Privacy policy

I


I.  Name and address of responsible entity

The responsible entity in terms of the General Data Protection Regulation, other national data protection laws of Member States and other data protection regulations is:

N3K Network Systems
Ferdinand-Braun-Str. 2/1
74074 Heilbronn
Telephone: +49 7131 594 95 0
Fax: +49 7131 594 95 100
info(at)n3k.de or datenschutz(at)n3k.de

Represented by the Managing Director:

 Alexander Häcker

II. Name and address of data security officer

The responsible entity’s data security officer is:

Patrick Gsell, LL.M. CIPP/E
NIETZER® Rechtsanwälte / Attorneys at Law (USA)
Im Zukunftspark 10
74076 Heilbronn
gsell(at)unternehmensrecht.com

 

III.    General information on data processing

  1. Scope of personal data processing
    As a rule, we collect and utilise our users’ personal data only to the extent that allows us to provide a functional website and our content and services. The regular collection and deployment of a user’s personal data takes place only with their consent. The exception is in cases in which obtaining prior consent is not possible for de facto reasons and the processing of the data is permitted by law.
     
  2. Legal basis for the processing of personal data
    Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis whenever we obtain the consent of the data subject for processing operations involving personal data.
    Art. 6 (1) (b) GDPR serves as the legal basis when we process personal data needed to fulfil an agreement to which the data subject is a party. This also applies to processing operations needed for the performance of pre-contractual activities.
    Art. 6 (1) (c) GDPR serves as the legal basis whenever the processing of personal data is required for the fulfilment of a legal obligation to which our company is subject.
    Art. 6 (1) (d) GDPR serves as the legal basis in the event that personal data have to be processed to protect the vital interests of the data subject or another natural person.
    Art. 6 (1) (f) GDPR serves as the legal basis for the processing of personal data, if that processing is required to protect the legitimate interests of our company or a third party, and provided the interests, fundamental rights and freedoms of the data subject do not outweigh those interests.
     
  3. Data deletion and storage period
    The data subject’s personal data are deleted or blocked as soon as the purpose of their storage ceases to apply. They may continue to be stored if permitted by European or national legislators in EU regulations, laws or other provisions to which the responsible entity is subject. Data is also blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless the data still need to be stored for the conclusion or fulfilment of a contract.

 

IV.    Providing the website and creating log files

  1. Description and scope of data processing
    Each time our website is visited, our system automatically collects data and information from the visiting computer.
    The following data are collected:
    • Name of internet service provider
    • Browser type
    • The N3K pages visited by the user
    • Date and duration of visit
    The data are also stored in our system’s log files. This does not include user IP addresses or other data that can be assigned to users. These data are not stored together with users’ other personal data.
     
  2. Legal basis for data processing
    The legal basis for the temporary storage of data is Art. 6 (1) (f) GDPR.
     
  3. Purpose of data processing
    The system needs to temporarily store a user’s IP address to enable the website to be delivered to their computer. For this reason, the user’s IP address must remain stored for the duration of the session.
    These purposes also represent our legitimate interest in data processing according to Art. 6 (1) (f) GDPR.
     
  4. Duration of storage
    Data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of collecting data for the provision of the website, this happens when each session ends.
     
  5. Option to object and remove
    Collecting data for the provision of the website and the storage of this data in log files is essential to the operation of the website. Because of this, there is no option for the user to object.

V. Use of cookies

a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in or by the internet browser on a user’s computer system. When a user accesses a website, a cookie may be stored on their operating system. This cookie contains a distinctive string of characters that enables the browser to be identified if it visits the website again.

We use cookies to make our website more user-friendly. Some elements of our website require it to identify the visiting browser, even after a page change.

b) Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.

c) Purpose of data processing
The purpose of using technically essential cookies is to make it easier for you to use the website. Some of the features of our website are only available if cookies are used. They require your browser to be recognised, even after a page change.

The user data collected by technically essential cookies are not used to create user profiles.

These purposes also represent our legitimate interest in personal data processing according to Art. 6 (1) (f) GDPR.

d) Duration of storage, option to object and remove
Cookies are stored on the user’s computer, which sends them to our site. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the sending of cookies by changing the settings in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, you may no longer be able to use all of its features fully.

VI. Cookiebot – cookie consent management tool

1. Description and scope of data processing

We use the functions of Cookiebot, which is produced by the Danish company Cybot A/S, Havnegade 39, 1058 Copenhagen, DK (EU). 

