Privacy policy

Thank you for visiting our website www.novomind.com and for your interest in our company.

The protection of your personal data, such as date of birth, name, telephone number, address, etc., is important to us.

The purpose of this privacy policy is to inform you about the processing of your personal data that we collect from you when you visit our website. Our data protection practice is in accordance with the legal regulations of the EU's General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The following data protection declaration serves to fulfil the information obligations resulting from the GDPR. These can be found, for example, in Art. 13 and Art. 14 ff. GDPR.

Responsible person

The controller within the meaning of Art. 4 No. 7 GDPR is the person who alone or jointly with others determines the purposes and means of the processing of personal data.

With regard to our website, the responsible person is:

novomind AG
Bramfelder Chaussee 45
22177 Hamburg
Germany
E-mail: info@novomind.com
Tel: +49 40 808071 0

Contact details of the data protection officer

We have appointed a data protection officer in accordance with Art. 37 of the GDPR. You can reach our data protection officer under the following contact details:

Bramfelder Chaussee 45
22177 Hamburg
Germany
E-mail: datenschutzbeauftragter@novomind.com
Tel: +49 40 8080 71 0
Fax: +49 40 8080 71 100

Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the device (e.g. computer, mobile phone, tablet, etc.) used to access it.

What personal data is collected and to what extent is it processed?

(1) Information about the browser type and version used;
(2) The operating system of the retrieval device;
(3) Host name of the accessing computer;
(4) The IP address of the retrieval device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed on our website;
(7) Websites from which the user's system accessed our website (referrer tracking);
(8) Message whether the retrieval was successful;
(9) Amount of data transmitted

This data is stored in the log files of our system. This data is not stored together with the personal data of a specific user, so that individual site visitors cannot be identified.

Legal basis for the processing of personal data

Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below.

Purpose of the data processing

The temporary (automated) storage of the data is necessary for the course of a website visit to enable delivery of the website. The storage and processing of personal data is also carried out to maintain the compatibility of our website for as many visitors as possible and to combat abuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. In addition, we use the data to optimise the website and to generally ensure the security of our information technology systems.

Duration of storage

The deletion of the aforementioned technical data takes place as soon as they are no longer required to ensure the compatibility of the website for all visitors, but no later than 3 months after accessing our website.

Possibility of objection and deletion

You can object to the processing at any time in accordance with Article 21 of the GDPR and request the deletion of data in accordance with Article 17 of the GDPR. You can find out which rights you have and how to exercise them at the bottom of this privacy policy.

Special functions of the website

Our site offers you various functions, during the use of which personal data is collected, processed and stored by us. We explain below what happens to this data:

Contact form(s)

What personal data is collected and to what extent is it processed?

We will process the data you have entered in the input mask of our contact forms to fulfil the purpose stated below.
Legal basis for the processing of personal data

Art. 6 para. 1 lit. a GDPR (consent through clear confirming action or behaviour)
Purpose of the data processing

We will only use the data recorded via our contact form or contact forms for processing the specific contact enquiry received through the contact form.
Duration of storage

After processing your request, the collected data will be deleted immediately, unless there are legal retention periods.
Revocation and deletion option

The revocation and deletion options are based on the general regulations on the right of revocation and deletion under data protection law described below in this data protection declaration.
Necessity of providing personal data

The use of the contact forms is on a voluntary basis and is neither contractually nor legally required. You are not obliged to contact us via the contact form, but can also use the other contact options provided on our site. If you wish to use our contact form, you must fill in the fields marked as mandatory. If you do not fill in the required information on the contact form, you will either not be able to send the enquiry or we will unfortunately not be able to process your enquiry.

Newsletter registration form

What personal data is collected and to what extent is it processed?

By registering for the newsletter on our website, we receive the e-mail address entered by you in the registration field and, if applicable, further contact data, provided that you communicate this to us via the newsletter registration form.
Legal basis for the processing of personal data

Art. 6 para. 1 lit. a GDPR (consent through clear confirming action or behaviour)
Purpose of the data processing

The data recorded in the registration mask of our newsletter will be used by us exclusively for sending our newsletter, in which we inform you about all our services and our news. After registration, we will send you a confirmation e-mail containing a link that you must click to complete the registration for our newsletter (double opt-in).
Duration of storage

You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link, which is also included in every newsletter. Your data will be deleted by us immediately after unsubscription. Likewise, your data will be deleted by us immediately in the event that your subscription is not completed. We reserve the right to delete without giving reasons and without prior or subsequent information.
Revocation and removal option

You can revoke your consent at any time in accordance with Art. 7 (3) GDPR. However, the processing carried out up to the time of the revocation remains unaffected by this. With regard to the other rights, we refer to the overview at the end of this data protection declaration.
Necessity of providing personal data

If you would like to use our newsletter, you must fill in the fields marked as mandatory and confirm your e-mail address by clicking on the double opt-in link. The newsletter registration details are neither necessary to enter into a contract with us, nor are they legally binding. They are used exclusively for sending our newsletter. If you do not fill in the necessary information, we will unfortunately not be able to provide you with our newsletter service.

