject, controller, processor, and individuals authorized by the controller or processor, operating under their direct authority, to process personal data.
k) Consent Consent from a data subject signifies any voluntary, specific, well-informed, and unmistakable indication of the data subject's desires. This is conveyed through an explicit statement or a clear affirmative action, denoting agreement to the processing of personal data concerning the individual.
Cookies
nanOreg's website employs cookies, which are text files stored within a computer system through an Internet browser. Cookies are used on various internet sites and servers. A unique identifier, known as a cookie ID, often resides within cookies. This identifier is composed of a character sequence that enables the correlation of internet pages and servers with the specific internet browser in which the cookie was stored. Such functionality distinguishes the visiting internet browser from others containing different cookies. This differentiation is accomplished through the unique cookie ID.
Through the utilization of cookies, nanOreg enhances the user experience on this website, facilitating user-friendly services that would be otherwise unattainable without cookie functionality. Cookies allow nanOreg to optimize website content and offerings to better suit the user.
As mentioned earlier, cookies enable the recognition of website users, streamlining their interaction with our platform.
Consequently, users utilizing cookies are not required to input access credentials during each website visit, as the website retains this data, with the cookie stored within the user's computer system.
An illustrative example includes an online store's cookie-enabled shopping cart, which maintains a record of items selected by a customer.
Users possess the option to prevent cookie setting on our website by configuring the settings in their Internet browser accordingly. In addition, cookies that have been set can be deleted at any point through an Internet browser or other applicable software programs. These actions can be accomplished using popular Internet browsers. Nevertheless, it's important to note that disabling cookie settings within the Internet browser may potentially affect the complete functionality of our website.
Collection of General Data and Information
Upon the data subject's or an automated system's access to nanOreg's website, a collection of general data and information ensues. These details are subsequently stored in server log files.
The information collected includes:
(1) types and versions of browsers used,
(2) the operating system employed by the accessing system,
(3) the source website from which the accessing system reached nanOreg's website (commonly referred to as "referrers"),
(4) subpages accessed,
(5) date and time of the website access,
(6) the internet protocol (IP) address,
(7) the internet service provider of the accessing system, and
(8) comparable data and information relevant in the event of attacks on nanOreg's information technology systems.
nanOreg does not draw conclusions about individual data subjects through the use of this general data and information. Instead, these details are employed for specific purposes:
(1) ensuring accurate delivery of website content,
(2) optimizing website content and advertising,
(3) maintaining the viability of nanOreg's information technology systems and website technology over time, and
(4) furnishing law enforcement authorities with information for potential criminal prosecution in the event of a cyberattack. As part of its commitment to data protection and security, nanOreg statistically analyzes the collected data and information anonymously, aiming to enhance the safeguarding of data and data security while preserving the utmost protection of personal data. The server log file's anonymous data is kept separate from all personal data provided by a data subject.
Contact Possibility via nanOreg's website provides information enabling swift electronic contact with the enterprise, along with direct communication channels, including a general electronic mail (email) address. Should a data subject reach out to the controller via email or a contact form, the personal data transmitted by the data subject is automatically stored. These personal data are stored voluntarily and are solely employed for the purposes of processing or contacting the data subject.
Importantly, nanOreg refrains from transferring this personal data to third parties.
Routine Erasure and Blocking of Personal Data
The controller processes and retains personal data of data subjects exclusively for the time necessary to fulfill the purpose of storage, as permitted by European legislations, or other applicable laws or regulations.
Should the storage purpose become obsolete, or if a storage duration mandated by European legislator or other competent legislator elapses, the personal data will be routinely blocked or erased in accordance with legal requisites.
Rights of the Data Subject
a) Right of Confirmation
As granted by European legislator, each data subject possesses the right to ascertain whether personal data concerning them is being processed by the controller. If the data subject wishes to exercise this confirmation right, they may contact any nanOreg employee at any time.
b) Right of Access
Each data subject, as authorized by European legislator, has the right to obtain free information from the controller regarding their personal data stored at any time. This also includes obtaining a copy of this information. Additionally, European directives and regulations bestow the data subject access to the following information:
Purpose of processing of personal data involved or recipient categories to whom personal data has been disclosed or will be disclosed, particularly in third countries or international organizations Envisaged period for which personal data will be stored, or if this isn't possible, the criteria employed for determining the duration of the right to request rectification, erasure, or restriction of personal data processing from the controller; the right to object to such processing; the right to lodge a complaint with a supervisory authority. In situations where personal data isn't directly collected from the data subject, any available information about its source of automated decision-making, including profiling, as described in Article 22(1) and (4) of the GDPR, and, in applicable cases, meaningful insights into the logic, significance, and projected effects of this processing for the data subject.
