Veri koruma bildirgesi

10. Use and application of other tools

10.1 Data protection regulations on the application and use of Google Analytics (with anonymization function)

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called "cookies". These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both his website and his advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

IP Anonymisation

We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.

Browser Plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link:https://tools.google.com/dlpage/gaoptout?hl=en.

Objection to data collection

You can prevent the collection of your data by Google Analytics by installing the respective browser add-on: https://support.google.com/analytics/answer/181881?hl=en

For more information about how Google Analytics treats user information, please see the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.

Data processing on behalf

We have concluded a contract with Google for data processing on behalf processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the "demographic features" function of Google Analytics. This allows reports to be generated that contain information about the age, gender and interests of the site visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be attributed to any specific person. You can disable this feature at any time by changing the ad settings in your Google Account, or generally prohibit Google Analytics from collecting your information as described in the "Opting out of data collection" section.

Storage period

User and event-level data stored at Google that is linked to cookies, user IDs (e.g., User ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. Please see the following link for details: https://support.google.com/analytics/answer/7667196?hl=en

10.2 Data protection regulations on the application and use of YouTube

On this website we have integrated components from YouTube. YouTube is an Internet video portal that enables video publishers to set video clips free of charge and for other users to view, evaluate and comment on these, also free of charge. YouTube permits the publication of all types of video so that not only complete films and television programmes but also music videos, trailers and amateur videos prepared by users can be called via the Internet portal.

Operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S.A.

With each call of one of the individual pages of this website, which is operated by the controller for the processing and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the IT system of the data subject is caused by the particular YouTube component to download a representation of the relevant YouTube component from YouTube. Further information on YouTube can be called under https://www.youtube.com/yt/about/de/. Within the framework of this technical process YouTube and Google receive knowledge of which concrete subsite of our website has been visited by the data subject.

Existing account

In so far as the data subject is at the same time logged in at YouTube, YouTube will recognize with the calling of a subsite, which contains a YouTube video, which concrete subsite of our website the data subject has visited. This information is collected by YouTube and Google and assigned to the particular YouTube account of the data subject.

YouTube and Google will always receive via the YouTube components information that the data subject has visited our website if the data subject is logged in at our website and at the same time at YouTube; this takes place regardless of whether or not the data subject has clicked on a YouTube video. If the transmitting of this information in this way to YouTube and Google is not desired by the data subject, the latter can prevent this transmission by logging out of his/her YouTube account before calling our website.

The data protection regulations published by YouTube - these can be called down at https://policies.google.com/privacy?hl=en&gl=en - provide information on the collecting, processing and using of personal data by Google and YouTube.

10.3 Data protection regulations for the use and application of Mapbox

On this website we use the offer of Mapbox. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.

By visiting the website, Mapbox receives the information that you have called up the corresponding subpage of our website. In addition, only the technically necessary data is transmitted. This includes the IP address, which is directly forwarded to the servers in the USA by Mapbox. We have no influence on the extent of the data collected by Mapbox in this way.

For more information about the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information about your rights in this regard and setting options for the protection of your privacy: https://www.mapbox.com/legal/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

10.4 Data protection regulations for the use and application of myfonts

This site uses so-called web fonts for the uniform display of fonts, which are provided by the company MyFonts Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA. When you access the website, data is also retrieved from a server of the company MyFonts, whereby MyFonts at least obtains knowledge of your IP address.

In doing so, MyFonts also collects, among other things, the information that you have called up the font via our website, as well as some technical information about your browser, as almost every web browser automatically sends this data to the server each time you call up the website. Some browsers allow you to restrict or modify the data transmitted to the server, but whether this is possible depends on the manufacturer of the browser. Even if MyFonts only needs the transmitted information, in particular the IP address, to deliver the retrieved content, it is beyond our knowledge and influence whether and to what extent MyFonts also evaluates or stores this information statistically.

Further information on data protection at MyFonts can be found under the following link: https://www.myfonts.com/info/terms-and-conditions.

10.5 Data protection regulations for the use and application of Google reCAPTCHA

On this website we also use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). This function is mainly used to distinguish whether an entry is made by a natural person or abusively by automatic and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Para. 1 letter f DSGVO on the basis of our legitimate interest in determining the individual willingness of actions on the Internet and avoiding misuse and spam.

Google LLC, based in the USA, is certified for the us-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.

Further information about Google reCAPTCHA and Google's privacy policy can be found at: https://policies.google.com/privacy?hl=en&gl=en

10.6 LinkedIn-Fanpage

We use a fanpage on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use this fanpage to:

• present our company and our services
• get and stay in contact with the community and followers
• inform the community and followers about current developments and events in the areas of data protection, information security, cybersecurity, IT forensics and legal tech
• handle questions and requests from customers and interested parties

During a visit to our site, LinkedIn, as the controller, collects personal data of the user, for example through the use of cookies. Such data collection by LinkedIn may also be carried out by visitors to this fanpage who are not logged in or registered with LinkedIn. Information about LinkedIn's data collection and further processing can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

What user data LinkedIn collects cannot be traced by NOTOS Xperts GmbH. NOTOS Xperts GmbH also has no full access to the data collected or your profile data. NOTOS Xperts GmbH can only view the public information in your profile. You can decide which information is involved in your LinkedIn settings.