Automated credit assessment / scoring

If you wish to conclude a contract with us, we reserve the right to carry out exclusively automated processing of your personal data in order to check your creditworthiness. We are also entitled to make such an automated decision pursuant to Article 22 (2) a of the GDPR. Whether the contract can be concluded or not depends on the result of the automated credit check. In a credit check, statistical probabilities of a payment default are calculated. The creditworthiness information may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical procedures. In this process, the customer's future risk of non-payment is inferred by means of a large number of characteristics, such as income, address data, occupation, marital status and previous payment behaviour. The result is expressed in the form of a payment value (so-called score). The information obtained in this way forms the basis of our decision on the establishment, implementation or termination of a contractual relationship. If you believe that you have been wrongly excluded from concluding a contract due to the credit check, you are welcome to explain your point of view to us by e-mail. We will then review the automated decision in accordance with Article 22 (3) of the GDPR in the specific individual case. In order to be able to carry out the credit check, we may store and process your personal data in accordance with Art. 6 Para. 1 lit. b GDPR.

We transmit your data to the following provider(s) on the basis of the contract in progress in the cases listed below:

Creditreform Hamburg von der Decken KG:

Our company regularly checks your creditworthiness when concluding contracts and, in certain cases where there is a legitimate interest, also for existing customers. For this purpose, we work together with Creditreform Hamburg von der Decken KG, Wandalenweg 8-10, 20097 Hamburg, Germany (https://www.creditreform.de/hamburg), from which we receive the data required for this purpose. On behalf of Creditreform Hamburg von der Decken KG we inform you in advance about the following information according to Art. 14 EU-GDPR:

The Creditreform Hamburg von der Decken KG is a consumer credit agency. It operates a database in which creditworthiness information about private individuals is stored.

On this basis, Creditreform Hamburg von der Decken KG provides creditworthiness information to its customers. Customers include, for example, credit institutions, leasing companies, insurance companies, telecommunications companies, receivables management companies, mail order, wholesale and retail companies and other companies that supply goods or services. Within the framework of the legal provisions, some of the data available in the information database is also used to supply other company databases, including for use for address trading purposes.

In the database of Creditreform Hamburg von der Decken KG, information is stored in particular on the name, address, date of birth, e-mail address if applicable, payment history and shareholding relationships of persons. The purpose of the processing of the stored data is to provide information about the creditworthiness of the requested person. The legal basis for the processing is Art. 6 para. 1f EU GDPR. Accordingly, information about this data may only be provided if a customer credibly demonstrates a legitimate interest in knowing this information. If data is transferred to countries outside the EU, this is done on the basis of the so-called "standard contractual clauses", which you can find under the following link:

http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32001D0497&from=DE

or have them sent to you from there.

The data is stored as long as its knowledge is necessary for the fulfilment of the purpose of the storage. As a rule, knowledge is necessary for an initial storage period of three years. After expiry, it is checked whether storage is still necessary, otherwise the data is deleted on the exact day. In the event that a case is settled, the data will be deleted on a daily basis three years after settlement. Pursuant to section 882e of the Code of Civil Procedure (ZPO), entries in the debtors' register are deleted on a daily basis after three years have elapsed since the date of the entry order.

Legitimate interests within the meaning of Art. 6 (1f) EU GDPR may be: credit decision, business initiation, investment relationships, claims, credit assessment, insurance contract, enforcement information. You have the right to obtain information from Creditreform Hamburg von der Decken KG about the personal data stored about you. If the data stored about you is incorrect, you have the right to have it corrected or deleted. If it cannot be determined immediately whether the data is incorrect or correct, you have a right to block the respective data until clarification. If your data is incomplete, you may request that it be completed.

If you have given your consent to the processing of the data stored at Creditreform Hamburg von der Decken KG, you have the right to revoke this consent at any time. The revocation does not affect the lawfulness of the processing of your data based on your consent until a possible revocation.

If you have any objections, requests or complaints regarding data protection, you can contact the data protection officer of Creditreform Hamburg von der Decken KG at any time. He or she will help you quickly and confidentially with all data protection issues. You can also complain about the processing of data by Creditreform Hamburg von der Decken KG to the state data protection commissioner responsible for your state.

The data that Creditreform Hamburg von der Decken KG has stored about you comes from publicly accessible sources, from debt collection companies and from their customers.

To describe your creditworthiness, Creditreform Hamburg von der Decken KG calculates a score value for your data. Data on age and gender, address data and, in some cases, payment experience data are included in the score. These data are included in the score calculation with different weighting. The Creditreform Hamburg von der Decken KG customers use the score values as an aid in making their own credit decisions.

Right of objection:

The processing of the data stored at Creditreform Hamburg von der Decken KG is carried out for compelling reasons worthy of protection of creditors and credit protection that regularly outweigh your interests, rights and freedoms or serves the assertion, exercise or defence of legal claims. You can only object to the processing of your data for reasons that arise from your special situation and must be proven. If such special reasons can be proven, the data will no longer be processed. If you object to the processing of your data for advertising and marketing purposes, the data will no longer be processed for these purposes.

The responsible party in the sense of Art. 4 No. 7 EU-GDPR is Creditreform Hamburg von der Decken KG, Wandalenweg 8-10, 20097 Hamburg, Germany (https://www.creditreform.de/hamburg). You can reach Creditreform Hamburg von der Decken KG regarding all questions under the following contact details Tel.: +49 (0) 40 23604 - 100, Fax: +49 (0) 40 23604 - 195, e-mail: info@hamburg.creditreform.de

You can reach the responsible data protection officer under the following contact details: Creditreform Hamburg von der Decken KG, Data Protection Officer, Wandalenweg 8-10, 20097 Hamburg, Germany, https://www.creditreform.de/hamburg.

