1.    Contact details of the controllerand the data protection officer

Responsible for the processing of data on this website:

neosfer GmbH
Eschersheimer Landstraße 6
60322 Frankfurt am Main
info@neosfer.com
‍(Hereinafter referred to as “Company”)

You can reach our Data Protection Officer at

neosfer GmbH
Data Protection Officer
Eschersheimer Landstraße 6
60322 Frankfurt am Main
069/71913870
datenschutz@neosfer.com

‍

‍

2. Information about the processing of your personal data

‍

2.1 Data categories

Within the scope of using our website, hereinafter referred to as "online offer", we process the following personal data: Personal data such as first and last name, e-mail address, telephone number or other information that you provide in the context of contacting us or information about a planned project that you provide to us voluntarily in the context of an online offer (e.g. when registering, requesting further information, in the context of obtaining an offer). HTTP data, which refer to log files generated when the website is accessed via the Hypertext Transfer Protocol "HTTP(S)": This includes the IP address, browser type and version, operating system used, website visited before the reference URL was visited and the date and time of access. HTTP(S) data is also generated on third-party servers (e.g. when accessing third-party content). Error data are stored error messages generated by the server or individual applications.

‍

2.2 Purposes and legal basis of data processing

In some cases, we explicitly ask for your consent to process your personalised data. In this case, the legal basis for the processing of your personal data is the consent given by you in accordance with Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR. This consent can be revoked by you at any time with effect for the future.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f) GDPR serves as the legal basis for the processing.

‍

2.2.1.  Technical administration of the website
‍When using the website, the browser installed on your device will send certain technically relevant information to our website’s server (among other information: HTTP data, search function data, cookies settings, as well as error data). This data is stored on the services of our hosting provider Firebase Inc. as explained in paragraph 5.

‍
The data processing serves to repel and detect fraudulent activities or similar acts, including attacks on our IT infrastructure, as well as to enable user verification. At the same time, the processing serves to provide the requested website content and to manage all required troubleshooting. The legal basis for this data processing is our legitimate interest (Article 6, Sec. 1(f) GDPR). The use of the website is not possible without divulging personalised data such as the IP address. Communication via the website without the provision of data is not technically feasible.When using the website, the browser installed on your device sends certain technically relevant information to our website server (including: HTTP data, search function data, cookie settings, as well as error data). This data is stored on the services of our hosting provider Webflow Inc. as explained in section 5.The data processing serves the purpose of defence against and detection of fraudulent activities or similar actions, including attacks on our IT infrastructure, as well as the verification of users. At the same time, the processing serves to provide the requested content of the website and to carry out any necessary troubleshooting. The legal basis for this data processing is our legitimate interest (Article 6, Paragraph 1 lit f) GDPR). The use of the website is not possible without the disclosure of personal data such as the IP address. Communication via the website without the provision of data is technically not possible.

‍
‍2.2.2.  Provision of services
‍Furthermore, we process data to enable the use of our website and to process queries, or to send marketing information upon reIn addition, we process data to enable the use of our website and to process enquiries or to send marketing information on request. The processing of this data is described in paragraphs 2.2.3 and 5 of this document. The legal basis for this data processing is the initiation of contractual relationships or the fulfilment of our contractual obligations (Art. 6 para. 1 lit. b) GDPR) as well as our legitimate interest (Art. 6 para. 1 lit. f) GDPR). Without the possibility of processing your personal data, we would not be able to fulfil the existing contract and/or process your enquiries.

We expressly point out that no personal data may be entered in test versions of our services made available via the website.

‍
2.2.3 Registration
‍On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data will not be passed on to third parties unless you have given your consent. The following data is collected as part of the registration process:

- First name
- Surname
- E-mail address
- Organisation
- Telephone number (optional)

The registration serves to fulfil the contract with you on the use of the Lissi Agent (Cloud). The legal basis for the processing of the data is Art. 6 para. 1 lit b) GDPR. By registering, your profile will be saved. Each time you log in to the platform, this data is automatically accessed. The user profiles are not publicly visible.
‍
The hosting of the input mask, as well as the processing of the data entered, is handled via Microsoft Azure, a cloud service of Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 USA. The data is processed exclusively within the European Union.

‍
2.2.4 Matomo
‍This website uses functions of the open-source web analysis service Matomo, offered by InnoCraft Ltd, which is based in New Zealand (NZBN 6106769) at 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

Within the European Union, InnoCraft Ltd is represented by:  
ePrivacy Holding GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg, Germany
email: eu.rep@eprivacy.eu

Matomo enables the website operator to analyse the behaviour of website visitors without using cookies. In doing so, the website operator receives various usage data, such as page views, duration of visit, operating systems used and the origin of the user. Matomo is used solely for the purpose of analysing usage and improving our website.

