DATA PROTECTION NOTICE IN ACCORDANCE WITH ARTICLES 13 AND 21 GDPR FOR THE WEBSEITE OF NAI BAAN
1. In general
NAI BAAN take the protection of your personal data as well as the legal obligation to protect them very seriously. The statutory provisions require full transparency regarding the processing of personal data. Only if the processing is comprehensible for you, as a data subject, you are adequately informed about purpose, objectives and extent of the processing. Therefore, privacy statement explains in detail which so-called personal data (for definition see 2.1) are being processed by us for the use of the website www.nai-baan.com and for the use of all other internet sites which refer to it (for definition see 2.2).
In accordance with Article 4 (7), responsible for the purposes of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) as well as other data protection regulations are
hereafter referred to as ‚responsible company‘ or ‚we‘.
The obligation to order a data protection officer does not exist.
Please note that via links on our website you may get to other internet sites which are not operated by us but by third parties. Such links are either clearly marked by us or are identifiable by the change of your browser’s address line. We are not responsible for the observation of data protection provisions and the safe handling of your personal data on these websites operated by third parties.
2.1 From GDPR
This data protection notice uses the terms of the GDPR legal text. You may see the definitions (Art. 4 of GDPR) e.g. on https://dejure.org/gesetze/DSGVO/4.html.
Cookies are text files which are brought from a website to your terminal device and are stored or read out from there. They contain combinations of letters and numbers with the purpose to recognize the users and their settings in case of a reconnection with the cookie placing website and to enable the user to remain logged in a customer account or to statistically analyze a certain user’s behavior.
3. General Information on Data Processing
We process personal data only as far as it is permitted by law. The transmission of personal data takes only place in the cases described below (see 4.).
The personal data are deleted or protected by technical and organizational measures (e.g. pseudonymization, encryption) as soon as the purpose of processing does not apply. This takes also place when a storage obligation expires, unless the further storage of personal data is required for the conclusion or the performance of a contract.
Provided that we are not legally bound to store data for a longer period or pass them on to third parties (in particular law enforcement authorities), the decision which personal data we collect, for how long they are being saved and to which extent you possibly need to disclose them depends on the functions of the website you use in the individual case.
4. Data Processing in Connection with the Use of the Website
The use of the website and its functions requires the processing of certain personal data regularly.
4.1 Informational Use of the Website
If you log on to our website and use it for information purposes only, i.e., without the use of additional functions like contact form or social media plugins, we collect automatically personal data. These are the following information: IP address of your terminal device as well as day and time of your retrieval of the website. This information is transmitted by your browser, unless you have configured it in a way that the transmission of information is suppressed.
Processing of these personal data is done for the functionality and optimization of the website as well as to ensure the safety of our information technology systems. This is where at the same time lies our legitimate interest, for what reason processing according to Article 6(1)(f) is allowed.
Personal data are stored for a period of 4 weeks. We do not merge these personal data with other data sources. There is no data transfer to third parties. A transmission to a third country or an international organization is not intended.
4.2 Google Analytics
Google Analytics is used for the purpose of economic optimization and needs-based design of our website. This is a legitimate interest within the meaning of Article 6(1)(f) of GDPR. Moreover, we concluded a contract regarding the order management process with Google and we fully implement the strict regulations of the German data protection authorities on using Google Analytics. The data transfer to the USA takes place according to the Commission Implementing Decision (EU) 2016/1250 (EU-U.S. Privacy Shield).
We identify your IP address to enable its transmission to Google. You are not obliged to provide these personal data, the use of our website is possible without your provision. You may prevent the provision of these personal data by installing the AddOn on https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you may click on this link. Thus a cookie is set which prevents the data transfer to Google.
Please see http://www.google.com/intl/de_ALL/analytics for more information regarding Google Analytics. You will find Google‘s data protection notice on https://www.google.com/policies/privacy/.
4.3 Contacting via E-Mail
If you send us an e-mail the personal data you indicate in the e-mail are being processed by us. This information is transmitted by your browser or e-mail client and stored in our information technology systems. Processing of these personal data is necessary for the answer of your inquiry. In addition, your IP address, day and time of the contact request are stored if you send us an e-mail.
Data processing serves to answer your inquiry.
These processings are lawful since the answer of your inquiry is a legitimate interest in line with Article 6(1)(f) of GDPR.
Personal data are stored as long as it is necessary for the response to your request. If your inquiry results in the conclusion of a contract, personal data are stored as long as they are required for pre-contractual measures or the performance of a contract. After that, personal data are routinely deleted every 4 weeks. We do not merge these personal data with other data sources. There is no data transmission to third parties. A transmission to a third country or an international organization is not intended. You are not obliged to provide these personal data, sending of an e-mail, however, is not possible without your data provision.
4.4 Subscription of a Newsletter
On our website you may subscribe to one of our client’s newsletter. If you do so, the personal data you indicated on occasion of the registration are transferred to us by your browser and stored in our information technology systems. Furthermore, your IP address and the time of registration are also stored.
Processing of the personal data entered by you serves for the personal design and shipment of the newsletter. This processing is lawful, since you gave us your permission according to Article 6(1)(f) of GDPR. The storage of IP address and time of registration has the purpose to guarantee the safety of our information technology systems. This is where at the same time lies our legitimate interest why processing according to Article 6(1)(f) is allowed.
The personal data you entered are stored until your subscription is canceled. The IP address of the registration will be stored for a period of 4 weeks. We do not merge these personal data with other data sources. There is no data transmission to third parties. A transmission to a third country or an international organization is not intended. You are not obliged to provide these personal data, the subscription to our newsletter, however, is not possible without your data provision.
5. Rights of Data Subjects
As a data subject you have the right to obtain information according to Article 15 of GDPR, the right of revocation according to Article 16 of GDPR, the right to request the cancelation according to Article 17 of GDPR, the right to limit processing according to Article 18 of GDPR as well as the right of data portability according to Article 20 of GDPR. The limitations according to §§ 34, 35 of BDSG (German Federal Data Protection Act) apply for information right and cancelation right. In addition, there is a right of complaint before a data protection authority (Article 77 of GDPR in connection with § 19 of BDSG).
6. Automated Decisions in Individual Cases Including Profiling
Automated decisions in individual cases including profiling are not made.
7. Reporting Obligations of Responsible Persons
We inform all recipients the personal data of whom were disclosed about each adjustment or cancelation of their personal data or a limitation of processing according to Articles 16, 17(1) and 18 of GDPR, unless it is impossible to inform them or the information would be associated with disproportionate time and effort.
We inform you about the recipients on your request.
8. Right of Objection
At any time you have the right to object the processing of the personal data related to you which takes place according to Article 6(1)(e) or (f) of GDPR for reasons which result from your particular situation. If personal data are processed for purposes of direct advertising, you have the right to object at any time the processing of personal data related to you and used for purposes of such advertising.
9. Right of Revocation of the Consent to Processing Personal Data
According to Article 7(3)(4) of GDPR you have the right to revoke your consent at any time. The legality of data processing due to the consent until the revocation is not affected. Therefore, the revocation applies only for the planned processing after the revocation. The revocation can be made informal by mail or e-mail. If you enter a revocation your personal data are not processed any longer, unless another (legal) basis allows it. If, however, a revocation is entered and there are no other permissions, according to Article 17(2)(b) of GDPR your personal data need to be deleted immediately on your request. The revocation can be made formless and should be addressed to: