General privacy policy

Responsible bodies within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (DSGVO), are:
NEXUS AG, Irmastraße 1, 78166 Donaueschingen, Germany
NEXUS / ASTRAIA GmbH, Adalperostraße 80, 85737 Ismaning, Germany
NEXUS / CLOUD IT GmbH, Irmastraße 1, 78166 Donaueschingen, Germany
NEXUS Deutschland GmbH, Irmastraße 1, 78166 Donaueschingen, Germany
NEXUS / DIGITAL PATHOLOGY GmbH, Irmastraße 1, 78166 Donaueschingen, Germany
NEXUS Digitale Dokumentationssysteme Projektentwicklungsges.m.b.H., Güpferlingstr. 29, 1170 Vienna, Austria
NEXUS / DIS GmbH, Hanauer Landstr. 293, 60314 Frankfurt am Main, Germany
NEXUS / E&L GmbH, Hugo-Junkers-Strasse 13, 90411 Nümberg, Germany
NEXUS / IPS GmbH, Irmastraße 1, 78166 Donaueschingen, Germany
NEXUS Medizinsoftware und Systeme AG, Kantonsstrasse 3, 6246 Altishofen, Switzerland
NEXUS / QM GmbH, Alusingen-Platz 1, 78224 Singen, Germany
NEXUS / REHA GmbH, Irmastrasse 1, 78166 Donaueschingen, Germany
NEXUS Schweiz AG, Kantonsstrasse 3, 6246 Altishofen, Switzerland
NEXUS SWISSLAB GmbH, Sachsendamm 2-7, 10829 Berlin, Germany
GePaDo - Software solutions for genetics - GmbH, Wartburgstrasse 46, 01309 Dresden,
ifms GmbH, Sulzbachstrasse 39-41, 66111 Saarbrücken, Germany

With this data protection declaration, we would like to inform you which personal data we process as Nexus AG and the companies of the NEXUS Group. We inform you about the type, purpose and scope of the processing. This data protection declaration applies to all processing of personal data carried out by us within the scope of the services we provide, our websites (including, for example, external online presences such as social media profiles) and our websites.

 

Legal basis

The relevant legal basis is the European General Data Protection Regulation (GDPR), which is used as the legal basis for our processing. In addition, there are national data protection regulations and special laws that we use as a legal basis. We refer you to the legal basis used at the relevant points in this data protection declaration.

 

Security

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

 

IP address shortening

If it is possible for us to do so or if it is not necessary to store the IP address, we will shorten your IP address or have it shortened.

 

SSL / TLS encryption/ https

To protect the transmission of confidential content, we use SSL or TLS encryption via HTTPS (prefix https:// in the address bar of your browser) on our website. This means that data you exchange with our website cannot be viewed by third parties.

 

Transmission of personal data

In the course of our processing, it may happen that data is transferred to other bodies within Nexus AG, other companies within the Nexus group of companies, legally independent organisations or persons, such as IT service providers or providers of services which are integrated into our website.

A transfer to recipients within or outside the NEXUS group of companies is also processing and is therefore always subject to a permissibility requirement through a legal basis. This applies to processing in Germany, the EU or in a third country outside the EU. If data is transferred, this is done in accordance with the legal requirements and we point out these legal bases to you at the appropriate point. 

Irrespective of consents or legally or contractually required transfers, we only process data in third countries with a recognised level of data protection or appropriate guarantees are applied; in addition, where necessary, further measures are taken to safeguard the processing operations. We will point this out to you at the appropriate place.

 

Purposes of data processing by the controller and third parties

We process your personal data only for the purposes stated in this data protection declaration, which we explain to you at the appropriate point. We do not transfer your personal data to third parties for purposes other than those stated. We only pass on your personal data to third parties if:

  • you have given your express consent to this,
  • the processing is necessary for the performance of a contract with you,
  • processing is necessary for compliance with a legal obligation,
  • the processing is necessary to protect legitimate interests, and
  • there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed. 

 

Deletion and blocking of data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for so long:

  • as necessary to achieve the purposes stated herein,
  • until consent to processing is withdrawn,
  • as regulated by the storage periods provided for by law,
  • or other permissions cease to apply.

After fulfilment of the respective purpose or expiry of these periods, the corresponding data will be deleted. If other legally permissible purposes prevent deletion, processing is limited to these purposes. This means that the data is blocked, e.g. data that must be retained for reasons of commercial or tax law. 

 

Your data protection rights

You have the following rights:

  • Information about your data stored with us and how it is processed,
  • Correction of incorrect personal data,
  • deletion of your data stored with us,
  • restriction of data processing,
  • objection to the processing of your data by us and
  • Data portability, provided you have consented to the data processing or have concluded a contract with us. 

 

Data Protection Officer

NEXUS AG
Data Protection Officer
Heiner-Fleischmann-Str. 9
D-74172 Neckarsulm
E-mail: datenschutz@nexus-ag.de 

 

Updating the privacy policy

We regularly adapt our data protection declaration as soon as there are changes to the processing carried out by us or the relevant legal requirements change. We ask that you regularly inform yourself about the content of our data protection declaration.

 

NEXUS Jira Servicedesk und Online-Portal Confluence

The following notices provide an overview of how we process your personal data when you use our service desk/online portal and relates solely to this.

