Privacy Policy

Privacy Policy

We take the protection of your personal data seriously. Therefore, we take technical and organizational measures to ensure that the legal provisions on data protection, in particular those of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), are observed. We inform you about the handling of your personal data when visiting our website and about your rights in the following paragraphs of our data protection information.

I. Definitions
First, we will give you an overview of the terms used in this statement:
(1) “personal data” means any information relating to an identified or identifiable natural person, such as names, addresses, telephone numbers or e-mail addresses, which is an expression of the identity of an individual.
(2) “Processing” means any manual or automated operation related to personal data, such as collection, recording, organization, arrangement, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment, combination, restriction, erasure or destruction.
(3) ‘profiling’ means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
(4) ‘controller’ means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
(5) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
(6) ‘recipient’ means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party.
(7) ‘third party’ means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.

II. CONTROLLER/PRIVACY OFFICER

The persons jointly responsible for the processing pursuant to Art. 4 (7), 26 DSGVO are.
nbs partners Partnerschaftsgesellschaft mbB,
nbs partners Rechtsanwaltsgesellschaft mbH,
nbs partners GmbH Wirtschaftsprüfungsgesellschaft,
nbs partners audit GmbH Wirtschaftsprüfungsgesellschaft and the
nbs partners Servicegesellschaft mbH

– in each case –

Am Sandtorkai 41,
20457 Hamburg,

Phone: +49 40 4419 6001,
Fax: +49 40 4419 6055
(hereinafter referred to as “we” or “nbs partners”).

You can contact us individually and collectively by e-mail at kontakt@nbs-partners.de. To simplify the enforcement of your rights, we have established a joint contact point for you at nbs partners Rechtsanwaltsgesellschaft mbH.
2. you can reach our data protection officer at dsb@nbs-partners.de or at our postal address with the addition of “the data protection officer”.
3. the jointly responsible parties process your data for the preparation and implementation of legal, tax consulting and auditing services, for business management and administration of business operations as well as for the further development of services and processes in order to jointly achieve a smooth data processing process among the aforementioned companies as well as – to the extent permitted by law – various synergies.
With this data protection information, we inform you about how we process personal data from you and which rights you can assert as a data subject.
In particular, we will tell you below (1) for what purposes personal data is processed and on what legal basis, (2) to whom your data may be transferred, (3) where the data originates and what data is involved (4) how long we store your data, (5) what rights you have, (6) why we need your data and (7) what technical options we use.

III. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS?
VISITING OUR WEBSITE

In principle, you can visit our website without telling us who you are. We only collect the following data from you: the IP address of the requesting browser, the date and time of the access, the URL of the call, the referrer URL from which the access is made and the browser used. We only store your IP address shortened by the last octet. The collection of this data only serves the statistical evaluation of our website and the continuous improvement of our homepage as well as to ensure IT security and protection against unauthorized use. We undertake this data processing on the basis of our legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). This includes, in particular, ensuring a smooth connection setup of the website, ensuring a comfortable use of our website and evaluating system security and stability.

CONTACT

On our website, you have various options for contacting us. For this purpose, you usually have to provide personal data that we need to provide the respective request/service.CONTACT FORM
There is a contact form available on our website that you can use to contact us. In doing so, you are required to provide a valid e-mail address, your title and first and last name, as well as your telephone number, so that we know from whom the inquiry originates and so that we can respond to it. You can voluntarily provide us with your title in addition to the content of your message. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b) and / or f) Data Protection Regulation (DSGVO).

CONTACTING US BY E-MAIL

You also have the option to contact us by e-mail. In this case, we receive the e-mail address you use and the personal data that you provide in your message and that are necessary for processing your request. The legal basis for the data processing, which takes place for the purpose of your contacting us by e-mail, is Art. 6 para. 1 sentence 1 lit. b) or f) DSGVO.

NEWSLETTER

In the following, we inform you about the dispatch and contents of our newsletter.
Our newsletter is aimed at customers, clients and interested parties and provides information about our companies, events and, in particular, news in the area of compliance and data protection law.
By providing your e-mail address, you have the opportunity to receive our newsletter on a regular basis. For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 lit. a) and f) DSGVO.

