Data Protection Statement
I. Controller; data protection officer
As defined by the General Data Protection Regulation and other national data protection laws of Member States as well as other legal provisions on data protection, the controller is:
NEXOC GmbH
Siemensstr. 9
D-85221 Dachau
Germany
Telephone: +49 8131 5695-650
Fax: +49 8131 5695-659
Email:
The controller's data protection officer can be reached by email at as well as under the following postal address:
CB ADDATA GmbH
Christian Bößl
Reitmeierfeld 23
94099 Ruhstorf a.d. Rott, Germany
Phone: +49 8531 978 447 0
II. General information on data processing
1. Scope of processing personal data
We principally process our users' personal data only as far as this is required for providing a functioning website as well as for our contents and services. Processing the personal data of our users is regularly effected only following consent by the user. Exceptions apply in those cases in which it is not possible to obtain any prior consent due to factual grounds and in which the processing of data is permitted by statutory provisions.
2. Legal basis for processing personal data
As far as we obtain consent from the data subject for processing operations concerning personal data, the legal basis for it is laid down in Article 6 paragraph 1 sentence 1 point (a) of the European Union's General Data Protection Regulation (GDPR).
For processing personal data required for the performance of a contract whose contracting party is the data subject, the legal basis for it is laid down in Article 6 paragraph 1 sentence 1 point (b) GDPR. This also applies for processing operations which are required for the implementation of pre-contractual measures.
As far as the processing of personal data is required for meeting a legal obligation our enterprise is subjected to, the legal basis for it is laid down in Article 6 paragraph 1 sentence 1 point (c) GDPR.
In the event that vital interests of the data subject or of another natural person require the processing of personal data, the legal basis for it is laid down in Article 6 paragraph 1 sentence 1 point (d) GDPR.
If processing is required to safeguard a legitimate interest by our enterprise or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first mentioned interest, the legal basis for it is laid down in Article 6 paragraph 1 sentence 1 point (f) GDPR.
3. Erasure of data and storage period
The personal data of the data subject are erased or made unavailable as soon as the purpose of storage no longer applies. Moreover, storage may be effected if this has been provided for by the European or national legislator in Union law regulations, laws or other provisions which the controller is subjected to. Data are also erased or made unavailable if a storage period expires which had been specified by the indicated standards, unless the necessity of further storage of the data exists for any contract conclusion or contract performance.
4. Data protection for job applications and during application processing
We collect and process the personal data of job applicants for the purpose of processing applications. This processing may be performed electronically, in particular if an applicant has transmitted his or her application documents electronically, for example by email. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the relevant statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted automatically six months after the rejection of the application provided the affected person has not agreed to a longer period of retention and there no other legitimate interests of the controller that may conflict with the deletion. Such a legitimate reason would be, for example, providing evidence in legal proceedings related to the General Act on Equal Treatment (AGG).
III. Provision of the website and creation of log files
1. Description and scope of data processing
Every time our internet site is accessed, our system automatically records data and information from the accessing computer system.
The following data are collected in this case:
- User's browser type/version;
- User's operating system;
- IP-address/internet service provider of the user;
- Date/time of day of access;
- Websites from which the user's system gets to our internet site;
- Websites which are accessed by the user's system via our website.
The data are stored in our system log files. There is no storage effected of these data together with other personal data of the user.
2. Legal basis for data processing
The legal basis for temporary storage of data and log files is laid down in Article 6 paragraph 1 sentence 1 point (f) GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. To this end, the user's IP address must remain stored for the duration of the session.
Storage in log files is effected to ensure the website's functionality. Moreover, the data help us optimise the website and ensure the security of our IT systems. In this context, there will be no analysis of data for marketing purposes.
These purposes also establish our legitimate interest in data processing in accordance with Article 6 paragraph 1 sentence 1 point (f) GDPR.
4. Period of storage
Data are erased once they are no longer required for achieving the purpose of their collection. In the event of data collection for provision of the website, this will be the case when the respective session is terminated.
