neusta data intelligence GmbH
We take the protection and security of your personal data very seriously and collect, process, store and use your personal data exclusively in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the data protection laws in the Federal Republic of Germany.
In order for you to have the best possible control over your data, we would like to inform you with our data protection declaration which personal data we collect when you use our website “www.neusta-di.de” (hereinafter referred to as “website”), how we use this data and which rights and design options you have.
Personal data is any information relating to identified or identifiable natural persons, e.g. first name, last name, email address.
2. COLLECTION, PROCESSING, STORAGE AND USE OF YOUR DATA
2.1. COLLECTION, PROCESSING, STORAGE AND USE OF YOUR DATA WHEN USING OUR WEBSITE
2.1.1. LOG DATA WHEN CALLING UP OUR WEBSITE
Our website is available to everyone without prior registration. For technical reasons, your internet browser or mobile device automatically transmits the following data to our web server when you access our website:
- IP address of your device,
- Date and time of access,
- URL of the requesting web page,
- Http response code,
- Name of the retrieved file,
- Amount of data sent,
- Browser type and version, and
- Operating system of your device.
This data is stored by our web server in log files. This data is not stored together with other personal data.
The legal basis for the storage of this data is Art. 6 para. 1 lit. f DSGVO.
We use this data to enable the use of our website and its technical administration, to ensure the security of our information technology systems, to prevent the misuse of our website and to optimize our website. These purposes are the legitimate interests pursued by us with the data processing pursuant to Art. 6 (1) lit. f DSGVO.
The data will be deleted by us as soon as they are no longer required to achieve the purpose for which they were collected. In the case of storage of data in log files, the data will be deleted after seven days at the latest. Storage of log data beyond this period is possible, provided that the IP address of your device is deleted or alienated in such a way that it is no longer possible to assign the IP address to you.
We use only technically necessary cookies to identify your web session. This is necessary to enable navigation through our web pages. The legal basis for processing your data using cookies is Art. 6 (1) lit. f DSGVO.
2.2. COLLECTION, PROCESSING, STORAGE AND USE OF YOUR DATA WHEN CONTACTING US
2.2.1. CONTACT VIA EMAIL
Electronic contact is possible via our email address firstname.lastname@example.org. In this case, your personal data transmitted by email will be stored by us.
The legal basis for the processing of your personal data, which you transmit to us in the context of electronic contact via email, is Art. 6 para. 1 lit. f DSGVO. If the electronic contact via email aims at the conclusion of a contract with us, the legal basis for the processing of your personal data is also Art. 6 (1) lit. b DSGVO.
We use your data to process your request and to contact you. These purposes are the legitimate interests pursued by us with the data processing according to Art. 6 (1) lit. f DSGVO.
Your data will be deleted by us – unless contractual or legal obligations prevent deletion – as soon as they are no longer required to achieve the aforementioned purposes; this is the case when the facts underlying your electronic contact have been fully clarified. If you conclude a contract with us as a result of your electronic contact, your data will only be deleted when it is no longer required for the fulfillment of the contract or the implementation of pre-contractual measures. We point out that a necessity to store your data may exist even after the fulfillment of the contract in order to comply with contractual or legal obligations.
You can object to the use of your personal data at any time without incurring any costs other than the transmission costs. In such a case, your data stored in the context of electronic contact will be deleted; the processing of your request cannot be continued. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, a (premature) deletion of your data is only possible insofar as contractual or legal obligations do not prevent a deletion.
2.2.2. LOG DATA WHEN CONTACTING USE
When you access our website, the data pursuant to section 2.1. of this data protection declaration is also automatically collected and stored.
3. DISCLOSURE OF PERSONAL DATA
3.1 Your personal data will not be passed on, sold or otherwise transferred to third parties unless this is necessary for the purpose of fulfilling a contract. Otherwise, we will only pass on your personal data to third parties within the framework of a legal permit or on the basis of your consent, which can be revoked at any time for the future, and only to the extent necessary to fulfill our contractual obligations.
3.2 Our service partners (e.g. hosting service providers) require your personal data and process it exclusively on our behalf within the framework of order processing, which is expressly provided for in accordance with Art. 28 (3) DSGVO.
3.3 We will only transfer your personal data to state institutions or authorities if we are obliged to do so by law.
Responsible for the processing of your personal data is:
neusta data intelligence GmbH
We have appointed as data protection officer
Herrn Günther Ewald
Telefon: +49 421 / 207500
6. LOCATION OF YOUR DATA / DATA SECURITY
6.1 Our servers and data centers are located at Microsoft Azure in Western Europe, where data processing also takes place.