APPLICATION

If you would like to apply to us, you have the option of using an application form on our website. It is necessary that you send us your first and last name, title, e-mail address and your application documents (cover letter, CV, certificates) as part of an application. Furthermore, you can voluntarily send us – among other contents – your telephone number. We collect and process this data for the purpose of carrying out the application process. If you are not hired, your personal data will be deleted six months after collection. The controller for the processing of personal data of applicants is nbs partners Servicegesellschaft mbH, where our HR department is located, together (Art. 26 GDPR) with the controller who has advertised the vacancy or to whom the application is addressed. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b) and f) DSGVO.

CONTRACT, CONTRACT INITIATION

We process your personal data (first and last name, address, contact details, including e-mail address and/or telephone number) for the preparation and implementation of legal, tax advisory and auditing services and/ or to provide you with additional information on our services, if you have requested such and provided us with your data for this purpose, Art. 6 (1) lit. b) DSGVO. Furthermore, data processing is carried out on the basis of Art. 6 para. 1 lit. b) DSGVO for correspondence with you, for invoicing, for measures to control and optimize business processes, for the verifiability of transactions, orders and other agreements and to fulfill our general due diligence obligations.
If you also provide us with additional personal data and/or personal data of third parties (such as employees, family members, representatives, agents, consultants or other third parties), we have a legitimate interest pursuant to Art. 6 para 1 lit. f) DSGVO to also process their data for the preparation and/or performance of legal, tax advisory and business services and/or to provide you with additional information regarding our services.

Provided that our professional regulations do not prevent this, we will inform these third parties that we have received the data from you.

Training

We process your personal data in our training area. Our training area is exclusively available to our clients in a password-protected area.
We use the service of the provider Vimeo LLC, 555 West 18th Street, New York, New York 10011, United States of America, to play the videos we produce.
We use the Vimeo service because it allows us to present the training content in the best possible way
When you access the website of the training area, a connection to the Vimeo servers is established. The Vimeo server is informed which of our websites you have visited. Vimeo also obtains your IP address. However, we have configured Vimeo so that Vimeo does not track your user activities and does not set any cookies (do-not-track).
Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.
Furthermore, we use the service of the provider Easy LMS B.V. Oude Delft 48, 2611 CD Delft, The Netherlands (hereinafter EasyLMS) in our training area.
We use EasyLMS to create training-specific questionnaires and for the purpose of confirming training participation. We record your name, the company you work for, your e-mail address, your date of birth and your answers to the training-related questions in the questionnaire. Once you have successfully completed the course, we will send you the relevant certificate of participation to the e-mail address you have provided. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. a GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR for the contractual fulfillment of our obligations to our client.

IN THE CONTEXT OF A LEGITIMATE INTEREST

Beyond the performance of the (pre-) contract, we process your personal data – to the extent necessary – to protect legitimate interests of us or third parties, in particular for the following purposes:

  • for testing and optimizing demand analysis procedures
  • for the further development of services and products as well as existing systems and processes
  • to enrich our data, among other things by using or researching publicly available data,
  • for statistical evaluations or market analysis,
  • for the assertion of legal claims and defense in legal disputes that are not directly related to the contractual relationship,
  • for limited storage of data if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage,
  • for internal and external investigations, security measures and security checks,
  • to obtain and maintain certifications of a private or official nature.

TO COMPLY WITH LEGAL REQUIREMENTS OR IN THE PUBLIC INTEREST

We are subject to a variety of legal obligations and therefore also process your personal data to comply with legal requirements pursuant to Art. 6 (1) sentence 1 lit. c) DSGVO and for tasks in the public interest pursuant to Art. 6 (1) sentence 1 lit. e) DSGVO. Relevant in this context are in particular the provisions of commercial law, tax law and money laundering law as well as professional regulations. In addition, however, there are further legal obligations and regulatory and official requirements. The processing purposes in the fulfillment of corresponding preliminary duties and tasks include the statutory purposes, such as the prevention of fraud and money laundering, the protection of young people, the fulfillment of obligations under tax law and data protection law, as well as the preservation of evidence, prosecution of civil claims and criminal prosecution.