In the event of data storage in log files, this will be the case after seven days at the latest. Any further storage in excess thereof is possible. In that case, the users' IP addresses are erased or altered so that it is no longer possible to allocate the accessing client.
5. Possibility of objection and elimination
Collection of data for providing the website and the storage of data in log files is absolutely essential for the operation of the internet site. Accordingly, no possibility of objection exists on the user's part.
IV. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files stored to the user's computer system in the internet browser or by the internet browser. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters enabling a clear identification of the browser when the website is accessed again.
The users' data thus collected are pseudonymised by means of technical measures. Accordingly, it is no longer possible to allocate the data to the accessing user. The data are not stored together with other personal data of the users.
Upon access to our website, users will be informed, by an info banner, about the use of cookies for purposes of analysis and they are referred to this Data Protection Statement.
This website uses the following types of cookies whose scope and function are explained in the following:
Transient cookies
Transient cookies are automatically erased when you close the browser. These include especially the session cookies. They save a so-called session ID by means of which different inquiries by your browser may be allocated to the joint session. Your computer may thus be recognized when you return to our website. Session cookies are erased when you log out or close the browser.
Persistent cookies
Persistent cookies are automatically erased after a preset period of time which may differ depending on the cookie. You may erase the cookies at any time in your browser's security settings.
2. Legal basis for data processing
The legal basis for processing personal data with the use of cookies is laid down in Article 6 paragraph 1 sentence 1 point (f) GDPR.
3. Purpose of data processing
We are using cookies to make our website more user-friendly. Some elements of our internet site require, in particular, that the accessing browser can be identified even after a page change.
4. Period of storage; possibility of objection and elimination
Cookies are stored on the user's computer and transmitted by it to our site. Accordingly, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you may deactivate or restrict the transmission of cookies. Cookies stored already may be erased at any time. This may also be done in an automated manner if you specify the maximum storage period in your browser settings. If cookies for our website are deactivated, it is possible that not all functions of the website can be fully used.
The following links help you to provide the settings for the rejection or acceptance of cookies in the most frequently used browsers:
- Internet Explorer / Windows Edge: http://windows.microsoft.com/de-de/windows-vista/block-or-allow-cookies
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
- Safari: https://support.apple.com/kb/ph21411?locale=de_DE
- Opera: http://help.opera.com/Windows/10.20/de/cookies.html
Where we use cookies for statistical or marketing purposes, we will do so only with your consent (Section 6 (1)(a) GDPR).
V. Online shop
1. Order
1.1 Description and scope of data processing
1.1.1 Data collection upon registration
If you want to place an order, you have the option of creating a customer account or using an existing customer account for this. When a customer account is created, the data entered into the appropriate input screen are transmitted to us and stored. No online registration is possible without filling out the fields designated as mandatory data. Furthermore, we store the user's IP address as well as the date and time of day of access. By sending off the digital application form, you initiate the setup of a personalised, code word protected customer account.
1.1.2 Data collection following registration
After the registration has been effected, your personal customer number will be assigned and stored. Additionally, your purchases will be stored (date, item, item number, quantity, price, currency, type of transaction).
1.2 Legal basis for data processing
With your registration, you consent to the processing of your data which is why the legal basis of such data processing is Article 6 paragraph 1 sentence 1 point (a) GDPR.
1.3 Purpose of data processing
With your customer account, you may conveniently use your stored data for additional orders without the need to enter the data repeatedly. Furthermore, you may look at the data of your already concluded orders and your open or also any recently sent orders; you may also correct/manage the data you had specified within the scope of your registration.
1.4 Period of storage
Data are erased once they are no longer required for achieving the purpose of their collection. This is the case for the data collected during the registration process if the registration on our internet site is cancelled or modified.
1.5 Right to withdraw; elimination claim
As a user, you may erase your account at any time or modify the data stored about yourself. This may be done via the customer area on our website, by email to or by a message (e.g. fax or letter) to the contact data indicated in I. of this Statement.