Provided you agree to this in advance, these functions enable data to be sent from you to Cookiebot/Cybot, where they are stored and processed. You can agree to or refuse the use of cookies. 

This is where you can change or revoke your consent to the use of cookies:

Revoke your consent    Amend your consent 

In the banner displayed before you enter the website, you can select and deselect particular cookies. You will always be given a complete, up-to-date overview of the cookies used on our website and you can decide for yourself which cookies to allow and which not to.

If you agree to the use of cookies, the following data will be transmitted to Cybot and stored and processed there:   

  • The IP number of the end user in anonymised form (the last three digits are set to ‘0’).
  • Date and time of consent.
  • The user’s browser.
  • The URL from which consent was sent.
  • An anonymous, random and encrypted key.
  • The end user’s consent status, which serves as proof of consent.

2. Legal basis for data processing

If you have agreed to the use of cookies, the legal basis is Art. 6 (1) (a) GDPR. 

The use of technically essential cookies is based on Art. 6 (1) (f) GDPR. Our legitimate interest in using technically essential cookies is for maintaining the operation and user-friendly design of our website. 

3. Purpose of data processing 

We use Cookiebot so that you can decide for yourself in a legally secure manner whether and which cookies to accept when you visit our website. 

4. No transfer of data to third countries 

The data transmitted to Cookiebot are stored and forwarded exclusively within the European Union (Denmark and Ireland). The data are stored in an Azure data centre (the cloud provider is Microsoft). 

5. Duration of storage 

The key and the consent status are also stored in the user’s browser in the “CookieConsent” cookie, so that our website can automatically read and track your consent every time you request another page and for any future sessions for up to 12 months. The key is used for proof of consent and for an option which checks that the consent status stored in the user’s browser is the same as the original consent submitted to Cybot. 

You can view Cookiebot’s privacy policy here: Cookiebot privacy policy

6. Option to object and remove

You can object to the collection and storage of the aforementioned data by rejecting the use of cookies in the cookie banner that appears, or by deactivating the use of cookies in your browser settings.

You can also revoke your consent at any time: Withdrawing your consent.

Your data will then be deleted unless circumstances dictate, such as if there is a legal obligation to keep them.

You can change your cookie settings here.

VII. Contact form and email contact

  1. Description and scope of data processing
    There is a contact form on our website which you can use to get in touch electronically. If you use it, the data you enter in the form will be sent to us and stored. These data are:
    • Title
    • First name and surname
    • Company
    • Telephone
    • Email
    The following data are also stored when the message is sent:
    • User’s IP address
    • Date and time of registration
    Your consent is obtained during the submission process so that your data can be processed, and reference is made to this privacy policy.
    Alternatively, you can contact us using the email address info(at)n3k.de provided. If you do, the personal data transmitted with your email will be stored.
    The data are not passed on to third parties in this context. They are used exclusively for processing the conversation.
     
  2. Legal basis for data processing
    The legal basis for the processing of the data is Art. 6 (1) (a) GDPR, provided the user has given consent.
    The legal basis for the processing of data transmitted when sending an email is Art. 6 (1) (f) GDPR. If the intention of sending the email is to conclude a contract, then the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
     
  3. Purpose of data processing
    Processing personal data from the form is done solely for the sake of establishing contact. If contact is made by email, this also constitutes a necessary and legitimate interest in processing data.
    Other personal data processed during the sending process is used to prevent misuse of the contact form and to safeguard the security of our information technology systems.
     
  4. Duration of storage
    Data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. In terms of personal data entered in the contact form or sent by email, this happens when the conversation with the user comes to an end. The conversation ends when it is clear from the circumstances that the topic has been conclusively dealt with. 
    Additional personal data collected during the sending process are deleted after a period of no more than seven days.
     
  5. Option to object and remove
    The user can revoke their consent to the processing of personal data at any time. If users contact us by email, they can object to the storage of their personal data at any time. But if they do so, the conversation cannot be continued.
    Revocation of consent and objection to data collection should be sent by email to datenschutz(at)n3k.de
    In that case, any personal data stored in the course of contacting us will be deleted.

VIII. Trade fair visits and processing trade fair data

  1. Description and scope of data processing
    We talk to trade fair visitors and exchange business cards and contact details with them, so that we can discuss our products and services in more depth after the event.
    These details are:
    • Surname and first name
    • Address
    • Email address
    • Landline and mobile phone numbers
    These data are not passed on to third parties.
     