Moreover, the data subject holds the right to be informed whether personal data is being transferred to a third country or international organization. If such is the case, the data subject also holds the right to be informed of the appropriate safeguards pertaining to the data transfer.
To invoke this right of access, the data subject may communicate with any nanOreg employee at their convenience.
c) Right to Rectification
According to European legislator provisions, each data subject is entitled to have inaccurate personal data rectified by the controller, without undue delay. Furthermore, the data subject, considering the processing objectives, has the right to have incomplete personal data completed, possibly through the provision of a supplementary statement.The data subject may exercise this right to rectification by reaching out to any nanOreg employee at any time.
d) Right to Erasure (Right to be Forgotten)
The European legislator grants each data subject the right to prompt erasure of their personal data by the controller when one of the following conditions is met, assuming that processing isn't necessary: Personal data no longer serve the purposes they were collected for Data subject withdraws consent that formed the basis for processing Data subject objects to processing as specified in Article 21(1) of the GDPR, unless compelling legitimate grounds for processing supersede the data subject's interests, rights, and freedoms Personal data was processed unlawfully is necessary to comply with a legal obligation under Union or Member State law personal data was collected in connection with an offer of information society services per Article 8(1) of the GDPR In the event of the above conditions being met, and a data subject wishes to request erasure of personal data stored by nanOreg, they can contact any nanOreg employee, who will promptly ensure that the erasure request is addressed without delay.
In cases where personal data has been made public and is obligated to be erased as per Article 17(1), nanOreg will, taking into consideration available technology and implementation costs, undertake reasonable measures, including technical steps, to notify other controllers processing the personal data. This notification will involve requests for the erasure of any links to, or duplication or replication of, the personal data, as long as such processing isn't obligatory. nanOreg employees will orchestrate these necessary actions on a case-by-case basis.
e) Right to Restriction of Processing
Each data subject, as granted by European legislator provisions, has the right to request from the controller the restriction of personal data processing under certain circumstances:
Accuracy of personal data is contested by the data subject, requiring the controller to verify accuracy is deemed unlawful and the data subject opposes erasure, instead requesting restriction of use no longer requires personal data for processing purposes, yet the data subject necessitates it for legal claims subject objects to processing as stated in Article 21(1) of the GDPR, pending verification whether controller's legitimate grounds supersede those of the data If the above conditions are satisfied and a data subject wishes to request restriction of personal data processing by nanOreg, they may communicate with any nanOreg employee, who will oversee the imposition of the restriction.
f) Right to Data Portability
As stipulated by European legislator, each data subject has the right to receive their personal data, provided to a controller, in a structured, widely used, and machine-readable format. Additionally, the data subject holds the right to transmit this data to another controller without hindrance from the initial controller, provided that processing relies on the data subject's consent or a contractual obligation, and is performed through automated means. This right doesn't impede tasks executed in the public interest or in the exercise of official authority vested in the controller.
In exercising this right to data portability, the data subject may request personal data to be directly transmitted from one controller to another, as long as this doesn't negatively impact the rights and freedoms of others.To avail themselves of the right to data portability, the data subject may contact any nanOreg employee.
g) Right to Object
Each data subject, in compliance with European legislator provisions, possesses the right to object to personal data processing based on their particular situation, specifically when processing relies on Article 6(1)(e) or (f) of the GDPR, including profiling based on these provisions. nanOreg shall cease processing personal data upon such objection, unless the controller can demonstrate compelling legitimate grounds for processing that outweigh the data subject's rights, freedoms, and interests, or if processing is necessary for the establishment, exercise, or defense of legal claims. If nanOreg processes personal data for direct marketing purposes, the data subject retains the right to object to processing of personal data for such marketing at any time. This extends to profiling associated with direct marketing. In case of data subject objection, nanOreg will no longer process personal data for direct marketing purposes.
Furthermore, the data subject has the right, given their specific situation, to object to personal data processing by nanOreg for scientific or historical research purposes, or for statistical purposes according to Article 89(1) of the GDPR, unless processing is essential for tasks carried out in the public interest.
