Privacy Notice

Content

1. Controller

2. Definitions
3. Scope of the processing of personal data
4. Purposes for the processing of personal data
5. Disclosure of data to third parties
6. Transfers of personal data to a third country
7. Legal basis for the processing of personal data
8. Deletion of data and duration of storage
9. Data collected automatically when visiting our website
10. Cookies

10.1 General

10.2 Use of Cookiebot

11. Analysis and tracking tools

11.1 General    
11.2 Google Analytics    
11.3 Google Maps

11.4 kununu

12. Social Media

12.1 Facebook    
12.2 Twitter    
12.3 LinkedIn
12.4 XING    
12.5 YouTube

13. Contact Form

14. Application process

14.1 General    
14.2 Scope of data processing    
14.3 Purpose and legal basis of data processing    
14.4 Duration of storage    
14.5 Others

15. Children and young people
16. Security
17. Data Subject Rights

17.1 Revocation of Consent    
17.2 Right to Information    
17.3 Right to Rectification    
17.4 Right to Erasure
17.5 Right to Restriction of Processing
17.6 Right to Data Portability
17.7 Right to Object    
17.8 Right to Submit a Complaint to a Supervisory Authority

18. Questions, Suggestions, Complaints to the Data Protection Officer
19. Changes to our Data Privacy Statement

Data Privacy Statement of the NOVUM Gesellschaft für Unternehmensberatung, Systementwicklung und Informationsmanagement mbH

 

 

Thank you for your interest in our company and our products and services. We want you to feel safe about your data when visiting our website. We take the protection of your data very seriously and strictly adhere to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

As part of our obligation to provide information, we want this Data Privacy Statement to be as transparent as possible and will explain the purposes for processing your data, the use of tracking/ analysis tools, cookies, social media and other third party services hereafter.

If you have any further questions regarding the handling of your personal data, please do not hesitate to contact us or our data protection officer (contact details see below).

1. Controller

As the operator of this website (www.novum-rgi.com), NOVUM Gesellschaft für Unternehmensberatung, Systementwicklung und Informationsmanagement mbh (hereinafter referred to as NOVUM GmbH), Nordostpark 51, 90411 Nuremberg, Germany, is the controller in the sense of the EU General Data Protection Regulation (GDPR) who individually or jointly makes decisions on the purposes and means of the processing of personal data, hereafter referred to as "data".

2. Definitions

In the following, we would like to inform you about the processing of your personal data when you visit our website and use our content and services.

“personal data” in the sense of the GDPR means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With regard to the other used data privacy terms, we refer to the definitions in Article 4 of the GDPR.

3. Scope of the processing of personal data
In order to use our website, it is generally not necessary for you to provide data. In certain cases, however, we need your name and address and other information so that we can provide the desired services.

The same applies, for example, to the sending of information material and ordered goods or to the answering of individual questions. Where necessary, we will notify you accordingly. In addition, we only process data that you voluntarily provide to us and, if applicable, data that we automatically collect when you visit our website (e.g. IP address and the names of the pages you have accessed, the browser and operating system you are using, date and time of access, search engines used, names of downloaded files).

 

If you make use of our services, in general only data that we need to provide the services are collected. As far as we ask you for further data, the information is voluntary.

 

4. Purposes for the processing of personal data
We will process the data you provide in accordance with the principles of data economy and purpose limitation. The principle of purpose limitation states that data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is not considered to be incompatible with the initial purposes.

We only process your data to answer inquiries, handle your orders and provide access to certain information or offers to you. Maintaining customer relationships may also require us or a commissioned service provider to use this data to inform you about product offers or to conduct online surveys to fulfill the tasks and requirements set by our customers.

We will only process the data you provide online for the stated purposes. Your data will not be transferred to third parties without your express consent.

 


5. Disclosure of data to third parties
Your data will only be transmitted to third parties in exceptional cases,

  • to external service providers working for us (processors) if this is necessary for the purpose of executing the contract,

  • to state institutions and authorities if we are legally obliged to do so or

  • if you consent to this.