 

General information

Responsible body

Nexus Deutschland GmbH, Irmastraße 1, 78166 Donaueschingen

 

Data Protection Officer

If you have any questions about data protection, please send us an e-mail:
datenschutz@nexus-ag.de

 

Data subjects' rights

You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.

To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.

  

Nature and purpose of the processing

The data in the NEXUS Jira service desk and online portal Confluence are used exclusively to process your service requests via our service desk and to communicate with you in this regard, to provide you with further information via our online portal in this context or to ensure the fault-free operation of the software platform.

For the operation of the website and for our services, various techniques and processing are necessary which are described in detail below. 

 

Cookies

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's machine. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

 

SSL- / TLS encryption

To protect the transmission of confidential content, our website uses SSL or TLS encryption via HTTPS. This means that data you exchange with our website cannot be viewed by third parties.

 

Categories of personal data

The following categories of personal data are processed in the NEXUS Jira Service Desk and Confluence online portal

Contact details

  • Email address of the NEXUS Jira service desk and online portal Confluence
  • the last name of the person concerned, and
  • the official contact information, email address, telephone number, department and address of the organisations.

Logging data

Every ticket request goes through this email address of the system. In addition ticket

  • Time of day
  • session ID and IP address

are stored.

If you enter personal data in the ticket text, this will also be saved. If you add an attachment to the ticket, this will also be saved. Please take this into account when communicating with our service desk. Always check whether the personal data is really absolutely necessary and anonymise it if not.

 

Legal basis

The legal basis for the processing of your personal data in the ticket system and the online portal is as follows:

  • Art. 6 par. 1 lit. b DSGVO - the service contract concluded with the customer.
  • Art. 6 par. 1 lit. a DSGVO - consent to the use of the service cookie.
  • Art. 76 BDSG - logging for the secure operation of the application 

 

Data collection

We collect your data

  • directly from you, by providing it to us
  • by third parties, such as your employer
  • or automatically by our IT system when you visit our website. This is mainly technical data, such as IP addresses. 

 

Recipient categories

Internal
Your data will be processed internally in our Service Desk department.

External
The service desk and the online portal are operated in the Nexus data centre. For this purpose, the data controller commissions the IT service provider from the Nexus group of companies with the hosting of the service desk and online portal software in the course of order processing in accordance with Art. 28 DSGVO. The data is only passed on for the specified purposes.

Order processor:

NEXUS Cloud GmbH, Irmastraße 1, 78166 Donaueschingen.

Your data will not be passed on to any other recipients.

Third parties
There is no transfer to third parties.

 

Retention and deletion periods

We delete your personal data after the purpose has been fulfilled.

  • Retention period: 10 years after the ticket is closed, it is deleted.

Video conferencing applications | Microsoft Teams

General information

When you communicate with us via a video conferencing application such as Microsoft Teams, we process your data or information. This information may be personal data. The following notices provide an overview of how we process your personal data.

You can use Microsoft Teams if you have been provided with the relevant meeting ID and, if applicable, other access data for the meeting and join it via the Teams app. It is also possible to join a meeting without the Teams app. Teams can also be used via a browser version, which you can find on the Microsoft Teams website: https://www.microsoft.com/de-de/microsoft-365/microsoft-teams/group-chat-software.

In a Teams meeting, you also have the option to participate as a guest. In this case, you do not have to give your name. You can also use a pseudonym. Please note the compatibility of your browser: https://docs.microsoft.com/de-de/microsoftteams/unsupported-brow

 

Responsible body

See list of responsible bodies at the top of the page.

Please note additionally for Microsoft Teams:

When you access the Microsoft Teams website, the Microsoft Teams provider is the data controller. Responsible party:

Microsoft Corporation

One Microsoft Way Redmond

WA 98052-6399 USA

However, accessing the website is only necessary to download the software for using Microsoft Teams. The Microsoft Teams privacy notice can be found here:

Support-and-privacy-policy-of-microsoft-teams. https://support.microsoft.com/de-de/office/support-und-datenschutzbestimmungen-f%c3%bcr-die-kostenlose-version-von-microsoft-teams-9116c829-c8fa-4822-96a3-1e89b2911ba5?ui=de-de&rs=de-de&ad=de

 

Data Protection Officer

If you have any questions about data protection, please contact our data protection officer at the following address:

Nexus AG

- Data Protection Officer -

Irmastr. 1

78166 Donaueschingen

E-mail: datenschutz@nexus-ag.de

If you have any questions about the data protection of our service provider for Microsoft Teams, you can reach the Microsoft EU Data Protection Officer at the following contact.

Microsoft Place

South County Business Park, Leopardstown

Dublin 18, Ireland.

Telephone: +353 1 706 3117

 

Data subjects' rights

You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if necessary, to object to processing or to exercise your right of complaint with the competent supervisory authority.

To exercise your right, please contact our data protection officer as indicated above.

 

Nature and purpose of the processing

We use the "Microsoft Teams" video conferencing application for the purpose of conducting conference calls, online meetings, video conferences and/or webinars.

In the Microsoft stream cloud storage In our Microsoft Teams Admin Center, we have disabled allowing cloud recordings by default. Meeting content (including chats) is also not logged or recorded, these features are disabled by default.

