Introduction

With the following information we would like to give you as a “data subject” an overview of the processing of your personal data by us as well as your rights from the data protection laws.

Your personal data will always be processed in accordance with the General Data Protection Regulation (GDPR) and all applicable country-specific data protection regulations. We have implemented numerous technical and organizational measures to ensure the highest possible protection when processing your personal data.

II.     Scope

The following data protection regulations apply to the following websites: https://nova-institute.eu/  and all our other online presences (e.g. our social media pages).

III.   Controller

Controller within the GDPR is:
nova-Institut für politische und ökologische Innovation GmbH
Leyboldstraße 16
50354 Huerth
Germany
Tel. +49 2233 – 460 14 00
Fax +49 2233 – 460 14 01
Email [email protected]
Internet www.nova-institute.eu

IV.    Data Protection Officer

If you have any questions or suggestions regarding data protection issues, you can contact our data protection officer at any time:

Niklas Hanitsch
secjur GmbH
Steinhöft 9
20459 Hamburg
Germany
Tel. +49 40 228 599 520
Email: [email protected]

V.    Technology

1.     SSL / TLS encryption

To ensure the security of data processing and to protect the transmission of confidential content, we use SSL or TLS encryption. You can recognize the existence of an encrypted connection by the fact that the address line of your browser displays “https://” instead of “http://” and by the lock symbol in your browser line.

2.     Data collection when visiting the website / storage of log files

When using our website for purely informational purposes, we only collect personal data that your browser sends to our server (server log files). Every time you access our website, a number of general data and information are collected, which we store in the server log files.

Purpose of processing

  • Correct delivery of the contents of our website
  • Optimization of the contents of our website
  • Guarantee of a permanent operability of our IT systems and the technology of our website
  • Static evaluation to improve the level of data protection and data security
  • Provision of information to law enforcement agencies in the event of a cyber attack

Processed data

  • Usage and metadata (e.g. browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website (so-called referrer), the sub-websites which are accessed via an accessing system on our website, the date and time of an access to the website, an abbreviated internet protocol address (anonymized IP address), the internet service provider of the accessing system)

Security measures

The server log files are anonymous data that are stored separately from all other of your personal

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

 

VI.   Cookies

We use cookies on our website. These are files that your browser automatically creates and that are stored on your IT system when you visit our site.

Information is stored in the cookie, which in each case arises in connection with the specifically used terminal device. This does not mean, however, that we obtain direct knowledge of your identity.

1.     Technically necessary cookies

We use technically necessary cookies. These are cookies that are necessary for the operation and functions of our website.
Purpose of processing

  • Offering our services
  • Enabling the use of our website functions

 

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

2.     Technically not necessary cookies

We use technically not necessary cookies. These are cookies that are not technically essential for the operation of the website or the provision of specific page functions. As a rule, these are third-party cookies that can be used to analyze and trace the surfing behavior of users.

Purpose of processing

  • Range measurement and tracking
  • Evaluation of visitor behavior and profiling
  • Optimization of our offer

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter a GDPR).

Right of withdrawal

You can revoke your consent to the use of cookies at any time.

VII. Transmission and disclosure of personal data

Within the scope of our activities, we transmit personal data to external parties (e.g. persons, companies or legally independent organizational units). You can find details on this below under “Services used” with the respective service providers.

VIII.        Data processing in third countries

We process personal data in a third country. These are countries outside the European Union (EU) and the European Economic Area (EEA).

We only process data in third countries where an adequate level of data protection exists in accordance with Art. 44-49 GDPR. Details of the specific level of data protection in the respective third country can be found below under “Services used” with the respective service providers.

IX.   Contact

1.     General information

We offer you different ways to contact us (e.g. by e-mail, chat or telephone).

Processed data

  • inventory data (e.g. first and last name, address)
  • Contact information (e.g. e-mail address, phone number)
  • Meta and communication data (e.g. IP address)
  • Content data (e.g. entered text content, photographs, videos)

 

Purpose of processing

  • Answering contact requests
  • Communication

Legal basis

  • Performance of a contract or implementation of pre-contractual measures (Art. 6 Para. 1 Cl. 1 letter b. GDPR) if your request is based on pre-contractual measures or on an existing contract with us.
  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR) If your inquiry is independent of contractual or pre-contractual measures, our legitimate interests constitute the legal basis. The legitimate interest corresponds to the above-mentioned purposes.
  1. Newsletter
  2. General information

We offer you the opportunity to subscribe to our company’s newsletter. With our newsletter we inform customers and business partners about our offers at regular intervals. Basically we only need your email address to register for our newsletter. In addition, it is possible that we may ask you to enter your name or other information during the registration process in order to personalize the newsletter.

Double-Opt-In Procedure

After registering for the newsletter, we will send a confirmation e-mail using the double opt-in procedure to the email address you first entered for the newsletter dispatch. This confirmation mail is used to check whether you as the owner of the e-mail address have authorized the receipt of the newsletter. The registration for the newsletter will be logged so that we can meet our legal obligations to provide evidence.