IV. TO WHOM MAY YOUR DATA BE TRANSFERRED?

We will not disclose your personal data to third parties unless you consent to the disclosure, there is a legal obligation to disclose it, it is for the performance of a contract, or we can invoke legitimate interests in the economic and effective operation of our business with respect to such disclosure.

INTERNAL TRANSFER

Within our company, your data is accessed by those who need it to fulfill our contractual and legal obligations. This data exchange takes place on the basis of your expressly declared consent in accordance with Art. 6 Para. 1 lit. a DSGVO or on the basis of our legitimate interest within the group of companies to transmit personal data for internal administrative purposes in accordance with Art. 6 Para. 1 S. 1 lit. f. DSGVO. Service providers and vicarious agents used by us may also receive data for this purpose. We have carefully selected and commissioned our external service providers. They are bound by our instructions and are regularly monitored by us.

TRANSFER TO THIRD PARTIES, THIRD-PARTY PROVIDERS AND PUBLIC AUTHORITIES

If necessary, we also transfer your data and, if applicable, the data of third parties from the contract initiation and execution to third parties. For example, a transfer to partner law firms, authorities, courts, parties to proceedings and their (process) representatives, Art. 6 para. 1 lit. b) DSGVO, comes into consideration. The transfer to third parties varies depending on the product and service. We assume that your interest in the performance of the contract includes the transfer to the necessary bodies for this purpose, Art. 6 (1) f) DSGVO. In the context of the mandate work, we transmit personal data to third parties only if permitted by professional law. Furthermore, we transmit data to third parties if you have given us your consent to do so, Art. 6 para. 1 lit. a) DSGVO.
Data transfer to countries outside the EU or the EEA (third countries) only takes place if this is necessary for the execution of your orders, is required by law, you have given us your consent or within the framework of commissioned data processing. If service providers are used in a third country, they are separately obliged to comply with the EU data protection standards (Art. 44 et seq. GDPR) standard contractual clauses.

V. WHERE DOES YOUR DATA COME FROM AND WHAT IS IT?

We receive personal data from our contractual partners as part of our mandate and business relationships. In addition, we process personal data that we receive directly from our clients, service providers, employees and applicants. Furthermore, we process – insofar as necessary for the provision of a service – personal data that we have permissibly received from other companies or from other third parties (e.g. for the performance of services, for the fulfillment of contracts or on the basis of consent given by you).Furthermore, we process personal data that we have permissibly extracted or received from publicly accessible sources, such as commercial and association registers, civil registers, land registers, debtor directories, the press and the Internet.
The following data categories may be relevant in particular:

  • Personal data (first and last name, date of birth, place of birth, nationality, marital status, profession/industry, etc.),
  • Contact data (address, e-mail address, telephone number, fax number, etc.),
  • address data (registration data, etc.),
  • payment and credit data

VI. HOW LONG WILL YOUR DATA BE STORED AND PROCESSED?

We process and store your personal data as long as it is necessary for the purposes for which it was collected or otherwise processed, in particular as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that the business relationship may be a continuing obligation that is intended to last for several years.
In the case of data storage for the fulfillment of legal obligations, the following periods apply in particular:

  • according to §§ 257 para. 4 HGB, 147 para. 3 AO: 10 years for commercial books and accounting vouchers, beginning with the end of the calendar year in which the last entry was made in the commercial book,
  • according to §§ 257 Abs. 4 HGB, 147 Abs. 3 AO: 6 years for commercial letters beginning with the end of the calendar year in which the last entry was made in the commercial book,
  • according to § 8 Abs. 4 GWG: 5 years for records and other documents relevant for money laundering, beginning with the end of the calendar year in which the business relationship ends. If you have applied for a job with us, we will store your personal data for as long as this is necessary for the decision on your application. If an employment relationship between you and us does not materialize, we may also continue to store the personal data to the extent necessary to defend against possible legal claims. In principle, application documents are deleted six months after notification of the rejection decision, unless longer storage is necessary (e.g. because an employment relationship has come about or in the event of legal disputes).