Statistical analysis of visits to this website - Webtracker

We collect, process and store the following data when this website or individual files on the website are accessed: IP address, website from which the file was accessed, name of the file, date and time of access, amount of data transferred and report on the success of the access (so-called web log). We use this access data exclusively in a non-personalised form for the continuous improvement of our website and for statistical purposes. We also use the following web trackers to evaluate visits to this website:

Custom Audiences

We use on our site the service Custom Audiences of the company Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, e-mail: impressum-support@support.facebook.com, website: http://facebook.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

Facebook Custom Audience is an advertising tool from Facebook that can be used to run targeted advertising campaigns to page visitors.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.facebook.com/about/privacy.

The provider also offers an opt-out option at https://www.facebook.com/about/privacy.
Facebook Connect

We use on our site the service Facebook Connect of the company Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, e-mail: impressum-support@support.facebook.com, website: http://www.facebook.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

Via Facebook Connect, users can use their Facebook profile to simplify logging in to other web services.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.facebook.com/about/privacy.

The provider also offers an opt-out option at https://www.facebook.com/about/privacy.
Google

We use on our site the service Google of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

We use Google in order to be able to load further services from Google on the website. The service is used to provide further Google services, such as the data processing required for the provision of streams and fonts and relevant Google search content. It is technically required in order to be able to exchange the site visitor's information already available to Google between the Google services and to be able to provide the site visitor with individual content adapted to his or her Google account.

For processing itself, the service or we collect the following data: Background data stored in the Google user account or at other Google services about the page visitor, background data for the provision of Google services such as streaming data or advertising data, data about the page user's use of Google search, details of the terminal device used, the IP address and the user's browser and other data from Google services for the provision of Google services related to our website.

If the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. As part of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. when using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google Apis, Doubleclick, Google Cloud, Google Ads and Google Fonts in accordance with the Google Privacy Policy. You can view the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
Google Ads

We use on our site the service Google Ads of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

Google Ads is an advertising system with which we can place adverts on external websites on the Internet to inform our customers about our services. Google Ads displays adverts on external websites that are individually tailored to our clientele and lead to our website according to parameters set by us. If the site visitor clicks on the Google Ads advert, they are taken to our website. In order to be able to measure the success and remuneration of Google Ads advertisements, Google Ads measures the success of the advertising measure when our website is accessed. Our website processes the data provided by Google Ads in order to analyse and improve our advertising measures and to calculate any remuneration that may be due. Your data may also be used for remarketing purposes if you have given your consent.

For processing itself, the service or we collect the following data: Data on page visitors' advertising interests, page visitors' interactions with advertisements related to our website, data on the visit to our website by page visitors who have previously clicked on Google Ads advertisements and arrived at our website, data on the terminal device used, the IP address and the user's browser and further data from Google services for the provision and refinement of Google advertisements related to our website.

if the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. As part of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. when Google Ads are used on our website, Google may transmit and process information from other Google services in order to provide background services for the improvement and individualisation of Google advertising. For this purpose, data may also be processed by other Google services such as Google Apis, Google Cloud, Google Ads, Google Analytics, Google Tag Manager, Google Marketing Platform and Google Fonts in accordance with the Google Privacy Policy under Google's own responsibility under data protection law. You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list. Further information on the responsible handling of business data can be found at https://business.safety.google/privacy/.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
Google Analytics

We use on our site the service Google Analytics of the company Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

Google Analytics is a web tracker that analyses the behaviour of page visitors and their interactions with our website and provides us with evaluations and forecasts about the content and products of our website and their popularity (so-called tracking). we have integrated Google Analytics so that the service can compile an analysis of the page users' surfing behaviour. For this purpose, Google collects the page interactions of page visitors with our website and, if applicable, existing information resulting from the reading of cookies or other storage technologies and processes it statistically for us. google Analytics uses data processing technologies that make it possible to track individual page visitors and their interaction with other Google services such as the Google Ads advertising network. Data from other Google services are also used to close data gaps and to create comprehensive statistics on the content of our website by means of machine learning technologies, modelled statistics and forecasting functions. If Google Analytics is activated on our website, the data determined by Google Analytics are transmitted to servers of the company Google Ireland Limited. As part of the order processing, personal data may also be transmitted to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. we carry out the analysis through Google Analytics in order to constantly optimise our internet offer and make it more available. This is a so-called reach measurement.

For processing itself, the service or we collect the following data: Data on the interactions of page visitors with the content of the website, data on the handling of the services presented on our website, data from external Google services, insofar as they interact with our website, such as advertising data or data on behaviour in relation to advertising, data on the gross geographical origin, the browser used, operating system and other information on the terminal device used.

Google Analytics will store the data relevant for the provision of web tracking for as long as it is necessary to fulfil the booked web service. Data collection and storage is anonymised. Insofar as individual interactions of site visitors make it possible to subsequently establish a personal reference to specific actions, we will delete the collected data when the purpose has been achieved. The data will be deleted at the latest when it is not subject to any statutory retention obligations. As a rule, we will delete this data after 12 months at the latest. You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://tools.google.com/dlpage/gaoptout?hl=de.
Google Analytics (Google Signals)

We use on our site the service Google Analytics (Google Signals) of the company Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

Google Analytics is a web tracker that analyses the behaviour of page visitors and their interactions with our website and provides us with evaluations and forecasts about the content and products of our website and their popularity (so-called tracking). we have integrated Google Analytics so that the service can compile an analysis of the page users' surfing behaviour. For this purpose, Google collects the page interactions of page visitors with our website and, if applicable, existing information resulting from the reading of cookies or other storage technologies and processes it statistically for us. google Analytics uses data processing technologies that make it possible to track individual page visitors and their interaction across devices and sessions with other Google services such as the Google Ads advertising network. Data from other Google services are also used to close data gaps by means of machine learning technologies, modelled statistics and forecasting functions and to create comprehensive statistics on the content of our website. If Google Analytics is activated on our website, the data determined by Google Analytics are transmitted to servers of Google Ireland Limited. As part of the order processing, personal data may also be transmitted to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. The transmission of personal data also takes place in the U.S.A. We carry out the analysis through Google Analytics in order to constantly optimise our internet offer and make it more available. This is a so-called reach measurement.

