Privacy Policy

In the following we inform you about the collection of personal data when using our website. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

With regard to the definition of terms such as “personal data” or “processing” we refer to Art. 4 GDPR.

Name and contact details of the responsible person

The person responsible in accordance with Art. 4 (7) of the EU Data Protection Regulation is

nuTIQ GmbH
Goldtschmidtstraße 5
21073 Hamburg,
Germany,

represented by their
Managing Director Thomas Unger
Tel: +49 40 24182710
Fax: +49 40 24182709
E-mail address: info@nuTIQ.com

Provision of the website and log files

1. Description and scope of data processing
Whenever our website is called up, our system, i.e. the web server, automatically records information from the calling computer or end device of the user. If you use our website for informational purposes only (i.e. no registration or other transmission of information), we only collect the personal data that your browser transmits to our server.

The following data is collected by us:

  • information about the browser type, language and the version used
  • the operating system of the user’s terminal device
  • the Internet service provider of the user
  • the IP address of the user
  • date and time of access
  • previous website from which the user accessed our website
  • the amount of data transferred
  • access status/HTTP status code

This data will not be stored together with other personal data of yours.

The data serves the purpose of user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimization and statistical evaluation.

2. Legal basis for the data processing
The legal basis for the temporary storage of this data and the log files is article 6 paragraph 1 (f) GDPR (our legitimate interests as a responsible website operator).

3. Purpose of the data processing
The temporary storage of the user’s IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must necessarily remain stored for the duration of the session.

The storage of the above-mentioned data in the log files is done to ensure the functionality of our website. In addition, this data serves us to optimize the website and to ensure the security of our information technology systems (e.g. to detect attacks). An evaluation of the data for marketing purposes does not take place in this context.

4. Duration of storage
The above-mentioned data are deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this takes place when the relevant session is ended.

For security reasons, we store this data in server log files for a period of 190 days to ensure the error-free functionality of our website and to trace your order transactions. After this period has elapsed, they are automatically deleted, unless we need to keep them for evidence in case of attacks on the server infrastructure or other legal violations.

Normally there is no access to these log files, but if errors occur, they are used to investigate the cause.

Cookies

1. Description and scope of the data processing
We use so-called cookies when you visit our website. Cookies are small text files that your internet browser places and stores on your computer. When you visit our website again, these cookies provide information to recognize you automatically.

Our website uses session cookies, persistent cookies and third-party cookies:

Session cookies: We use so-called cookies to recognize multiple use of an offer by the same user (e.g. if you have logged in to determine your login status). When you visit our site again, these cookies provide information to recognize you automatically. The information obtained in this way serves to optimize our offers and make it easier for you to access our site. When you close the browser or log out, the session cookies are deleted.

Persistent cookies: These are automatically deleted after a specified period of time which may vary depending on the cookie. You can delete or block the cookies at any time in the security settings of your browser.

Third-party cookies: You can configure your browser settings according to your preferences, e.g. you can refuse to accept third-party cookies or all cookies. However, please note that you may not be able to use all the features of this website if you do so. Please read more about these cookies in the respective privacy policies of the third-party providers we use.

2. Purpose of the data processing
The information obtained in this way serves the purpose of optimizing our web offers both technically and economically and to enable you to access our website more easily and securely. When calling up our website, you have the option of actively agreeing to the use of cookies for statistical and marketing purposes. Technically necessary cookies (“essential cookies”) are needed to provide the functionalities of our website.

3. Legal basis for the data processing
The legal basis for the processing is our legitimate interest (Article 6 paragraph 1 (f) GDPR) for essential cookies or your – at any time revocable – consent pursuant to Article 6 paragraph 1 (a) GDPR.

4. Duration of storage
The cookies are stored for different lengths of time. For more information, see the privacy settings in the cookie configuration panel.

5. General information on cookies
You can generally prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. However, this may result in a functional restriction of our offers. You can object to the use of cookies from third parties for advertising purposes by means of a so-called “opt-out” via this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).

E-Mail contact and contact form

1. Description and scope of the data processing
We can be contacted via our contact form and the provided e-mail address. In this case, the personal data of the sender – i.e. the user – transmitted with the inquiry will be stored.

We may store your information and contact request in our customer relationship management system (“CRM system”) or a similar system. We have concluded an order processing contract with our CRM provider in accordance with Article 28 GDPR. This means that the CRM provider may only process personal data in accordance with instructions.