Newsletter dispatch to existing customers

If you have provided us with your email address when purchasing goods or services, we also reserve the right to send you regular offers on similar goods or services from our product range by e-mail. In accordance with § 7 Para. 3 UWG, we do not need to obtain your separate consent for this. The legal basis for sending the newsletter is our legitimate interest.

Newslettertracking

Our newsletters contain so-called tracking pixels. This is a miniature graphic that is embedded in emails. In this way, we can, for example, track whether and when an email was opened by you and which links in the email were called up by you. This enables us to statistically evaluate the success or failure of online marketing campaigns. The personal data collected by the tracking pixels is stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to your interests. Such evaluation is based on our legitimate interests.

Processed data

  • E-Mail address
  • Family name
  • First name
  • Company/Institution
  • Country
  • Phone
  • Subscription
  • inventory data
  • Metadata (e.g. device information, IP address, date and time of login)

 

Purpose of the processing

  • Direct marketing
  • Information
  • Communication

As far as newsletter tracking takes place additionally:

  • Insertion of personalized advertising
  • Market research
  • Performance measurement of online marketing
  • Profiling

 

Legal basis

  • Consent (Art. 6 Para. 1 Cl. 1 letter f GDPR)
  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

 

Right of revocation and objection

You can cancel your subscription to our newsletter at any time and revoke your consent to data processing for the purposes of sending the newsletter at any time. If the data processing is based on our legitimate interest, you have the possibility to object at any time. There is therefore a corresponding opt-out link in every newsletter. In addition, it is also possible to unsubscribe from the newsletter at any time on our website or to inform us of this in another way. A cancellation of the receipt of the newsletter is automatically interpreted as a revocation or objection.

  1. Application

General information

We offer you the possibility to apply for job offers and to send us your application by mail.

Processed data

  • Inventory data (e.g. first and last name, address),
  • Contact data (e.g. e-mail address, telephone number),
  • Application data (e.g. cover letter, resume, certificates and other evidence).

Purpose of processing

  • Conducting the application process and finding suitable applicants.

Legal basis 

  • Contract fulfillment and implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 federal data protection act).
  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR) If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for data processing.

Storage period

If an employment contract is established after completion of the application process, the personal data provided may be processed further. Otherwise, we generally retain the data for six months. We then delete all personal data. Longer storage is possible if we include the personal data in our applicant pool after obtaining your consent.

XII. Web Analysis and Optimization Services

1.     General information

We carry out web analyses to evaluate the visit of our online presences. In doing so, we are able to process your interests, certain types of behavior or demographic data. This enables us to analyze how you use our online offer and its contents and functions. User profiles can be created as part of the web analysis. Cookies are often used for this purpose.

Processed data

  • Usage data (e.g. websites visited, interest in content, time of access)
  • Meta and communication data (e.g. IP address).
  • Location data

Purpose of the processing

  • Range measurement and tracking
  • Evaluation of visitor behavior and profiling
  • Improving our offer and offering customer-friendly services

2.     Matomo

We use Matomo. This is a software for web analysis.

  • Provider
    InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand (InnoCraft).Data processed
  • Advertisements viewed
  • Cookie ID
  • Date and time of visit
  • Device information
  • Geographic location
  • IP address
  • Search terms
  • Advertisements displayed
  • Customer ID
  • Impressions
  • Online identifiers
  • Browser informationLegal basis

Consent (Art. 6 para. 1 p. 1 lit. a GDPR )

Opt-Out-Cookie

Matomo sets a cookie on your IT system. You can prevent Matomo from collecting your personal data by clicking on the following link: Deactivate Matomo. This sets an opt-out cookie that prevents future collection of your data when you visit our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Security measure
We have anonymized your IP address.

Data processing agreement

We have closed a Data processing agreement with Matomo: https://matomo.org/matomo-cloud-dpa/

Data protection outside the EU / EEA

For New Zealand there is an adequacy decision of the European Commission.

 

Privacy policy
Further information on data processing can be found in Matomo’s privacy policy. https://matomo.org/privacy-policy/

XIII. Social Networks

1.     General information

We maintain presences in social networks to communicate with you and inform you about our services.

If you visit one of our social media pages, we are joint controllers with the provider of the respective social media platform for the processing of personal data triggered by this in accordance with Art. 26 GDPR.

We point out that your data may be processed outside the EU or the EEA Area. This may result in risks such as a more difficult enforcement of user rights. User data is often processed in social networks for advertising purposes or for the analysis of user behavior by the providers, without us being able to influence this.

In addition, the providers often create user profiles, on the basis of which user-based advertising can then be placed inside and outside the social network. For this purpose, cookies are often used or the user behavior is directly assigned to your own member profile of the social networks (if you are logged in here).

