I. Name and address of the controller
Controller within the meaning of the GDPR and other national data protection laws applicable in member states as well as other provisions having the character of data protection legislation is:
nmedia GmbH
Kirchfeldstrasse 69a
40217 Düsseldorf
Germany
Phone: (++49) (0)211-54 23 24 25
E-Mail: privacy(at)nmedia.solutions
Online: nmedia.solutions
II. Name and address of the data protection officer
Our data protection officer can be contacted:
By mail:
nmedia GmbH
"Der Datenschutzbeauftragte"
Kirchfeldstrasse 69a
40217 Düsseldorf
Germany
By phone:
(++49) (0)211 6009575
by email:
privacy(at)nmedia.solutions
III.General information on data processing
1. Amount of personal data being processed
We essentially collect personal data about our users only to the extent required for provisioning a running web site, our content and services. We gather and use personal data of our users only after their given consent. A derogation from that procedure may occur if a consent request cannot be made for factual reasons and processing of personal data is permitted by law.
2. Legal basis for processing personal data
Where we obtain the authorization from our users (data subjects) to process personal data, we do so on the legal basis of Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR).
Processing personal data necessary to fulfil a contract where the user is the contractual partner is done on the legal basis of Art. 6(1)(b) GDPR. This applies also to pre-contractual measures.
Where it is necessary to process personal data in order to fulfil a legal obligation that our company is subject to, the legal basis for this is Art. 6(1)(c) GDPR.
If there are interests essential for the life of the data subject or that of another natural person that require the processing of personal data, the legal basis for this is Art. 6(1)(d) GDPR.
Where the processing is necessary for the purposes of compelling the legitimate interests pursued by the controller or by a third party, and does not override the interests, rights and freedoms of the data subject, the legal basis for this is Art. 6(1)(f) GDPR.
3. Erasure and duration of storage
As soon as the purpose of collecting personal data no longer applies, the personal data of the data subject is erased or made unavailable. Provisions should be made for the possibility for further data processing in certain circumstances where necessary for an important ground of public interest recognized in Union or Member State law to which the controller is subject.
The data will be erased or made unavailable also after expiration of a specified storage period stated in the regulations, unless storage is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person.
IV. Provisioning of web site, preparation of log files
1. Description and extent of data processing
Each time our web page is called up, our system automatically records data and information from the computer system doing the call.
The following data are collected during a call:
(1) user's IP address
(2) time and date of access
(3) information about the browser type and version in use
(4) web sites from which the user's system has reached our website
The data are also stored in log files in our system. These data are not processed together with other personal data.
2. Legal basis of data processing
The data and log files are stored temporarily on the legal basis of Art. 6(1)(f) GDPR.
3. Purpose of data processing
The temporary storage of the IP address by our server is necessary to deliver web pages to the user's computer. This requires to store the user's IP address for the duration of the session.
The data are stored in log files in order to maintain the functionality of the web pages. The data also help us to optimize our web site and ensure the safety of our IT systems. The data are not evaluated for marketing purposes.
The purposes stated constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.
4. Duration of storage
The data are erased as soon as they no longer are necessary to achieve the purpose for which they are collected. In the context of storing data for the operation of web pages, this applies on termination of the respective session.
In the context of storing data in log files, this is the case at the latest after seven days. Provision should be made for the possibility of further storage. In this case, the IP addresses are erased or distorted so that they cannot be associated with the calling client.
5. Opportunity to object and for removal
The recording of data for provisioning of web pages and storage of the data in log files is fundamentally necessary for the operation of the website. There is consequentially no opportunity for the user to object.
The use of Matomo
This website collects and stores data by way of the Matomo web analysis software (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, based on our legitimate interest as per GDPR Art. 6(1)(f) in the statistical analysis of user behaviour for optimization and marketing purposes. Pseudonymized user profiles can be created from these data and evaluated for the same purpose. This can involve the use of cookies. Cookies are small text files that are locally stored in the cache of the page visitor's internet browser. Amongst other aspects, cookies enable the internet browser to be recognized again. The data collected with the Matomo technology (including your pseudonymized IP address) are processed on our servers.
The information generated in the pseudonymous user profile by the cookie will not be used to personally identify the visitor of this website and not be linked with personal data about the user of the pseudonym.
If you disagree with the storage and evaluation of these data from your visit, you can object to their storage and use at any time by a mouse click. In this case a so-called opt-out cookie will be stored in your browser with the result that Matomo will no longer collect session data. Please note that complete deletion of your cookies will also delete the opt-out cookie, which you may need to reactivate again.
V. Usage of Cookies
1. Description and extent of data processing
Our web pages use cookies. Cookies are data stored by the web browser on the user's computer. When a user calls up a web site, a cookie may be stored on the user's operating system. This cookie contains a characteristic character sequence which allows to recognize the calling browser upon later visits of our web site.
