1. Introduction

With the following information, we would like to provide you, as the “data subject,” with an overview of how we process your personal data and inform you of your rights under data protection laws. The use of our website is generally possible without entering personal data. However, if you wish to use special services offered by our company via our website, the processing of personal data may be necessary. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “NAVUM GmbH.” Through this privacy policy, we aim to inform you about the extent and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organisational measures to ensure the most comprehensive protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions may generally have security gaps, meaning absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or post.

2. Party responsible

The party responsible within the meaning of the GDPR is

NAVUM GmbH
Am Anger 3, 82237 Wörthsee, GERMANY

Representatives of the party responsible: Andreas Kopfmiller, Eugen Mang

3. Data protection officer

You can reach the data protection officer as follows

Steffen Lotze

E-mail: datenschutz@navum.de

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. legal basis for processing

Article 6(1)(a) GDPR (in conjunction with Section 25(1) TDDDG) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case with processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary for carrying out pre-contractual measures, such as enquiries about our products or services.

If our company is subject to a legal obligation that necessitates the processing of personal data, such as tax obligations, the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and their name, age, health insurance details, or other vital information had to be passed on to a doctor, hospital, or other third party. In this case, processing would be based on Article 6(1)(d) GDPR.

Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases if processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not outweigh such interest. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. The legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, Sentence 2 GDPR).

5. Technology

5.1 SSL/TLS-encryption

To ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details, or contact enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that “https://” appears instead of “http://” in the browser’s address bar and by the lock symbol in your browser bar.

We use this technology to protect your transmitted data.

5.2 Data collection when visiting the website

When you visit our website for informational purposes only, meaning you do not register or otherwise provide us with information or give consent to processing requiring approval, we only collect the data that is technically necessary for the provision of the service. This data is regularly transmitted by your browser to our server (so-called “server log files”).

Each time a page is accessed, our website collects a series of general data and information, which are stored in the server log files. These may include:

• Browser types and versions used
• The operating system used by the accessing system
• The website from which an accessing system reaches our website (so-called referrer)
• The sub-pages accessed via an accessing system on our website
• The date and time of access to the website
• An Internet Protocol (IP) address
• The internet service provider of the accessing system

We do not draw conclusions about your identity from this general data and information. Instead, this information is required to:

• Deliver the content of our website correctly
• Optimise our website content and advertising
• Ensure the long-term functionality of our IT systems and website technology
• Provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack

This data and information collected is therefore statistically analysed and further evaluated to enhance data protection and security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The data in the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes of data collection listed above.

6. Cookies

6.1 Information on avoiding cookies in common browsers

You can delete cookies, allow only selected cookies, or completely disable cookies at any time via the settings of your browser. Further information is available on the support pages of the respective providers:

• Chrome: https://support.google.com/chrome/answer/95647
• Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
• Firefox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
• Microsoft Edge: https://support.microsoft.com/en-gb/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09.

6.2 Cookie pll_language

Our website offers users different language versions. To ensure the selected language remains consistent across all pages during a session, the pll_language cookie is required for technical implementation.

This is a locally installed WP plugin, and no data is transmitted to third parties.

7. Contents of our website

7.1 Data processing when opening a customer account and for contract processing

In accordance with Article 6(1)(b) of the GDPR, personal data is collected and processed when you provide it to us for the purpose of executing a contract or opening a customer account. The specific data collected is evident from the respective input forms. You may delete your customer account at any time, for example, by sending a message to the aforementioned address of the data controller. We store and use the data you provide for contract processing. Once the contract has been fully executed or your customer account has been deleted, your data will be restricted for further processing and deleted after the statutory retention periods for tax and commercial purposes have expired, unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this, as permitted by law, which we inform you about below.

7.2 Contacting us / Contact form

When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected when using a contact form is evident from the respective form. This data is used solely for the purpose of responding to your inquiry and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted once your request has been fully processed, provided that there are no legal retention obligations preventing deletion.

7.3 Application Management

We collect and process applicants’ personal data for the purpose of handling the application process. Processing may also take place electronically, particularly if an applicant submits their application documents to us electronically, for example, via email or through a web form on our website.