VII. WHAT RIGHTS DO YOU HAVE?

You have the following rights against us:
– To request information about your personal data processed by us, Art. 15 DSGVO. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling;
– to demand without delay the correction of incorrect or completion of your personal data stored by us, Art. 16 DSGVO;
– request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims, Art. 17 DSGVO;
– to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO, Art. 18 DSGVO;
– To receive your personal data that you have provided to us in a structured, common and machine-readable format and to request that it be transferred to another controller, Art. 20 DSGVO;
– To revoke your consent once given to us at any time, Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent for the future; the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation;
– in the event of an automated decision (profiling), the right to express one’s point of view and to challenge the decision, Art. 22(3) DSGVO;
– to complain to a supervisory authority, Art. 77 DSGVO.. For this purpose, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters. For us, the Hamburg Commissioner for Data Protection and Freedom of Information is generally responsible.
Furthermore, you have the right to object to the processing of your personal data at any time (Art. 21 DSGVO). We will point out your right of objection to you again separately.

VII. WHY DO WE NEED YOUR DATA?

In the context of using the website and its functions, you must provide us with those personal data that are required for the respective use and/or that we are legally obligated to collect, Art. 13 (2) e) DSGVO. Without this data, it will generally not be possible to use the functions, request our services or contact us.
We also require your personal data for the preparation and implementation of legal, tax advisory and auditing services and to comply with any associated contractual or legal obligations. Without the provision of the data, we will usually have to refuse to enter into a mandate, order or contractual relationship or will no longer be able to carry out an existing business relationship with you and may have to terminate it.

VIII. WHAT TECHNICAL OPTIONS DO WE USE?

COOKIES

On our Internet pages, we use necessary cookies and external cookies. Cookies are small text files that are placed on your terminal device and stored in your browser.
Necessary cookies are used to make our Internet presence more secure – for example, to save your selected cookie settings on our site. The legal basis for the use of these cookies is Art. 6 para. 1 p. 1 lit. f) DSGVO.
External cookies are used in the context of the use of social media plugins and Google services and are used to collect statistical data/ range measurement and for advertising purposes. External cookies are only used if you have consented to their use. The legal basis for the use of these cookies is Art. 6 para. 1 p. 1 lit. a) DSGVO. For more information on external cookies, please see the following heading “Use of analysis tools, social media plug-ins and tracking”.

WEB/TELEPHONE CONFERENCE

If you book an appointment for a web/teleconference, you will receive an invitation email with access data to an online meeting of the service provider “Microsoft Teams” or “GoToMeeting”, as selected by you. For the creation of the online meeting, the data you entered will be passed on to the respective service. In this case, please also note the data protection information of the respective provider.
We would like to point out that personal data may be processed by
Calendy, Microsoft Teams or GoToMeeting in the USA. The appropriate level of
data protection when using service providers and processors outside the
European Union (EU/EEA) is ensured by compliance with Art. 44 et seq. GDPR is
ensured. According to Art. 45 GDPR, personal data may be transferred to a third
country (e.g. the USA) if the EU Commission has decided that the third country
in question offers a level of data protection that complies with the GDPR. On
July 10, 2023, the European Commission signed the adequacy decision for the new
data protection framework agreement between the USA and the European Union
(EU). The agreement, also known as the Data Privacy Framework, has thus entered
into force. With the adequacy decision of the European Commission pursuant to
Art. 45 para. 3 GDPR, which has now come into force, the Commission has
confirmed that the USA has an adequate level of protection for personal data
that is comparable to that of the EU. Against this background, the
transatlantic data transfer between us and our US service provider may be based
on this adequacy decision. The prerequisite is that the US company in question
is certified accordingly by the US Department of Commerce. Another legal basis
for the transatlantic data transfer is the conclusion of the standard
contractual clauses, published by the EU Commission on June 4, 2021 pursuant to
Art. 46 para. 2 lit. c GDPR, pursuant to Art. 46 para. 2 lit. c) GDPR and the
obtaining of your consent to the transatlantic data transfer pursuant to Art.
49 para. 1 lit. a) GDPR.