For processing itself, the service or we collect the following data: Data on the interactions of page visitors with the content of the website, data on the handling of the services presented on our website, data from external Google services, insofar as they interact with our website, such as advertising data or data on behaviour in relation to advertising, data on the rough geographical origin, the browser used, operating system as well as further information on the end device used, where applicable, across devices and independent of the session.

Google Analytics will store the data relevant for the provision of web tracking for as long as it is necessary to fulfil the booked web service. Data collection and storage is anonymised. Insofar as individual interactions of site visitors make it possible to subsequently establish a personal reference to specific actions, we will delete the collected data when the purpose has been achieved. The data will be deleted at the latest when it is not subject to any statutory retention obligations. As a rule, we will delete this data after 12 months at the latest. You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://tools.google.com/dlpage/gaoptout?hl=de.
Google Tag Manager

We use on our site the service Google Tag Manager of the company Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

Google Tag Manager provides a technical platform for executing and bundling other web tools and web tracking programmes by means of so-called "tags". in this context, Google Tag Manager stores cookies on your computer and analyses your surfing behaviour (so-called "tracking"), insofar as web tracking tools are executed using Google Tag Manager. The data generated by the "tags" are compiled, stored and processed by Google Tag Manager under a uniform user interface. All integrated "tags" are listed separately again in this data protection declaration. When you use our website with the integration of Google Tag Manager "tags" activated, data such as your IP address and your user activities in particular are transmitted to Google servers. The tracking tools used in Google Tag Manager ensure that the IP address is anonymised by Google Tag Manager before transmission by means of IP anonymisation of the source code. With Tag Manager, measured values from different service providers (Google and third-party providers) can be linked and evaluated on the basis of the so-called tag management. Google Tag Manager helps us to compile reports on website activity and to control the web tools of our website.

For processing itself, the service or we collect the following data: Cookies, web tracking data, outgoing or incoming links, information generated by the integration and activation of JavaScript code on the website from Google Tag Manager and the web tools triggered by Google Tag Manager.

you can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://policies.google.com/privacy.
New Relic

We use on our site the service New Relic of the company New Relic International Limited, 31-36 Golden Lane , 8 Dublin, Ireland, e-mail: privacy@newrelic.com, website: https://newrelic.com/. Personal data is transmitted exclusively to servers in the European Union.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

New Relic enables the control of the data transfers taking place on the website via various tracking mechanisms and evaluates them for the website provider.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://newrelic.com/privacy.

The provider also offers an opt-out option at https://newrelic.com/privacy.
usercentrics

We use on our site the service usercentrics of the company Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, e-mail: contact@usercentrics.com, website: https://usercentrics.com/. Personal data is transmitted exclusively to servers in the European Union.

The legal basis for the processing is Art. 6 para. 1 lit. c GDPR. The use of the service helps us to comply with our legal obligations.

By integrating Usercentrics, we fulfil our legal obligation with regard to the consent management required for cookies.

You can find out what rights you have with regard to processing at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://usercentrics.com/de/datenschutzerklaerung/.

The provider also offers an opt-out option at https://usercentrics.com/de/datenschutzerklaerung/.

Integration of external web services and processing of data outside the EU

On our website, we use active content from external providers, so-called web services. When you visit our website, these external providers may receive personal information about your visit to our website. This may involve the processing of data outside the EU. You can prevent this by installing an appropriate browser plug-in or deactivating the execution of scripts in your browser. This may result in functional restrictions on websites that you visit.

We use the following external web services:

CloudFlare

We use on our site the service CloudFlare of the company Cloudflare, Inc., 101 Townsend St, 94107 San Francisco, United States, e-mail: support@cloudflare.com, website: https://www.cloudflare.com/de-de/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below.

Cloudflare is a so-called content delivery network that provides security functions in addition to splitting the website across several servers. Cloudflare also acts as a reverse proxy for our website.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

With regard to the processing, you have the right to object as set out in Art. 21. You can find more information at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.cloudflare.com/privacypolicy/.
HubSpot Forms by HubSpot

We use on our site the service HubSpot Forms by HubSpot of the company HubSpot, Inc, 25 First Street, 2141 Cambridge, United States, e-mail: privacy@hubspot.com, website: https://www.hubspot.de/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

With the help of hsforms we can easily provide you with surveys and forms on our website.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://legal.hubspot.com/de/privacy-policy.
Hubspot

We use on our site the service Hubspot of the company HubSpot, Inc, 25 First Street, 2141 Cambridge, United States, e-mail: hubspotgermany@hubspot.com, website: https://www.hubspot.de/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below.

HubSpot is a CRM platform for marketing, sales and service. The service provides us with tools for social media marketing, content management, web analytics, customer service and search engine optimisation, among others.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

With regard to the processing, you have the right to object as set out in Art. 21. You can find more information at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://legal.hubspot.com/de/privacy-policy.
Hubspot-Cookie Banner

We use the service Hubspot-Cookie Banner of the company Hubspot, Inc., 25 First Street, 2141 Cambridge, United States, e-mail: privacy@hubspot.com on our website. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing is Art. 6 para. 1 lit. c GDPR. The use of the service helps us to comply with our legal obligations.

