1.    Contact details of the controller and the data protection officer

‍

Responsible for the processing of data on this website:

neosfer GmbH
Eschersheimer Landstraße 6
60322 Frankfurt am Main
info@neosfer.com
‍(Hereinafter referred to as “Company”)

You can reach our Data Protection Officer at:

Kivanc Semen

DataCo GmbH

Dachauer Straße 65

80335 München

Behoerdenmeldung@dataguard.de

089740045840

‍

‍

‍

2. Information about the processing of your personal data

‍

2.1 Data categories

Within the scope of using our website, hereinafter referred to as "online offer", we process the following personal data: Personal data such as first and last name, e-mail address, telephone number or other information that you provide in the context of contacting us or information about a planned project that you provide to us voluntarily in the context of an online offer (e.g. when registering, requesting further information, in the context of obtaining an offer). HTTP data, which refer to log files generated when the website is accessed via the Hypertext Transfer Protocol "HTTP(S)": This includes the IP address, browser type and version, operating system used, website visited before the reference URL was visited and the date and time of access. HTTP(S) data is also generated on third-party servers (e.g. when accessing third-party content). Error data are stored error messages generated by the server or individual applications.

‍

2.1.1. Cookies

The website stores certain information on visitors' computers with your consent, called cookies. Generally speaking, a cookie assigns a unique number to a visitor, which has no meaning outside the assigning website. This technology does not collect identifying information about individual visitors; rather, this information is also in aggregate form. The purpose of this technology and the information it provides is again to help us improve our websites.

Most internet browsers are set to generally accept cookies. However, you can also set your browser to reject all cookies or to ask you each time whether you agree to cookies being set. However, it should be noted that cookies may be necessary in order to use certain functions of the website (such as the provision of user-specific information). Furthermore, once cookies have been stored, they can be deleted at any time.

We use technically necessary cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

Cookies from third-party providers such as Weglot, Matomo, Typeform and SimplyMeet can be optionally rejected or accepted by the user by accepting the cookie banner or the Consent Manager. The legal basis for the processing of personal data using analysis cookies is Art. 6 para. 1 p. 1 lit. a GDPR.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our platform, it may no longer be possible to use all functions of the website to their full extent.

‍

2.2 Purposes and legal basis of data processing

In some cases, we explicitly ask for your consent to process your personalised data. In this case, the legal basis for the processing of your personal data is the consent given by you in accordance with Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR. This consent can be revoked by you at any time with effect for the future.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f) GDPR serves as the legal basis for the processing.

‍

2.2.1.  Technical administration of the website

When using the website, the browser installed on your device sends certain technically relevant information to our website server (including: HTTP data, search function data, cookie settings, as well as error data). This data is stored on the services of our hosting provider Webflow Inc. as explained in section 5.

The data processing serves the purpose of defence against and detection of fraudulent activities or similar actions, including attacks on our IT infrastructure, as well as the verification of users. At the same time, the processing serves to provide the requested content of the website and to carry out any necessary troubleshooting. The legal basis for this data processing is our legitimate interest (Article 6, Paragraph 1 lit f) GDPR). The use of the website is not possible without the disclosure of personal data such as the IP address. Communication via the website without the provision of data is technically not possible.

‍
‍2.2.2.  Provision of services
In addition, we process data to enable the use of our website and to process enquiries or to send marketing information on request with consent. The processing of this data is described in paragraphs 2.2.3 and 5 of this document. The legal basis for this data processing is the initiation of contractual relationships or the fulfilment of our contractual obligations (Art. 6 para. 1 lit. b) GDPR) as well as our legitimate interest (Art. 6 para. 1 lit. f) GDPR). Without the possibility of processing your personal data, we would not be able to fulfil the existing contract and/or process your enquiries.

We expressly point out that no personal data may be entered in test versions of our services made available via the website.