If our fanpage provides a chat function, NOTOS Xperts GmbH will use your data when using the chat function to answer your request. The service and customer support information collected in this way is used to contact you in order to provide you with the information and offers you require.

NOTOS Xperts GmbH receives anonymous statistics on the use and utilization of the page from LinkedIn due to legitimate interests. The following information is provided:

• Follower: Number of persons following NOTOS Xperts GmbH - including growth and development over a defined time frame.
• Reach: Number of people who see a specific contribution. Number of interactions on a contribution. From this, it can be deduced, for example, which content is better received by the community than others.
• Ad performance: How many people were reached by a post or paid ad and have interacted with it?

We use these statistics, from which we cannot draw any conclusions about individual users, to constantly improve our online offering on LinkedIn and to better respond to the interests of our community. We cannot link the statistical data with the profile data of our followers. You can decide in your LinkedIn settings in which form targeted advertising is displayed to you.

NOTOS Xperts GmbH receives personal data via LinkedIn if you actively communicate this data to us via a personal message on LinkedIn. We use your data (e.g. first name, surname, company and position) to respond to your request. Your data will be stored for this purpose.

Further information on the data processing of personal data by NOTOS Xperts GmbH and on your rights can be found in this data protection policy.

11. Your rights

If your personal data is processed, then you are the data subject in the sense of the GDPR and you are entitled to the following rights against the controller:

11.1 Right of access by the data subject

You can demand from the controller confirmation as to whether personal data that relates to you has been processed by us.

If such processing has taken place, you can demand information on the following from the controller:

• The purposes for which the personal data is processed;
• The categories of personal data which are processed;
• The recipients or, as the case may be, the categories of recipients to which the personal data relating to you has been disclosed or will be disclosed;
• The planned duration of the storage of the personal data relating to you or - if concrete statements on this are not possible - the criteria for the laying down of duration of storage;
• The existence of a right to correction or deletion of the personal data relating to yourself, of a right to a restriction of the processing by the controller or of a right of objection to this processing;
• The existence of a right of appeal at a supervisory authority;
• All the available information on the origin of the data if the personal data was not collected at the data subject;
• The existence of an automated decision-finding process including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases - meaningful information on the logic involved and its scope and the effects strived for of such a processing for the data subject in question.

You are entitled to the right to demand information on whether the personal data relating to yourself is transmitted to a third country or an international organization. In this connection you can demand to be instructed on the suitable guarantees in accordance with Article 46 GDPR in connection with the transmission.

11.2 Right to rectification

You have a right to correction and/or complementing vis à vis the controller in so far as the personal data as processed and which relates to yourself is incorrect or incomplete. The controller has to carry out the correction without delay.

11.3 Right to restriction of the processing

Subject to the meeting of the following preconditions you can demand restriction of the processing of the personal data relating to you:

• if you dispute the correctness of the personal data relating to yourself for a period which makes it possible for the controller to check the correctness of the personal data;
• the processing is unlawful and you reject deletion of the personal data and instead demand restriction of the use of the personal data;
• the controller no longer needs the personal data for purposes of the processing but you need the data for the advancing, exercising or defending of legal claims, or
• if you have advanced objection to the processing in accordance with Article 21 Para. 1 GDPR but it has not yet been established whether the justified reasons of the controller outweigh your reasons.

If the processing of the personal data relating to yourself has been restricted, then this data - apart from the storing of this - may only be processed with your consent or for the assertion, exercising or defending of legal claims or for the protection of the rights of another natural person or legal entity or for reasons relating to an important public interest of the European Union or of a member state.

If the restriction of the processing has been restricted in accordance with the afore-mentioned preconditions, then you will be informed by the controller before the restriction is removed.

11.4 Right to erasure

11.4.1  Deletion obligation

You can demand from controller that the personal data relating to yourself is deleted without delay and the controller is then obliged to delete this data without delay in so far as one of the following reasons applies:

• The personal data relating to yourself is no longer required for the purposes for which it was collected or for which it was processed.
• You revoke your consent, on which processing in accordance with Article 6 Para. 1 lit. a or Article 9 Para.2 lit. a GDPR was based, and there is no other legal foundation for the processing.
• You submit an objection to the processing in accordance with Article 21 Para. 1 GDPR and there are no justified reasons for the processing with a higher priority, or you submit an objection to the processing in accordance with Article 21 Para. 2 GDPR.
• The personal data relating to you was processed in an unlawful manner.
• The deletion of the personal data relating to you is required to fulfil a legal obligation in accordance with European Union law or the law of the member states, which laws the controller is subject to.
• The personal data relating to you was collected in relation to services offered by the information company in accordance with Article 8 Para. 1 GDPR.

11.4.2  Information to third parties

If the controller has made the personal data relating to you public and if he/she is obliged to delete this data in accordance with Article 17 Para. 1 GDPR, then he/she shall take reasonable measures including ones of a technical nature - whereby account shall be taken of the available technology and the implementation costs - to inform the responsible parties for the data processing which process the personal data that you as data subject have demanded from them the deletion of all links to this personal data or of copies or replicates of these.