We conclude the relevant processing agreements with the processor based on Article 28 of the GDPR. The service companies commissioned by us are obliged by us to maintain confidentiality and to comply with the provisions of the GDPR and the BDSG. The transmitted data may only be used by our service providers to fulfill their task. Any other use of the information is not permitted and is not carried out by any of the service providers we entrust with.

A transmission and further processing of data to state institutions and authorities entitled to receive information only takes place within the framework of the relevant laws or if we are obliged to do so by a judicial decision.

In addition, we do not pass on any data to third parties unless you have given us your express consent.

Of course, we respect it if you do not want to give us your data to support our customer relationship (especially for direct marketing or for market research purposes). We will neither sell your data to third parties nor market it in any other way unless you have given us your consent.

6. Transfers of personal data to a third country
Insofar as it comes to the disclosure or transmission of data to third parties in a third country, i.e. outside the European Union (EU) or the European Economic Area (EEA), and data is further processed as part of the use of third-party services, this is only done based on your consent, a legal obligation, our legitimate interests or if it is necessary to fulfill our (pre) contractual obligations. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Article 44 and the following GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "EU standard contractual clauses ").

 

 

7. Legal basis for the processing of personal data
Insofar as we obtain your consent for the processing of personal data, the consent according to point (a) of Article 6(1) of the GDPR is the legal basis for the processing of your data.

When processing personal data that is necessary to fulfill the requested service, we rely on point (b) of Article 6(1) of the GDPR serves as the legal basis.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, point (c) of Article 6(1) of the GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, point (f) of Article 6(1) of the GDPR is the legal basis for processing.

 


8. Deletion of data and duration of storage
We only store your data until the purpose is fulfilled and there are no other legal retention requirements (e.g. commercial law or tax retention obligations).

If you have given us your consent, we will store your data until you revoke your consent, if there is no other legal basis for the processing of your data and is not contrary to legal retention periods of extinction.

In addition, in individual cases, e.g. for evidence purposes, longer storage for defense / enforcement of civil or public law claims may be appropriate.

 

 

9. Data collected automatically when visiting our website
When using our website, the following data may be processed for technical and organizational reasons: The names of the pages you opened, your browser and operating system, time and date of access, search engines used or names of downloaded files and your IP address.

 

 

10. Cookies
 


10.1 General
When visiting our website, we may save information on your computer in form of a cookie. Cookies are small text files transmitted by a web server to your browser and saved on your computer's hard disk.

Some cookies are deleted after the end of the browser session, so after you close your browser (so-called session cookies). Other cookies remain on your device and enable your browser to be recognized the next time you visit our website (so-called persistent cookies). If cookies are set, they process individual user information such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

Except for your IP address, no personal user data will be saved. This information allows you to be automatically recognized during your next visit to our website and makes navigation easier. Cookies enable us to, e.g., adjust our website to your interests and to save your password so that you won't have to re-enter it every time you visit our website.

Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Comfort cookies make it easier for you to use our websites. They enable a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in.

Statistics cookies collect anonymized data for statistics and analysis. They thus help to further improve the offer of our website and to optimize content.

You may also visit our website without the use of cookies. If you do not want us to recognize your computer, you may prevent cookies from being saved on your hard disk by setting your browser to "Disable cookies." For detailed instructions, please see your browser's help function. However, please note that disabling cookies may prevent you from fully using every function of our offers.

You can decide which categories you want to allow in the cookie settings when you start our website. We use Cookiebot as a cookie banner (see point 10.2).

Cookies that are necessary for the technically error-free and optimized provision of our services (“technically necessary cookies”) are created based on our legitimate interest in accordance with point (f) of Article 6(1) of the GDPR saved. Technically not necessary cookies are only set after you have given your consent (based on the legal basis point (a) of Article 6(1) of the GDPR).

You can adjust the cookie settings at any time using the following
link and revoke your consent.