‍
2.2.3 Registration
On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data will not be passed on to third parties unless you have given your consent. The following data is collected as part of the registration process:

‍

- First name

- Surname

- E-mail address

- Organisation

- Telephone number (optional)

‍

The registration serves to fulfil the contract with you on the use of the Lissi Agent (Cloud). The legal basis for the processing of the data is Art. 6 para. 1 lit b) GDPR. By registering, your profile will be saved. Each time you log in to the platform, this data is automatically accessed. The user profiles are not publicly visible.

The hosting of the input mask, as well as the processing of the data entered, is handled via Microsoft Azure, a cloud service of Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 USA. The data is processed exclusively within the European Union.

‍

‍
2.3 Matomo
‍This website uses functions of the open-source web analysis service Matomo, offered by InnoCraft Ltd, which is based in New Zealand (NZBN 6106769) at 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

‍

Within the European Union, InnoCraft Ltd is represented by:  

ePrivacy Holding GmbH

represented by Prof. Dr. Christoph Bauer

Große Bleichen 21, 20354 Hamburg, Germany

email: eu.rep@eprivacy.eu

‍

Matomo enables the website operator to analyse the behaviour of website visitors without using cookies. In doing so, the website operator receives various usage data, such as page views, duration of visit, operating systems used and the origin of the user. Matomo is used solely for the purpose of analysing usage and improving our website.

‍

The data stored by Matomo includes the following:

- Two bytes of the IP address of the user's system used to access the website. In this way, it is no longer possible to allocate

- Website from which the user accessed the website (referrer)

- Subpages that are called up from the called-up website

- Time spent on the website

‍

Returning visitors are identified by a config_id. This is a random string of characters calculated from the first two bytes of the IP address, the browser plug-in, the operating system and the selected browser language of the user and then hashed. After 24 hours, the ID is deleted and a new one is created so that the website can no longer identify the user on a repeat visit. The data collected by Matomo is anonymised and does not allow the user to be traced back.

‍

For more information on data protection, please refer to Matomo's privacy policy.

‍

‍
2.4 Contact request

In order to be able to contact us, we provide e-mail addresses on our website. They can be used to contact us electronically. If a user selects this option, the data entered in the e-mail will be transmitted to us and partially stored. The data will only be used for the purpose of processing the correspondence between the parties.

‍

The legal basis for the processing of the data transmitted by e-mail is Art. 6 para. 1 lit. f) GDPR. If the e-mail correspondence is aimed at or indicates the conclusion of a contract, Article 6(1)(b) GDPR provides an additional legal basis for the processing. The data is deleted as soon as the reasons for its collection no longer apply and no further legal retention periods exist, for example due to tax law regulations.

‍

The user has the possibility to object to the processing of his/her personal data at any time. In such cases, communication with the user must cease. To do so, please send an e-mail with the request for deletion to datenschutz@neosfer.de. All personal data stored in the course of communication will be deleted unless other (legal) retention periods apply.

‍

2.4.1. SimplyMeet for Call Scheduling

‍

We use the SimplyMeet tool to easily book appointments with our sales team. SimplyMeet is used to improve our service for existing and new customers. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. b GDPR

‍

When using the tool, you will be asked to provide personal data such as your name, address, email address and telephone number. You also have the option of providing further information. If you use the tool, the information you provide in the form will be stored. The processing of the data entered is based exclusively on your consent (Art. 6 para. 1 lit a GDPR).

‍

Our privacy policy and the provider's privacy policy apply to the handling of data collected using SimplyMeet. You can find SimplyMeet's privacy policy at:

https://simplymeet.me/de/policy

‍

We have entered into an order processing agreement with the provider, which ensures that the personal data is processed in compliance with the DS-GVO.

‍

The provider of SimplyMeet is:

SIMPLYBOOK.ME LTD, 30 Gladstonos Str, P. Makedonas Court, Mezzanine Floor, 3041, Limassol, Cyprus.

‍

2.4.2. Typeform for contact requests

We use the service of the contractor Typeform to carry out our online survey and contact enquiries. Further information on the data protection of our contractor can be found here: https://admin.typeform.com/to/dwk6gt.

‍

The legal basis for the processing of personal data of the online survey is Art. 6 para. 1 lit. b) DSGVO. If you do not want your data to be processed by Typeform, please refrain from filling out our questionnaire.