11.4.3  Exceptions

The right to deletion does not exist in so far as the processing is necessary for

• the exercising of the right of free expression of opinion and to information;
• for the fulfilment of a legal obligation, which requires the processing in accordance with the law of the European Union or the law of the member states, which laws the controller is subject to, or for the carrying out of a task, which lies in the public interest or which is carried out in the exercising of public authority, which authority was transferred to the controller;
• for reasons of public interest in the field of public health in accordance with Article 9 Para. 2 lit. h and i as well as Article 9 Para. 3 GDPR;
• for archiving purposes, scientific or historical research purposes lying in the public interest or for statistical purposes in accordance with Article 89 Para. 1 GDPR, in so far as the right named in section a) probably makes the reaching of the objectives of the processing impossible or impairs it seriously, or
• for the advancing, exercising or defending of legal claims.

Moreover, the right to deletion does not exist in so far as the personal data has to be stored by the controller in order to fulfill legal duties to preserve records and legal retention periods. In such a case instead of deletion blockage of the personal data applies.

11.5 Right to information

If you have advanced the right to the correcting, deleting or restricting of the processing vis à vis the controller, then the latter is obliged to inform all recipients, to which the personal data relating to you was disclosed, of this correction or deletion of the data or of the restricting of the processing, unless this proves itself to be impossible or linked with unreasonable expenditure.

You are entitled to the right vis à vis the controller to be informed about these recipients.

11.6 Right to data portability

You have the right to receive the personal data relating to you, which you made available to the controller, in a structured, conventional and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was made available, in so far as

• the processing is based on a consent in accordance with Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or on a contract in accordance with Article 6 Para. 1 lit. b GDPR and
• the processing is carried out with the aid of automated processes.

In exercising this right, you have in addition the right to bring about the situation that the personal data relating to you is transferred directly from one controller to another controller in so far as this is technically possible. The freedoms and rights of other persons may not be impaired thereby.

The right to data portability does not hold good for the processing of personal data, which is necessary for the carrying out of a task, which lies in the public interest or in the exercising of public authority and which task was transferred to the controller.

11.7 Right to object

For reasons which result from your particular situation you have the right to advance at any time objection to the processing of the personal data relating to you, which processing is carried out on the basis of Article 6 Para. 1 lit. e or f GDPR; this right also holds good for profiling based on these provisions.

The controller shall then no longer process the personal data relating to you, unless he/she can demonstrate compelling reasons worthy of protection, which reasons overweigh your interests, rights and freedoms or where the processing serves the advancing, exercising or defending of legal claims.

If the personal data relating to you is processed for the carrying out of direct advertising, then you have the right to advance at any time objection to the processing of the personal data relating to you for purposes of such advertising; this holds good too for profiling in so far as this is carried out in connection with such direct advertising.

If you object to the processing for purposes of direct advertising, then the personal data relating to you will no longer be processed for these purposes.

You have the opportunity - in connection with the use of services of the information company and regardless of directive 2002/58/EC – to exercise your right of objection with the aid of automated processes in which technical specifications are used.

11.8 Right to withdraw from the declaration of consent under data protection law

You have the right to withdraw your consent at any time and without giving reasons. In the event of withdrawal we immediately will delete your personal data and no longer process it. The legality of the processing carried out on the basis of your given consent and carried out prior to your withdrawal is not affected by you withdrawal.

11.9 Automated decision-making in individual cases including profiling

You have the right to not subject yourself to a decision based solely on an automated processing process - including profiling - which unfolds a legal effect vis à vis yourself or which impairs you significantly in a similar way. This does not hold good if the decision

• is necessary for the concluding or fulfilment of a contract between you and the controller,
• is permissible on the basis of legal regulations of the European Union or of its member states, which the controller is subject to, and these regulations contain reasonable measures for the maintenance of your rights and freedoms as well as for your legitimate interests or
• is carried out with your explicit consent.

However, these decisions may not be based on particular categories of personal data in accordance with Article 9 Para. 1 GDPR, in so far as Article 9 Para. 2 lit. a or g does not hold good and reasonable measures have been taken for the protection of the rights and freedoms as well as of your legitimate interests.

In respect of the cases named in (1) and (3) above the controller shall take reasonable measures to ensure the rights and freedoms as well as your legitimate interests, whereby belonging thereto is at the least the right to the affecting of the intervention of a person on the side of the controller for the representation of the controller’s standpoint and to the challenging of the decision.

11.10  Right to complain at a supervisory authority

Regardless of another regulatory or judicial remedy, you are entitled to the right to lodge a complaint at a supervisory authority and here in particular at a supervisory authority in the member state of your place of residence, of your place of work or of the place where the suspected infringement took place when you are of the opinion that the processing of the personal data relating to you infringes the GDPR.

In this situation the supervisory authority, at which the complaint was lodged, shall inform the complainant on the status and the results of the complaint including the possibility of a judicial remedy in accordance with Article 78 GDPR.

Status: 18. January 2020

Controller: NOTOS Xperts GmbH