The privacy statements of the providers can be found here:

– Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
https://privacy.microsoft.com/de-de/privacystatement

– GotoMeeting: LogMeIn Ireland Limited, Bloodstone Building Block C 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
https://www.logmein.com/de/legal/privacy/international#

Translated with www.DeepL.com/Translator (free version)

USE OF ANALYSIS TOOLS, SOCIAL MEDIA PLUG-INS AND TRACKING.

GOOGLE SERVICES and facebook pixel

This website uses the Google services described below.
We would like to point out that personal data may be processed in the USA when using Google services. The appropriate level of data protection when using service providers and processors outside the European Union (EU/EEA) is ensured by compliance with Art. 44 et seq. GDPR is ensured. According to Art. 45 GDPR, personal data may be transferred to a third country (e.g. the USA) if the EU Commission has decided that the third country in question offers a level of data protection that complies with the GDPR. On July 10, 2023, the European Commission signed the adequacy decision for the new data protection framework agreement between the USA and the European Union (EU). The agreement, also known as the Data Privacy Framework, has thus entered into force. With the adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR, which has now come into force, the Commission has confirmed that the USA has an adequate level of protection for personal data that is comparable to that of the EU. Against this background, the transatlantic data transfer between us and our US service provider may be based on this adequacy decision. The prerequisite is that the US company in question is certified accordingly by the US Department of Commerce. Another legal basis for the transatlantic data transfer is the conclusion of the standard contractual clauses, published by the EU Commission on June 4, 2021 pursuant to Art. 46 para. 2 lit. c GDPR, pursuant to Art. 46 para. 2 lit. c) GDPR and the obtaining of your consent to the transatlantic data transfer pursuant to Art. 49 para. 1 lit. a) GDPR.

GOOGLE ANALYTICS

Our website uses Google Analytics, a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 (“Google”). Its use allows us to associate data, sessions and interactions across multiple devices with a pseudonymous user ID and thus analyze a user’s activities across devices.
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
The term web analytics refers to the collection, compilation and evaluation of data about the behavior of visitors to websites. Among other things, data is collected about the website from which a data subject came to a website, which subpages of the website were accessed or how often and for how long a subpage was viewed. The information generated by the cookies about your use of our website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on our website (so-called IP masking), your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity. In doing so, pseudonymous user profiles can be created from the processed data.
We use Google Analytics to analyze and regularly improve the use of our website. Through the statistics obtained, we can improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f DS-GVO.
Information of the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms and conditions: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy .

GOOGLE MAPS

On this website we use the offer of Google Maps. This allows us to show you an interactive map directly on the website and enables you to use the map function comfortably.
When you click on the Google Maps map on our website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned in section 1.1 of this declaration are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. The legal basis for data processing by Google Maps on our website is your express consent, Art. 6 (1) a) DSGVO.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy at http://www.google.de/intl/de/policies/privacy . There you will also find further information on your rights in this regard and setting options for protecting your privacy.

facebook

On our website, we use the so-called “Facebook pixel” of Meta Platforms Ireland Ltd. (“Facebook”) on our website if you have consented to the use of this pixel. This allows users of our website to be shown interest-based advertisements (“Facebook ads”) when they visit the social networks Facebook and Instagram. The Facebook pixel automatically establishes a direct connection between your browser and the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating the Facebook pixel, Facebook receives the information that you have clicked on an ad from us or have accessed the corresponding web pages of our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to find out and store your IP address and other identifying features. By using the Facebook pixel, we pursue the purpose of displaying Facebook ads placed by us only to those Facebook users who have also shown an interest in our website. With the help of the Facebook pixel, we therefore want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. We can also use the Facebook pixel to track the effectiveness of Facebook ads for statistical purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad.

The legal basis for the use of the Facebook pixel is your consent, Art. 6 para. 1 lit. a) GDPR.

Information from the third-party provider: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo; to adjust display settings on Facebook: https://de-de.facebook.com/help/568137493302217 .