‍

The provider of Typeform is:

Typeform S.L,  Carrer de Pallars 108 (Aticco), 08018 – Barcelona, Spain

‍

3. processing of personal data for customer service surveys and direct marketing

Insofar as you have given us your consent - or we are entitled to do so within the scope of existing customer relationships - your contact data will also be used for direct marketing purposes (e.g. event invitations, newsletters) or to conduct customer satisfaction surveys. You have the right to object to the use of your contact data for these purposes. If you wish to exercise your right to object, please send an email to datenschutz@neosfer.de or follow the corresponding instructions in one of the promotional emails you received from us. The legal bases for processing your data for advertising purposes are listed in Art. 6 para. 1 lit. f) GDPR (in the case of an existing business relationship. We do not need to obtain separate consent from you for this in accordance with Section 7 (3) UWG.) or Art. 6 para. 1 lit. a) GDPR if you have given us your consent.

4 Use of company presences in social and professional networks

On the basis of Art. 6 para. 1 (1f) GDPR, we use links to the social networks LinkedIn, Twitter, Medium.com and YouTube to promote our products and services as well as to contact you as a user and visitor of our social media pages. The links can be recognised by the respective logo of the social network. When you click on the logo, your browser connects to the server of the respective service and you are redirected to the website of the service provider.

‍

4.1 LinkedIn

This website links to our page on LinkedIn, a service that serves to expand business contacts and networking. The operating company of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union. Please note that LinkedIn is responsible for the relevant transfer and processing procedures. Which data LinkedIn receives in detail and how this data is used is generally described in LinkedIn's privacy policy.

‍

4.1.1 Legal basis for data processing

The legal basis for the processing of your data in connection with the use of our corporate presence is Art. 6 para.1 p.1 lit. f GDPR.

‍

4.1.2 Purpose of data processing

The purpose of our corporate website is to inform users about our services. In doing so, every user is free to publish personal data through activities.

‍

4.1.3 Duration of storage

We store your activities and personal data published via our company website until you revoke your consent. In addition, we comply with the statutory retention periods.

‍

4.1.4 Possibility of objection and removal

You can object at any time to the processing of your personal data that we collect in the course of your use of our corporate presence and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal email to datenschutz@neosfer.de.

‍

Further information on this from LinkedIn can be found at: https://de.linkedin.com/legal/l/dpa.

‍

You can find further information on objection and removal options here: LinkedIn: https://www.linkedin.com/legal/privacy-policy

‍

4.2 Twitter

On our website, we provide a link in the footer pointing to the short messaging service Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. The controller of the processed data of individuals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. By using Twitter, your personal data will be collected, transferred, stored, disclosed and used by Twitter Inc. whether you reside in the United States, Ireland or any other country in which Twitter does business. Once transferred, your information may continue to be stored and used. First, Twitter processes any information you voluntarily provide, such as your name and user ID, email address, phone number, and contacts in your address book when you upload or sync them. In addition, Twitter also analyses the content you share in terms of what topics interest you. In some cases, Twitter may store and process confidential messages. Information about what data Twitter processes and for what purposes this data is used can be found in Twitter's privacy policy.

‍

4.3 Medium.com

On our website we link to the social media platform Medium.online, which is operated by A Medium Corporation, 760 Market Street, San Francisco, CA 94102United States. The EU representative is VeraSafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road Cork T23AT2P, Ireland. The data collected by Medium is processed by A Medium Corporation and, if necessary, shared with other companies. For information on what data Medium Corporation processes and for what purposes this data is used, please refer to their privacy policy at https://medium.com/policy/medium-privacy-policy-f03bf92035c9.

5. Website hosting via Webflow Inc.

We host our website with Webflow, Inc, 398 11th St, Floor 2, San Francisco, CA 94103. The website server is located in the USA. When you visit our website, Webflow collects various log files including your IP addresses. Webflow is a website hosting tool.