If we enter into an employment or service contract with an applicant, the submitted data will be stored in compliance with legal regulations for the purpose of managing the employment relationship. If no contract is concluded with the applicant, the application documents will be automatically deleted two months after the rejection decision has been communicated, unless legitimate interests on our part prevent deletion. A legitimate interest in this sense could be, for example, the need to provide evidence in a legal proceeding under the General Equal Treatment Act (AGG).

The legal basis for processing your data is Article 6(1)(b) of the GDPR.

8. Plugins and other services

8.1 Microsoft Teams

We use the “Microsoft Teams” (“MS Teams”) tool for communication in written form (chat), as well as for telephone conferences, online meetings, and video conferences. The service provider is Microsoft Ireland Operations (“Microsoft”), Ltd., 70 Sir John Rogerson’s Quay, Dublin, Ireland. Microsoft Ireland Operations, Ltd. is part of the Microsoft group of companies, headquartered at One Microsoft Way, Redmond, Washington, USA.

When using MS Teams, the following personal data is processed:

Meetings, chats, voicemails, shared files, recordings, and transcriptions
Data shared about you, such as your email address, profile picture, and phone number
A detailed history of calls you make
Call quality data
Support/feedback data related to troubleshooting tickets or feedback sent to Microsoft
Diagnostic and service data related to service usage

To enable video display and audio playback, data from your device’s microphone and video camera is processed during the meeting. You can turn off your camera or microphone at any time via the MS Teams application.

If consent is requested for processing, it is based solely on Article 6(1)(a) of the GDPR. In the context of an employment relationship, data processing is based on Section 26 of the German Federal Data Protection Act (BDSG). The legal basis for using MS Teams in contractual relationships is Article 6(1)(b) of the GDPR. In all other cases, processing is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in effectively conducting online meetings.

If we record online meetings, we will notify you in advance and, where necessary, ask for your consent. If you do not wish to be recorded, you may leave the meeting.

As a cloud-based service, MS Teams processes the mentioned data as part of providing the service. Where MS Teams processes personal data in connection with Microsoft’s legitimate business operations, Microsoft acts as an independent data controller and is responsible for compliance with applicable laws and data controller obligations. If you visit the MS Teams website, Microsoft is responsible for data processing. Accessing the website may be necessary to download the MS Teams software.

This US company is certified under the EU-US Data Privacy Framework. Therefore, a valid adequacy decision exists under Article 45 of the GDPR, allowing the transfer of personal data without additional safeguards or further measures.

For detailed information on data protection at Microsoft in connection with MS Teams, please visit:
https://docs.microsoft.com/en-us/microsoftteams/teams-privacy.

9. Your rights as a data subject

9.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

9.2 Right to information Art. 15 GDPR

You have the right to obtain free information at any time about the personal data stored about you and to receive a copy of this data in accordance with legal regulations.

9.3 Right to rectification Art. 16 GDPR

You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, considering the purposes of processing.

9.4 Erasure Art. 17 GDPR

You have the right to request that we delete personal data concerning you without undue delay, provided that one of the legally specified reasons applies and processing or storage is not necessary.

9.5 Restriction of processing Art. 18 GDPR

You have the right to request the restriction of processing from us if one of the legal conditions is met.

9.6 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, provided that processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.

9.7 Objection Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Art. 6(1)(e) (processing in the public interest) or Art. 6(1)(f) (processing based on legitimate interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless processing serves to establish, exercise, or defend legal claims.

In individual cases, we process personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing purposes. This also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Additionally, you have the right to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.

You are also free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

9.8 Revocation of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

9.9 Complaint to a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.

10. Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period necessary to achieve the storage purpose or as required by legal regulations to which our company is subject.

If the storage purpose no longer applies or if a legally prescribed storage period expires, personal data is routinely blocked or deleted in accordance with legal requirements.

11. duration of the storage of personal data

The criterion for determining the duration of personal data storage is the respective statutory retention period. After this period expires, the corresponding data is routinely deleted unless it is still required for contract fulfillment or contract initiation.

12. topicality and amendment of the data protection declaration

This privacy policy is currently valid and has the status: March 2025.

Due to the further development of our website and offers or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The most current privacy policy can be accessed and printed at any time on our website at:
https://www.navum.de/datenschutz/

Version 2.02