  2. Legal basis for data processing
    The legal basis for the processing of the data is Art. 6 (1) (a) GDPR, provided consent exists.
    If the aim of contact made at a trade fair is to discuss or initiate a possible business relationship or if a business transaction is concluded there, then the legal basis is Art. 6 (1) (b) GDPR. By voluntarily providing contact details, trade fair visitors express an interest in further contact, in which case processing is also based on Art. 6 (1) (f) GDPR.
     
  3. Purpose of data processing
    Processing data is necessary in order to establish and maintain contact with visitors to a trade fair.
     
  4. Duration of storage
    The data are deleted as soon as they are no longer required for making contact, or at the latest after 12 months, unless further storage is required by law.
     
  5. Option to object and remove
    Consent can be revoked at any time and the use of data can be objected to at any time. In this case, contact cannot be maintained. The data will be deleted.
    Revocation and objection should be addressed to: datenschutz(at)n3k.de

IX.  Google Analytics (tracking cookies)

1. Description and scope of data processing

This website uses Google Analytics, a Web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies” – text files stored on your computer to facilitate the analysis of your use of the website. The information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored there. Google’s “_anonymizeIp()” IP anonymisation is used on this website, which means Google first truncates users’ IP addresses within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only sent to a Google server in the US and truncated there in exceptional cases. Truncating the IP address makes it impossible to connect to a particular person. Google uses this information on behalf of the operator of this website to evaluate how people use of the site, to compile reports about website activity and to provide the website operator with other services related to the use of this website and to internet usage. The IP address transmitted from your browser as part of Google Analytics is not linked to any other data held by Google. You can prevent cookies from being saved on your computer by setting your browser software accordingly. But please be advised that this may mean that you will not be able to use all of the features of this website to their full extent. You can also prevent the data generated by the cookie and relating to your use of the website (including your IP address) from being transmitted to and processed by Google by downloading and installing the following browser plug-in. The current link is: Link

You can prevent Google Analytics from collecting data by clicking on the following link. This sets an opt-out cookie, which prevents this website from collecting your data from then onwards. Deactivate Google Analytics (hyperlink)

If cookies are deleted after an internet session, the opt-out cookie has to be set again.

Please note that, as previously stated, your (truncated) IP address is sent to Google servers, which may be located in the USA, i.e. a third country outside the EU. The level of data privacy in the USA is not currently the same as within the EU. There are, in particular, inadequate legal safeguards. Furthermore, US law allows US intelligence agencies and authorities such as the CIA and NSA to access servers such as Google’s, as well as “telephone and internet lines” coming in and out of the USA, so your IP address could be accessed by intelligence agencies. Safe Harbour and Privacy Shield, which were the former agreements between the US and the EU, were supposed to provide an adequate level of data protection between the US and the EU, but they were declared invalid by the European Court of Justice, so they no longer apply. The EU and the US will have to renegotiate.

Google’s general data privacy information is available at the following link: Link

The following link points to data privacy information about Google Analytics. Link

The following cookies are set by Google:

--Insert table / screenshot of Cookiebot overview -

2. Legal basis for data processing

When you access the site, we use the cookie consent management tool Cookiebot (see VI. above) to obtain your consent to the use of Google Analytics and the setting of cookies by Google on your computer. By ticking the box, you actively agree to the data processing described in VI. part 1 and VII. part 1, for the purposes described in VI. part 3 and VII. part 3. In particular, you also acknowledge that if your truncated IP address is sent to Google’s servers in the US, US intelligence agencies may access the servers, “phone and internet lines” and therefore your (truncated) IP address. You expressly agree to this. The legal basis is Art. 6 (1) (a), 7, 49 (1) (a) GDPR.

3. Purpose of data processing

We use Google Analytics to statistically analyse your surfing behaviour so that we can better tailor our website and products to your needs. 

4. Duration of storage

Storage periods (maximum two years) are shown in the following table:

-- Insert table with screenshot of Cookiebot details / storage duration –

5. Option to object and remove

The cookies are stored by Google on your computer. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the sending of cookies by changing the settings in your browser. Cookies you have already saved can be deleted at any time. This can also be done automatically.

You can revoke or change your consent, or object to data processing, at any time. No more cookies will then be set, but you will have to delete any cookies already on your computer.