Through the service, a cookie banner is embedded on our site, which we use to fulfil our legal obligations.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can find out what rights you have with regard to processing at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://legal.hubspot.com/de/privacy-policy.
LinkedIn

We use on our site the service LinkedIn of the company LinkedIn Ireland Unlimited Company, Wilton Place, 2 Dublin, Ireland, e-mail: info_impressum@cs.linkedin.com, website: https://www.linkedin.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

When using the Linkedin plugin, we establish a connection to the Linkedin platform in order to give logged-in Linkedin members the opportunity to interact with us.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.

The provider also offers an opt-out option at https://www.linkedin.com/help/linkedin/answer/68763?lang=de.
Rechtstextsnippet und Module

We use on our site the service Rechtstextsnippet und Module of the company Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, e-mail: support@website-check.de, website: https://www.website-check.de/. Personal data is transmitted exclusively to servers in the European Union.

The legal basis for the processing is Art. 6 para. 1 lit. c GDPR. The use of the service helps us to comply with our legal obligations.

With the help of the service, the contents of our legal texts are reloaded on our website. The respective current legal texts are reloaded via the integration on our page. This integration may also be used to reload further technical modules with regard to the legal texts or legally required elements.

You can find out what rights you have with regard to processing at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.website-check.de/datenschutzerklaerung/.
Vimeo

We use on our site the service Vimeo of the company Vimeo, Inc., 555 West 18th Street, 10011 New York, United States, e-mail: Privacy@vimeo.com, website: http://www.vimeo.com/. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

Videos from the Vimeo platform are integrated on our website via the Vimeo service.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://vimeo.com/privacy.

The provider also offers an opt-out option at https://vimeo.com/privacy.
Website-Check Siegel

We use on our site the service Website-Check Siegel of the company Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, e-mail: support@website-check.de, website: https://www.website-check.de/. Personal data is transmitted exclusively to servers in the European Union.

The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below.

The script of Website-Check GmbH is the technical integration of the Website-Check seal. With this seal, we would like to show that we take the issue of data protection very seriously. The transmission of data to Website-Check GmbH takes place for the delivery and display of the seal on our site.

With regard to the processing, you have the right to object as set out in Art. 21. You can find more information at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider's privacy policy at https://www.website-check.de/datenschutzerklaerung/.
Social Plug-In - "Facebook by META"
- What personal data is collected and to what extent is it processed?
  
  On our website we have integrated a social plug-in of the social network "Facebook by META", which is operated by the Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, e-mail: impressum-support@support.facebook.com, website: http://www.facebook.com/ ("Facebook by META"). When you call up a page that contains such a plug-in, your browser automatically establishes a background connection to the servers of Facebook by META. The content of the plug-in is transmitted directly to your browser by Facebook by META and only integrated into our site. Through this integration, Facebook by META receives the information that your browser has loaded a specific page of our website. This also applies if you do not have a Facebook by META profile or are not currently logged in to Facebook by META. This information (including your IP address) is transmitted by your browser directly to a server of Facebook by META in Ireland and stored there. If you are logged in to Facebook by META, Facebook by META can directly assign your visit to our website to your Facebook by META profile. If you interact with the plug-ins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a server of Facebook by META and stored there. The information is also published on your Facebook by META profile and displayed to your Facebook by META contacts that you have activated for this purpose.
- Legal basis for the processing of personal data
  
  Art. 6 para. 1 lit. a GDPR (if you have registered with "Facebook by META") and Art. 6 para. 1 lit. f GDPR (if you have not registered with Facebook by META ). Insofar as processing takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, the legitimate interest of the site operator is to enable user interaction with the content of the site operator at Facebook by META.
- Purpose of the data processing
  
  The primary purpose of the data collection is to offer you a possibility of social interaction linked to Facebook by META and thus to make our website interactive. The scope of data collection and the further processing and use of the data you leave behind by Facebook by META, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection information of Facebook by META: https://www.facebook.com/about/privacy
- Duration of storage
  
  Facebook by META will store the data relevant for the provision of the web service for as long as it is necessary. Insofar as the data is subject to statutory retention obligations, it will be deleted after the retention obligation has expired.
- Possibility of objection and deletion
  
  If you do not want the social plug-in from Facebook by META to run, you can also prevent it from running by installing an appropriate add-on or script blocker. If you do not want Facebook by META to assign the data collected via our website to your Facebook by META profile, you must log out of Facebook by META before visiting our website. The options for objection and removal are also based on the general regulations on the right of objection and deletion under data protection law described below in this data protection declaration.

Information about the use of cookies

What personal data is collected and to what extent is it processed?

We integrate and use cookies on various pages to enable certain functions of our website and to integrate external web services. The so-called "cookies" are small text files that your browser can store on your access device. These text files contain a characteristic string that uniquely identifies the browser when you return to our website. The process of saving a cookie file is also referred to as "setting a cookie". Cookies can be set both by the website itself and by external web services. Cookies are set by our website or external web services in order to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent. Cookie technology also allows us to recognise individual visitors by pseudonyms, e.g. a unique or random ID, so that we can provide more personalised services. Details are shown in the table below.
Legal basis for the processing of personal data