2. Legal basis for the data processing
The legal basis for the processing of these data, which are transmitted in the course of a request, is Article 6 paragraph 1 (f) GDPR (our legitimate interests as the responsible party). In this case, our legitimate interest is an economic one, such as answering your enquiry, acquiring customers, etc.

Where appropriate, Article 6 paragraph 1 (b) of the GDPR (fulfilment of contract) may be an additional legal basis for the processing.

3. Purpose of the data processing
The processing of this personal data serves us solely to process the contact.

4. Duration of storage
The above-mentioned data will be deleted as soon as they are no longer necessary for the purpose of their collection. For personal data sent by e-mail or contact form, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.

5. Right to object
The user has the opportunity to object to this data processing at any time. The objection should be sent to the following e-mail address: info@nuTIQ.com

In this case, all personal data stored in the course of the contact will be deleted, unless this is contrary to statutory storage obligations. You can find more information on this in the section Rights of Data Subjects and the note on the right to object.

Order form

1. Description and scope of the data processing
We offer the user on our website, via an order form, the possibility to request and purchase our products.

We may store your information and contact request in our customer relationship management system (“CRM system”) or a similar system. We have concluded an order processing contract with our CRM provider in accordance with Article 28 GDPR. This means that the CRM provider may only process personal data in accordance with instructions.

2. Legal basis for the data processing
The legal basis for this is Article 6 paragraph 1 (b) GDPR, provided that the person concerned is a contracting party. If the contractual partner is the employer of the person concerned, the legal basis is Article 6 paragraph 1 (f) GDPR. In this case, our legitimate interest is an economic interest or the fulfilment of the contract with the corresponding contractual partner.

3. Purpose of the data processing
The order form serves the purpose of concluding a contract with us or requesting or commissioning a service. The data processing thus serves the purpose of concluding, implementing or terminating a contract with the respective contracting party or its vicarious agents.

4. Duration of storage
We store the data collected for the processing of the contract for the duration of the contract as well as until the expiry of the statutory or possible contractual warranty and guarantee rights (warranty: two years / standard limitation period: three years). After expiry of this period, we retain the information of the contractual relationship required under commercial and tax law for the legally determined periods (6 years under commercial law, 10 years under tax law).

5. Right to object
The user has the possibility to object to the data processing, which is based on legitimate interest, at any time. The objection must be sent to the following e-mail address: info@nuTIQ.com

In this case, all personal data stored in the course of the contact will be deleted, unless this is contrary to statutory storage obligations. You can find more information on this in the section Rights of Data Subjects and the note on the right to object.

Tracking using Google Analytics

1. Description and scope of the data processing
We use the tracking tool Google Analytics on our website. In Google Analytics, the interactions of the user of our website are primarily recorded and systematically evaluated by means of cookies. If individual pages of our website are called up, the following data are stored:

  • three bytes of the IP address of the user’s calling system (anonymized IP address)
  • the website accessed
  • the website from which the user has accessed the page of our website (referrer)
  • the subpages that are accessed from the accessed page
  • the time spent on the website
  • the frequency of access to the website

The software is set in such a way that the IP addresses are not stored completely, but the last octet of the IP address is masked (e.g.: 192.168.79.***). In this way it is no longer possible to assign the shortened IP address to the calling computer or terminal device of the user.

2. Legal basis for the data processing
The legal basis for the processing of users’ personal data is Article 6 paragraph 1 (a) GDPR, the consent of the user.

3. Purpose of the data processing
The processing of the user’s personal data using Google Analytics enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our own website and its user-friendliness.

4. Duration of the storage
The data stored by tracking is deleted as soon as it is no longer needed for our recording purposes. This is the case with us after 26 months.

5. Right to object
With the help of a browser add-on for deactivating Google Analytics JavaScript (ga.js, analytics.js, dc.js), the user can prevent Google Analytics from using their data on our website.

If the user wants to deactivate Google Analytics, they can download and install the add-on for their used web browser. The add-on for deactivating Google Analytics is compatible with the current versions of Chrome, Internet Explorer, Safari, Firefox and Opera. For the add-on to work, it must be loaded and executed correctly in the browser. In Internet Explorer, third-party cookies must also be activated.

Further information can be found at https://tools.google.com/dlpage/gaoptout?hl=de

Integration of Google Maps and Google Fonts

1. Description and scope
This page uses the map service Google Maps from Google Limited Ireland via an interface.

To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an attractive presentation of our online offers and easy findability of the places we have indicated on the website. This represents a legitimate interest within the meaning of Article 6 paragraph 1 (f) GDPR.