To participate in a meeting, you can also use a pseudonym.

You can make use of the option to share your screen. In this case, users will become aware of the data and content you share via your screen.

You can use the option to set background effects, e.g. to hide your private environment.

Team data is encrypted during transmission. This includes message files (audio, video, etc.), meetings, chat messages and other content. Microsoft uses standard technologies to do this. You can find more information about the security of Microsoft Teams here https://docs.microsoft.com/de-de/microsoftteams/teams-security-guide

 

Categories of personal data

When you use Microsoft Teams, various types of data are processed. The scope of the data depends largely on the information you provide before or during participation in an online meeting. When using Microsoft Teams, data of the communication participants is processed and stored on the servers of the third-party provider used, insofar as it is data required for the communication process.

Relevant personal data categories may include in particular:

User data: Display name ("Display Name"), optionally, if applicable, e-mail address, profile picture, preferred language, master data (e.g. name, address), if applicable, pseudonyms, contact data (e.g. e-mail address, telephone number),

Content data: (e.g. text entries, photographs, videos), meta and communication data (e.g. device information, IP addresses).

Metadata: Date, time, meeting ID, phone numbers, location.

 

Legal basis

If personal data is processed by employees of Nexus Cloud IT GmbH (or affiliated companies), the following applies

  • Section 26 para. 1 BDSG

is the legal basis for data processing. If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, performance or termination of the employment relationship, in the use of Microsoft Teams.

  • Art. 6 para. 1 lit. f) DSGVO

is the legal basis for the data processing. Our interest lies in simplifying internal communication, processing enquiries, increasing efficiency and promoting cross-company or cross-location cooperation. There are no interests worthy of protection of a data subject that would conflict with the introduction/use of such a service.

Furthermore, the legal basis for data processing when conducting online meetings is

  • Art. 6 para. 1 lit. b) DSGVO

insofar as the meetings are held within the framework of contractual relationships.

In some cases, we also process your data on the basis of consent pursuant to

  • Art. 6 para. 1 lit. a) DSGVO.

This happens when the use of teams is initiated by you or when you voluntarily provide us with data that is not required for the implementation of the online service (optional information).

 

Data collection

The data is collected directly from you or provided by your employer.

 

Recipient categories

Personal data processed in connection with the use of teams will not be disclosed to third parties if it is not intended for disclosure. Often, the content of a meeting, for example, is used to communicate information to (potential) customers or third parties. The Microsoft Teams service provider necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with Microsoft Teams.

 

Data processing in third country

Microsoft Teams is a service provided by a service provider in the USA. Personal data may therefore also be processed in a third country. This may result in risks for users, as it may, for example, be more difficult to enforce the rights of the data subject. We have concluded an order processing agreement with the provider that complies with the requirements of Art. 28 DSGVO.

Order processor:

Microsoft Corporation

One Microsoft Way Redmond

WA 98052-6399 USA

There is no adequacy decision of the EU Commission for the transfer to the third country. The transfer takes place on the basis of Art. 46 DSGVO. We have concluded an order processing agreement with the service provider in accordance with Art. 28 DSGVO.

The transfer of data to a third country only takes place when the requirements of Art. 44 et seq. DSGVO are fulfilled. The present transfer of data to the USA takes place on the basis of standard data protection clauses, as well as the amended contractual conditions after the Schrems II ruling by Microsoft. In addition, Microsoft guarantees a claim for damages for the data subject of unlawful processing, the information of the data subject if Microsoft is obliged to hand over data by government orders, as well as the obligation of Microsoft to take legal action against the official orders to hand over the data.

 

Retention and deletion periods

The data will be deleted immediately after the purpose has been fulfilled. A purpose may exist if the data is still needed, for example, to fulfil contractual services, to enforce legal claims or to comply with legal obligations (e.g. retention periods).

If the data is deleted by the user, Microsoft will ensure that all copies of the personal data are deleted within 30 days.

If the use of Tams is terminated by the responsible entity, the relevant personal data will be deleted between 90 and 180 days after the service is discontinued. Further information can be found here: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy

 

Reference to a right to object to and revoke processing

The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit. a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.

If possible, please send the objection by e-mail to: datenschutz@nexus-ag.de

 

Data subjects' rights

As a data subject of a data processing of your personal data within the meaning of the EU General Data Protection Regulation (GDPR), you have the following rights.

  • If personal data is collected directly from you, you must be informed of the processing at that time (Art. 13 GDPR).
  • If your personal data are collected indirectly, you must be informed of this processing within one month, at the time of the first communication to you or at the time of disclosure. (Art. 14 GDPR)
  • If your personal data are processed, you have the right to obtain information about the data stored about you (Art. 15 DSGVO).
  • If inaccurate personal data is processed, you have the right to rectification and to be informed about the rectification or deletion of collected data (Art. 16 DSGVO).
  • You can request the deletion (Art. 17 DSGVO) or restriction (Art. 18 DSGVO) of processing at any time.
  • If your personal data are lawfully processed for legitimate interest, you may object to the processing at any time, with effect for the future (Art. 21 DSGVO).
  • If your personal data are lawfully processed on the basis of your consent, you have the right to revoke this at any time with effect for the future (Art. 7 DSGVO).
  • If you have consented to the data processing or a contract for data processing exists and the data processing is carried out with the help of automated procedures, you may have the right to data portability (Art. 20 GDPR).
  • In the case of automated data processing concerning you - including profiling - you have the right not to be subject exclusively to the decision based on it if it produces legal effects or similar significant adverse effects against you. (Art. 22 DSGVO)
  • Furthermore, you have the right to lodge a complaint with the competent supervisory authority**) (Art. 12 para. (4))