 

 

10.2 Use of Cookiebot
Our websites use Cookiebot's cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document them in compliance with data protection. Cookiebot is a product of Cybot A / S, Havnegade 39, 1058 Copenhagen. When you start our website, a cookie bot cookie is saved in your browser, in which the consent you have given or the revocation of this consent is stored. This data will not be passed on to the Cookiebot provider.

The data collected will be stored until you ask us to delete it or delete the cookiebot cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected.

You can find details on data processing by Cookiebot at
https://www.cookiebot.com/en/privacy-policy.

Cookiebot consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is point (c) of Article 6(1) of the GDPR.

11. Analysis and tracking tools


11.1 General
When you visit our website, your surfing behavior can be statistically evaluated. This is done primarily with cookies and with so-called analysis programs. Your surfing behavior is usually analyzed anonymously; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. See the following for more information.


11.2 Google Analytics
Our website uses Google Analytics. This is a web analytics service provided by Google LLC ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA or if the service is provided in the European Union (EU), Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Analytics uses “cookies“ to enable an analysis of your use of the website.

The following data is recorded during your visit to the website:

  • Pages viewed

  • Orders including sales and ordered products

  • The achievement of "website goals" (e.g. contact requests)

  • Your behavior on the pages (e.g. clicks, scroll behavior and length of stay)

  • Your approximate location (country and city)

  • Your IP address (in abbreviated form so that no clear assignment is possible)

  • Technical information such as browser, internet provider, end device and screen resolution

  • Source of origin of your visit (that is via which website or via which advertising material you came to us)

 

The information on your website use generated by cookies is generally transmitted to a Google server in the USA where it is saved. If IP-anonymisation is activated on our website, your IP address will partially be made unidentifiable by Google within a Member state of the European Union or in another state party to the European Economic Area Agreement (so-called IP masking).

The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage.

The IP address transmitted by your browser through Google Analytics will not be merged with other Google data.

Google has been certified according to the US-EU data protection agreement “Privacy Shield” (see
https://www.privacyshield.gov/list and search for „Google“) and has thus obliged to comply with the European data protection guidelines.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future website visits. The recorded data is saved together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remain stored indefinitely in aggregate form. If you do not agree to the collection, you can prevent this by installing the
browser add-on to deactivate Google Analytics.

If a corresponding consent to the setting or storage of cookies has been requested and granted, the processing takes place exclusively on the basis of point (a) of Article 6(1) of the GDPR. You can revoke your consent at any time with future effect by clicking on the following
link. Then an opt-out cookie will be set, which prevents the collection of your data on future visits to this website.

In other cases, your data will be processed on the basis of our legitimate interests (analysis, optimization and the economic operation of our online offer) in accordance with point (f) of Article 6(1) of the GDPR.

 

For Google's Data Privacy Statement, please see https://policies.google.com/privacy?hl=en and for the Google Terms of Service, please see https://policies.google.com/terms?hl=en.


11.3 Google Maps
This website uses Google Maps of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, or if the service is provided in the European Union (EU), Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“). Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. By using this service, our location will be shown to you and any travel will be easier.

 

As soon as you call up those sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there. Here, it can also be transmitted to the servers of Google LLC. in the US. This takes place regardless of whether Google provides a user account that you are logged in to or whether there is a user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be assigned to Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with point (f) of Article 6(1) of the GDPR based on Google's legitimate interest in displaying personalized advertising, market research and / or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, but you must contact Google to exercise them.

 

In the event that personal data is transmitted to Google LLC. based in the United States, Google LLC. has certified itself for the US-European data protection convention “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list


If a corresponding consent to the setting or storage of cookies has been requested and granted, the processing takes place exclusively on the basis of point (a) of Article 6(1) of the GDPR. You can revoke your consent at any time with future effect by clicking on the following link. Then an opt-out cookie will be set, which prevents the collection of your data on future visits to this website.

In other cases, your data will be processed on the basis of our legitimate interests (at the representation of our location as well as an easy findability of the places indicated by us on the website) in accordance with point (f) of Article 6(1) of the GDPR.

