Privacy Policy according GDPR
Thank you for visiting our website. The protection of your personal data is important to us and we want you to feel secure when visiting our website. We protect your privacy and your personal data. We process your personal data in accordance with the content of this privacy policy and in compliance with the applicable data protection provisions of the General Data Protection Regulation (GDPR) and the other relevant provisions on data protection.
Data protection settings
Here you can revoke your consent or add or deselect individual categories.
Table of contents
- Name and contact details of the controller
- Contact to the data protection officer
- What is personal data?
- Purposes of data processing
- Legal basis for data processing
- Right to object
- Use of our website for information purposes
- Use of our website for other services
- hosting
- Contact with us
- Our newsletter
- Security and safety
- Cookies and similar technologies
- Web analysis
- Social Media
- Other functions and content
- Links to other websites
- Recipients and data transfer
- Data transfer to third countries
- Deletion of your data
- Your rights
- Changes to our privacy policy
- Data protection information according to Art. 13 / Art. 14 GDPR
1. Name and contact details of the controller
NIVUS GmbH, Im Täle 2 in 75031 Eppingen, Germany, as the operator of the website www.nivus.de is the controller within the meaning of the GDPR..
2. contact to the data protection officer
You can contact our data protection officer at datenschutz@nivus.de at any time with any data protection concerns.
3. What is personal data?
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. Purposes of data processing
The scope and type of collection, processing and use of your data differs depending on whether you visit our website merely to retrieve generally available information or to make use of additional services. In principle, we process your personal data as part of our business activities for pre-contractual or contractual purposes. In addition, the exercise of our legitimate interest, your consent or compliance with legal requirements may also be the purpose of data processing by us. We will inform you about the specific purposes of data processing in the following sections.
5. Legal basis for data processing
We process your personal data in accordance with the following legal bases:
- for the fulfilment of pre-contractual or contractual obligations (Art. 6 para. 1 b) GDPR)
- on the basis of your consent (Art. 6 para. 1 a) GDPR)
- in the context of a balancing of interests (Art. 6 para. 1 f) GDPR)
- on the basis of legal requirements (Art. 6 para. 1 c) GDPR)
We will inform you about the specific legal basis for data processing in our respective processing operations
6. right to object
If we process your personal data as part of a balancing of interests due to our overriding legitimate interest (legal basis for data processing is Art. 6 para. 1 f) GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing (with the exception of direct advertising; in this case, we will comply with your objection immediately) if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims. Further rights of data subjects remain unaffected.
7. Use of our website for information purposes
For purely informational use of our website, it is generally not necessary for you to provide personal data. Rather, when you visit our website, we only collect the data that your internet browser automatically transmits to us, such as:
- Referrer (previously visited website)
- Requested website or file
- Browser type and browser version
- Operating system used
- Type of device used
- Date and time of access
- IP address in anonymised form
- other similar data and information used for security purposes in the event of attacks on our information technology systems.
This is usually done through the use of log files. The purpose of the processing is to ensure the functionality and compatibility of our website for technically unproblematic use, including troubleshooting and protection against technical attacks and misuse. The legal basis for this processing is our legitimate interest in accordance with Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the proper operation of our website. The log file data is deleted when it is no longer required for the purpose of processing.
8. use of our website for other services
If you make use of further services of our company via our website, it may be necessary for you to provide personal data for this purpose. The personal data required for the provision of the service can be seen from the respective input screen or application. You can provide further information voluntarily. You can recognise which information is required and which is voluntary by the fact that the mandatory information is marked with an asterisk (*) or with the note "mandatory field". Your data is processed solely for the purpose of providing the service you have requested. The legal basis for the processing of your personal data and the information about when your personal data will be deleted can be found in the description of the specific services.
9. Hosting
We use an external service provider to host our website. The personal data collected on this website is stored on the hoster's servers. The use of the hoster is in the interest of a secure, fast and efficient provision of our website (Art. 6 para. I f) GDPR). Our hoster will only process your data to the extent necessary to fulfil its performance obligations within the scope of our contractual obligations and instructions. We use TelemaxX Telekommunikation GmbH, Amalienbadstr. 41/Bau 61 in 76227 Karlsruhe as our hoster. We have concluded an order processing contract with the hoster in accordance with Art. 28 GDPR.