Google’s general data privacy information is available at the following link: Link
The following link points to data privacy information about Google Analytics. Link

Use of SalesViewer® technology

This website collects and stores data for marketing, market research and optimisation purposes using the SalesViewer® technology supplied by SalesViewer® GmbH on the basis of the legitimate interests of its operator (Art. 6 (1) (f) GDPR).

To this end, a JavaScript-based code is employed to collect company-related data and use it accordingly. The data collected using this technology are encrypted using a non-reversible one-way function called hashing. The data are immediately pseudonymised and are not used to identify website visitors personally.

Data stored by SalesViewer are deleted as soon as they are no longer required for their intended purpose, provided there is no longer any legal obligation to retain them.

You can object to the collection and storage of data at any time with effect for the future by clicking on this link: https://www.salesviewer.com/opt-out, which prevents the collection of data by SalesViewer® on this website from that point onwards. This places an opt-out cookie for this website on your device. If you delete your cookies in this browser, you will have to click on the link again.

X.       Regular sending of product and event information by email and via CleverReach

1. Description and scope of data processing

a. Sending messages via email and via CleverReach

If you are our business partner, customer, supplier or prospective customer, we will regularly send you information about our products, our suppliers’ products and our events such as company celebrations and trade fair appearances. We will usually send you this information by email. To send these messages, we use an online mailing solution supplied by CleverReach.

We usually use the following data for this purpose:

  • Personalised email address with company ending
  • Surname, first name

b. Tracking messages sent via CleverReach

The CleverReach mailing solution enables tracking for internal reporting purposes and to track emails sent. We use the following tracking options:

Bouncers – messages that could not be delivered

Measure opened emails – we can check whether you open emails

Measure clicks – we can track how often you click on links contained in our messages

Google Analytics for measuring the success of campaigns

IntelliAd for measuring clicks in newsletters

Connect for measuring orders for sales analysis

2. Legal basis for data processing

a. Legal basis for sending product and event information via email and CleverReach

If we have obtained your consent, the legal basis is Art. 6 (1) (a) GDPR.

Furthermore, sending is justified under Art. 6 (1) (f) GDPR, because we have an interest in sending you our product and event information in order to establish and/or maintain our business relationship.

b. Legal basis for the use of the tracking

You have given us your consent to the use of tracking by clicking on the check box to indicate you have read and accepted our privacy policy. The legal basis is Art 6 (1) (a) GDPR.

3. Purpose of data processing

a. Sending product and event information

The purpose of processing is to establish and/or maintain a business relationship. Our aim is to keep you constantly up to date with the technological development of our products.

b. Tracking your data

The purpose of processing is to track whether you have received and read our information. We want to know which products and events are of particular interest to you, so that we can provide you with the product and event information that suits you.

4. Duration of storage

Your data will be processed for as long as they are required for the purposes mentioned under section 3, unless statutory retention periods prevent their deletion.

5. Recipients of data when using CleverReach

When we send messages using the CleverReach tool and use the tracking options, then the data described in XIV. 1 a) and b) is processed on servers belonging to

CleverReach GmbH, address CleverReach, Germany.

CleverReach GmbH employees who look after the systems can therefore

access this data. We have regulated this service within the framework of an order processing agreement.

6. Objecting and revoking consent

You have the right to object to data processing and/or revoke your consent at any time by unsubscribing from the newsletter. If you revoke your consent, your data will be deleted, unless used for the assertion and defence of legal claims, or if a law such as one requiring us to retain data precludes its deletion.


 

 

 

X.        Rights of the data subject

If your personal data are processed, you are a data subject as defined in GDPR and you have the following rights vis-à-vis the controller:

  1. Right to information
    You may ask the controller to confirm whether we are processing personal data relating to you.
    If we are, you can request information from the controller about the following:
    (1) the purposes for which the personal data are processed;;
    (2) the categories of personal data processed;;
    (3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;;
    (4) the planned duration of the storage of the personal data relating to you, or, if specific information on this is not available, the criteria for determining the storage duration;;
    (5) the existence of the right to rectify or delete personal data concerning you, the right to have processing by the controller restricted, and the right to object to such processing;;
    (6) the existence of the right to complain to a supervisory authority:;
    (7) any available information on the origin of the data, if personal data were not collected from the data subject;;
    (8) the use of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and, in these cases at least, clear information about the logic involved, as well as the scope and intended effects on the data subject of any such processing.
    You have the right to request information about whether personal data relating to you is transferred to a third country or to an international organisation. In the context of this transfer, you may ask to be told about the relevant safeguards pursuant to Article 46 GDPR.
     