 

Explanation of your rights

If you make use of your above-mentioned rights, the data controller will check whether the legal requirements for this are met. For example, it will check whether other laws, such as retention obligations, might prevent the deletion of personal data. This check is always necessary and usually takes a certain amount of time. The check includes, for example, in the case of an objection in accordance with Article 21 (1) of the GDPR, a weighing up of your and our interests, or whether restrictions to the aforementioned rights may result from specialist legal standards for individual processing activities.

You can exercise your rights at any time by contacting the responsible office (-> link responsible offices NEXUS). In order to exercise your rights, please contact the controller or the data protection officer datenschutz@nexus-ag.de.

You can file a complaint with the competent supervisory authority at any time. The competent supervisory authority is the one responsible for the head office of the responsible body.

 

Website

General information

When you visit our website, information is processed using a wide variety of techniques. This information may be personal data. The following notice provides an overview of how we process your personal data when you visit our website and relates solely to that.

Responsible body
Nexus AG, Irmastraße 1, 78166 Donaueschingen

Data Protection Officer
If you have any questions about data protection, please send us an e-mail: datenschutz@nexus-ag.de

 

Data subjects' rights
You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.

To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.

 

Nature and purpose of the processing

Our website provides you with information about NEXUS AG and the companies of the Nexus Group. When you visit us on our website, we process various personal data described in detail below. We use this data exclusively to be able to provide you with further information about our website in this context, to ensure the error-free operation of the software platform or for statistical purposes.

 

Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.

 

Server log files
The web space provider collects data on every access to the offer. The provider uses the information only for statistical evaluations for the purpose of the operation, security and optimisation of the offer. However, the provider reserves the right to subsequently check the log data if there is a justified suspicion of unlawful use due to concrete indications.

This data is not merged with other data sources.

 

Registration on this website
You can register on our website to use certain functions. The transmitted data is used exclusively for the purpose of using the respective offer or service. Mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.

In the event of important changes, for example for technical reasons, we will inform you by e-mail. The e-mail will be sent to the address given during registration.

 

Contact
Contacting us by e-mail/ contact form/ telephone

If you contact us by e-mail or telephone, the personal data you send us will be stored. We also have a contact form on our website that you can use to contact us. It is not possible to process your request without processing your personal data. The processing of personal data is solely for the purpose of dealing with your enquiry.

 

Newsletter
To send our newsletter, we need an e-mail address from you. Verification of the e-mail address provided is necessary and you must consent to receiving the newsletter. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.

 

Google Analytics
Our website uses functions of the web analysis service Google Analytics.

Google Analytics uses cookies (see here) for recognition purposes, which are stored on your end device and enable an analysis of website usage. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. The server is usually located in the USA. 

 

IP anonymisation
We use Google Analytics in conjunction with the IP anonymisation function. It ensures that Google truncates your IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before transmitting it to the USA. There may be exceptional cases where Google transfers the full IP address to a server in the USA and truncates it there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by Google Analytics is not merged with other Google data.

 

Social Media
We operate publicly accessible profiles on social networks. Social networks such as Facebook, Xing, etc. can comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. advertising banners). Visiting our social media presences may trigger processing operations relevant to data protection. On our websites, we only place social media in the form of direct links to our profiles of the respective social media presence. We use our social media presences as a separate information channel alongside our website and do not use any techniques to integrate them into our website offering.

If you visit our social media presence and are logged into your social media account, the operator of the social media portal can assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.

Please also note that we are not able to track all processing procedures on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

https://twitter.com/de/privacy

https://privacy.xing.com/de/datenschutzerklaerung

https://www.linkedin.com/legal/privacy-policy

 We provide a separate privacy policy for our social media offerings.

 

Categories of personal data
The following categories of personal data are processed through our websites.

 

Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.

 

Server Logfiles
The access data include: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

 

Contact
Contact email/ contact form/

Contact details: Email address, IP address, timestamp As well as, if applicable, if you wish to voluntarily inform us Title, first name, surname, organisation, function, street, postcode, town, telephone,

General information: Information entered in the free text field

 

Newsletter
Contact details:  Email address


Google Analytics
During your visit to the website, the following data is recorded, among other things:

  • Pages viewed
  • Orders incl. the turnover and the products ordered
  • The achievement of "website goals" (e.g. contact requests and newsletter sign-ups)
  • Your behaviour on the pages (for example, clicks, scrolling behaviour and dwell time)
  • Your approximate location (country and city)
  • Your IP address (in shortened form, so that no clear allocation is possible)
  • Technical information such as browser, internet provider, terminal device and screen resolution
  • Source of origin of your visit (i.e. via which website or advertising material you came to us)

 

Social Media
We provide a separate privacy policy for our social media offerings.

 

Legal basis for the processing
The legal basis for the processing of your personal data on our website is as follows.

 

Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.

