1. Concept of personal data
In the EU General Data Protection Regulation (GDPR), personal data are defined as follows:
Any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, your civil name, address, telephone number or date of birth.
Collection and processing of personal data
As a rule, you can visit the pages of Numbat GmbH without us requiring any personal data from you.
Personal data is only collected by us if you provide it to us voluntarily, for example as part of a registration process. We do not collect any personal data via our website without your consent.
By visiting this website, information about the access (e.g. date, time, pages viewed) may be stored in log files of the web server. They are evaluated exclusively for statistical purposes without any obvious inference to the IP address of a user.
This data does not belong to personal data, but is anonymized.
Legal basis for the collection and processing of personal data
Insofar as we obtain your consent for processing personal data, Art. 6 (1) lit. a GDPR serves as the legal basis for the processing.
When processing your personal data to fulfill a contract between you and Numbat GmbH, Art. 6 (1) lit. b GDPR serves as the legal basis.
If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.
Use and disclosure of personal data and purpose limitation
All personal data collected within the scope of Numbat GmbH will be collected, processed and used in accordance with the applicable regulations for the protection of personal data only for the purpose of contract execution and to protect our own legitimate business interests.
We guarantee the protection of personal data such as name, address, telephone number or e-mail for the data entered by you. As a matter of principle, your data will not be transferred to third parties outside Numbat GmbH, unless we are legally obliged to do so or the transfer of data is necessary for the performance of the contractual relationship or you have previously given your express consent to the transfer of your data. External service providers and partner companies will receive your data only to the extent necessary to process your request. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of data protection laws in the same way. Please also refer to the respective data protection notices of the service providers.
Data transfer to external service providers (order processors)
Your data will only be passed on to service partners if they act on our behalf and support Numbat GmbH in the provision of its services.
Any processing of your personal data by commissioned service providers is carried out within the scope of commissioned processing pursuant to Art. 28 GDPR. The service providers only receive access to such personal information that is necessary for the performance of the respective activity.
Our company website contains references to other Internet sites (links).
Numbat GmbH has no influence on the content of the linked pages. These were carefully checked before the links were activated. Nevertheless, it cannot be ruled out that the operators of the respective sites have made changes to the content that violate applicable law. Numbat GmbH distances itself from such content.
By activating the link, you leave the information offered by Numbat GmbH. Different regulations may therefore apply to the offers of third parties, particularly with regard to data protection.
Our website contains links to Facebook, Xing, LinkedIn, Twitter, Vimeo and YouTube.
3. Contact Forms
You have the option of contacting us via contact forms on the website. We will, of course, use the personal data transmitted to us in this way exclusively for the purpose for which you provide it to us.
Insofar as we request input via our contact form that is not required for contacting us, we have always marked this as optional. This information is used to specify your request and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent. Insofar as this involves information on communication channels (for example, telephone number or e-mail address), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request.
You can, of course, revoke this consent at any time for the future. To do so, please contact firstname.lastname@example.org.
In the future, our website will also offer the option of registering for a free newsletter. When registering for the newsletter, the data from the input mask will be transmitted to us.
This concerns e-mail address, company name, title, first name, last name and the selected topics.
In addition, the following data is collected during registration:
(1) IP address of the calling computer.
(2) Date and time of registration
After submitting the registration form, you will receive an e-mail from us with a confirmation link. If you click on the link contained therein, you are registered for the newsletter. By confirming the registration, you give your consent to the processing of your e-mail address and your other details for the purposes stated here. For evidence purposes, we store the time and your e-mail address.
You can revoke your consent to the sending of the newsletter at any time with future effect by clicking on the corresponding unsubscribe link in one of the newsletters or by sending an e-mail to email@example.com.
We collect and process personal data from applicants for the purpose of handling the application process. The processing may also take place electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. We will, of course, use your data exclusively for processing your application and will not pass them on to third parties outside the Numbat GmbH group of companies.
If we conclude an employment contract with you as an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be deleted six months after notification of the rejection decision, unless you have expressly given us your consent to store your data for a longer period of time or no other legitimate interests of the data controller oppose deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).
In some areas of our pages, so-called cookies are used. A cookie is a small text file that is stored by a website on your hard drive. Cookies do not cause any damage to your computer and do not contain viruses. The cookies on our website do not collect any personal data. We use the information contained in cookies to make it easier for you to use our pages and to tailor them to your needs.
Both session cookies and permanent cookies are used on our site. Session cookies are temporary cookies that are stored in the user’s Internet browser until the browser window is closed and the session cookies are thus deleted. Persistent cookies are used for repeated visits and are stored in the user’s browser for a certain period of time (usually 1 year or longer). These cookies are not deleted when the browser is closed. This type of cookies is used to reuse a user’s preferences once they come back to the site.