We use cookies in order to make our web site more user-friendly. Parts of our web site require to identify the calling browser even after having visited third-party pages.
In cookies, we store and transfer the following information:
(1) Session ID
The user data collected are pseudonymized by appropriate technical measures. The data cannot thus be associated with the calling user. The data are not stored together with other personal data of our users.
2. Legal basis of data processing
The legal basis for storage of personal data by usage of cookies is Art. 6(1)(f) GDPR.
The legal basis for storage of personal data by usage of cookies for analytic purposes after the user's given respective consent is Art. 6(1)(a) GDPR.
3. Purpose of data processing
The purpose of using technically mandatory cookies is to simplify the access to our web pages for users. Parts of our web site cannot be provisioned without the usage of cookies. These parts require to recognize the calling browser upon later visits of our web site.
We need cookies for the following applications:
(1) Session ID
User data collected through technically mandatory cookies are not used for the creation of user profiles.
4. Duration of storage, opportunity to object and for removal
Cookies are stored on the data subject's computer and are transmitted from there to our web server. The data subject has thus full control over the usage of cookies. He or she can prohibit or restrict the transmission of cookies by changing the settings in the web browser. Previously saved cookies can be deleted at any time. This may also occur automatically. After prohibiting the usage of cookies for our web site, the user may not be able to use all functions of these web pages to the full extent.
VI. Newsletter / email notifications
1. Description and extent of data processing
Our email newsletter or email notifications are sent to a user on the basis of the user's registration on our website. Our website offers users to apply for a free newsletter or email notifications. During this application, the data entered in the respective input mask are transferred to us.The following data are collected:
(1) the user's email address
(2) the user's name
(3) the user's phone number
At the time of registration, there are also collected:
(1) the IP address of the user's computer
(2) date and time of registration
As part of the registration process, the user is requested his or her consent to process these data while she or he is made aware of this privacy policy.
The data collected during application for our newsletter or email notifications are not forwarded to third parties. The data are used solely for sending the newsletter or email notifications.
2. Legal basis of data processing
The legal basis of processing the data provided by the user during application for the newsletter or email notifications and after the user's consent is Art. 6(1)(a) GDPR.
3. Purpose of data processing
Storage of the data subject's email address serves the purpose to deliver the newsletter or email notifications. We may collect other personal data during the registration process in order to precent misuse of our services or of the email addresses involved.
4. Duration of storage
The data are erased as soon as they no longer are necessary to achieve the purpose for which they are collected. According to that, the data subject's email address is stored for the duration of the newsletter / email notification subscription.
Other personal data collected within the registration process are usually erased seven days after registration.
5. Opportunity to object and for removal
The data subject can unsubscribe from the newsletter / email notifications at any time. For this purpose, each newsletter / email notification contains a respective link.
The data subject may also withdraw his or her consent to store personal data collected during registration for the newsletter.
VII. Registration
1. Description and extent of data processing
On our web site, users have the opportunity to register themselves by stating their personal data. Data are entered via a web form, transmitted to us and stored afterwards. The data collected are not forwarded to external third parties. During registration, the following personal data are collected:
(1) user's first name
(2) user's surname
(3) user's email address
(4) enterprise name
if enterprise type = "buyer/reseller" oder "brand"
(5) value added tax identification number
(6) companies register number
if enterprise type = "interested party"
(7) field of activity
(8) interested in which information
At the time of registration, there are also collected:
(1) the user's IP address
(2) time and date of registration
As part of the registration process, the user is requested his or her consent to process these data; the user is also made aware of this privacy policy.
2. Legal basis of data processing
The legal basis for processing this data after the user's consent is Art. 6(1)(a) GDPR.
Where the registration serves the performance of a contract to which the data subject is party or serves to take steps at the request of the data subject prior to entering into a contract, the legal basis for processing this data is Art. 6(1)(b) GDPR.
3. Purpose of data processing
Registration of the data subject is necessary for provisioning specific contents and services on our web site. These are: Opportunity to upload or download individual article catalogues and image data, to create or edit orders and subsequent documents, e.g., order responses, despatch advice, invoice, etc.
Since these information are confidential, an unambiguous identification of the user is mandatory.
4. Duration of storage
The data are erased as soon as they no longer are necessary to achieve the purpose for which they are collected.
This applies to data collected during registration if the registration is cancelled or changed.
5. Opportunity to object and for removal
The data subject can cancel his or her registration at any time. The data subject can also demand to change his or her data
Please send an email to privacy(at)nmedia.solutions and include what to erase or change.
If the data are necessary for fulfillment of a contract or to carry out pre-contractual measures, early erasure is only possible insofar as no contractual or legal obligations oppose erasure.