6.2 As a rule, we process your personal data within the European Union. However, we also use the services of some third-party providers. If these third party providers are located in areas where a level of data protection equivalent to that applicable within the European Union is not granted, we take all necessary steps to ensure that your personal data is adequately protected. We achieve this either by entering into data protection agreements or by ensuring that the third-party providers are certified to appropriate security standards (e.g., the EU-US Privacy Shield).
6.3 We take various physical, technical, organizational and administrative security measures to protect the privacy of your data to the appropriate extent depending on the sensitivity of the data.
6.4 We use SSL encryption on our website for security reasons, especially to protect your personal data. You can recognize the encrypted connection by the lock symbol in the address bar of your browser, among other things.
7. YOUR RIGHTS
7.1. RIGHT TO INFORMATION
7.1.1 You are entitled to request information from us at any time and free of charge as to whether personal data relating to you is being processed by us. If this is the case, you have the right to be informed about this personal data as well as the following information:
- the purposes for which the personal data concerning you are processed;
- the categories of personal data processed;;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if this is not possible, the criteria for determining the storage period;
- the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by us as controller, and a right to object to processing;
- the existence of a right of appeal to a supervisory authority;
- any available information about the origin of the data, if the personal data is not collected from you;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the DSGVO and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You are also entitled to request information from us as to whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed by us about the appropriate safeguards pursuant to Art. 46 DSGVO.
7.1.2 For the protection of your data, we reserve the right to request proof of identity.
7.1.3 We may provide the information required by data protection law in a standard electronic format.
7.2. RIGHT TO RECTIFICATION
You also have the right to demand that we correct inaccurate personal data. Furthermore, you have the right – taking into account the purposes of the processing of your personal data – to request us to complete incomplete personal data.
7.3. RIGHT TO RESTRICTION OF PROCESSING
7.3.1 You have the right to request us to restrict the processing of your personal data if one of the following conditions is met:
- if you dispute the accuracy of the personal data concerning you, for a period of time which allows us to verify the accuracy of the personal data;
- if the processing is unlawful and you object to the erasure of the personal data concerning you and request instead the restriction of the use of the personal data
- we no longer need the personal data concerning you for the purposes of the processing, but you need it for the assertion, exercise or defense of legal claims
- you have objected to the processing pursuant to Article 21 (1) DSGVO and it has not yet been determined whether our legitimate reasons outweigh yours.
7.3.2 If the processing of your personal data has been restricted, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
7.3.3. If you have obtained a restriction on the processing of your personal data, we will inform you before the restriction is lifted.
7.4. RIGHT TO ERASURE (“RIGHT TO BE FORGOTTEN”)
7.4.1 You have the right to request that we delete your personal data without delay if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
- You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO and there is no other legal basis for the processing;
- You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO;
- The personal data concerning you have been processed unlawfully;
- The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which we are subject;
- The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the DSGVO.
7.4.2 If we have made personal data public and we are obliged to erase it pursuant to Article 17(1) of the DSGVO, we shall take reasonable measures, including technical measures, taking into account the available technology and the costs of implementation, to inform data controllers who process your personal data that you have requested us to erase all links to your personal data or copies or replications of your personal data.
7.4.3 The right to erasure of your personal data does not exist to the extent that the processing is necessary
- for the exercise of the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) DSGVO, insofar as the right to erasure is likely to render impossible or seriously prejudice the achievement of the purposes of such processing;
- for the assertion, exercise or defense of legal claims.
7.4.4 If you have exercised your right to rectify, erase or restrict the processing of your personal data, we are obliged to inform all recipients to whom your personal data have been disclosed of the rectification, erasure or restriction of the processing of your personal data, unless this proves impossible or involves a disproportionate effort. You have the right to be informed by us about the recipients of your personal data.
7.5. RIGHT TO DATA PORTABILITY
7.5.1 You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data – without hindrance from us – to another controller, provided that
- the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and
- the processing is carried out with the help of automated procedures.
7.5.2 In exercising your right to data portability, you also have the right to have your personal data transferred directly from us to another controller – without hindrance from us – insofar as this is technically feasible. The freedoms and rights of others must not be affected by this.
7.5.3. the right to data portability does not apply to processing of your personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
7.6. RIGHT OF OBJECTION
7.6.1 You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
7.6.2 We will no longer process your personal data after your objection, unless we can demonstrate compelling legitimate grounds for the further processing of your personal data that override your interests, rights and freedoms, or the further processing of your personal data serves the assertion, exercise or defense of legal claims.
7.7. RIGHT TO REVOKE DATA PROTECTION CONSENT
You have the right to revoke your data protection law consents at any time. Your revocation will not affect the lawfulness of the processing of your personal data carried out on the basis of your consent until revocation.
7.8. RIGHT OF COMPLAINT
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the provisions of the DSGVO. The supervisory authority to which you have submitted your complaint will inform you about the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.
Version: Dezember 2018