10. contact us
Contact form
On our website, we offer you the opportunity to contact us using a contact form. The personal data that you provide when contacting us via a contact form will only be processed for the purpose of processing your contact via the contact form. It will only be passed on to third parties if this is necessary for the purpose of processing your contact. The legal basis for this processing is Art. 6 para. 1 b) GDPR. Your personal data will be deleted if it is no longer required to fulfil the purpose for which you contacted us. We would like to point out that your messages may have to be stored within the framework of statutory retention obligations. In this case, the legal basis is Art. 6 para. 1 c) GDPR.
On our website, we offer you the option of contacting us by email. Please note that unencrypted communication by email is insecure. It cannot be ruled out that data transmitted in this way may be read, copied, modified or deleted by unauthorised persons. The personal data that you provide when contacting us via an e-mail enquiry will only be processed for the purpose of processing your e-mail enquiry. It will only be passed on to third parties if this is necessary for the purpose of processing this contact. The legal basis for this processing is Art. 6 para. 1 b) GDPR. Your personal data will be deleted if it is no longer required to fulfil the purpose for which you contacted us. We would like to point out that your messages may have to be stored within the framework of statutory retention obligations. In this case, the legal basis is Art. 6 para. 1 c) GDPR.
11. Newsletter
We use the Inxmail service to send newsletters. The provider is Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany. We have concluded a contract with Inxmail for order data processing and thus implement the data protection requirements. You can find more details in Inxmail's privacy policy at: www.inxmail.de/datenschutz
When you visit our registration page, a direct connection to the service provider's servers is established. Your IP address will be forwarded to the service provider. The legal basis for the processing is Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the professional and efficient organisation of our newsletter.
If you subscribe to our newsletter, the following data will be collected:
- IP address of the accessing computer
- Date and time of registration
- Your e-mail address
- Confirmation that you are the owner of the e-mail address provided and that you agree to receive the newsletter
This data is only collected for the purpose of sending you the newsletter and documenting our authorisation to do so.
Your consent is obtained for the processing of the data as part of the registration process and reference is made to our privacy policy. The legal basis for the processing is Art. 6 para. 1 a) GDPR. The registration process is logged on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) GDPR and serves as proof of consent to receive the newsletter.
You can revoke this consent at any time with effect for the future by unsubscribing from the newsletter; we provide a corresponding link in every newsletter message. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the Inxmail servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail address) remain unaffected by this.
12. security
We have taken technical and organisational measures to protect our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons. In particular, the personal data you provide in the contact form is transmitted in encrypted form. We use the TLS 1.3 (Transport Layer Security) coding system.
13. Cookies and comparable technologies
We use cookies or similar technologies for various purposes, e.g. to ensure the functionality, security and convenience of online services and to analyse visitor flows.
Cookies are small text files that are stored on your computer when you visit our website. Comparable technologies are so-called web storage technologies (also called "local data" and "local storage"); data is stored locally in the memory of your browser ("cache"). In the following, we summarise cookies and comparable technologies under the term "cookie" for reasons of better readability.
We use cookies in accordance with the statutory provisions. We therefore obtain prior consent from users, unless this is not required by law.
If users consent, the legal basis for the processing of their data is the declared consent in accordance with Art. 6 para. 1 a) GDPR. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use. Further information on the individual cookies or comparable technologies and their purpose can be found in our privacy settings.
Consent is not required in particular if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service they have expressly requested (i.e. our online offering). In these cases, the legal basis for processing your data is the fulfilment of our contractual obligations in accordance with Art. 6 Para. 1 b) GDPR, compliance with legal obligations in accordance with Art. 6 Para. 1 c) GDPR or our legitimate interest (e.g. in the economic and secure use of our online offer and improvement of its usability) in accordance with Art. 6 Para. 1 f) GDPR. Further information on the individual cookies and their purpose can be found in our privacy settings.
If you wish, you can delete the cookies at any time. However, this may mean that individual functions are no longer available to you. To delete cookies, please refer to the help function of your browser or change your settings in the privacy settings.
Usercentrics
This website uses the cookie consent tool of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany "Usercentrics". The purpose of the processing is to obtain and document consent to the storage of certain cookies on your end device or to the use of certain technologies and to technically enable the revocation of consent given. When you visit our website, the following personal data is transferred to Usercentrics:
- Your consent(s) or the revocation of your consent(s)
- your IP address
- Information about your browser
- Information about your end device
- Time of your visit to the website
In addition, Usercentrics stores a cookie in your browser in order to be able to assign the consents given or their revocation to you.