  2. Right to rectification
    You have the right to rectification and/or completion vis-à-vis the controller, if the personal data that relate to you and that are processed are inaccurate or incomplete. The controller must correct the data without delay.
     
  3. Right to restriction of processing
    You may request the restriction of the processing of personal data concerning you under the following conditions:
    (1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify its accuracy;;
    (2) if processing the personal data is unlawful and you object to its erasure and request instead the restriction of its use;;
    (3) if the controller no longer needs the personal data for the purposes of processing, but you need them in order to establish, exercise or defend against legal claims;
    (4) if you have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds.
    If the processing of personal data relating to you has been restricted, then those data may only be processed (with the exception of their storage) with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial EU or a Member State public interest.
    If processing has been restricted under the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
     
  4. Right to deletion
    a) Obligation to delete
    You may demand that the controller erases personal data concerning you without delay, and the controller is obliged to do so if one of the following applies:
    (1) The personal data concerning you are no longer needed for the purposes for which they were collected or otherwise processed.
    (2) You withdraw the consent on which processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal reason for processing.
    (3) You object to processing pursuant to Art. 21 (1) GDPR and there are no legitimate overriding grounds for processing, or you object to processing pursuant to Art. 21 (2) GDPR.
    (4) The personal data concerning you have been processed unlawfully.
    (5) The personal data relating to you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
    (6) The personal data relating to you was collected in relation to the provision of information society services referred to in Art. 8 (1) GDPR.
    b) Information given to third parties
    If the controller has publicly disclosed personal data concerning you and is obliged to delete it pursuant to Article 17 (1) GDPR, then it shall take reasonable steps, including technical measures, with due consideration of the available technology and the cost of implementation, to inform other data controllers who are processing your personal data that you, as the data subject, have asked for them to delete any links to that personal data, and any copies or reproductions of it.
    c) Exceptions
    The right to deletion does not exist if and to the extent that processing is necessary:
    (1) to exercise the right to freedom of expression and information;;
    (2) to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest, or to exercise official authority vested in the controller;;
    (3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;;
    (4) for archiving that is in the public interest, for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) GDPR, to the extent that the right referred to in section (a) is likely to render impossible or seriously impede the achievement of the purposes of such processing;
    (5) to assert, exercise or defend against legal claims.
     
  5. Right to notification
    If you have asserted the right to rectification, deletion or restriction of processing vis-à-vis the controller, then the controller is obliged to communicate this rectification or deletion of the data or restriction of its processing to every recipient to whom your personal data have been disclosed, unless this proves impossible or involves a disproportionate outlay.
    You have the right to be told by the controller who these recipients are.
     
  6. Right to data portability
    You have the right to receive the personal data concerning you and which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to send this data to another controller without being hindered by the controller to whom the personal data was given, provided that:
    (1) its processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, or on a contract pursuant to Art. 6 (1) (b) GDPR, and
    (2) its processing is done using automated procedures.
    In exercising this right, you also have the right to insist that the personal data concerning you is transferred directly from one controller to another, provided this is technically feasible. This must not harm anyone else’s freedoms or rights.
    The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of any official authority vested in the controller.
     
  7. Right to object
    You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data relating to you which is done on the basis of Article 6 (1) (e) or (f) GDPR; the same applies to profiling based on these provisions.
    The controller shall then no longer process personal data concerning you, unless it can demonstrate compelling legitimate grounds for doing so which override your interests, rights and freedoms, or if processing is done to establish, exercise or defend against legal claims.
    If personal data concerning you is processed for the purpose of direct marketing, you have the right to object to this at any time; the same applies to profiling, insofar as it is related to direct marketing.
    If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for those purposes.
    With regard to the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
     
  8. Right to revoke your declaration of consent under data protection law
    You have the right to revoke your declaration of consent under data protection law at any time. Doing so shall not affect the lawfulness of any processing done on the basis of your consent before you revoked it.
     
  9. Right to complain to a supervisory authority
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside or work, or where the alleged infringement took place, if you think that the processing of personal data concerning you infringes GDPR.
    The supervisory authority to which a complaint is submitted shall inform the complainant of the status and outcome of their complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
    The supervisory authority in Baden-Württemberg is the Landesbeauftragte für Datenschutz und Informationsfreiheit (State Commissioner for Data Protection and Freedom of Information), to whom complaints can be made online.

March 2021