Insofar as the cookies are processed on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR, this consent is also deemed to be consent within the meaning of Section 25 para. 1 TDDDG for the setting of the cookie on the user's terminal device. Insofar as another legal basis is stated in accordance with the GDPR (e.g. to fulfil a contract or to fulfil legal obligations), the storage or setting is based on an exception in accordance with Section 25 (2) TDDDG. This is the case "if the sole purpose of storing information in the end user's terminal equipment or the sole purpose of accessing information already stored in the end user's terminal equipment is to carry out the transmission of a communication over a public telecommunications network" or "where the storage of information in the end-user's terminal equipment or access to information already stored in the end-user's terminal equipment is strictly necessary to enable the provider of a digital service to provide a digital service explicitly requested by the user". The relevant legal basis can be found in the cookie table listed later in this section.
Purpose of the data processing

The cookies are set by our website or the external web services in order to maintain the full functionality of our website, to improve the user-friendliness or to pursue the purpose stated with your consent. Cookie technology also allows us to recognise individual visitors by pseudonyms, e.g. an individual or random IDs, so that we can offer more personalised services. Details are provided in the table below.
Duration of storage

Our cookies are stored until they are deleted in your browser or, if they are session cookies, until the session has expired. Details are listed in the following table.
Possibility of objection and removal

You can set your browser according to your wishes so that the setting of cookies is generally prevented. You can then decide on a case-by-case basis whether to accept cookies or accept cookies in principle. Cookies can be used for various purposes, e.g. to recognise that your access device is already connected to our website (permanent cookies) or to save recently viewed offers (session cookies). If you have expressly given us permission to process your personal data, you can revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.

Cookie name	Server	Provider	Purpose	Legal basis	Storage period	Type
IDE	.doubleclick.net	Website operator](#responsible-entity)	This cookie collects statistical data on website visitors and selects the information according to factors such as demographics, country, etc.. This serves to individualise the user's advertising.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 24 months	Marketing
JSESSIONID	.nr-data.net	New Relic	We use the cookie "JSESSIONID" to manage the user session on our website. This cookie is used to provide a unique identifier for a user's session as they move through our website. It allows us to track the state of the session and ensure that the server can correctly identify the user to ensure smooth interaction with the website.	Art. 6 para. 1 lit. f GDPR (legitimate interests)	Session	Comfort
__cf_bm	.vimeo.com	Vimeo	Cloudflare places the __cf_bm cookie on end-user devices that access customer websites protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for these bot solutions to function properly. The cookie contains information to calculate Cloudflare's own bot score and, if anomaly detection is enabled in Bot Management, a session identifier. The information in the cookie (with the exception of time-related information) is encrypted and can only be decrypted by Cloudflare.	Art. 6 para. 1 lit. f GDPR (legitimate interests)	approx. 30 minutes	Security
__cf_bm	.hsforms.net, .hubspot.com	Hubspot	Cloudflare places the __cf_bm cookie on end-user devices that access customer websites protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for these bot solutions to function properly. The cookie contains information to calculate Cloudflare's own bot score and, if anomaly detection is enabled in Bot Management, a session identifier. The information in the cookie (with the exception of time-related information) is encrypted and can only be decrypted by Cloudflare.	Art. 6 para. 1 lit. f GDPR (legitimate interests)	approx. 31 minutes	Security
__cf_bm	.hsforms.com	HubSpot Forms by HubSpot	Cloudflare places the __cf_bm cookie on end-user devices that access customer websites protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for these bot solutions to function properly. The cookie contains information to calculate Cloudflare's own bot score and, if anomaly detection is enabled in Bot Management, a session identifier. The information in the cookie (with the exception of time-related information) is encrypted and can only be decrypted by Cloudflare.	Art. 6 para. 1 lit. f GDPR (legitimate interests)	approx. 31 minutes	Security
__hssc	.novomind.com	Hubspot	This cookie stores the domain, the number of visitors and the time of the start of the visits. It thus determines whether the number of sessions needs to be increased.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 31 minutes	Analytics
__hssrc	.novomind.com	Hubspot	This cookie measures whether the visitor has restarted his browser and thus determines whether there is a new website visit.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	Session	Configuration
__hstc	.novomind.com	Hubspot	This cookie stores the domain, the user token, the time of the first, last and current visit, as well as the number of sessions on the page.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 6 months	Analytics
_cfuvid	.vimeo.com	Vimeo	This cookie is part of the services offered by Cloudflare - including load balancing, delivery of website content and provision of DNS connections for website operators. It is used for rate limiting to distinguish individual users who share the same IP address.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	Session	Configuration
_cfuvid	.hubspot.com	Hubspot	This cookie is part of the services offered by Cloudflare - including load balancing, delivery of website content and provision of DNS connections for website operators. It is used for rate limiting to distinguish individual users who share the same IP address.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	Session	Configuration
_cfuvid	.hsforms.com	HubSpot Forms by HubSpot	This cookie is part of the services offered by Cloudflare - including load balancing, delivery of website content and provision of DNS connections for website operators. It is used for rate limiting to distinguish individual users who share the same IP address.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	Session	Configuration
_dc_gtm_UA-	novomind.com	Google Analytics	This cookie is the Google Analytics tracking cookie. This cookie stores a unique visitor ID, the date and time of the first visit, the start time of the active visit and the number of all page visitors to our website.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 2 minutes	Analytics
_fbp	.com, .novomind.com	Facebook Connect	Facebook uses this cookie to display advertising products and to assign advertising clicks to a user.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 3 months	Marketing
_ga	novomind.com	Google Analytics	This cookie assigns an ID to a user so that the web tracker can group the user's actions under this ID.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 24 months	Analytics
_ga	novomind.com	Google Analytics	This cookie assigns an ID to a user so that the web tracker can group the user's actions under this ID.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 24 months	Analytics
_ga_	novomind.com	Google Analytics	This cookie stores a unique ID for a website visitor in connection with Google Analytics or Google Tag Manager and tracks how the visitor uses the website.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 24 months	Analytics
_gat_UA-229746-1	novomind.com	Google Analytics	This cookie allows us to save individual comfort settings you have selected and to retain them for your current and future visits to the site.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 2 minutes	Configuration
_gat_UA-229746-8	novomind.com	Google Analytics	This cookie allows us to save individual comfort settings you have selected and to retain them for your current and future visits to the site.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 2 minutes	Configuration
_gcl_au	novomind.com	Google Tag Manager	This cookie is used by Google AdSense to increase the efficiency of advertising.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 3 months	Marketing
_gid	novomind.com	Google Analytics	This cookie assigns an ID to a user so that the web tracker can group the user's actions under this ID.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 24 hours	Analytics
bscookie	.linkedin.com	LinkedIn	The cookie used assigns an ID to the page visitor and determines statistical data on the page visitor's website visits. This serves to individualise the advertising displayed to the user.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 12 months	Marketing
hubspotutk	.novomind.com	Hubspot	This cookie is used by HubSpot to track visitors to the website.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 6 months	Analytics
lang	www.novomind.com	Website operator](#responsible-entity)	Saves the language version of a web page selected by the user	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	Session	Configuration
li_gc	.linkedin.com	LinkedIn	This cookie is used to store guests' consent to the use of non-mandatory cookies.	Art. 6 para. 1 lit. c GDPR (fulfilment of legal obligation)	approx. 6 months	Cookie banner
lidc	.linkedin.com	LinkedIn	This cookie assigns an ID to the page visitor. This ID is used to collect data on visitor behaviour on several websites in order to display individual advertising to the site visitor.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 24 hours	Marketing
nabAlternative	www.novomind.com	Website operator](#responsible-entity)	This cookie allows us to save individual comfort settings you have selected and to retain them for your current and future visits to the site.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 4 months	Configuration
nabCheckWritePermission	www.novomind.com	Website operator](#responsible-entity)	This cookie allows us to save individual comfort settings you have selected and to retain them for your current and future visits to the site.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	Session	Configuration
nabExperimentsWithPageViews	www.novomind.com	Website operator](#responsible-entity)	This cookie allows us to save individual comfort settings you have selected and to retain them for your current and future visits to the site.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 4 months	Configuration
nabSegmentation	www.novomind.com	Website operator](#responsible-entity)	This cookie allows us to save individual comfort settings you have selected and to retain them for your current and future visits to the site.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	Session	Configuration
nabUniqueViews	www.novomind.com	Website operator](#responsible-entity)	This cookie allows us to save individual comfort settings you have selected and to retain them for your current and future visits to the site.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 4 months	Configuration
nelioTestingAccepted	www.novomind.com	Google Tag Manager	This cookie allows us to save individual comfort settings you have selected and to retain them for your current and future visits to the site.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 30 days	Configuration
player	.vimeo.com	Vimeo	The cookie stores the user's preferences when playing embedded videos from Vimeo on our website.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 12 months	Configuration
test_cookie	.doubleclick.net	Website operator](#responsible-entity)	This cookie is set to determine whether the website visitor's browser supports cookies for the Doubleclick service.	Art. 6 para. 1 lit. c GDPR (fulfilment of legal obligation)	approx. 15 minutes	Cookie banner
vuid	.vimeo.com	Vimeo	Collects data about the user's visits to the website, such as which videos have been viewed.	Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent)	approx. 24 months	Analytics

