Datenschuztz EN
Pirvacy Policy
1. Introduction
With the following information, we would like to give you as a “data subject” an overview of the processing of your personal data by us and your rights under data protection laws. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.
The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to “NAVUM GmbH”. By means of this privacy policy, we would like to inform you about the scope and purpose of the personal data we collect, use and process.
As the party responsible for processing, we have implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone or post.
2. Party responsible
The party responsible within the meaning of the GDPR is
NAVUM GmbH
Am Anger 3, 82237 Wörthsee, GERMANY
Representative of the party responsible: Andreas Kopfmiller, Eugen Mang
3. Data protection officer
You can reach the data protection officer as follows
Steffen Lotze
E-mail: datenschutz@navum.de
You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
4. legal basis for processing
Art. 6 para. 1 lit. a) GDPR (in conjunction with § 25 para. 1 TTDSG) serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the fulfilment of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.
In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 lit. d) GDPR.
Ultimately, processing operations could be based on Art. 6 para. 1 lit. f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).
5. Technology
5.1 SSL/TLS-encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries that you send to us as the operator. You can recognise an encrypted connection by the fact that the address line of the browser contains a “https://” instead of a “http://” and by the lock symbol in your browser line.
We use this technology to protect your transmitted data.
5.2 Data collection when visiting the website
If you only use our website for information purposes, if you do not register or otherwise provide us with information or do not give your consent to processing that requires consent, we only collect the data that is technically necessary for the provision of the service. This is regularly data that your browser transmits to our server (“in so-called server log files”). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server log files. The following can be recorded:
1. browser types and versions used,
2. the operating system used by the accessing system
3. the website from which an accessing system reaches our website (so-called referrer)
4. the sub-websites which are accessed via an accessing system on our website
5. the date and time of access to the website
6. an internet protocol address (IP address) and,
7. the Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order to
1. deliver the content of our website correctly
2. optimise the content of our website and the advertising for it,
3. ensure the long-term functionality of our IT systems and the technology of our website, and
4. to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
This collected data and information is therefore analysed by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the data collection purposes listed above.
6. Cookies
6.1 Notes on avoiding cookies in common browsers
You can delete cookies, allow only selected cookies or deactivate cookies completely at any time via the settings of the browser you are using. Further information can be found on the support pages of the respective providers:
- Chrome: https://support.google.com/chrome/answer/95647?tid=311178978.
- Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311178978.
- Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978.
- Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.
6.2 Cookie elementor
To display our website, we use the WordPress plugin “Elementory”, which sets so-called “session storage” cookies and “local storage” cookies.
These cookies are considered essential for the functioning of the website. In this case, local storage and session storage are responsible for ensuring that pop-ups, site bars etc. are not displayed again so that the visitor can use the website undisturbed.
Local storage: Local storage is a modern, local storage of information (similar to cookies) for your browser, which can only be read by JavaScript applications.
Session storage: Just like local storage, but technically limited to the respective tab in the browser in which the information was set.
After closing the browser, the session is automatically ended and the information is deleted. This is a locally installed WP plugin. There is no transfer to third parties.
6.3 Cookie pll_language
Our website automatically adapts to the language that the user has selected in the operating system of their device. Depending on the settings in the operating system, the display language of our website is automatically adapted between German, English and French.three different language versions are available.
In order to guarantee this function, it is technically necessary to transmit the information about the language version to the WordPress plugin. We use the cookie pll_language for this purpose.
This is a locally installed WP plugin. There is no transfer to third parties.
7. Contents of our website
7.1 Data processing when opening a customer account and for contract processing
In accordance with Art. 6 para. 1 lit. b) GDPR, personal data is collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. It is possible to delete your customer account at any time, for example by sending a message to the above address of the controller. We store and use the data provided by you to fulfil the contract. After completion of the contract or deletion of your customer account, your data will be blocked, taking into account tax and commercial law retention periods, and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use of your data as permitted by law, about which we will inform you accordingly below.
7.2 Contacting us / Contact form
Personal data is collected when you contact us (e.g. via contact form or email). Which data is collected when a contact form is used can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and the deletion does not conflict with any statutory retention obligations.
8. Plugins and other services
8.1 Microsoft Teams
We use the tool “Microsoft Teams” (“MS Teams”) to carry out our communication both in written form (chat) and in the form of telephone conferences, online meetings and video conferences. The operating company of the service is Microsoft Ireland Operations (“Microsoft”), Ltd, 70 Sir John Rogerson’s Quay, Dublin, Ireland. Microsoft Ireland Operations, Ltd. is part of the Microsoft group of companies based at One Microsoft Way, Redmond, Washington, USA.
When using MS Teams, the following personal data is processed:
- Meetings, chats, voicemails, shared files, recordings and transcripts.
- Data that is shared about you. Examples include your e-mail address, profile picture and telephone number.
- A detailed history of the phone calls you make.
- Call quality data.
- Support/feedback data Information related to troubleshooting tickets or feedback sent to Microsoft.