 

Server log files
Art. 6 para. 1 lit. b DSGVO - fulfilment of a contract or pre-contractual measures

 

Registration on the website
Art. 6 para. 1 lit. a DSGVO - Consent

 

Contact
Contact e-mail/ contact form/

Art. 6 para. 1 lit. a DSGVO - Consent

 

Newsletter
Art. 6 para. 1 lit. a DSGVO – Consent

 

Google Analytics
Art. 6 para. 1 lit. a DSGVO - Consent

 

Social Media
We provide a separate privacy policy for our social media offerings.

 

Data collection
We collect your data

  • directly from you by providing it to us
  • or automatically by our IT system when you visit our website. This is primarily technical data, such as IP addresses.

 

Recipient categories

Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.

 

Server log files
Your data will be passed on to our hoster 1and1. This takes place within the framework of order processing in accordance with Art. 28 DSGVO.

Contractor: 1und1

1&1 Telecommunication SE

Address:                                                                    

Elgendorfer Str. 57

56410 Montabaur

Your data will be processed exclusively for the named purpose and, if necessary, on behalf of the contractor, but will not be passed on to other recipients.

 

Contact
E- mail contact requests/ contact form

As a rule, your requests will be processed at Nexus AG. This also takes place within the framework of commissioned processing in accordance with Art. 28 DSGVO, the respective responsible office from the Nexus group of companies. In the case of enquiries that can only be answered by the respective specialist department of the Nexus group of companies, these will be forwarded to the respective responsible office.

The technical infrastructure for sending emails is provided by our Nexus technology in NEXUS Cloud IT GmbH. This takes place within the framework of order processing according to Art. 28 DSGVO.

Client: All responsible parties

Your data will be processed exclusively for the named purpose and, if applicable, on behalf of the client, but will not be passed on to other recipients.

 

Newsletter
Your data will be processed by Nexus AG. We use Newsletter2go as a tool for sending the newsletter. This takes place within the scope of an order processing according to Art. 28 DSGVO.

Contractor: Newsletter2go

SendinblueGmbH

Köpenicker Street 126

10179 Berlin

Your data will be processed exclusively for the named purpose and, if necessary, on behalf of the contractor, but will not be passed on to other recipients.

 

Google Analytics

Your data will be processed by Nexus AG. Your data will then be passed on to Google. This takes place within the framework of commissioned processing in accordance with Art. 28 DSGVO.

Contractor: Google

The provider of the web analytics service is Google Inc,

1600 Amphitheatre Parkway,

Mountain View,

CA 94043, USA.

Google submits to the Privacy Shield.

 

Social Media
We provide a separate privacy policy for our social media offerings.

 

Retention and deletion periods

Cookies
Information on the processing of personal data with cookies is described in a separate section of our privacy policy.

 

Server log files
The server log files are stored for a maximum of 7 days and then deleted. The data is stored for security reasons, e.g. to be able to clarify cases of misuse. If data must be retained for evidentiary reasons, it is exempt from deletion until the incident has been finally clarified.

 

Registration on the website
We store the data collected during registration for the period that you are registered on our website. Your data will be deleted if you cancel your registration. Legal retention periods remain unaffected.

 

Contact
Contact requests/ Contact form
Data transmitted via the contact form will remain with us until your enquiry has been conclusively clarified: Then they will be deleted unless further legal regulations contradict this.

 

Newsletter
We store the data entered during registration for the period that you are registered to receive our newsletter. In the event of unsubscription, the data entered during registration will be deleted immediately.

 

Google Analytics
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future website visits.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

Social Media
We provide a separate privacy policy for our social media offerings.

 

Reference to a right to object to and revoke processing

The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.

Google Analytics
If you do not agree to the collection of your data, you can prevent this by installing the browser add-on to deactivate Google Analytics.

 

Raffles

General information

When you visit our website, information may be processed in competitions. This information may be personal data. The following notice provides an overview of how we process your personal data in competitions and relates solely to them.

 

Responsible body

Nexus AG, Irmastraße 1, 78166 Donaueschingen

 

Data Protection Officer

If you have any questions about data protection, please send us an e-mail:

datenschutz@nexus-ag.de

 

Data subjects' rights

You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.

To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.

 

Nature and purpose of the processing

The data is collected to ensure a smooth process. The winner should be addressed by name and the email address is needed to contact them. To ensure that the participant is a student, he/she should state his/her degree programme. Within the framework of DMEA 2022, this is a competition in which an iPad Air can be won.

In the context of the processing, the personal data of the data subject are processed for the implementation of a competition and the newsletter on vacancies of the controller.

 

Legal basis

The processing of personal data is permitted according to the following legal basis:

The data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes (Art. 6 para. 1 lit. a) DSGVO).

 

Categories of personal data

Data categories: Name, surname, e-mail address, degree programme

 

Recipient categories

A transfer of their data to the following entities. The data will only be processed for the purposes stated above. There will be no transfer to recipients other than the responsible bodies indicated above.

 

Retention and deletion periods

If no contact is made, the data will be deleted after one year.

 

Data sources

Their data was collected directly from them.

 

Revocation of consent

Insofar as your personal data is lawfully processed by the data controller on the basis of your consent, you can revoke your consent for future data processing at any time. To exercise your right, simply send an e-mail to

recruiting@nexus-ag.de

For further information on your rights as a data subject, please see the attached information sheet on data subject rights.