2. Data transmission regarding contract handling
In order to process your order, we are collaborating with the service provider(s) indicated below who support us wholly or in parts regarding the performance of contracts concluded. In accordance with the following information, certain personal data are transmitted to these service providers. Within the scope of payment processing, we forward your payment data to the mandated bank if this is required for payment processing. If payment service providers are used, we will explicitly advise you thereof below. Within the scope of contract handling, we will pass on the personal data collected by us to the transport company commissioned with the delivery – as far as this is required for the delivery of goods. The legal basis for passing on the data in this case is Article 6 paragraph 1 sentence 1 point (b) GDPR.
2.1 Payment transactions; PayPal
Payment transactions via common means of payment are exclusively effected via an encrypted SSL or TLS connection.
On our website we offer you, inter alia, to make payments via PayPal. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
If you select to make payment via PayPal, the payment data you had entered will be transmitted to PayPal.
Transmission of your data to PayPal is effected on the basis of Article 6 paragraph 1 sentence 1 point (a) GDPR (consent) and Article 6 paragraph 1 sentence 1 point (b) GDPR (processing for the performance of a contract).
Additional information regarding data protection laws can be found in the data protection statement by PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
You are able to withdraw, at any time, your consent to data processing or object to the data processing. An objection has no effect on the validity of data processing operations in the past.
2.2 Dispatch service provider
The delivery of our goods to you is effected by the dispatch service provider selected or specified in the ordering process.
We will pass on your email address to the dispatch service provider prior to the delivery of the goods for the purpose of coordinating a delivery date or for a notification of delivery in accordance with Article 6 paragraph 1 sentence 1 point (a) GDPR if you had explicitly consented to this in the ordering process. Otherwise, we only pass on the recipient's name and the delivery address to the dispatch service provider for the purpose of delivery – in accordance with Article 6 paragraph 1 sentence 1 point (b) GDPR. Such transfer is only effected if required for the delivery of goods. In that case, it is not possible to provide for any prior coordination of the delivery date with the dispatch service provider or for a notification of delivery.
Consent may be revoked, at any time, effective for the future vis-à-vis the above designated controller or vis-à-vis the dispatch service provider. An objection has no effect on the validity of data processing operations in the past.
VI. Product recommendations for similar goods; direct marketing by letter
1. Product recommendations for similar goods
1.1 Description and scope of data processing
In addition to our use for contract handling, we also use your email address – which you specified in connection with the purchase of goods or services – for the purpose of informing you regularly by way of direct marketing via email about similar proprietary goods. This is irrespective of whether you registered for the newsletter or not.
1.2 Legal basis for processing
Article 7 paragraph 3 of the Law against Unfair Competition (UWG) is the legal basis for sending product recommendation emails as the result of the sale of goods or services.
1.3 Purpose of data processing
Collecting the users' email address serves the purpose of sending the product recommendation emails.
1.4 Period of storage
Data are erased once they are no longer required for achieving the purpose of their collection.
1.5 Right of objection and elimination
You may object, at any time, to the use of your email address for sending you product information – without incurring for this any costs other than the transmission costs according to the basic rates. You may state your objection by clicking on the link provided in every product recommendation email or by email to .
2. Direct marketing by letter
2.1 Description and scope of data processing
We will use the postal address (in addition to your name) you provided in connection with the purchase of goods or services to regularly inform you in the form of letters by way of direct marketing (e.g. to send you interesting offers and information regarding our products).
2.2 Legal basis for processing
The legal basis for direct marketing by letter in this case is Article 6 paragraph 1 sentence 1 point (f) GDPR.
2.3 Purpose of data processing
The collection of your name and your address also serves to provide you with direct marketing by letter. In accordance with recital (47) of the GDPR, processing personal data for the purpose of direct marketing may be considered processing serving a legitimate interest. It is to be taken especially into account in this context that a customer relationship exists between yourself and us by reason of your purchase and that we thus have a legitimate interest to inform you in the future about any current offers.
2.4 Period of storage
Data are erased once they are no longer required for achieving the purpose of their collection.
2.5 Right to object
You may object, at any time, to this form of direct marketing by letter. You may state your objection by email to or by a message (e.g. fax or letter) to the contact data indicated in I. of this Statement.