‍
The data stored by Matomo includes the following:
- Two bytes of the IP address of the user's system used to access the website. In this way, it is no longer possible to assign the shortened IP address to the calling computer
- Website from which the user accessed the website (referrer)
- Subpages that are called up from the called-up website
- Time spent on the website

Returning visitors are identified by a config_id. This is a random string of characters calculated from the first two bytes of the IP address, the browser plug-in, the operating system and the selected browser language of the user and then hashed. After 24 hours, the ID is deleted and a new one is created so that the website can no longer identify the user on a repeat visit. The data collected by Matomo is anonymised and does not allow the user to be traced back.

For more information on data protection, please refer to Matomo's privacy policy.

‍
‍2.3 Contact request
‍In order to be able to contact us, we provide e-mail addresses on our website. They can be used to contact us electronically. If a user selects this option, the data entered in the e-mail will be transmitted to us and partially stored. The data will not be passed on to third parties outside the company. The data will only be used for the purpose of processing the correspondence between the parties.

The legal basis for the processing of the data transmitted by e-mail is Art. 6 para. 1 lit. f) GDPR. If the e-mail correspondence is aimed at or indicates the conclusion of a contract, Article 6(1)(b) GDPR provides an additional legal basis for the processing. The data is deleted as soon as the reasons for its collection no longer apply and no further legal retention periods exist, for example due to tax law regulations.

The user has the possibility to object to the processing of his/her personal data at any time. In such cases, communication with the user must cease. To do so, please send an e-mail with the request for deletion to datenschutz@neosfer.de. All personal data stored in the course of communication will be deleted unless other (legal) retention periods apply.

‍

3. processing of personal data for customer service surveys and direct marketing

Insofar as you have given us your consent - or we are entitled to do so within the scope of existing customer relationships - your contact data will also be used for direct marketing purposes (e.g. event invitations, newsletters) or to conduct customer satisfaction surveys. You have the right to object to the use of your contact data for these purposes. If you wish to exercise your right to object, please send an email to datenschutz@neosfer.de or follow the corresponding instructions in one of the promotional emails you received from us. The legal bases for processing your data for advertising purposes are listed in Art. 6 para. 1 lit. f) GDPR (in the case of an existing business relationship) or Art. 6 para. 1 lit. a) GDPR if you have given us your consent.

4 Social media

On the basis of Art. 6 para. 1 (1f) GDPR, we use links to the social networks LinkedIn, Twitter, Medium.com and YouTube to promote our products and services as well as to contact you as a user and visitor of our social media pages. The links can be recognised by the respective logo of the social network. When you click on the logo, your browser connects to the server of the respective service and you are redirected to the website of the service provider.

‍

4.1 LinkedIn

This website links to our page on LinkedIn, a service that serves to expand business contacts and networking. The operating company of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union. Please note that LinkedIn is responsible for the relevant transfer and processing procedures. Which data LinkedIn receives in detail and how this data is used is generally described in LinkedIn's privacy policy.

‍

4.2 Twitter

On our website, we provide a link in the footer pointing to the short messaging service Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. The controller of the processed data of individuals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. By using Twitter, your personal data will be collected, transferred, stored, disclosed and used by Twitter Inc. whether you reside in the United States, Ireland or any other country in which Twitter does business. Once transferred, your information may continue to be stored and used. First, Twitter processes any information you voluntarily provide, such as your name and user ID, email address, phone number, and contacts in your address book when you upload or sync them. In addition, Twitter also analyses the content you share in terms of what topics interest you. In some cases, Twitter may store and process confidential messages. Information about what data Twitter processes and for what purposes this data is used can be found in Twitter's privacy policy.

‍

4.3 Medium.com

On our website we link to the social media platform Medium.online, which is operated by A Medium Corporation, 760 Market Street, San Francisco, CA 94102United States. The EU representative is VeraSafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road Cork T23AT2P, Ireland. The data collected by Medium is processed by A Medium Corporation and, if necessary, shared with other companies. For information on what data Medium Corporation processes and for what purposes this data is used, please refer to their privacy policy.

5. Website hosting via Webflow Inc.

We host our website with Webflow, Inc, 398 11th St, Floor 2, San Francisco, CA 94103. When you visit our website, Webflow collects various log files including your IP addresses. Webflow is a website hosting tool.