However, in order to protect your personal data, we request your consent – which can be revoked at any time – before loading the map.

You can find more information on the handling of user data in the Google privacy policy: https://www.google.de/intl/de/policies/privacy/.

In addition, we also use Google Fonts for the uniform display of fonts. When calling up a page, the user’s browser loads the required web fonts into its own browser cache in order to display texts and fonts correctly. For this purpose, the user’s browser must connect to Google’s servers. This enables Google to know that our website has been called up from the user’s IP address.

2. Legal basis for the data processing
The integration of the services Google Maps and Google Fonts is necessary for the demand-oriented design of our website. This is also in our interest according to Article 6 paragraph 1 (f) (our legitimate interest as the responsible party), the concrete loading of the map is based on your consent (Article 6 paragraph 1 (a)).

3. Further information on data processing
Google Limited Ireland is responsible for further data processing. For more information about how Google uses your information, please visit www.policies.google.com/privacy and visit developers.google.com/fonts/faq

Google AdWords with Conversion Tracking

1. Description and scope of the data processing
We use the “AdWords with Conversion Tracking” service (Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to draw attention to third party websites by displaying ads on our website. When you click on a Google ad from us, a cookie is stored in your browser which is valid for approximately 30 days. If you then visit our website, we and also Google can use the cookie to evaluate whether you have visited our website and which of our pages you have visited. Google creates statistics about this. The full extent of data processing is not known to us. The collected data is also transferred to the USA and analyzed there. If you are logged in with a Google account, the data can be assigned to your account by AdWords. If you do not want this, you must log out before visiting our website.

2. Legal basis for the data processing
The legal basis of the processing is analysis, optimization and the economic operation of our advertising and website in accordance with Article 6 paragraph 1 (f) GDPR (our legitimate interest).

Google is certified according to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

3. Purpose of the data processing
This conversion tracking serves the purpose of analysis, optimization and economic operation of our advertising and website.

4. Duration of storage
The cookies from the AdWords conversion tracking are stored on your device for about 30 days or if you make other browser settings or delete cookies manually according to your actions.

5. Information on (Google) cookies
You can object to or prevent the installation of cookies by Google in various ways:

  • You can disable cookies in your browser by selecting the “do not accept cookies” setting, which includes third-party cookies.
  • You can deactivate conversion tracking directly on Google via the link https://adssettings.google.com, but this setting will only be effective until you delete your cookies.
  • You can disable the personalized ads of third party advertisers participating in the advertising self-regulation initiative “About Ads” via the link https://optout.aboutads.info for US sites or http://www.youronlinechoices.com/de/praferenzmanagement/ for EU sites, but this setting will only be effective until you delete all your cookies.
  • You can permanently deactivate cookies by using a browser plug-in for Chrome, Firefox or Internet Explorer under the link https://support.google.com/ads/answer/7395996. This deactivation can have the consequence that you may not be able to use all functions of our website to their full extent.

Further information can be found in Google’s privacy policy at https://policies.google.com/privacy?hl=de&gl=de and https://services.google.com/sitestats/de.html

Google AdWords Remarketing / “Similar Target Groups”

1. Description and scope of the data processing
We use the Google AdWords Remarketing/ “Similar Target Groups” application (Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to draw attention to third-party websites and other Internet offerings by displaying ads on our website. With the Remarketing or ” Similar Target Groups” function in AdWords, we can reach you there if you have already visited our website, and address you with a suitable message via advertising. With remarketing, we can get our former visitors back to our website with just one click. When you visit certain pages of our website, a cookie is stored in your browser which is valid for 30 days. If you then visit other websites or Internet offers, we and Google can evaluate whether you have already visited our website using the cookie and also show you our advertising there. Google creates statistics about this. The full extent of the data processing is not known to us. The data is also transferred to the USA and analyzed there. According to Google, the data collected through remarketing is not merged with your personal data, which may be stored by Google, but is processed using a pseudonym.

For the definition of the pseudonym in European data protection, we refer to Article 4 paragraph 5 GDPR.

2. Legal basis for the data processing
The legal basis for the processing of your data is our legitimate interest in the analysis, optimization and economic operation of our advertising and website in accordance with Art. 6 paragraph 1 S. 1 (f) GDPR. Google is certified according to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

3. Purpose of the data processing
This remarketing serves the purpose of analysis, optimization and economic operation of our advertising and website.

4. Notes on (Google) cookies
You can object to or prevent the installation of cookies by Google in various ways, see also point 5 in our notes on the use of Google AdWords.

Google ReCAPTCHA

1. Description and scope of the data processing
We have integrated on our website the anti-spam function “reCAPTCHA” from Google (Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland). By using “reCAPTCHA” in our forms we can determine whether the input was made by a machine (robot) or a human being. When using the service, your IP address and any other data required for this purpose may be transmitted to Google servers in the USA.

2. Legal basis for the data processing
The legal basis for this is our legitimate interest in data processing in accordance with Article 6 paragraph 1 S.1 (f) GDPR, which is also in the purposes mentioned under point 3.

3. Purpose of the data processing
The purpose of processing this data is to avoid spam and misuse and our economic interest in optimizing our website.

4. Further information
Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework).

Further information about Google ReCAPTCHA can be found at https://www.google.com/recaptcha/ and in Google’s privacy policy at: https://policies.google.com/privacy.

Social media presence

1. Description and scope of the data processing
We maintain profiles in social media to communicate with the users connected and registered there and to inform them about our products, offers and services. The US providers we use are certified according to the so-called Privacy-Shield. According to the GDPR there is therefore an appropriate guarantee for data transfers to the USA.

All intra-European providers are subject to the regulations of the GDPR or, if applicable, national data protection laws.

When using and accessing our profile in the respective network, the respective data protection notices and terms of use of the respective network apply.

From the social networks that we use, we may receive usage statistics on page views, “likes” given, etc.

According to a decision of the European Court of Justice, we are jointly responsible with the operator of the respective network for the data processing in these cases.

This means that we have to conclude an agreement with the respective network in accordance with Article 26 GDPR on a corresponding joint responsibility.

“Likes” may be personal and could be accessed by anyone. In the statistics we see, however, only a number appears: e.g. 100 users. This means that a concrete personal reference in the statistical evaluation cannot be established for us.

The corresponding addendum with LinkedIn can be found at https://legal.linkedin.com/pages-joint-controller-addendum.

Xing only reports very rough user numbers so that a concrete personal reference is not possible for us here either. We do not receive any further insights than the number of likes under the respective contributions.

We also receive statistical information from Google MyBusiness, such as the number of page views, how many queries there were in Google search and how many queries led to us via GoogleMaps. For us, no personal reference can be derived from these statistics.

2. Legal basis for the data processing
The legal basis for the processing of personal data is our legitimate interest in communication with users and our external appearance for the purpose of advertising in accordance with Article 6 Paragraph 1 S. 1 (f) GDPR.

If you have given your consent to the person responsible for the social network to process your personal data, the legal basis is Article 6 paragraph 1 S. 1 (a) and Article 7 GDPR.

3. Purpose of the data processing
We process the data you send us via these networks to communicate with you and to answer your messages there.

4. Duration of the storage
nuTIQ GmbH only stores your data from social networks if we transfer your questions to our CRM for answering. Please refer to the data protection notices of the respective site operators for information on the storage period in the respective networks.

5. Further information
The data protection notices, information and opt-out options of the respective networks can be found here:

  • XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – privacy policy / opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – privacy policy: https://www.linkedin.com/legal/privacy-policy, cookie policy and opt-out: https://www.linkedin.com/legal/cookie-policy, Privacy Shield of the US company LinkedIn Inc.: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
  • Google: https://policies.google.com/privacy?hl=de

Live chat application tawk.to

1. Description and scope of the data processing
Our website offers the possibility of using tawk.to. It is a live chat software. The chat is integrated in the source code. This is made possible by a script. By using the chat you automatically use the services of tawk.to. The collected data includes chat history, time, operating system and region of origin. The IP addresses are made anonymous so that no personal reference can be made by simply using the chat program.

The processing is carried out for persons residing in the EU by tawk.to Ltd.

If you do not want to use the live chat option, you can alternatively send us an e-mail to info@nuTIQ.com.

We do not use chatbots, so you always talk to one of our staff.

2. Legal basis for the data processing
The legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 (a) or Article 7 GDPR. You have the right to revoke any consent you have given at any time. The data processing that has taken place up to the point of revocation remains unaffected by this.

3. Purpose of the data processing
The purpose of the data processing is to offer you a platform for fast and uncomplicated communication.

4. Duration of storage
We may store your information and contact requests via the tawk.to service in our customer relationship management system (“CRM system”) or a comparable system. We have concluded an order processing contract with our CRM provider in accordance with Article 28 GDPR. This means that the CRM provider may only process personal data in accordance with instructions.

5. Further information on tawk.to
The privacy policy of tawk.to can be found at: https://www.tawk.to/privacy-policy

Use of the link management system bit.ly

1. Description and scope of the data processing
We use the link management system from bit.ly to evaluate and improve our online presence and to evaluate and optimize ad placements. Among other things, the IP address, location, time, date and device information such as browser type, operating system or even the language used is collected by the provider. This data is also transmitted to the USA on the basis of the Privacy Shield and is disclosed to third parties according to the provider’s specifications.

2. Legal basis for the data processing
The legal basis for the processing is analysis, optimization and the economic operation of our advertising and website in accordance with Article 6 paragraph 1 (f) GDPR (our legitimate interest).

Bit.ly is certified according to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework

At the same time, the decision whether to click on the bit.ly links is your own, so that active use is based on your consent, which can be revoked at any time, and is thus based on Article 6 paragraph 1 (a) GDPR.

All content on our site is freely accessible even without bit.ly links.

3. Purpose of the data processing
Tracking and link management serve the purpose of analysis, optimization and economic operation of our advertising and website.

4. Duration of storage
We do not store any personal data generated via bit.ly. You can find the bit.ly privacy policy information at https://bitly.com/pages/privacy

Rights of those affected

You have the following rights in relation to the personal data concerning you:

  • right to information
  • right to correction or deletion
  • right to restrict processing
  • right to object to processing
  • right to data portability

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The supervisory authority responsible for our company is the State Commissioner for Data Protection and Freedom of Information (“Landesbeauftragte für Datenschutz und Informationsfreiheit”) in Hamburg.

Information on the revocation of a consent
A person affected has the right to revoke his data protection declaration of consent to us at any time. However, this does not affect the legality of the processing that has taken place on the basis of the consent until the revocation.

Information on the right to object
If a processing operation is carried out on the basis of our legitimate interests as the data controller (Article 6 paragraph 1 (f) GDPR), you have the right to object to this processing at any time. We no longer process the personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims.

Information on complaints to a supervisory authority
Without prejudice to any other administrative or judicial remedy, a data subject shall have the right to lodge a complaint with a supervisory authority – in particular in the member state of the user’s place of residence, the user’s place of work or the place of the alleged infringement – if the user considers that the processing of his or her personal data by us contravenes the GDPR.

Recipients/categories of recipients
Recipients of your data are regularly employees of our company who are entrusted with the processing of inquiries and contracts. In addition, we use contractually bound processors and partners for various services, who sometimes act as independent responsible persons.

Furthermore, we use various payment providers to invoice the services commissioned by you and to have them remunerated to us. The legal basis here is our legitimate interest in the fulfilment of the contract with the contractual partner or the fulfilment of the contract if the party concerned is the contractual partner. In case of payment defaults, we use collection service providers on the basis of our legitimate interests.

Without your consent we do not pass on any data to third parties. Should this be the case, however, the data will be relayed on the basis of the aforementioned legal bases or due to a court order or due to a legal obligation to surrender the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights.

We use contract processors (external service providers e.g. for web hosting of our websites and databases) to process your data. If data is passed on to the processors as part of an agreement for order processing, this is always done in accordance with Article 28 GDPR. We select our processors carefully, check them regularly and have the right to issue instructions regarding personal data. In addition, the processors must have taken suitable technical and organizational measures and comply with the data protection regulations in accordance with the Federal Data Protection Act and GDPR. Processors are not considered third parties within the meaning of Article 4 No. 10.

Transfer of data to third countries
Should the processing be carried out by services of third parties outside the European Union or the European Economic Area, they must comply with the specific conditions of Article 44 et seq. GDPR. This means that the processing is carried out on the basis of specific guarantees, such as the EU Commission’s officially recognized determination of a level of data protection equivalent to that of the EU or the observance of officially recognized specific contractual obligations, the so-called “standard contractual clauses”. For US companies, submission to the so-called “Privacy Shield”, the data protection agreement between the EU and the USA, fulfils these requirements.

Without appropriate data protection guarantees, a transfer of your data to a third country is not permitted.

Need to provide the personal data
The necessity to provide personal data results from the use of our website or our services and depends on the respective degree of use and the requested services.

If you have any questions, please feel free to send us an e-mail to info@nuTIQ.com

Existence of automated decision making
We do not use automated decision making or profiling.

Data security
We have taken appropriate technical and organizational security measures in order to protect all personal data transmitted to us and to ensure that the data protection regulations are observed by us and our external service providers. For this reason, all data between your browser and our server is transmitted encrypted via a secure SSL connection.