VII. Forms and email contact
1. Description and scope of data processing
Upon your contact with us by means of a form on our website or by email, the data which you advised (your email address and possibly other data which you indicated) are transmitted to us and stored by us. In this context, there is no transmission of data to third parties. The data are exclusively used for processing the conversation.
2. Legal basis for data processing
If the user's consent is available, the legal basis for processing the data in this case is Article 6 paragraph 1 sentence 1 point (a) GDPR.
The legal basis for processing the data transmitted within the course of making contact is also laid down in Article 6 paragraph 1 sentence 1 point (f) GDPR.
If making contact is aimed at the conclusion of a contract, an additional legal basis for processing is laid down in Article 6 paragraph 1 sentence 1 point (b) GDPR.
3. Purpose of data processing
Processing personal data from the input screen is solely used for processing the making of contact. The other personal data processed during the sending operation of the completed form serve to prevent any misuse of the contact form.
4. Period of storage
After storage is no longer necessary, we will erase the data resulting in this context, or we restrict processing if there are statutory retention obligations.
5. Possibility of objection and elimination
The user may withdraw, at any time, his or her consent to the processing of personal data or object to the storage of his or her personal data. In that case, all personal data are erased which had been stored in the course of having made contact.
VIII. Web analysis tool, Google Analytics
1. Scope of processing personal data
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies" – text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transferred to a Google server in the U.S.A. and stored there. In case of the activated IP anonymisation on this website, however, your IP address is beforehand truncated by Google within the Member States of the European Union or in other contracting states which are party to the Agreement on the European Economic Area. The full IP address is transferred only in exceptional cases to a Google server in the U.S. and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports about website activities and provide further services to the website operator which are connected with the website and internet use.
The IP address transmitted from your browser within the scope of Google Analytics will not be merged with other data by Google.
This website uses Google Analytics with the extension "_anonymizeIp()". IP addresses are thereby processed in a truncated manner; any referencing to persons can thus be excluded. As far as there is any personal reference regarding the data collected about you, such reference will thus be immediately excluded and the personal data accordingly promptly erased.
2. Legal basis for processing personal data
The legal basis for processing the users' personal data is laid down in Article 6 paragraph 1 sentence 1 point (f) GDPR.
3. Purpose of data processing
We are using Google Analytics to be able to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our online presence and develop it to make it more interesting for you as the user. For the exceptional cases in which personal data are transmitted to the U.S.A., Google subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4. Period of storage
The data are erased as soon as they are no longer required for our recording purposes. At Google Analytics, this is the case after 14 months.
5. Possibility of objection and elimination
5.1 Browser setting
You may prevent storage of the cookies by a corresponding setting of your browser software; please be advised, however, that you might possibly not be able to use the complete functions of this website to their full extent.
5.2 Browser AddOn
Moreover, you may prevent any recording of the data (including your IP address) generated by the cookie and with reference to your use of the website to Google as well as processing the data by Google such that you download and install the browser AddOn available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
5.3 Opt-out cookie
Alternatively to the browser plugin or in browsers on mobile devices, please click on the following link to set an opt-out cookie which prevents, in the future, any recording by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain; if you erase your cookies in this browser, you have to click again on this link): deactivate Google Analytics
6. Information from third party provider
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 1 4361001
User terms and conditions: http://www.google.com/analytics/terms/de.html,
Overview regarding data protection: http://www.google.com/intl/de/analytics/learn/privacy.html,
Data protection statement: http://www.google.de/intl/de/policies/privacy.
7. Analysis across multiple devices
This website additionally uses Google Analytics for an analysis – across multiple devices – of visitors' flows, the analysis being performed via a user-ID. In your customer account – under "My data", "personal data" – you can deactivate your use analysis across multiple devices.
8. Demographic characteristics
This website uses the function "demographic characteristics" of Google Analytics. Reports may thus be prepared which include statements on the age, gender and interests of the visitors to the website. Such data come from interest-specific advertisements by Google as well as from visitor data by third party providers. Such data cannot be assigned to any specific person. You may deactivate this function, at any time, via the advertisement settings in your Google account, or you may generally prohibit the collection of your data by Google Analytics as presented in the item "Objection to data collection".