If you do not consent to the future transmission of your data to Google when using Google Maps, there is also the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus the map display on this website can then not be used.

For more information, please see
https://policies.google.com/privacy?hl=en&gl=en 

The terms of use of Google Maps can be found at

https://www.google.com/intl/en/policies/terms/regional.html and at https://www.google.com/intl/en_US/help/terms_maps.

 

11.4 kununu

Our website uses tools of the employer evaluation platform "kununu". The provider is kununu GmbH, represented by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

For the attractive design of our website, we integrate our current employer rating from the social platform kununu in our career area. As an advertising third party, kununu sets cookies for analysis and / or marketing purposes when you access a page that integrates kununu employer reviews.

We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or its use by kununu.

For more information, see kununu's Data Privacy Statement at:
privacy.xing.com/de/datenschutzerklaerung/druckversion
 
If a corresponding consent to the setting or storage of cookies has been requested and granted, the processing takes place on the basis of point (a) of Article 6(1) of the GDPR. You can revoke your consent at any time with future effect by clicking on the following
link.

 

12. Social Media
Our website includes links to the social networks (social media) Facebook, Twitter, LinkedIn, XING and YouTube. After clicking on the integrated links you will be forwarded to the website of the respective provider. User information is only transferred to the respective provider after it has been forwarded. Information on the handling of your personal data when using this website can be found in the respective data protection regulations of the provider.


12.1 Facebook
Our website contains links to the social network Facebook of the social network Facebook, 1601 Willow Rd, 94025 Menlo Park, USA or if the service is provided in the European Union (EU), Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook“).

You can recognize the (image) link by the button with the Facebook logo (small "f" in a round shape).

After clicking the embedded Facebook button, you will be redirected to our Facebook page.

This creates a direct connection between your browser and a Facebook server. Facebook thus receives your IP address, the time of your visit and the information that you have visited our Facebook page.

The information generated by Facebook is usually transferred to a Facebook server and stored there. This can also result in a transmission to the Facebook Inc. servers in the USA. Facebook Inc., based in the USA, is certified under the
Privacy-Shield-Agreement, which guarantees compliance with the data protection level applicable in the EU.

Facebook stores your IP address even if you are not a member of Facebook. However, only an anonymized IP address should be saved for European users.

If you click the Like button (for example in posts) while you are logged in to Facebook, you can link the content of our Facebook page to your Facebook profile. As the provider of the page, we have no knowledge of the content of the data transmitted to Facebook or its use by Facebook.

If you do not want Facebook to assign the data collected through our website to your Facebook account, please log out of your Facebook account before visiting our website and delete your cookies.

We use the Facebook links based on our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR. Here, these are the analysis, optimization and economic operation of our online offer.

For further information, in particular the exact purpose and scope of the data collection, please visit
https://www.facebook.com/policy.php.

You can find the privacy settings, including the possibility to object to the use of your data for advertising purposes,
here.


12.2 Twitter
Our website contains links to Twitter. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco CA 94107 in the USA (“Twitter”). The (image) link is marked with a Twitter logo (bird in round shape).

Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law: (
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

We use the Twitter links based on our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR. Here, these are the analysis, optimization and economic operation of our online offer.

If you click on the links mentioned, information that you have accessed certain pages of our website will be forwarded to the Twitter servers. For Twitter users who are logged in at the same time, this means that the usage data is assigned to their respective personal account. If you click on the links, this information is transmitted from your browser directly to Twitter and stored there. Even if you are not a member of the social network mentioned, there is still the possibility that Twitter will determine and save your IP.

To find out the purpose and scope of the collection, processing and use of your data, as well as your rights and setting options to protect your privacy, please visit the Twitter website with the data protection information at
https://twitter.com/en/privacy.

If you do not agree that Twitter collects data about you via our website, we ask you to log out of Twitter before visiting our website.