‍

5.1 Data processing on behalf

We have concluded a order processing contract with the above-mentioned provider in accordance with Art. 28 GDPR in conjunction with the EU standard contractual clauses. This is a contract required under data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

‍

5.2. Translation of the website via Weglot

Functions of the translation service Weglot are integrated on this website. The provider is Weglot SAS, 138, rue Pierre Joigneaux in Bois-Colombes 92270 France. Weglot is loaded when you access the website, so you can select your preferred language via the language icon in the lower right corner. This allows a direct connection to be established between your browser and the Weglot server when you visit this website. Weglot thereby receives the information that you have visited this website with your IP address.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in offering content of its website in common languages for non-German speaking visitors.

6. Recipients and categories of recipients

Within our company, those offices that need your data to fulfil contractual and legal obligations will receive access to it. In addition, the service providers and vicarious agents commissioned by us may receive data from us if they particularly ensure confidentiality and integrity. These service providers are companies from the areas of IT services, printing services, telecommunications services, data processors and sales and marketing.

‍

When passing on data to recipients outside the company, it must be ensured that only mandatory personal data is passed on in compliance with the applicable data protection regulations. In principle, we may only pass on your data if we are legally obliged to do so, if you have given your consent or if we are entitled to provide information. Under these conditions, the recipients of personal data may be:

‍

- Public authorities and institutions (e.g. tax authorities, law enforcement agencies, family courts, land registry offices) if there is a legal or official obligation,

- Financial institutions and financial service providers or similar institutions to which we transfer personal data in the course of our business relationship (e.g. banks, credit agencies),

- Other related companies for risk management purposes due to legal or regulatory obligations,

- Creditors or insolvency practitioners making enquiries as part of a compulsory sale/foreclosure process,

- Certified public accountants (CPAs),

- Service providers whose services we use to process orders.

‍

7. Transmission to third countries

As part of the hosting of the website by Webflow Inc., IP addresses are transmitted to the hosting provider as described in point 5 and thus also processed there. In particular, we have concluded the EU standard contractual clauses with Webflow as a suitable guarantee in accordance with Art. 46 Para. 2 lit c) GDPR for the protection of your personal data.

8. Duration of storage

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provision to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

‍

- Fulfilment of the retention periods under commercial or tax law of the German Commercial Code (HGB), the German Fiscal Code (AO) and the German Money Laundering Act (GwG). The prescribed retention and documentation periods are generally two to ten years.

- Preservation of evidence within the limits of the statutory limitation provisions. According to § 195 ff. BGB, these limitation periods can be up to 30 years, with the typical limitation period being three years.

‍

9. Rights of the data subjects

Every data subject has the right to information according to Art. 15 GDPR, the right to correction of data according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, as well as the right to data portability according to Art. 20 GDPR.

‍

With regard to the right to information and the right to deletion, the restrictions according to §§ 34 and 35 German Federal Data Protection Act apply. In addition, the data subject has a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 German Federal Data Protection Act).

‍

You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before 25 May 2018, the date on which the GDPR came into force. Please note that the revocation only applies for the future.

‍

You have the right to object, on grounds relating to your personal situation, to the processing of your personal data processed in particular pursuant to Article 6(1)(f) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. This includes in particular that the processing of the data is absolutely necessary for the assertion, exercise or defence of legal claims.

‍

Furthermore, in accordance with Article 22 of the GDPR, you have the right not to be subject to fully automated decision-making. As a matter of principle, we do not use fully automated decision-making for the establishment, implementation and termination of the business relationship. If we use this procedure in individual cases (e.g. to improve our products and services), we will inform you of this and of your associated rights, insofar as this is required by law.

‍

10. Automated decision making and profiling

You will not be subject to any decision based on automated processing pursuant to Article 22 GDPR in the course of your use of this website. If we use such procedures in individual cases, you will be informed of this and of your associated rights within the framework of the legal requirements.

Your data will not be processed automatically to evaluate certain personal aspects (profiling).

‍

11. Entry into force and changes to this privacy policy

This Privacy Policy is up to date and was last updated in April 2023. We reserve the right to make changes to this privacy policy at any time. The privacy policy will be updated regularly and any changes will be automatically posted on our website.