VIII. Email contact
1. Description and extent of data processing
You can contact us via the email address we provided you. In that case, the personal data transmitted in the email are stored.
The data collected during this process are not forwarded to external third parties. The data are used exclusively for handling the conversation.
2. Legal basis of data processing
The legal basis for processing data transmitted with an email is Art. 6(1)(f) GDPR. Where the email contact aims at entering into a contract, the legal basis for processing data is Art. 6(1)(b) GDPR.
3. Purpose of data processing
In the case of email contact, we store the personal data in our legitimate interest to establish the contact.
4. Duration of storage
The data are erased as soon as they no longer are necessary to achieve the purpose for which they are collected.
This applies to the personal data sent to us by email, as soon as the conversation with the user has ended. A conversation is considered as ended if the circumstances indicate that the issue of the conversation has been clarified.
The other personal data collected during processing the email are erased at the latest after seven days.
5. Opportunity to object and for removal
The user can demand to cancel his or her consent to store his or her personal data at any time. If the user has established the contact via email, he or she may object to the storage at any time. In that case, the conversation cannot be continued.
Please send us an email to privacy(at)nmedia.solutions and state which information shall be erased.
Any personal data collected while establishing the contact will then be erased.
XI. Rights of users / data subjects
Where your personal data are processed, you are a data subject pursuant to the GDPR, with these rights against the controller:
1. Right of access by the data subject
The user can demand confirmation from the controller regarding if personal data concerning him or her are being processed by the data controller.
If such processing takes place, the data subject can demand the following information:
(1) the purposes for which the personal data are being processed;
(2) the categories of personal data being processed;
(3) the recipients (or categories of recipients) to whom personal data were disclosed in the past or will be disclosed;
(4) the intended duration of storage of personal data concerning the data subject or, if an explicit duration cannot be stated, criteria to define the duration of storage;
(5) confirmation of an existing right to correct or erase the personal data concerning the data subject, of a right to restrict data processing by the controller, or a right to object against this data processing;
(6) the existence of a right to complain to a supervisory authority;
(7) all available information about the origin of the data where the personal data were not collected from the data subject;
(8) the existence of an automated decision-making process, including profiling pursuant to Art. 22(1) and (4) GDPR, and—at least in these cases—meaningful information about the logic involved as well as scope and intended consequences of such a process on the data subject.
You have the right to information whether the personal data concerning you are being sent to a third country or an international organization. In this context, you can demand to be informed about appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
2. Right to rectification
You have a right to rectification and/or completion against the controller, if the personal data concerning you are untrue or incomplete. The controller has to correct the data without undue delay.
3. Restriction of processing of personal data
You can demand to restrict processing of the personal data concerning you under these circumstances:
(1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
(4) if you object processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override yours.
Where processing of data concerning you has been restricted, these data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to preceding conditions, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Duty of erasure
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:
(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2) you withdraw your consent on which the processing is based according to Art. 6(1)(a) GDPR, or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
(4) the personal data have been unlawfully processed;
(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right of data subjects to be informed
Where you have asserted the claim to rectification, erasure or restriction of processing against the controller, the controller will be obliged to notify all recipients (to whom the personal data concerning you were disclosed) of this rectification or erasure of data or restriction of processing, unless this proves impossible or causes disproportionate expense.
You have the right against the controller to be informed about these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR;
(2) the processing is carried out by automated means.
In exercising this right you further have the right to have your personal data transmitted directly from the controller to another controller, where technically feasible. This shall not affect the freedom and rights of other persons.
The right to data portability does not apply for the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
The user has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on Art. 6 (1)(e) or (f) GDPR. This applies also to profiling pursuant to these regulations.
The controller will cease to process the personal data concerning the data subject unless the data subject can demonstrate compelling legal grounds for the processing which override the controller's interests, rights and freedoms or where processing serves the establishment, exercise or defense of legal claims.
Where personal data concerning the user are processed for direct marketing purposes, the user has the right to object at any time to processing of his or her personal data for such marketing purposes.
Where the user objects to processing for direct marketing purposes, the personal data concerning the user will no longer be processed for these purposes.
In the context of the rules on information society services, notwithstanding Directive 2002/58/EC, the user may exercise his or her right to object, also by automated means which may make use of technical specifications.
8. Right to withdrawal of consent
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not depend on special categories of personal data pursuant to Art. 9 GDPR, unless Art. 9(2)(a) or (g) GDPR are in effect and specific measures to safeguard the fundamental rights and interests of the data subject were taken.
In cases (1) and (3) the controller takes appropriate measures to protect the fundamental rights and freedoms as well as the legitimate interests of the data subject. These measures comprise at least the right to obtain an intervention through a person on part of the controller, to declare his or her position and to challenge the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.