12.3 LinkedIn
Our website contains links from the linkedin.com service, which is operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View CA 94043 in the USA ("LinkedIn"). The LinkedIn (image) link is marked with a LinkedIn logo with the letters "in".

We use the LinkedIn links based on our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR. Here, these are the analysis, optimization and economic operation of our online offer.

If you click on the LinkedIn link, information that you have accessed certain pages of our website will be forwarded to the LinkedIn servers. For LinkedIn users who are logged in at the same time, this means that the usage data is assigned to their respective personal account. If you click on the LinkedIn link, this information is transmitted from your browser directly to LinkedIn and stored there. Even if you are not a member of the social network mentioned, there is still the possibility that LinkedIn will determine and save your IP.

To find out the purpose and scope of the processing of your data, as well as your rights and setting options to protect your privacy, please visit the following websites with LinkedIn's data protection information at
https://de.linkedin.com/legal/privacy-policy.

If you do not agree that LinkedIn collects data about you via our website, we ask you to log out of LinkedIn before visiting our website.



12.4 XING
Our website uses links to the social network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The XING (image) link is identified by an "X" based on the Xing logo.

We use the XING Links based on our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR. Here, these are the analysis, optimization and economic operation of our online offer.

If you use the XING link, that means when you click on the image button, information that you have accessed certain pages of our website will be forwarded to the XING servers. For users of XING who are logged in at the same time, this means that the usage data is assigned to their respective personal account. If you click on the XING link, this information is transmitted from your browser directly to XING and stored there. Even if you are not a member of the social network mentioned, there is still the possibility that XING will determine and save your IP.
To find out the purpose and scope of the processing of your data, as well as your rights and settings options to protect your privacy, please visit the XING data protection website at
https://www.xing.com/privacy.

If you do not agree that XING collects data about you via our website, we ask you to log out of XING before visiting our website.



12.5 YouTube
Our website uses links to YouTube, which is provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA or, if the service is provided in the European Economic Area and in Switzerland, by Google Ireland Limited based in Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

When using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA. As far as data is processed in the USA, we point out that Google is certified according to the US-EU data protection agreement “Privacy Shield” (to be found under
https://www.privacyshield.gov/list under the search term "Google") and is therefore obliged to comply with the European data protection guidelines.

We use the YouTube based on our legitimate interests in accordance with point (f) of Article 6(1) of the GDPR. Here, these are the analysis, optimization and economic operation of our online offer.

If you activate the link by clicking on it, a connection to the YouTube servers will be established and you will be forwarded to the YouTube website.

This tells the YouTube server which website you have visited. If you are logged in as a member of YouTube or Google, YouTube assigns this information to your personal user accounts on these platforms. When using these plugins (such as clicking / starting buttons of a video or sending a comment), this information is assigned to your YouTube user account. You can prevent this by logging out before using the link.

You can find more information in the YouTube or Google data protection information, which you can access here:
https://policies.google.com/privacy?hl=en&gl=en

You can find information on Google's privacy settings at https://safety.google/privacy/privacy-controls.

 

 

13. Contact Form
If you contact us through our contact form, we will request personal information. A valid email address an the name is required to respond to your inquiry.

 

If you wish to receive information by post, you must also provide your address (street, house number, postcode, town) in order to be able to send you the information by post.

Additional personal information may be provided voluntarily.

The data you entered in the input mask will be transmitted to us and saved. We also record your IP address and the time of sending.

Your information will be processed further by email.

Information submitted through the contact form is transmitted through end-to-end encryption.

Your data will be saved on secure servers in Germany under adherence to data protection regulations.

Data for contacting us is processed on the basis of our legitimate interests and your voluntary consent. By activating the "Send" button, you agree to our processing of your contact information for the above-stated purposes. If you do not agree, you must abort this process. No information will then be transmitted through our contact form and no data will be processed.