The legal basis for the processing of the data is § 25 para. 2 no. 2 TDDDG and Art. 6 para. 1c) and f) GDPR to fulfil our legal obligation to obtain consent to the processing of personal data in accordance with the provisions of the applicable data protection laws and to document this consent.
The data collected in this way will be stored until you effectively object to this storage, request us to delete it, delete the Usercentrics cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected. We have concluded an order processing contract with Usercentrics as our service provider in accordance with Art. 28 GDPR.
Further information can be found in Usercentrics' privacy policy at: https://usercentrics.com/de/datenschutzerklaerung/
Information on recipients of consent
Central platform services of "gatekeepers" within the meaning of the Digital Markets Act ("DMA") are integrated on our website. Gatekeepers are obliged under Art. 5 para. 2 b) DMA to obtain consent for these central platform services. Our consent tool forwards your consent to the respective service provider so that the consent you have given in our consent tool can also apply to these services. We will inform you specifically about this in our privacy policy for the respective services.
14. web analysis
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. ("Google"). Google Analytics uses cookies, which are stored on your computer and enable your use of the website to be analysed. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
It cannot be ruled out that your personal data will also be transferred to Google LLC based in the USA. Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at www.dataprivacyframework.gov/s/
The legal basis for data processing is your consent in accordance with Art. 6 para. 1 a) GDPR. You can revoke your consent at any time with effect for the future by unchecking the box for Google Analytics here.
You can also prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on terms of use and data protection at http://www.google.com/analytics/terms/de.html or at: https://www.google.com/policies/privacy/
We would like to point out that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure anonymised collection of IP addresses.
Notes on recipients of the consent
Google Analytics is a central platform service under the Digital Markets Act ("DMA"). This means that Google is obliged to obtain your consent for this in accordance with Art. 5 (2) b) DMA. This consent is obtained technically via our Consent Tool in simple consent mode. This means that with your consent to Google Analytics, in addition to the above-mentioned data, the information about your consent is also transmitted to Google.
15. social media
We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.
Social networks such as Facebook etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations.
In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media presences are intended to ensure an informative presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 f) GDPR. In necessary cases, the legal basis is also Art. 6 para. 1 a) GDPR. The analysis processes initiated by the social networks themselves may be based on other legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 a) GDPR).
Controller and assertion of rights
If you visit one of our social media sites, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal.
Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options depend largely on the company policy of the respective provider.
Storage duration
The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it or revoke your consent to its storage. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Social networks in detail
We have a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. It cannot be ruled out that your personal data will also be transferred to Meta Platforms Inc. based in the USA. Meta has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. Further information on data protection by Facebook can be found at: https://www.facebook.com/about/privacy/
We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. It cannot be ruled out that your personal data will also be transferred to Meta Platforms Inc. based in the USA. Meta has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/ Further information on data protection by Instagram can be found at: http://instagram.com/about/legal/privacy/
We use LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. However, it cannot be ruled out that your personal data will be transferred to insecure third countries such as the USA. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further information on data protection by LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.
YouTube
We use the YouTube.com platform to make our own videos publicly accessible for advertising purposes. We link to our YouTube channel on our website. The provider of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you follow a corresponding link by clicking on it, YouTube stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. It cannot be ruled out that your personal data will also be transferred to Google LLC, based in the USA. Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. Further information on data protection by YouTube (Google) can be found at: https://www.google.com/policies/privacy/.
YouTube - Embedded
Videos from the provider YouTube are embedded on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube uses cookies for data collection and statistical data analysis. These statistics allow YouTube to analyse how often a video has been viewed, whether the video has been viewed on YouTube or on which websites the video has been embedded. To protect your privacy, we only use embedded YouTube videos in an extended data protection mode. This means that YouTube does not store cookies for a user who views a website with an embedded YouTube video but does not click on the video to play it. If the video is played, YouTube can store cookies on the user's computer, but no personal information about the playback of embedded videos is stored.
It cannot be ruled out that your personal data will also be transferred to Google LLC, based in the USA, or that other Google services will be loaded by Google itself when YouTube is used, without us having any influence over this. Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/.
The legal basis for the transfer of personal data is your consent in accordance with Art. 6 para. 1 a) GDPR. You can revoke your consent at any time with effect for the future by unchecking the box here. Further information on data protection by YouTube (Google) can be found at https://www.google.com/policies/privacy/.
We use XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
16. further functions and content
If we use additional functions and content (e.g. map or font services) on our website, by means of which we or the provider of the services process your personal data, we will inform you about this here.