 

Supervisory authority

Please refer to the following source for the state data protection commissioner responsible for your data controller.

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/Landesdatenschutzbeauftragte/Landesdatenschutzbeauftragte_liste.html

 

Reference to a right to object to and revoke processing

The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.

If possible, please send your objection by e-mail to: datenschutz@nexus-ag.de

 

Cookies

General information

When you visit our website, information may be processed in the form of a cookie. This information may be personal data. The following notice provides an overview of how we process your personal data with cookies and relates solely to this.

Responsible body

Nexus AG, Irmastraße 1, 78166 Donaueschingen

 

Data Protection Officer

If you have any questions about data protection, please send us an e-mail:

datenschutz@nexus-ag.de

 

Data subjects' rights

You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.

To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.

 

Nature and purpose of the processing

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. With the help of these cookies, it is also possible to recognise your browser on your next visit. If cookies are set, they collect and process certain user information to an individual extent. A distinction is made between persistent cookies and session cookies. Session cookies are automatically deleted after the session and persistent cookies are automatically deleted after their specified expiry time.

Please note that you can set your browser so that you are informed about the setting of cookies or can decide individually whether to accept them or can exclude the acceptance of cookies for certain cases or in general. You can also visit our websites without agreeing to the use of cookies, but please note that the functionality of our website may be limited if you do not accept cookies.

 

Cookie details

The following describes details of all cookies used on our website, the nature and purpose of the processing, the categories of personal data, the recipients and the duration of the processing.

Necessary cookies

Contao HTTPS CSRF Token: Protects against cross-site request forgery attacks.

Storage duration: This cookie only persists for the current browser session.

 

PHP SESSION ID: Stores the current PHP session.

Storage duration: This cookie persists only for the current browser session.

 

Contact Notes: Stores whether the contact note has been closed and should be displayed for the next 30 days.

Storage duration: 30 days

 

Pop-up: Saves whether a pop-up has been closed and should be displayed for the next 30 days.

Storage period: 30 days 

 

Statistics Cookie

Statistics cookies collect anonymous data about the use of our website, and help us to design products, services and our websites to meet your needs.

Google Analytics: I agree to the use of Google Analytics (statistical software).

 

External services cookie

Content from third-party providers such as video platforms or map services are embedded on our website and blocked by default. Embedded content may collect data using cookies and transmit it to the third-party provider. For details on the processing of data by the third-party provider, please refer to the relevant privacy notices, which can be found in our privacy policy. If cookies from third-party providers are accepted, access to this content no longer requires manual consent.

 

Legal basis

Art. 6 para. 1 lit. a DSGVO - Consent

- Persistent cookie

Art. 6 para. 1 lit. f DSGVO - Legitimate interest

As the operator of this website, we have a legitimate interest in analysing user behaviour in order to optimise our website and possibly also our advertising.

- Session cookie

 

Data collection

We collect your data

  • automatically by our IT system or your terminal device when you visit our website. This is primarily technical data, such as IP addresses.

 

Reference to a right to object to and revoke processing

The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.

If possible, please send your objection by e-mail to: datenschutz@nexus-ag.de

 

(New) customer acquisition

General information

For (new) customer acquisition, we use various techniques to process information. This information may be personal data. The following information provides an overview of how we process your personal data when we contact you in the context of (new) customer acquisition and refers exclusively to this.

 

Responsible body

Nexus AG, Irmastraße 1, 78166 Donaueschingen

 

Data Protection Officer

If you have any questions about data protection, please send us an e-mail:

datenschutz@nexus-ag.de

 

Data subjects' rights

You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.

To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.

 

Nature and purpose of the processing

We use personal data in the context of (new) customer acquisition. We obtain the data from publicly accessible sources, such as company websites. The personal data obtained in this way is used for the purpose of establishing contact and initiating business for campaigns to address new customers and to send information about our services, e.g. in telephone calls or mailings. Our mailings are optimised through tracking. However, only personal information is processed through tracking.

 

Categories of personal data

Data categories: Name, surname, e-mail address, degree programme

 

Legal basis

The legal basis for the processing of your personal data for the purpose of

(New) Customer Acquisition and Business Initiation is one of the following

  • Art. 6 Para. 1 lit. f) DSGVO - processing for the protection of legitimate interests.
  • Art. 6 Para. 1 lit. a) DSGVO – Consent
  • Art. 6 Para. 1 lit. b) DSGVO - implementation of (pre-) contractual measures

 

Data collection

Your data is

- We collect your data from third parties, for example by searching public data sources such as your employer's website.

 

Recipient categories

Internal

Your data is processed internally in our marketing department.

Externally

We use the service provider Newsletter2Go and our Nexus internal IT service provider NEXUS Cloud IT GmbH to send our mailings. It may happen that our marketing department commissions a marketing department of another company of the NEXUS Group to carry out a campaign for capacity reasons.  The responsible party commissions the service provider in the course of order processing according to Article 28 DSGVO with the processing of the campaign, the dispatch of the mailings and the provision of the IT infrastructure.

The transfer only takes place for the stated purposes.