‍

5.1 Data processing on behalf

We have concluded a order processing contract with the above-mentioned provider in accordance with Art. 28 GDPR in conjunction with the EU standard contractual clauses. This is a contract required under data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

6. Recipients and categories of recipients

Within our company, those offices that need your data to fulfil contractual and legal obligations will receive access to it. In addition, the service providers and vicarious agents commissioned by us may receive data from us if they particularly ensure confidentiality and integrity. These service providers are companies from the areas of IT services, printing services, telecommunications services and sales and marketing.

‍

When passing on data to recipients outside the company, it must be ensured that only mandatory personal data is passed on in compliance with the applicable data protection regulations. In principle, we may only pass on your data if we are legally obliged to do so, if you have given your consent or if we are entitled to provide information. Under these conditions, the recipients of personal data may be:

- Public authorities and institutions (e.g. tax authorities, law enforcement agencies, family courts, land registry offices) if there is a legal or official obligation,

- Financial institutions and financial service providers or similar institutions to which we transfer personal data in the course of our business relationship (e.g. banks, credit agencies),

- Other related companies for risk management purposes due to legal or regulatory obligations,

- Creditors or insolvency practitioners making enquiries as part of a compulsory sale/foreclosure process,

- Certified public accountants (CPAs),

- Service providers whose services we use to process orders.

‍

7. Transmission to third countries

As part of the hosting of the website by Webflow Inc., IP addresses are transmitted to the hosting provider as described in point 5 and thus also processed there. In particular, we have concluded the EU standard contractual clauses with Webflow as a suitable guarantee in accordance with Art. 46 Para. 2 lit c) GDPR for the protection of your personal data.

8. Duration of storage

We process and store your personal data as long as this is necessary for the fulfilment of our contractual obligations and the exercise of our rights. If the data is no longer required for the fulfilment of our contractual or legal obligations, this data is regularly deleted, unless its - limited - processing is necessary for the following reasons:

- Fulfilment of the retention periods under commercial or tax law of the German Commercial Code (HGB), the German Fiscal Code (AO) and the German Money Laundering Act (GwG). The prescribed retention and documentation periods are generally two to ten years.

- Preservation of evidence within the limits of the statutory limitation provisions. According to § 195 ff. BGB, these limitation periods can be up to 30 years, with the typical limitation period being three years.

‍

9. Data security

Our employees and the service providers we use are obliged by us to maintain confidentiality and to comply with the provisions of data protection law. The company takes the necessary technical and organisational precautions to protect your personal data against loss, alteration, deletion and access by unauthorised persons or against unauthorised disclosure. Our security measures are continuously revised and improved in line with technological developments.

‍

10. Rights of the data subjects

Every data subject has the right of access to Art. 15 GDPR, the right to rectification of data according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, as well as the right to data portability according to Art. 20 GDPR.

‍

With regard to the right to access and the right to erasure, the restrictions according to §§ 34 and 35 German Federal Data Protection Act apply. In addition, the data subject has a right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 German Federal Data Protection Act).

‍

You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before 25 May 2018, the date on which the GDPR came into force. Please note that the revocation only applies for the future.

‍

You have the right to object, on grounds relating to your personal situation, to the processing of your personal data processed in particular pursuant to Article 6(1)(f) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. This includes in particular that the processing of the data is absolutely necessary for the assertion, exercise or defence of legal claims.

‍

Furthermore, in accordance with Article 22 of the GDPR, you have the right not to be subject to fully automated decision-making. As a matter of principle, we do not use fully automated decision-making for the establishment, implementation and termination of the business relationship. If we use this procedure in individual cases (e.g. to improve our products and services), we will inform you of this and of your associated rights, insofar as this is required by law.

‍

11. Obligation to provide data

Within the scope of our business relationship, you must provide us with the personal data that is required for the initiation, implementation and termination of the business relationship and for the fulfilment of the resulting contractual obligations or which we are legally obliged to collect. Without this data, we are generally not in a position to conclude, execute or terminate a contract with you.

‍

The same applies to the visit to our online offer and the collection of usage data. Without the collection of usage data, neither we nor our service providers are able to provide you with our online offer. For the use of demo functionalities, it is not necessary for you to provide your personal data. You can use demo data instead.

‍

12. Automated decision making and profiling

You will not be subject to any decision based on automated processing pursuant to Article 22 GDPR in the course of your use of this website. If we use such procedures in individual cases, you will be informed of this and of your associated rights within the framework of the legal requirements.

‍

Your data will not be processed automatically to evaluate certain personal aspects (profiling).

‍

13. Entry into force and changes to this privacy policy

This Privacy Policy is up to date and was last updated in January 2023.

‍

‍