Data security and data protection, communication by e-mail

Your personal data is protected by technical and organisational measures during collection, storage and processing so that it is not accessible to third parties. In the case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so that we recommend encrypted communication or the postal service for information requiring a high level of confidentiality.

Automatic e-mail archiving

Scope of the processing of personal data

We expressly point out that our mail system has an automated archiving procedure. All incoming and outgoing e-mails are digitally archived in an audit-proof manner.
Legal basis for the processing of personal data

Art. 6 para. 1 lit. c GDPR (legal obligation). The legal obligation consists of compliance with tax and commercial law requirements (e.g. §§ 146, 147 AO, §§ 238, 257 HGB).
Purpose of the data processing

The purpose of archiving is to comply with tax law requirements (e.g. §§ 146, 147 AO - obligation to retain e-mails of relevance to tax law) and commercial law requirements (e.g. §§ 238, 257 HGB - obligation to archive business correspondence).
Duration of storage

Our mail communication is stored until the expiry of storage obligations under tax and commercial law. The storage period can be up to 10 years.
Possibility of objection and deletion

You can object to the processing at any time in accordance with Article 21 of the GDPR and request the deletion of data in accordance with Article 17 of the GDPR. You can find out which rights you have and how to exercise them at the bottom of this privacy policy.
Dealing with application documents

If you have any questions regarding our e-mail archiving system, please contact our data protection officer. In addition, we would like to point out that we only consider application documents in PDF file format. Zipped files (WinZip, WinRAR, 7Zip, etc.) are filtered out by our security systems and will not be delivered. We do not consider applications in Word file format and other file formats and delete them unread. Please note that application documents sent by e-mail without encryption may be opened by third parties before they reach our IT systems. We assume that we may also reply to unencrypted application e-mails unencrypted. If you do not wish this, please let us know in your application e-mail.