Order processor:

Newsletter2GO

NEXUS / ASTRAIA

NEXUS / EPS

NEXUS / CHILI

E & L

NEXUS / MARABU [SD3] GmbH

NEXUS / CLOUD IT GmbH, Irmastrasse 1, 78166 Donaueschingen, Germany

Your data will not be passed on to other recipients.

 

Third parties

There will be no transfer to third parties. 

 

 

Retention and deletion periods

Contact details for campaigns are not subject to a retention obligation. Your

personal data is therefore deleted immediately after the purpose has been fulfilled.

Data will be deleted after a campaign break of more than 17 months.

 

 

Reference to a right of objection and revocation against the processing

 

The data controller processes your data for the above-mentioned purpose.

You have your own right of objection and revocation to this processing.

right of objection and revocation, the exercise of which will result in the termination of the

purpose. If possible, please send the objection by e-mail to:

datenschutz@nexus-ag.de

 

If you justifiably object to or revoke the processing,

we can include you in our blocking file (permissible according to Art. 21 Para. 3,

Art. 17 para. 3 lit. b and Art. 6 para. 1 sentence 1 lit. f DSGVO). Should you also

expressly wish for all your data to be deleted along with your objection,

then we will also delete your data from the blocking file. This may result in

that you may be contacted again in the future if - legally permissible - external data is used.

be contacted again in the future.

 

Video surveillance

General information

When you visit our company premises, we may take pictures and video recordings of people such as employees and visitors at selected locations. This information may involve personal data. The following information provides an overview of how we process your personal data when you visit our company premises and refers exclusively to this.

 

Responsible body

Here, the list of the responsible bodies that are relevant should be inserted. It may be possible to include them from the responsible parties section, so that the maintenance effort can be reduced.

 

Data Protection Officer

If you have any questions about privacy, please email us:

datenschutz@nexus-ag.de

Data subjects' rights

You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.

To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.

 

Nature and purpose of the processing

We make picture and video recordings exclusively

  • for the exercise of domiciliary rights,
  • for the prevention of criminal offences or for the preservation of evidence in the case of criminal offences,
  • for the assertion of legal claims,

to.

The data will only be passed on to third parties if we are legally obliged to do so.

 

Categories of personal data

When you enter our premises, the following categories of personal data are processed by us.

  • Image and video recordings 

 

Legal basis

Because there is a legitimate interest on our part to avert danger in order to ensure the smooth running of operations.[SD1]

  • Art. 6 para. 1 lit. f DSGVO - Legitimate interest 

 

Data collection

Recipient categories

Internal

Your data will only be processed by the management.

Externally

For video surveillance, we use the technology of our Nexus Group internal IT service provider. The controller commissions the service provider in the course of a commissioned processing according to Art. 28 DSGVO, with the provision of the IT infrastructure necessary for video surveillance.

The transfer only takes place for the specified purposes.

Order processor:

NEXUS Cloud GmbH, Irmastraße 1, 78166 Donaueschingen.

Your data will not be passed on to other recipients.

Third parties

There is no transfer to third parties.

 

Retention and deletion periods

The data is deleted immediately after the purpose has been fulfilled and at the latest 72 hours after it has been collected.

 

Reference to a right of objection and revocation against processing

The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.

If possible, please send your objection by e-mail to: datenschutz@nexus-ag.de

 

Social Media

General information

When you visit our social media sites, information is processed using a wide variety of techniques. This information may be personal data. The following notice provides an overview of how we process your personal data when you visit our social media sites and relates solely to that. 

Responsible body

Nexus AG, Irmastraße 1, 78166 Donaueschingen, Germany.

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit.

Twitter

Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

 

Facebook

Facebook Inc, Menlo Park, California, United States

 

Xing

XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany

 

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland

 

Youtube

Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland

 

Data Protection Officer
If you have any questions about data protection, please send us an e-mail:

datenschutz@nexus-ag.de

 

Twitter

For details on how they handle your personal data, please see the privacy policy https://twitter.com/de/privacy

 

Facebook

Details on how they handle your personal data can be found in the privacy policy https://de-de.facebook.com/policy.php

 

Xing

Details on how they handle your personal data can be found in the data protection declaration https://privacy.xing.com/de/datenschutzerklaerung

 

Linked in

For details on how they handle your personal data, please refer to the privacy policy https://www.linkedin.com/legal/privacy-policy

 

Youtube

For details on how they handle your personal data, please refer to the privacy policy https://policies.google.com/privacy?hl=de

 

Data subjects' rights

You have the right to obtain information about the nature, origin, recipient and purpose of the processing of your personal data free of charge at any time, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right to lodge a complaint with the competent supervisory authority.

In principle, you can assert your rights both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

To exercise your right against us, simply send an e-mail to datenschutz@nexus-ag.de.

 

Nature and purpose of the processing

A social media presence is an important element of our communication policy. We use our social media presence to be able to establish direct communication and interaction with you via other channels. Furthermore, we want you to be able to inform yourself about our products and services in an uncomplicated and up-to-date manner.

 

Legal basis of the processing

The legal basis for the processing of your personal data on our social media sites is as follows.

- Art. 6 para. 1 lit. f) EU-DSGVO - Legitimate Interest

- Art. 6 para. 1 lit a) DSGVO

For further processing operations, such as the detailed analysis of behaviour on the social media portals, also in connection with your personal registration there, are the responsibility of the providers of the social media providers themselves. Please obtain information about the types of data processed, the legal basis for these processing operations and their purposes from the providers themselves.

