Privacy Policy_
I. Name and contact details of the data controller and data protection officer
Data controller for the processing of personal data according to Art. 4 No. 7 DSGVO is:
naymspace software GmbH & Co. KG
Schauenburgerstraße 116
24118 Kiel, Germany
Tel.: +49 (0) 431 55 686 77 0
info@naymspace.de
represented by the managing director Dennis Nissen
We have appointed a data protection officer who can be reached as follows:
- by post at the above address with the note 'Data Protection Officer'
- by email at dsb@dsgvo-nord.de
II. Data collection, legal basis for processing, duration of storage
1. Use of our website
When you access our website, information is automatically sent to the server of our website by the browser on your device. This information is temporarily stored in a so-called log file.
The following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer
- language set in the browser
- browser type and operating system of your computer in the respective version
- whether JavaScript and cookies are allowed
- screen resolution and resolution density as well as screen size of the output device
- date and time of access
- your time zone
- name of your access provider
- name and URL of the retrieved file
- website from which access is made (referrer URL)
We process the aforementioned data for the following purposes:
- Ensuring a smooth connection setup of the website,
- Ensuring a comfortable use of our website,
- Evaluating system security and stability as well as
- for further system administrative purposes, such as error correction.
The legal basis for data processing is Art. 6 para. 1 letter f DSGVO. Our legitimate interest follows from the above-mentioned purposes for data collection. Under no circumstances do we use the collected data to draw conclusions about your person.
The IP address will be deleted from all systems used in connection with the operation of these web pages no later than 7 days. We cannot establish a personal reference from the remaining data.
2. Data protection in applications and during the application process
We process the personal data of applicants for the purpose of processing the application process. Processing may also take place electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by email or via a web form on the website.
If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal regulations. If an employment contract is not concluded between the data controller and the applicant, the application documents will be deleted six months after the announcement of the rejection decision, unless deletion conflicts with any other legitimate interests of the data controller for processing. Other legitimate interest in this sense is, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
3. Cookies
We use session cookies to anonymously collect statistical data on the use of our website and to evaluate it for the purpose of optimizing our offering for you. These cookies are automatically deleted after each visit to our site.
The data processed by cookies are necessary for the stated purposes to protect our legitimate interests in accordance with Art. 6 para. 1 letter f GDPR.
If you do not want this, you can deactivate the storage of cookies in the browser you are using or be notified as soon as cookies are sent.
3. Plausible
To analyze the accesses to our website, we use the open source analysis tool 'Plausible'. The following access information is collected and stored via this tool:
- number of page views
- number of visits
- duration of the loading time
- percentage of visitors who left after only one page
- duration of the visit
- links used to access the website
- ratio of popularity of the different pages
- operating system used
- device type used (desktop, tablet or smartphone)
More information about Plausible can be found at: plausible.io
III. Recipients and Categories of Recipients
3. Recipients: Plug-Ins and Tools
We do not transmit your personal data to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
- You have given your express consent pursuant to Art. 6 para. 1 letter a GDPR,
- this is legally permissible and is required pursuant to Art. 6 para. 1 letter b GDPR for the processing of contractual relationships with you,
- there is a legal obligation for the transfer pursuant to Art. 6 para. 1 letter c GDPR,
- the transfer pursuant to Art. 6 para. 1 letter f GDPR is necessary to assert, exercise, or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data.
IV. Data Subject Rights
As we process your personal data, you have the following rights:
1. Right of access
You have the right to request information from us about the personal data we have processed about you in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of the processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data, if not collected by us, as well as the existence of automated decision-making, including profiling, and meaningful information about its details.
2. Rectification
You have the right to demand the immediate correction or completion of your personal data stored with us in accordance with Art. 16 GDPR if it is incorrect or incomplete.
3. Deletion
According to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
4. Restriction
According to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose its erasure, and we no longer need the data, but you require it for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR.
5. Data portability
According to Art. 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.
6. Right to revoke consent
According to Art. 7(3) GDPR, you have the right to revoke your consent at any time. This means that we may no longer continue the data processing based on this consent for the future.
7. Right to lodge a complaint
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes data protection regulations.
You can do this, for example, at the supervisory authority responsible for us:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstraße 98
24103 Kiel, Germany
8. Right to object
If your personal data is processed based on legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, according to Art. 21 GDPR, to object to the processing of your personal data, provided there are reasons arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection that we will implement without specifying any particular situation.
If you wish to exercise your right of revocation or objection, simply send us an email.
9. Existence of automated decision-making
As a responsible company, we refrain from automated decision-making or profiling.
V. Data security
We use the widely used SSL (Secure Socket Layer) protocol for encryption within the website visit. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continually improved in line with technological developments.
VI. Definitions
This privacy policy is based on the terms of the European General Data Protection Regulation (GDPR). Essential terms are explained here:
Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter 'data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject
Data subject is any identified or identifiable natural person whose personal data is being processed by the data controller.
Processing
Processing is any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent
Consent is any voluntary, informed, and unambiguous expression of will by the data subject for the specific case, in the form of a statement or other clear affirmative action, by which the data subject indicates agreement to the processing of personal data relating to them.
VII. Changes to this privacy policy
This privacy policy is current as of March 2019. Due to the further development of our website and offerings or changes in legal or regulatory requirements, it may become necessary to modify this privacy policy. The current privacy policy can be accessed and printed by you at any time on our website.