Right to information and correction requests - Deletion & restriction of data - Revocation of consent - Right to object

Right to information

You have the right to request confirmation as to whether we are processing your personal data. If this is the case, you have the right to be informed about the information named in Art. 15 (1) of the GDPR, insofar as the rights and freedoms of other persons are not affected (cf. Art. 15 (4) of the GDPR). We will also be happy to provide you with a copy of the data.

Right of rectification

In accordance with Article 16 of the GDPR, you have the right to have any incorrect personal data stored with us (e.g. address, name, etc.) corrected at any time. You can also request that the data stored with us be completed at any time. A corresponding adjustment will be made immediately.

Right to erasure

Pursuant to Art. 17 (1) of the GDPR, you have the right to demand that we delete the personal data we have collected about you if

the data is either no longer required;
the legal basis for the processing has ceased to exist without replacement due to the withdrawal of your consent;
You have objected to the processing and there are no legitimate grounds for processing;
Your data is processed unlawfully;
a legal obligation requires this or a collection pursuant to Art. 8 (1) GDPR has taken place.

Pursuant to Article 17 (3) of the GDPR, this right does not exist if

processing is necessary for the exercise of the right to freedom of expression and information;
Your data have been collected on the basis of a legal obligation;
processing is necessary for reasons of public interest;
the data are necessary for the assertion, exercise or defence of legal claims.

Right to restriction of processing

According to Art. 18 (1) GDPR, you have the right in individual cases to demand the restriction of the processing of your personal data.

This is the case when

the accuracy of the personal data is disputed by you;
the processing is unlawful and you do not consent to its erasure;
the data is no longer needed for the purpose of processing, but the collected data is used for the assertion, exercise or defence of legal claims;
an objection to the processing has been lodged pursuant to Art. 21 (1) GDPR and it is still unclear which interests prevail.

Right of withdrawal

If you have given us express consent to process your personal data (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR), you can revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.

Right to object

In accordance with Art. 21 of the GDPR, you have the right to object at any time to the processing of personal data relating to you that has been collected on the basis of Art. 6 (1) (f) (in the context of a legitimate interest). You only have this right if there are special circumstances against the storage and processing.

How do you exercise your rights?

You can exercise your rights at any time by contacting us using the contact details below:

novomind AG
Bramfelder Chaussee 45
22177 Hamburg
Germany
E-mail: info@novomind.com
Tel: +49 40 808071 0

Right to data portability

Pursuant to Article 20 of the GDPR, you have a right to the transfer of personal data relating to you. We will provide the data in a structured, common and machine-readable format. The data can be sent either to you or to a person responsible named by you.

We provide you with the following data upon request pursuant to Art. 20 para. 1 GDPR:

Data collected on the basis of explicit consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR;
Data that we have received from you in accordance with Art. 6 Para. 1 lit. b GDPR within the scope of existing contracts;
Data that has been processed within the scope of an automated procedure.

We will transfer the personal data directly to a data controller of your choice as far as this is technically feasible. Please note that we are not permitted to transfer data that interferes with the freedoms and rights of other persons pursuant to Art. 20 (4) of the GDPR.

Right of appeal to the supervisory authority pursuant to Art. 77 para. 1 GDPR

If you suspect that your data is being processed illegally on our site, you can of course have the issue clarified by the courts at any time. In addition, any other legal option is open to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Article 77 (1) of the GDPR. The right of complaint pursuant to Art. 77 GDPR is available to you in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the above-mentioned places. The supervisory authority to which the complaint has been submitted will then inform you of the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Privacy policy

Responsible person

Contact details of the data protection officer

Provision of the website and creation of log files

What personal data is collected and to what extent is it processed?

Legal basis for the processing of personal data

Purpose of the data processing

Duration of storage

Possibility of objection and deletion

Special functions of the website

Contact form(s)

What personal data is collected and to what extent is it processed?

Legal basis for the processing of personal data

Purpose of the data processing

Duration of storage

Revocation and deletion option

Necessity of providing personal data

Newsletter registration form

What personal data is collected and to what extent is it processed?

Legal basis for the processing of personal data

Purpose of the data processing

Duration of storage

Revocation and removal option

Necessity of providing personal data

Automated credit assessment / scoring

Creditreform Hamburg von der Decken KG:

Right of objection:

Statistical analysis of visits to this website - Webtracker

Custom Audiences

Facebook Connect

Google

Google Ads

Google Analytics

Google Analytics (Google Signals)

Google Tag Manager

New Relic

usercentrics

Integration of external web services and processing of data outside the EU

CloudFlare

HubSpot Forms by HubSpot

Hubspot

Hubspot-Cookie Banner

LinkedIn

Rechtstextsnippet und Module

Vimeo

Website-Check Siegel

Social Plug-In - "Facebook by META"

What personal data is collected and to what extent is it processed?

Legal basis for the processing of personal data

Purpose of the data processing

Duration of storage

Possibility of objection and deletion

Information about the use of cookies

What personal data is collected and to what extent is it processed?

Legal basis for the processing of personal data

Purpose of the data processing

Duration of storage

Possibility of objection and removal

Data security and data protection, communication by e-mail

Automatic e-mail archiving

Scope of the processing of personal data

Legal basis for the processing of personal data

Purpose of the data processing

Duration of storage

Possibility of objection and deletion

Dealing with application documents

Right to information and correction requests - Deletion & restriction of data - Revocation of consent - Right to object

Right to information

Right of rectification

Right to erasure

Right to restriction of processing

Right of withdrawal

Right to object

How do you exercise your rights?

Right to data portability

Right of appeal to the supervisory authority pursuant to Art. 77 para. 1 GDPR