 

Data collection

We collect your data

  • directly from you by providing it to us
  • or automatically by the IT system of the provider of the social media platform when you visit the website.

 

Retention and deletion periods

Reference to a right of objection and revocation against the processing

The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.

In principle, data remain stored as long as they are necessary for the purpose of the service.

LinkedIn

LinkedIn uses advertising cookies. If you would like to deactivate LinkedIn advertising cookies, please use the following link:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

Contact form

We collect personal data if you voluntarily provide it when contacting us (e.g. via contact form or e-mail). Which data is collected can be seen from the respective input forms. We use the data you provide to process your enquiry. After complete processing of your enquiry, your data will be deleted after expiry of the legal retention periods, unless you have expressly consented to further use of your data.

 

Online events

General information

In order to conduct online events, we use various techniques to process information. This information may be personal data. The following notices provide an overview of, and relate solely to, how we process your personal data when we contact you as part of an online event.

 

Responsible body

Nexus AG, Irmastraße 1, 78166 Donaueschingen

 

Data Protection Officer

If you have any questions about data protection, please send us an e-mail:

datenschutz@nexus-ag.de

 

Data subjects' rights

You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if applicable, to object to processing or to exercise your right of complaint with the competent supervisory authority.

To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.

 

Nature and purpose of the processing

We use personal data within the framework of the implementation of online events. We receive the data directly from you during registration. The data is used for the purpose of contacting you within the framework of our online event.

 

Categories of personal data

Contact details

  • Name
  • Business e-mail address
  • Company, function 

 

Legal basis

The legal basis for the processing of your personal data in the context of the implementation of online events is the following

  • Art. 6 para. 1 lit. a) DSGVO - Consent 

 

Data collection

Your data is

  • collected by us directly from you.

 

Recipient categories

Internal

Your data is processed internally in our marketing department.

Externally

We use the service provider Ticketareo to organise our online events. The responsible body commissions the service provider in the course of order processing in accordance with Art. 28 DSGVO.

Your data will not be passed on to any other recipients.

Third parties

There is no transfer to third parties. 

 

Retention and deletion periods

Contact data for our online events are not subject to any retention obligation. Your personal data will therefore be deleted immediately after the purpose has been fulfilled. Data will be deleted after 17 months.

 

Reference to a right of withdrawal against processing

The data controller processes your data for the above-mentioned purpose. You have your own right of revocation against this processing, the exercise of which leads to the termination of the processing for this purpose. If possible, please send the revocation by e-mail to: datenschutz@nexus-ag.de

If you justifiably revoke the processing, we can include you in our blocking file (permissible according to Art. 21 para. 3, Art. 17 para. 3 lit. b and Art. 6 para. 1 sentence 1 lit. f DSGVO). If you expressly wish to have all your data deleted when you revoke your consent, we will also delete your data from the blocking file. This may mean that you can be contacted again in the future if - legally permissible - third-party data is used.

 

Face-to-face events

General information

In order to conduct face-to-face events, we use various techniques to process information. This information may be personal data. The following information provides an overview of how we process your personal data in the context of holding a face-to-face event and refers exclusively to the following.

 

Responsible body

Nexus AG, Irmastraße 1, 78166 Donaueschingen

 

Data Protection Officer

If you have any questions about data protection, please send us an e-mail:

datenschutz@nexus-ag.de

 

Data subjects' rights

You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if necessary, to object to processing or to exercise your right of complaint with the responsible supervisory authority.

To exercise your right, simply send an e-mail to datenschutz@nexus-ag.de.

 

Nature and purpose of the processing

We use personal data in the context of holding classroom events. We receive the data directly from you, e.g. during registration. The data is processed for the purpose of preparing, conducting and following up on face-to-face events.

 

Categories of personal data

Contact details

  • Name
  • Salutation
  • Business e-mail address
  • Company, function
  • photos*
  • videos*

* Optional information 

 

Legal basis

The legal basis for the processing of your personal data within the framework of the implementation of online events is the following

  • Art. 6 para. 1 lit. a) DSGVO - Consent
  • Art. 6 para. 1 lit. f) DSGVO - Legitimate interest

 

Data collection

Your data is

  • collected by us directly from you.

 

Recipient categories

Internal

Your data is processed internally in our marketing department.

Externally

We use the service provider Ticketareo to organise our presence events. The data controller commissions the service provider in the course of commissioned processing in accordance with Art. 28 DSGVO.

Third parties

Photos and videos for social media (see Privacy Policy Social Media)

 

Retention and deletion periods

Contact data for our presence events are not subject to any retention obligation. We therefore delete your personal data immediately after the purpose has been fulfilled.

Data for social media remain stored as long as they are necessary for the purpose of the service, see Privacy Policy Social Media.

 

 

Reference to a right of withdrawal against processing

The data controller processes your data for the above-mentioned purpose. You have your own right of revocation against this processing, the exercise of which leads to the termination of the processing for this purpose. If possible, please send the revocation by e-mail to: datenschutz@nexus-ag.de

Please also note the enforceability of data subject rights against social media providers see Privacy Policy Social Media.

Contact