To exercise the right to object, the data subject may contact any nanOreg employee. Additionally, data subjects can exercise this right in relation to the use of information society services, in line with Directive 2002/58/EC, using automated means and technical specifications.
h) Automated Individual Decision-Making, Including Profiling
Each data subject holds the right, as stipulated by European legislator, not to be subject to a decision based solely on automated processing, including profiling, that significantly affects them, unless:
The decision is required for the conclusion or performance of a contract between the data subject and controller or Member State law authorizes the decision and includes suitable measures to safeguard the data subject's rights, freedoms, and legitimate interests, the decision is based on the data subject's explicit consent. When decisions under these criteria are necessary, nanOreg will adopt appropriate measures to protect the data subject's rights and freedoms. This includes ensuring the data subject can seek human intervention, express their perspective, and contest the decision. For issues concerning automated individual decision-making, including profiling, data subjects may contact any nanOreg employee.
i) Right to Withdraw Data Protection Consent
Each data subject holds the right, in line with European legislator provisions, to withdraw their consent for personal data processing at any time. To exercise this right, the data subject may contact any nanOreg employee at their convenience.
3-Data Protection for Applications and Application Procedures
The data controller collects and processes the personal data of applicants for the purpose of managing the application procedure. This processing may also be conducted electronically, especially when applicants submit their application documents via email or through a web form on the website. If the data controller enters into an employment contract with an applicant, the submitted data will be stored to fulfill the obligations of the employment relationship as required by law. If no employment contract is established, application documents will be automatically deleted two months after the applicant is notified of the rejection decision, unless other legitimate interests of the data controller prevail. An example of a legitimate interest could be the need to provide evidence in a procedure under the General Equal Treatment Act (AGG).
4-Data Protection Provisions for Google Analytics (with Anonymization Function)
The data controller has integrated Google Analytics, a web analytics service, into its website. Google Analytics collects data about the behavior of visitors to the website, including information about the source website (referrer), visited sub-pages, and duration of visits. This data is used to optimize the website and assess the effectiveness of Internet advertising.Google Analytics operates under Google Ireland Limited. The data controller employs the "_gat._anonymizeIp" application to anonymize IP addresses when accessed from European Union Member States. Google uses collected data to evaluate website usage, generate online reports, and provide services related to website usage.Google Analytics places a cookie on the user's device, enabling analysis of website usage. Each time a page with the Google Analytics component is accessed, the user's browser sends data to Google. This information is used for online advertising and commission settlement purposes. Personal information such as IP addresses is transmitted to Google. Users can prevent cookie settings via browser configurations, and data collection by Google Analytics can be objected to using a browser add-on available at https://tools.google.com/dlpage/gaoptout.
5-Data Protection Provisions for Google AdWords
Google AdWords, an Internet advertising service, is integrated into the website. Advertisers define keywords to trigger display of their ads in Google search results. AdWords is operated by Google Ireland Limited. AdWords enables targeted ads on third-party websites and provides statistical information.When a user accesses the website via a Google ad, a conversion cookie is set. Google and the data controller can track whether actions like purchases are completed. Conversion data is used to create website visit statistics, analyze AdWords effectiveness, and optimize future ads. Users can prevent cookies and opt out of interest-based ads through settings at www.google.de/settings/ads.
6-Data Protection Provisions for LinkedIn
LinkedIn components are integrated into the website. LinkedIn is a social network for business contacts. When users access the website, the browser may download LinkedIn components, allowing LinkedIn to track users' activities. If users are logged in to LinkedIn while accessing the website, LinkedIn associates their activities with their LinkedIn accounts. Users can prevent this by logging out before visiting the website. LinkedIn's privacy policy and opt-out options are available at https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/cookie-policy.
7-Data Protection Provisions for Matomo
The website uses the Matomo component, an open-source web analysis software tool. Matomo collects and evaluates visitor behavior data for optimizing the website. Matomo sets cookies and analyzes data on the server where it is installed. Users can prevent cookies through browser settings, and opt out using the "Do Not Track" option.Legal Basis for Processing is based on Article 6(1) of the GDPR, including consent, contract fulfillment, legal obligations, vital interests, and legitimate interests.
8-Legitimate Interests
The data controller's legitimate interest is conducting business for the well-being of employees and shareholders.Storage PeriodPersonal data is stored according to statutory retention periods.Provision of Personal DataThe provision of personal data may be required by law, contract, or for contract conclusion. Failure to provide data may result in inability to conclude a contract.
9-Automated Decision-Making
Automated decision-making and profiling are not used.