Of course, you can also view our website without cookies. If you do not want cookies to be stored on your computer, you can disable the corresponding option in the system settings of your browser. You can delete stored cookies in the system settings of your browser at any time. You can find out how this works in detail from the instructions of your browser manufacturer. However, we would like to point out that our website may only be usable to a limited extent without cookies.
6. Google Analytics: Google LLC
This website uses Google Analytics, a web analytics service provided by Google LLC (Amphitheatre Parkway, Mountain View, CA 94043, United States – “Google” for short). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
The information generated by the cookie about your use of this website (including your IP address, which is, however, shortened with the extension “_anonymizeIp()” and thus anonymized to exclude a direct personal reference) is transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
7. reCAPTCHA: Google LLC
We use the service reCAPTCHA from Google LLC (Amphitheatre Parkway, Mountain View, CA 94043, United States) to transmit your completed form data. This serves to prevent spam and abusive machine and automated processing. As part of the matching process, your IP address and possibly other data required by Google for the reCAPTCHA service may be transferred to Google. The deviating data protection provisions of Google LLC apply here.
Further information on Google’s data protection policies can be found at https://www.google.com/analytics/terms/gb.html or at https://www.google.com/intl/gp/policies/.
We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This allows us to contact subscribers directly. In addition, we analyze your usage behavior in order to optimize our offer.
For this purpose, we share the following personal data with Mailchimp:
[Our email broadcasts include a link that allows you to update your personal data].
Mailchimp is a recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned. The processing of the data provided under this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you.
Mailchimp additionally collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no control over this process.
For more information on objection and removal options vis-à-vis Mailchimp, please visit: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts.
The legal basis for these processing operations is your consent pursuant to Art. 6 (1) lit. a DSGVO. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. By declaring the revocation, the lawfulness of the processing carried out so far is not affected.
Your data will be processed as long as a corresponding consent is available. Apart from this, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.
Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://mailchimp.com/legal/data-processing-addendum/
Translated with www.DeepL.com/Translator (free version)
9. Data Security
Numbat GmbH uses technical and organizational security measures in order to protect the data you have made available to Numbat GmbH against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our security measures are continuously improved in line with technological developments.
The provisions of the German Telemedia Act (TMG) are observed.
10. Your Rights
If personal data is processed by you, you have the following rights as a data subject within the meaning of the GDPR vis-à-vis the controller:
Right to information according to Article 15 GDPR
You may request confirmation from us as to whether personal data concerning you is being processed by us. If we have processed personal data relating to you, you have further rights of access set out in Article 15 GDPR.
Right to rectification
If the data we have collected from you is incorrect or incomplete, you may request us to correct the data without undue delay in accordance with Article 16 of the GDPR.
Right to restriction of processing
Under the conditions of Article 18 GDPR, you may also, under certain circumstances, request the restriction of the processing of personal data concerning you.
After restriction, your data may only be processed with your consent or for the establishment, exercise or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State. We will inform you before the restriction is lifted.
Right to erasure (“right to be forgotten”)
You may, if one of the grounds in Article 17(1) GDPR applies, demand that we delete the personal data relating to you without delay, unless there is an exception to this obligation to delete in accordance with Article 17(3) GDPR.
The right to erasure does not exist insofar as the processing is necessary
(1) for the exercise of the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(5) for the assertion, exercise or defense of legal claims.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged under Article 19 of the GDPR to inform all recipients of your personal data of this, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
Right to data portability
Pursuant to Article 20 GDPR, you have the right to obtain from us the personal data concerning you in a machine-readable format and to transfer the data to another controller without hindrance, provided that the conditions of Article 20 (1) lit.a GDPR are met, or to obtain that your personal data be transferred directly from us to another controller, insofar as this is technically feasible and no freedoms and rights of other persons are thereby impaired. This right does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or for the exercise of official authority.
Right of objection
You have the right to object at any time to Numbat GmbH to the processing of personal data concerning you pursuant to Art. 6 (1) lit. f GDPR.
If you have lodged an objection, we will no longer process your personal data unless legitimate grounds for the processing override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to revoke the declaration of consent under data protection law.
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
11. Warranty disclaimer
The information, data and contents are constantly checked and updated. Despite all care, information may have changed in the meantime. Therefore, we can not assume any liability or guarantee for the accuracy, completeness and timeliness.
12. Changes to the data protection declaration
This data protection declaration is continuously adapted in the course of the further development of the Internet or our offer. We will announce any changes on this page in good time. In order to be informed about the current status of our data use regulations, you should visit this page regularly.
13. Name and address of the responsible person
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
87435 Kempten (Allgäu)
Phone: +49 176 76868532
Board of Directors:
Martin Schall, Dr. Maximilian Wegener
Data Protection Officer
Any data subject is welcome to contact our data protection officer at any time with any questions or suggestions regarding data protection. If you have any questions, please contact firstname.lastname@example.org.