Data Privacy

With this privacy policy, we would like to inform you about the type, scope and purpose of the processing of personal data (hereinafter also referred to as ‘data’). Personal data is all data that has a personal reference to you, e.g. name, address, email address or your user behaviour. The privacy policy applies to all data processing operations carried out by us, both as part of our core activities and for the online media we provide.

Who is responsible for data processing

Responsible for data processing is:

Novhe AG

Postfach 76, 8800 Thalwil

Represented by: Mahault G. Cusin

Contact:

Phone: 044 506 94 86

E-mail: kinsey (at) novhe.com

Impressum: https://www.novhe.com/imprint

Processing of your data in the context of the services we provide

If you are our customer or business partner or are interested in our services, the type, scope and purpose of the processing of your data depends on the contractual or pre-contractual services existing between us. This includes conceptual and strategic consulting, software and design development and consulting and maintenance services in this area, planning and implementation of campaigns, IT and server administration as well as other consulting and training services. In this sense, the data processed by us includes all data that is or was provided by you for the purpose of utilising the contractual or pre-contractual services and that is required to process your enquiry or the contract concluded between us. Unless otherwise stated in the further information in this privacy policy, the processing of your data and its disclosure to third parties is limited to the data that is necessary and expedient to answer your enquiries and/or to fulfil the contract concluded between you and us, to protect our rights and to fulfil legal obligations. We will inform you which data is required for this before or during data collection. Insofar as we use third-party providers to provide our services, the data protection notices of the respective third-party providers apply.

Data concerned:

Inventory data (e.g. names, addresses)
Payment data (e.g. bank details, invoices)
Contact data (e.g. e-mail address, telephone number, postal address)
Contract data (e.g. subject matter of contract, duration of contract)

Data subjects: Customers, interested parties, business and contractual partners

Processing purpose: Processing of contractual services, communication and answering contact enquiries, office and organisational procedures

Legal basis: Contract fulfilment and pre-contractual enquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Your rights under the GDPR

According to the GDPR, you are entitled to the rights listed below, which you can assert at any time with the controller named in section 1 of this privacy policy:

  • Right of access: You have the right to request information from us as to whether and which of your data we process.
  • Right to rectification: You have the right to request the rectification of inaccurate data or the completion of incomplete data.
  • Right to erasure: You have the right to request the erasure of your data.
  • Right to restriction: In certain cases, you have the right to request that we only process your data to a limited extent.
  • Right to data portability: You have the right to request that we transfer your data to you or another controller in a structured, commonly used and machine-readable format.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority of your usual place of residence, your workplace or our company headquarters is responsible.

Right of withdrawal

You have the right to withdraw your consent to data processing at any time.

Right of objection

You have the right to object at any time to the processing of your data, which we base on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If you exercise your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that compelling legitimate grounds for data processing outweigh your interests and rights.

Irrespective of the above, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time.

Please address your objection to the contact address of the controller given above.

When do we delete your data?

We delete your data when we no longer need it or when you instruct us to do so. This means that - unless otherwise stated in the individual data protection notices in this privacy policy - we will delete your data,

  • if the purpose of the data processing has ceased to exist and thus the respective legal basis stated in the individual data protection notices no longer exists, e.g.
  • after termination of the contractual or membership relationship existing between us (Art. 6 para. 1 lit. a GDPR) or
  • after our legitimate interest in the further processing or storage of your data has ceased to exist (Art. 6 para. 1 lit. f GDPR),
  • if you make use of your right of cancellation and no other legal basis for processing within the meaning of Art. 6 para. 1 lit. b-f GDPR applies,
  • if you make use of your right of objection and there are no compelling reasons worthy of protection to prevent deletion.

Service provider:

However, if we still need to retain (certain parts of) your data for other purposes, for example because tax retention periods (usually 6 years for business correspondence or 10 years for accounting documents) or the assertion, exercise or defence of legal claims arising from contractual relationships (up to four years) make this necessary or the data is needed to protect the rights of another natural or legal person, we will only delete (that part of) your data after these periods have expired. Until the expiry of these periods, however, we restrict the processing of this data to these purposes (fulfilment of retention obligations).

Webhosting

To maintain our website, we use a provider on whose server our website is stored and made available for retrieval on the Internet (hosting). The provider may process all data transmitted via the browser you use that is generated when you use our website. This includes in particular your IP address, which the provider requires in order to be able to deliver our online offer to the browser you are using, as well as all entries you make via our website. In addition, the provider we use can collect the following information:

  • the date and time of access to our website
  • time zone difference to Greenwich Mean Time (GMT)
  • access status (HTTP status)
  • the amount of data transferred
  • the Internet service provider of the accessing system
  • the browser type and version you are usingthe operating system you are using
  • the website from which you may have accessed our website
  • the pages or sub-pages you visit on our website.

The aforementioned data is stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our website.

Data concerned:

  • Content data (e.g. posts, photos, videos)
  • Usage data (e.g. access times, websites clicked on)
  • Communication data (e.g. information about the device used, IP address)

Data subjects: Users of our website

Purpose of processing: Displaying our website, ensuring the operation of our website

Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR

Web hosting provider commissioned by us:

Webflow, Inc.

