Privacy Policy

In accordance with the legal requirements of data protection law (in particular the German Federal Data Protection Act (BDSG) as amended and the European General Data Protection Regulation (GDPR)), we hereby inform you about the nature, scope, and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For the definition of terms such as “personal data” or “processing,” we refer to Art. 4 GDPR. Name and contact details of the controller Our controller (hereinafter “controller”) within the meaning of Art. 4 (7) GDPR is:

 

NAXOS e.V., Waldschmidtstr. 19, 60316 Frankfurt am Main

Email address: info@produktionshausnaxos.de

Data protection officer: info@produktionshausnaxos.de

 

Types of data, purposes of processing, and categories of data subjects Below, we provide information about the nature, scope, and purpose of the collection, processing, and use of personal data.

  1. Types of data we process Usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact data (telephone number, email, fax, etc.), content data (text entries, videos, photos, etc.), communication data (IP address, etc.),
  2. Purposes of processing according to Art. 13 (1) c) GDPR Technical and economic optimization of the website, facilitating easy access to the website, designing the website to be user-friendly, processing contact requests,
  3. Categories of data subjects pursuant to Art. 13 (1) (e) GDPR Visitors/users of the website. The data subjects are collectively referred to as “users.”

 

Legal basis for the processing of personal data

 

Below, we provide information about the legal basis for the processing of personal data:

  1. If we have obtained your consent for the processing of personal data, Art. 6 (1) (a) GDPR is the legal basis.
  2. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures taken at your request, Art. 6 (1) (b) GDPR is the legal basis.
  3. If processing is necessary for compliance with a legal obligation to which we are subject (e.g., statutory retention obligations), the legal basis is Art. 6 (1) (c) GDPR.
  4. If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 (1) (d) GDPR is the legal basis.
  5. If processing is necessary to safeguard our legitimate interests or those of a third party and your interests or fundamental rights and freedoms do not override these interests, the legal basis is Art. 6 (1) (f) GDPR.

Transfer of personal data to third parties and processors

We do not transfer any data to third parties without your consent. If this is the case, the transfer is based on the aforementioned legal bases, e.g., when transferring data to online payment providers for the fulfillment of a contract, or due to a court order or a legal obligation to disclose the data for the purposes of criminal prosecution, averting danger, or enforcing intellectual property rights. We also use processors (external service providers, e.g., for web hosting of our websites and databases) to process your data. If data is passed on to processors within the framework of a data processing agreement, this is always done in accordance with Art. 28 GDPR. We select our processors carefully, monitor them regularly, and have been granted the right to issue instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and comply with the data protection regulations in accordance with the BDSG (German Federal Data Protection Act) as amended and the GDPR.

Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data will therefore mainly be processed by companies to which the GDPR applies. If, however, processing is carried out by third-party services outside the European Union or the European Economic Area, these must comply with the special requirements of Art. This means that processing is carried out on the basis of special guarantees, such as the EU Commission’s official recognition of a level of data protection equivalent to that of the EU or compliance with officially recognized special contractual obligations, known as “standard contractual clauses.” For US companies, compliance with the so-called “Privacy Shield,” the data protection agreement between the EU and the US, fulfills these requirements.

Deletion of data and storage period

Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose for storage no longer applies, unless further storage is necessary for evidentiary purposes or is required by law. This includes, for example, commercial law retention obligations for business letters in accordance with Section 257 (1) of the German Commercial Code (HGB) (6 years) and tax law retention obligations for receipts in accordance with Section 147 (1) of the German Fiscal Code (AO) (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless storage is still necessary for the conclusion or fulfillment of a contract.

Automated decision-making

We do not use automated decision-making or profiling.

Provision of our website and creation of log files1. If you use our website for informational purposes only (i.e., without registering or otherwise transmitting information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data: • IP address; • User’s Internet service provider; • Date and time of access; • Browser type; • Language and browser version; • Content accessed; • Time zone; • Access status/HTTP status code; • Amount of data; • Websites from which the request originates; • Operating system. This data is not stored together with other personal data about you.