The processing of the data entered in the contact form is therefore based on your consent (point (a) of Article 6(1) of the GDPR). You may revoke your consent at any time with future effect. To do so, please write us at NOVUM Gesellschaft für Unternehmensberatung, Systementwicklung und Informationsmanagement mbh, Nordostpark 51, 90411 Nuremberg, Germany, or email us at
info(at)novum-rgi.de.

If your contact is aimed at concluding a contract, then point (b) of Article 6(1) of the GDPR is an additional legal basis for the processing.

The legal basis for the processing of the IP address and the time of sending is point (f) of Article 6(1) of the GDPR (Balancing interests)

We only use your data to the extent required for handling your inquiry and for further correspondence with you. We save data collected through your use of our contact form to process your inquiry and for subsequent questions and will delete your data in accordance with data protection regulations after completing your request, unless other legal storage obligations apply.

14. Application process


14.1 General
You have the option of applying to us by email and post. Under the heading "Career" on our website you can find out about vacancies and send us your application.


14.2 Scope of data processing
Personal data is required to participate in the application process. These data include, among other things, identification data such as first name, last name, date of birth, contact details such as address, telephone number or email address, as well as data in connection with your school and / or professional career, such as school and work certificates, data about Act on training, internships or previous employers. This data can come from the documents you provide, such as a cover letter, a curriculum vitae, an application photo, certificates or other professional qualifications.


14.3 Purpose and legal basis of data processing
We process the above data for the purpose of carrying out the application process. If you have given us your consent, the legal basis for processing the data is point (a) of Article 6(1) of the GDPR. Insofar as the processing of the above data takes place to initiate an employment relationship / contractual relationship, the legal basis is Article 88 (1) GDPR in conjunction with Section 26 (1) BDSG and point (b) of Article 6(1) of the GDPR.


14.4 Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the event that an employment relationship, apprenticeship, internship or other employment relationship occurs after the application process, the data will initially continue to be saved and transferred to the personnel file. Otherwise, the application process ends with the receipt of a rejection. In this case, the data will be deleted after six months. Deletion will not take place if further processing and storage of your personal data is required in individual cases to assert, exercise or defend legal claims. In this case, we have a legitimate interest in the further processing and storage of your personal data. The legal basis is point (f) of Article 6(1) of the GDPR. Deletion will not take place even if we are obliged by law to store your personal data further.

a. Revocation and objection
You can revoke your consent at any time with future effect. You can object to the processing of your personal data at any time. In particular, you have the option to withdraw your application at any time. As part of the application process, you should only provide us with the personal data that is necessary to participate in and complete the application process. There is no legal or contractual obligation to provide data. However, we would like to point out that without this data we cannot carry out the application process and cannot consider your application. The same applies in the event of an objection to the processing of your data. You can change the data stored about you at any time.

 

 

14.5 Others
For further information, please refer to the information letter for applicants about the collection of personal data in accordance with Article 13 and 14 of the GDPR.

 

 

15. Children and young people
Our website is aimed exclusively at potential applicants/customers, business partners and media representatives.

Persons under 16 years of age should not transmit data to us without the permission of a parent or guardian. We do not request data from children or youths under the age of sixteen. We do not collect such data or provide such data to third parties.



16. Security
We have implemented technical and operational protective measures in accordance with the applicable legal regulations to protect your data from, loss, destruction, manipulation and unauthorized access.

The security measures include in particular the encrypted transmission of data between your browser and our server.

All our employees and all persons participating in data processing are required to adhere to the General Data Protection Regulation, the German Federal Data Processing Act in its respectively valid form and other laws relevant for data protection and must treat data confidentially.

Furthermore, we conclude according agreements with any external service providers we commission.

Our security measures are reviewed regularly and adjusted to technological advances.

 

 

17. Data Subject Rights
If we process your data, you are entitled the following extensive rights as a data subject:


17.1 Revocation of Consent
Should the processing of your data require your consent, we will obtain it from you and use your data for the stated purposes for which we requested your consent. Your consent will be documented digitally.