9. Use of the Google Tag Manager
Our website uses the Google Tag Manager from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation. This application manages JavaScript tags and HTML tags which are used in particular to implement tracking and analysis tools. The data processing serves to facilitate the needs-based design and optimisation of our website. The Google Tag Manager itself neither stores cookies nor processes personal data. It does, however, enable the triggering of further tags which may collect and process personal data. You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/intl/de/tagmanager/use-policy.html
IX. Plug-ins and tools
1. Google fonts
1.1 On this website, we are using the offer of Google Fonts for a uniform presentation of typefaces provided by Google. This is used for an attractive display of our internet presence and constitutes a legitimate interest within the meaning of Article 6 paragraph 1 sentence 1 point (f) GDPR.
1.2 Due to your visit to the website, Google receives the information that you accessed the corresponding page of our website. Also, the data specified under III. of this Statement are transmitted. This is done irrespective of whether Google provides a user account which you are logged into, or whether there is no user account. If you are logged in with Google, your data are allocated directly to your account. If you do not want any allocation of your profile with Google, you have to log out before activating the button. Google saves your data as user profiles and uses them for purposes of advertisement, market research and/or the demand-driven design of its website. Such an evaluation is especially effected (even for users not logged in) to provide demand-oriented advertisement and to inform other users of the social network about your activities on our website. You have a right to object to the development of such user profiles; to exercise this right, you must address Google.
1.3 In the provider's data protection statements you will obtain further information regarding the purpose and extent of the collection of data and their processing by the provider. There, you will also obtain further information on your pertinent rights and settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the U.S.A. and subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
2. YouTube
2.1 We included YouTube videos in our online offer which are stored on http://www.YouTube.com and directly playable from our website.
2.2 Due to your visit to the website, YouTube receives the information that you accessed the corresponding page of our website. Also, the data specified under III. of this Statement are transmitted. This is done irrespective of whether YouTube provides a user account which you are logged into, or whether there is no user account. If you are logged in with Google, your data are allocated directly to your account. If you do not want any allocation of your profile with YouTube, you have to log out before activating the button. YouTube saves your data as user profiles and uses them for purposes of advertisement, market research and/or the demand-driven design of its website. Such an evaluation is especially effected (even for users not logged in) to provide demand-oriented advertisement and to inform other users of the social network about your activities on our website. You have a right to object to the development of such user profiles; to exercise this right, you must address YouTube.
2.3 In the Data Protection Statement you will obtain further information regarding the purpose and extent of the collection of data and their processing by YouTube. There, you will also obtain further information on your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the U.S.A. and subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
X. Social media buttons
Our website uses social media buttons of social networks. This serves to safeguard our predominantly legitimate interests – within the scope of weighing up interests – in the optimum marketing of our range of offers in accordance with Article 6 paragraph 1 sentence 1 point (f) GDPR. In order to increase the protection of your data when visiting our website, these buttons are not integrated into the website unrestrictedly as plug-ins but by using an HTML link. This inclusion ensures that when a page of our web presence is accessed which includes such buttons, no connection will yet be made with the servers of the provider of the respective social network.
If you click on one of the buttons, a new window of your browser will open up and access the site of the respective service provider where you may use e.g. the like or share button (if necessary after input of your login data).
In the providers' data protection notices, please find information regarding the purpose and extent of the data collection and any further processing and use of the data by the providers on their websites, as well as a possibility for contacts, as well as your pertinent rights and settings options to protect your privacy:
- Facebook Inc., http://www.facebook.com/policy.php
- Google Inc., http://www.google.com/intl/de/+/policy/+1button.html
- YouTube LLC, https://www.youtube.com/intl/de/yt/about/policies/
XI. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:
- Right of access (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to information (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right to withdraw the declaration of consent under data protection laws (Article 7 paragraph 3 GDPR)
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR)