This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering"). With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Note on the responsible party
The responsible party for data processing on this website is:
Nexlase GmbH
Industriestraße 51
82194 Gröbenzell
Phone: 08142/65241-0
Email: office@nexlase.com
The responsible party is the natural or legal person who decides alone or jointly with others about the purposes and means of processing personal data (such as names, email addresses, etc.).
Types of processed data:
Inventory data (e.g. names, addresses).
Contact data (e.g. email, telephone numbers)
Content data (e.g. text inputs, photographs, videos)
Usage data (e.g. visited web pages, interest in content, access times)
Meta/communication data (e.g. device information, IP addresses)
Categories of affected persons:
Visitors and users of the online offer (hereinafter referred to collectively as "users").
Purpose of processing:
Provision of the online offer, its functions and content
Answering of contact inquiries and communication with users
Security measures
Range measurement/marketing
Terminology used:
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
The "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The "processor" is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Relevant legal bases:
According to Article 13 of the GDPR, we are providing you with the legal basis for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: the legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and the execution of contractual measures as well as for answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Security measures
In accordance with Article 32 of the GDPR, we implement suitable technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the likelihood and severity of the risks to the rights and freedoms of natural persons.
These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, availability and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and response to data breaches. Additionally, we take into account the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Article 25 of the GDPR).
Coorperation with processors or third parties
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transmit them to them or otherwise grant them access to the data, this only happens on the basis of a legal permission (e.g. if transmission of the data to third parties, such as payment service providers, pursuant to Art. 6 para. 1 lit. b GDPR is necessary for the performance of the contract), you have given your consent, a legal obligation provides for this, or based on our legitimate interests (e.g. when using agents, web hosts, etc.).
Please note that our website may use Google Fonts provided by Google. When you visit our website, your browser may establish a connection to Google's servers to download the required fonts. Through this connection, personal data such as your IP address may also be transmitted to Google. However, we have no control over the use of this data by Google. If you decide to continue using our website, you agree that Google may store cookies on your device and may use this data for analysis purposes.
If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.
Transmission to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in connection with the use of third-party services or the disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or allow the data to be processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects
You have the right to request confirmation as to whether personal data concerning you are being processed, and on access to the personal data and further information and a copy of the data according to Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to demand the completion of the data concerning you or the correction of incorrect data concerning you.
According to Art. 17 GDPR, you have the right to demand that the data concerning you be deleted immediately, or alternatively, according to Art. 18 GDPR, to demand a restriction on the processing of the data.
You have the right to receive the personal data concerning you, which you have provided to us, in accordance with Art. 20 GDPR and to request their transfer to other responsible parties.
Furthermore, according to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to revoke any consent given in accordance with Art. 7 para. 3 GDPR with effect for the future.
Right to object
You can object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against processing for the purposes of direct marketing.
Cookies and right to object to direct advertising
"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Cookies that are deleted after a user leaves an online service and closes their browser are referred to as "temporary cookies," "session cookies," or "transient cookies." For example, the contents of a shopping cart in an online store or a login status can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent." For example, the login status can be stored when users revisit the service after several days. The interests of users can also be stored in such a cookie and used for audience measurement or marketing purposes. Cookies offered by providers other than the person responsible for operating the online service are referred to as "third-party cookies" (otherwise, if they are only the person's own cookies, they are referred to as "first-party cookies").
We may use temporary and permanent cookies and clarify this in our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online service.
A general objection to the use of cookies used for online marketing purposes can be made to a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that not all functions of this online service may be available if cookies are disabled.
Deletion of Data
The data we process will be deleted or restricted in their processing in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated otherwise in this Privacy Policy, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and there are no legal retention obligations preventing their deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
In accordance with legal requirements in Germany, storage is particularly carried out for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, booking vouchers, commercial books, documents relevant to taxation, etc.) and for 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).
In accordance with legal requirements in Austria, storage is particularly carried out for 7 years in accordance with § 132 para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business documents, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU member states for which the Mini-One-Stop-Shop (MOSS) is used.
Administration, accounting, office organization, contact management
Accounting and compliance with legal obligations, such as archiving. Here, we process the same data that we process as part of our contractual services. The legal bases for processing are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. Customers, prospective customers, business partners and website visitors are affected by the processing. The purpose and our interest in processing lie in the administration, accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our duties and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, we store information about suppliers, organizers and other business partners based on our business interests, for example, for later contact. We generally store these mostly company-related data permanently.
Privacy policy in the application process
We process applicant data only for the purpose and within the scope of the application process in accordance with the legal requirements. The processing of applicant data is carried out to fulfill our (pre)contractual obligations within the framework of the application process in accordance with Art. 6 (1) lit. b. GDPR and Art. 6 (1) lit. f. GDPR, insofar as the data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, § 26 BDSG also applies).
The application process requires that applicants provide us with their applicant data. The necessary applicant data are marked, if we offer an online form, otherwise they result from the job descriptions, and in principle include the information on the person, postal and contact addresses, and the application documents, such as cover letter, CV.
By submitting the application to us, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy.
Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). If special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants in the context of the application process, their processing is additionally carried out in accordance with Art. 9 (2) lit. a GDPR (e.g. health data, if they are necessary for the exercise of the profession).
If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us encrypted in accordance with the state of the art.
Applicants can also send us their applications via email. However, please note that emails are generally not sent in encrypted form and applicants themselves must provide encryption. We can therefore take no responsibility for the transmission of the application between the sender and reception on our server and recommend using an online form or sending by post instead. Instead of applying via the online form and email, applicants still have the option of sending us the application by post.
In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. The applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