Since we do not have access to the data stocks of the respective providers, we would like to point out that it is best to apply your rights directly to the respective provider. However, if you need help, please feel free to contact us. Further information on the processing of your data in social networks and the possibility to make use of your right of objection or revocation (opt-out) is listed below.

Processed data

  • inventory data (e.g. first and last name, address, age, gender)
  • Content data (e.g. texts, photos, videos)
  • Usage data (e.g. visit of websites, interests)
  • Metadata (e.g. device information, IP address)

Purpose of processing

  • Modern way of user communication
  • Provision of information about own services
  • tracking, remarketing, affiliate tracking

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.
  • Consent (Art. 6 Para. 1 Cl. 1 lettera GDPR). If you, as a user of the respective social media, have to agree to the data processing, the legal basis is your consent.

2.     Twitter

Provider

musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA (Twitter).

Data protection outside the EU/ EEA

We have concluded standard data protection clauses with Twitter

Privacy Policy

https://twitter.com/settings/your_twitter_data  

Possibility of objection (Opt-Out)

https://twitter.com/settings/account/personalization

  1. LinkedIn
  2. Provider

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland (LinkedIn).

Joint controllership

As a page operator, LinkedIn provides us with so-called “page insights”. These are various statistics that provide us with information about how our LinkedIn page is used. To create these statistics, data provided by you (including personal data) is processed by LinkedIn and us as joint controllers within the meaning of Art. 26 (1) GDPR. We have entered into an agreement with Facebook pursuant to Art. 26 GDPR, the content of which you can read here.

Data protection outside the EU and EEA

  • Standard data protection clauses: We have agreed standard data protection clauses with LinkedIn.
  • Further security measures: LinkedIn has implemented further security measures. You can find these here.

Privacy policy

Further information on data processing can be found in the privacy policy of LinkedIn.

4. Youtube

Provider

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Data protection outside the EU and EEA

We have agreed standard data protection clauses with Google.

Privacy policy

https://policies.google.com/privacy

Opt-Out and advertising settings

https://adssettings.google.com/authenticated

XIV. Cookie-Banner

1.     General information

We use a cookie banner on our website. With our cookie banner, we inform you about the cookies we specifically use. In addition, we give you the opportunity to decide whether you want to consent to the setting of technically unnecessary cookies.

Processed data

  • Usage data (e.g. web pages visited, time of access)
  • Meta and communication data (e.g. IP address)

Purpose oft he processing

  • Informing the user about the cookies we use.
  • Enabling to consent to cookies that are not technically necessary

Legal basis

  • Legitimate interest (Art. 6 Para. 1 Cl. 1 letter f GDPR). Our legitimate interest corresponds to the above-mentioned purposes.

XV. Rights of the data subject

1.     Confirmation

You have the right to ask us to confirm whether personal data concerning you is being processed

2.     Right of access by the data subject (Art. 15 GDPR)

You have the right to receive from us at any time and free of charge information about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.

3.     Right to rectification (Art. 16 GDPR)

You have the right to request the correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

4.     Right to erase (Art. 17 GDPR)

You have the right to demand from us that personal data concerning you be deleted immediately if one of the reasons provided by law applies and if the processing or storage is not necessary.

5.     Right to restriction of processing (Art. 18 GDPR)

You have the right to demand that we restrict processing if one of the legal requirements is met.

6.     Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided us in a structured, common and machine-readable format. Furthermore, you have the right to have this data communicated to another person in charge, without hindrance from us, to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6 Para. 1 letter a GDPR or Art. 9 Para. 2 letter a GDPR or on a contract pursuant to Art. 6 Para. 1 letter b GDPR, and provided that the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to us. In addition, when exercising your right to data transfer in accordance with Art. 20 Para. 1 GDPR, you have the right to request that personal data be transferred directly from one responsible party to another, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.

7.     Right to object (Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6 para. 1 letter e (data processing in the public interest) or f (data processing based on a balancing of interests) of the DPA. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. In individual cases we process personal data for the purpose of direct marketing. You may at any time object to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to us processing your personal data for the purposes of direct marketing, we will no longer process the personal data for these purposes.

In addition, you have the right to object, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest. You are free to exercise your right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures involving the use of technical specifications.

8.     Withdrawal of a data protection consent

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

9.     Complaint to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

XVI. Storage period of personal data

We process and store your personal data only as long as the purpose of storage requires it or as long as it is required by law. If the purpose of storage ceases to apply or if a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with legal requirements. The criterion for the duration of storage of personal data is the respective legal retention period. After the period has expired, the corresponding data is routinely deleted if it is no longer required for the fulfillment or initiation of a contract.

XVII. Actuality and changes of the privacy policy

This privacy policy is currently valid and has the following status: January 2022. If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection declaration. You can view the current data protection declaration at any time on the website under https://nova-institute.eu/data-protection-regulation/