Google services
We use Google services on our website. The provider of these services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It cannot be ruled out that your personal data will also be transferred to Google LLC, based in the USA, or that the use of a Google service will result in other Google services being loaded by Google itself, without us having any influence over this. Google has certified itself within the framework of the EU-US Data Privacy Framework for compliance with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/.
You can find more information about data processing by Google here: https://www.google.com/policies/privacy/
Google Tag Manager
We use the Google Tag Manager service of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland on our website. Google Tag Manager is a tool for managing website tags. The tool triggers other tags, which in turn may collect data. Google Tag Manager itself therefore does not create user profiles or store cookies, for example. Google only learns the IP address of the user. It cannot be ruled out that your browser may also transfer personal data to Google LLC. in the USA. Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at www.dataprivacyframework.gov/s/.
The legal basis for the use of Google Tag Manager is Art. 6 (1) a) GDPR. You can revoke your consent at any time with effect for the future by unchecking the box here. You can find more information about data processing by Google here https://www.google.com/policies/privacy/.
Friendly Captcha
We use the "Friendly Captcha" service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany, on our website. Friendly Captcha is used to check whether data is entered on our website (e.g. in a contact form) by a human or by an automated programme. For this purpose, Friendly Captcha analyses the behaviour of the visitor to the website or mobile app based on various characteristics. This analysis begins automatically as soon as the website or mobile app visitor enters a part of the website or app with Friendly Captcha activated. For the analysis, Friendly Captcha evaluates various information (browser details, URL from which a user comes (referrer), information as to whether the user has solved a puzzle created by us, anonymised IP address with conversion into a numerical value, so-called hash value). This data cannot be assigned to specific websites or persons.
The legal basis for data processing is Art. 6 para. 1 f) GDPR. Our legitimate interest lies in protecting our online offering from abusive automated crawling and spam. You can find more information about Friendly Captcha and the associated privacy policy at https://friendlycaptcha.com/legal/.
17. Links to other websites
If we provide links to websites of other organisations, this privacy policy does not apply to the processing of personal data by that organisation. We therefore recommend that you read the data protection notices on the other websites you visit.
18. Recipients and data transfer
We have bundled certain data processing operations in our company. These can be carried out centrally by our individual divisions, e.g. for processing enquiries. External contractors and service providers (e.g. logistics companies or IT service providers) may also be used to ensure the fulfilment of our tasks and contracts. In addition, data may be passed on to recipients to whom we are obliged or authorised to pass on data on the basis of contractual or legal obligations or on the basis of your consent.
19. Data transfer to third countries
Data transfer to third countries
Data will only be transferred to third countries (countries outside the EU and the European Economic Area EEA) if this is necessary for the performance of a contract/order/business relationship, including the initiation thereof, or if this is permitted by our legitimate interest or on the basis of your consent and only in compliance with the data protection requirements prescribed for this purpose.
Note on data transfer to the USA
As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognised the level of data protection for certain companies from the USA as secure as part of the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you which of the service providers we use are certified under the DPF in this privacy policy for the respective service.
20. Deletion of your data
We only process your personal data for as long as this is necessary to fulfil the respective purpose or until a legal basis for the processing (e.g. revocation of consent to data processing) no longer exists. We observe the existing statutory retention and storage periods.
21. Your rights
Sie haben das Recht:
- to receive information free of charge about the personal data we have stored about you (right to information)
- to request confirmation as to whether we are processing personal data concerning you (right to confirmation)
- to demand that we erase the personal data concerning you without undue delay, provided that the processing is no longer necessary and the other requirements of the GDPR for erasure are also met (right to erasure)
- to demand the immediate rectification and completion of inaccurate personal data concerning you (right to rectification)
- to request the restriction of the processing of your personal data (right to restriction of processing)
- to receive the personal data concerning you in a structured, commonly used and machine-readable format (right to data portability)
- to object to the processing of your personal data (right to object)
- you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you (right to individual decision-making)
- to withdraw your consent to the processing of your personal data at any time with effect for the future.
- to lodge a complaint with the supervisory authority responsible for data protection if you believe that the processing of your personal data violates the GDPR (right to lodge a complaint).
For further information on your rights, please contact our data protection officer.
22. Amendment of our privacy policy
In order to ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised services, for example new services.
23. Data protection information according to Art. 13 / Art. 14 GDPR
Data Protection Information Applicants
Information for applicants regarding the use and handling of your data and your rights - EU General Data Protection Regulation