- Diagnostic and service data Diagnostic data related to service usage.
To enable the display of video and playback of audio, the data from the microphone on your end device and from a video camera on the end device is processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. In the context of an employment relationship, corresponding data processing takes place on the basis of Section 26 BDSG. The legal basis for the use of “MS Teams” in the context of contractual relationships is Art. 6 para. 1 lit. b) GDPR. In all other cases, the legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. Our interest here is in the effective organisation of online meetings.
If we record online meetings, we will inform you of this before the start and, if necessary, ask for your consent to the recording. If you do not wish this, you can leave the online meeting.
As a cloud-based service, “MS Teams” processes the aforementioned data as part of the provision of the service. To the extent that “MS-Teams” processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for such use and as such is responsible for compliance with applicable laws and data controller obligations. If you access the MS Teams website, Microsoft is responsible for the data processing. Accessing the website is required to download the MS-Teams software.
This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.
Detailed information on data protection at Microsoft, in connection with “MS Teams”, can be found at: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.
8.2 Webex – video conferencing
We use the “Webex Meetings” software to conduct our communication in the form of telephone conferences, online meetings, video conferences and webinars (hereinafter: “online meetings”). The provider of the software is Cisco Systems GmbH, Parkring 20, 85748 Garching, Germany. Cisco Systems GmbH is part of Cisco Systems Inc. with headquarters at 170 West Tasman Dr., San Jose, USA.
Various types of data are processed when “Webex” is used. The scope of the data also depends on the data you provide before or when participating in an “online meeting”. The following personal data may be processed:
- User details such as first name, surname, email address.
- Meeting metadata such as topic, description (optional), participant IP addresses, device/hardware information.
- For recordings (optional), all video, audio and presentation recordings and text files from the online meeting chat can be processed.
- When dialling in via telephone, details of the incoming and outgoing phone number, country name, start and end time are processed. If necessary, further connection data such as the IP address of the device can be saved.
- You may have the opportunity (optional) to use the chat, question or survey functions in an “online meeting”. The text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Webex” applications.
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. In the context of an employment relationship, corresponding data processing takes place on the basis of Section 26 BDSG. The legal basis for the use of “Webex” in the context of existing or prospective contractual relationships is Art. 6 para. 1 lit. b) GDPR. In all other cases, the legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. Our interest here is in the effective organisation of “online meetings”.
If we record “online meetings”, we will inform you of this before the start and, if necessary, ask for your consent to the recording. If you do not wish this, you can leave the online meeting.
The personal data concerning you will be stored until the purpose of the data processing no longer applies. You will be informed of the storage period of recorded online meetings before recording begins. You have the option to withdraw your consent to the recording at any time, with the result that we will delete the recording.
The provider of “Webex” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing contract (Art. 28 GDPR) with “Webex”. In particular, this includes the purpose of providing, optimising and securing the service. The participation information you provide will be used for the purpose of identification in the “online meeting”. Data processing by “Webex” is carried out by the provider’s parent company, Cisco Systems, Inc. in San Jose, USA, and thus in a third country (outside the EU and the EEA). Furthermore, we cannot rule out the possibility that data is routed via internet servers located outside the EU/EEA, which may be the case in particular if participants in “online meetings” are located in a third country. However, the data is encrypted during transport via the Internet and thus protected against unauthorised access by third parties.
The parent company Cisco Systems, Inc. as a US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.
To the extent that “Webex” processes personal data in connection with the legitimate business operations of “Webex”, “Webex” is an independent data controller for such use and as such is responsible for compliance with applicable laws and obligations of a data controller. When you visit the provider’s other websites or install the provider’s application on your device, the processing of personal data is governed exclusively by the provider’s privacy policy.
Further information on “Webex” can be found at: https://trustportal.cisco.com/c/r/ctp/trust-portal.html#/1554085468927155 and at https://www.cisco.com/c/de_de/about/legal/privacy-full.html.
9. Your rights as a data subject
9.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
9.2 Right to information Art. 15 GDPR
You have the right to receive free information from us at any time about the personal data stored about you and a copy of this data in accordance with the statutory provisions.
9.3 Right to rectification Art. 16 GDPR
You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
9.4 Erasure Art. 17 GDPR
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.
9.5 Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements is met.
9.6 Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability in accordance with Art. 20 para. 1 GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
9.7 Objection Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) of the GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defence of legal claims.
In individual cases, we process personal data for direct marketing purposes. You can object to the processing of your personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you are free to exercise your right to object by automated means using technical specifications.
9.8 Revocation of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
9.9 Complaint to a supervisory authority
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection.
10. Routine storage, deletion and blocking of personal data
We process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by the legal provisions to which our company is subject.
If the storage purpose no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
11. duration of the storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of the contract.
12. topicality and amendment of the data protection declaration
This privacy policy is currently valid and has the status: May 2024.
It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at ‘https://www.navum.de/en/privacy-policy-en/’.
Version 2.00