If you have given us your consent to the processing of your data, you may revoke your consent at any time with future effect. To do so, please write us at NOVUM Gesellschaft für Unternehmensberatung, Systementwicklung und Informationsmanagement mbh, Nordostpark 51, 90411 Nuremberg, Germany, or email us at
info(at)novum-rgi.de.


17.2 Right to Information
Under Article 15 of the GDPR, you have the right to information about the data processed by us.You may especially obtain information about the purposes of the processing, the categories of personal data concerned, the categories of possible recipients and the envisaged period for which the personal data will be stored.

Please submit information requests to NOVUM Gesellschaft für Unternehmensberatung, Systementwicklung und Informationsmanagement mbh, Nordostpark 51, 90411 Nuremberg, Germany, or by email to
info(at)novum-rgi.de.


17.3 Right to Rectification
Under Article 16 of the GDPR, you have the right to obtain rectification or completion of your data from us.

You may exercise this right by contacting the above-stated addresses.



17.4 Right to Erasure
Under Article 17 of the GDPR, you have the right to obtain erasure of personal data concerning you if storage of the data is no longer required and if there is no other legal ground for its processing. You may also obtain erasure if you object to the processing and there are no overriding legitimate grounds for the processing and if your data was processed unlawfully or if the personal data must be erased for compliance with a legal obligation under EU or national law.

You may exercise this right by contacting the above-stated addresses.



17.5 Right to Restriction of Processing
Under Article 18 of the GDPR, you have the right to obtain the restriction of processing if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of your personal data; if the processing is unlawful, but you oppose the erasure of your personal data; the purposes for the processing cease to apply, but the data is required for the establishment, exercise or defense of legal claims or if you objected in accordance with Article 21 of the GDPR and if whether the legitimate grounds of the controller outweigh your interests has not yet been determined.

You may exercise this right by contacting the above-stated addresses.



17.6 Right to Data Portability
Under Article 20 of the GDPR, you have the right receive your personal data in a structured, commonly used and machine-readable format (data portability). In addition, under certain circumstances, you may also receive your data directly from a controller if technically possible.

You may exercise this right by contacting the above-stated addresses.



17.7 Right to Object
You have the right to object to use of your data for the above-stated purposes at any time (Article 21 of the GDPR). This is possible for objections to direct marketing or on grounds relating to your particular personal situation. If you object to direct marketing, we will implement your general objection right without information about your particular personal situation.

To exercise your right to object, please write us at NOVUM Gesellschaft für Unternehmensberatung, Systementwicklung und Informationsmanagement mbh, Nordostpark 51, 90411 Nuremberg, Germany, or email us at
info(at)novum-rgi.de.


17.8 Right to Submit a Complaint to a Supervisory Authority
Please also note that, irrespective of other administrative or legal remedies, you have the right to submit complaints to supervisory authorities, especially in the Member state of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes on the GDPR.

A list of (non-public sector) supervisory authorities and their addresses is provided at:
https://www.bfdi.bund.de/EN/BfDI/Office_Tasks/office_tasks-node.html.

 

 

18. Questions, Suggestions, Complaints to the Data Protection Officer
Should you have any questions about our Data Privacy Statement, data protection or the processing of your personal data, please contact our data protection officer directly:

 

Law Firm Costard

Law Firm for IT law and Data Protection
Attorney at Law Thomas P. Costard
EUROCOM Businesspark
Lina-Ammon-Straße 9
90471 Nuremberg
Germany

Phone: +49 911 790 30 34

Fax: +49 911 790 30 35

Email: info(at)it-rechtsberater.de

www.it-rechtsberater.de

 

Information requests, suggestions and complaints may also be submitted to the data protection officer.

19. Changes to our Data Privacy Statement
We reserve the right to make changes to our security and data protection measures if required due to technical developments. In such cases, we will also adjust our Data Privacy Statement. Therefore, please note the respectively current version of our Data Privacy Statement. The current version is April 2020.

NCP

Compliance Cloud-Plattform

© NOVUM-RGI 2020  |  Contact  |  Legal Notice  |  Privacy Notice