Service provider: Webflow, Inc. 208 Utah, Suite 210, San Francisco, CA 94103, USA
Website: https://webflow.com
Privacy Policy: https://webflow.com/legal/eu-privacy-policy

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Content-Delivery-Network

We use a content delivery network (CDN) to deliver our web pages. A CDN is a network of regionally distributed servers connected via the Internet. Scaling storage and delivery capacities are made available via the CDN. This optimises the loading times of our Internet pages and ensures optimum data throughput even at high load peaks. User requests on our websites are routed via CDN servers. Statistics are compiled from these data streams. On the one hand, this serves to recognise potential threats to our website from malware at an early stage and, on the other hand, to continuously improve our offer and make our website more user-friendly for you as a user.

We would like to point out that, depending on the country of residence of the service provider named below, the data collected via the service may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR may not be complied with and that the enforcement of your rights may be difficult or impossible.

Data concerned:

  • Content data (e.g. posts, photos, videos)
  • Usage data (e.g. access times, websites clicked on)
  • Communication data (e.g. information about the device used, IP address)

Processing purpose: Technical optimisation of the website, analysis of errors and user behaviour

Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR

CDN service providers used:

Amazon CloudFront

Service Provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA
Website: https://aws.amazon.com/de/
Data Privacy: https://aws.amazon.com/de/privacy/?nc1=f_pr

Fastly

Service Provider: Fastly Inc., 475 Brannan St. #300, San Francisco, CA 94107, USA
Website: https://www.fastly.com
Data Privacy: https://www.fastly.com/de/privacy

Contact us

If you contact us via e-mail, social media, telephone, fax, post, our contact form or in any other way and provide us with personal data such as your name, telephone number or e-mail address or provide further information about yourself or your request, we will process this data to answer your enquiry within the framework of the pre-contractual or contractual relationship existing between us.

Affected data:

  • Inventory data (e.g. names, addresses)
  • Contact data (e.g. e-mail address, telephone number, postal address)
  • Content data (texts, photos, videos)
  • Contract data (e.g. subject matter of the contract, duration of the contract)

Data subjects: Interested parties, customers, business and contractual partners

Processing purpose: Communication and response to contact enquiries, office and organisational procedures

Legal basis: Contract fulfilment and pre-contractual enquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Newsletter

We send out a newsletter at regular intervals to inform our customers, business partners and interested parties about our offers and related news. You have the option of registering for our newsletter on our website and agreeing to receive the newsletter as part of the registration process. If you register for our newsletter, you must provide your e-mail address. We store the e-mail address so that we can send you the newsletter. The provision of further data such as title or name is voluntary and is used to address you personally. As soon as you register for our newsletter, you will receive a confirmation e-mail to the e-mail address you provided when registering using the double opt-in procedure. This e-mail contains a link. If you click on this link, you confirm that you wish to receive the newsletter. This ensures that your e-mail address was not misused by a third party when you registered. For the same reason, we store the date and time of registration and the IP address assigned to you when you register. We do not pass on the aforementioned data to third parties.

Legal basis: The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR

Prevention: You can revoke your consent to receive the newsletter at any time using the options given above.

Deletion: The deletion of the e-mail address takes place either if you have not clicked on the confirmation link 1 month after sending the confirmation e-mail in the double opt-in procedure or immediately after you have unsubscribed from our newsletter.

Cancellation: You can revoke your consent to receive the newsletter at the end of each e-mail and unsubscribe from the newsletter.

Newsletter provider we use:

Mailer Lite

Service Provider: MailerLite, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland
Website: https://www.mailerlite.com
Privacy policy: https://www.mailerlite.com/legal/privacy-policy

Our Social Media Presences

We operate online presences within the social networks listed below. If you visit one of these sites, the data listed below will be collected and processed by the respective provider. As a rule, this data is collected for advertising and market research purposes and user profiles are created. Data can be stored in the user profiles regardless of the device you use. This is particularly the case if you are a member of the respective platform and are logged in to it. The user profiles can be used by the providers to display interest-based advertising to you. You have a right of cancellation against the creation of user profiles. To exercise this right, you must contact the respective provider.

If you have an account with one of the providers listed below and are logged in there when you visit our website, the respective provider may collect data about your usage behaviour on our website. To prevent your data from being linked in this way, you can log out of the provider's service before visiting our site.

You can find out for what purpose and to what extent data is collected by the provider in the respective data protection declarations of the providers provided below.

We would like to point out that, depending on the country of domicile of the provider named below, the data collected via its platform may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will be difficult or impossible.

Data concerned:

Inventory and contact data (e.g. name, address, telephone number, e-mail address)
Content data (e.g. posts, photos, videos)
Usage data (e.g. access times, websites clicked on)
Communication data (e.g. information about the device used, IP address).

Purpose of processing: Communication and marketing, tracking and analysis of user behaviour

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests Art. 6 para. 1 lit. f GDPR

Opt-out options: For the respective objection options (opt-out), please refer to the following linked information from the providers.

We maintain online presences on the following social networks:

LinkedIn

Service Provider: LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA
Registered office in Germany: LinkedIn, Hofstatt 4th Floor, Sendlinger Str. 12, 80331 München
Website: https://www.linkedin.com
Data Privacy: https://www.linkedin.com/legal/privacy-policy

Security Measures

We also take state-of-the-art technical and organisational security measures to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties.

Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and is dated September 2024. Due to changes in legal or regulatory requirements, it may be necessary to adapt this privacy policy.

©Novhe AG | Imprint | Data Privacy | Back to Home