X. COMPANY PRESENCES IN SOCIAL MEDIA

We operate a corporate presence in the following social networks:

  • LinkedIN
  • Xing
  • Facebook
  • Instagram

in order to be able to communicate with the customers, interested parties and users (hereinafter also referred to collectively as: visitors) active there and to inform them about our projects and services.
We cannot track which user data the social networks collect. We have no influence on the data processing that takes place for this purpose, cannot prevent it, and also do not have access to the underlying data. We also do not have full access to your profile data. We can only see the public information of your profile. You decide on the specific public information in each case in your settings in the respective social network.
We only receive anonymous statistics from the social networks. We use these statistics, from which we cannot draw any conclusions about individual users, to constantly improve our online offering in the social networks and to better respond to the interests of visitors. We cannot link the statistical data with the profile data of our visitors. The legal basis for the use of the statistical data is Art. 6 para. 1 p. 1 lit. f) DSGVO.
We receive your personal data via the social networks if you actively communicate this to us via a personal message. We use your data (e.g. first name, last name, user name, e-mail address) to respond to your request. Your data will be stored until this purpose is fulfilled. The legal basis for processing in the case of an active approach by you, is your consent in the sense of Art. 6 para. 1 p. 1 lit. a) DSGVO. If your message is in connection with a (pre-)contractual relationship with us, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. b) DSGVO.
In the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. This is because only they have access to the complete information and data of the users.
Insofar as we receive personal data from you via a social network, this is processed under joint responsibility with the respective social network.
We would like to point out that personal data may be processed in the USA when using the social networks. The appropriate level of data protection when using service providers and processors outside the European Union (EU/EEA) is ensured by compliance with Art. 44 et seq. GDPR is ensured. According to Art. 45 GDPR, personal data may be transferred to a third country (e.g. the USA) if the EU Commission has decided that the third country in question offers a level of data protection that complies with the GDPR. On July 10, 2023, the European Commission signed the adequacy decision for the new data protection framework agreement between the USA and the European Union (EU). The agreement, also known as the Data Privacy Framework, has thus entered into force. With the adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR, which has now come into force, the Commission has confirmed that the USA has an adequate level of protection for personal data that is comparable to that of the EU. Against this background, the transatlantic data transfer between us and our US service provider may be based on this adequacy decision. The prerequisite is that the US company in question is certified accordingly by the US Department of Commerce. Another legal basis for the transatlantic data transfer is the conclusion of the standard contractual clauses, published by the EU Commission on June 4, 2021 pursuant to Art. 46 para. 2 lit. c GDPR, pursuant to Art. 46 para. 2 lit. c) GDPR and the obtaining of your consent to the transatlantic data transfer pursuant to Art. 49 para. 1 lit. a) GDPR.

LinkedIN

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA.
https://www.linkedin.com/legal/privacy-policy
Xing
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
https://privacy.xing.com/de/datenschutzerklaerung
Facebook
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
https://de-de.facebook.com/policy.php
Instagram
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
https://de-de.facebook.com/help/instagram/519522125107875

XI. Automated decision making (including profiling).
As part of the use of our website, there is generally no fully automated decision-making (profiling) pursuant to Art. 22, Art. 13 para. 2 lit. f), Art. 14 para. 2 lit. g) DSGVO. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law.

STATUS OF THE PRIVACY POLICY 

This privacy policy is valid as of March 2024. Due to the further development of our website or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current version can be accessed at any time on our website at http://nbs-partners.de/datenschutzerklaerung/.

RIGHT OF OBJECTION (ART. 21 DSGVO)
INDIVIDUAL RIGHT OF OBJECTION

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) of the DSGVO; this also applies to profiling based on this provision within the meaning of Article 4(4) of the DSGVO.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

RIGHT TO OBJECT TO PROCESSING FOR ADVERTISING PURPOSES.

In individual cases, we process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is related to such direct advertising.
If you object to processing for this purpose, we will no longer process your personal data for these purposes.

RIGHT TO OBJECT TO PROCESSING FOR SCIENTIFIC OR HISTORICAL RESEARCH PURPOSES OR FOR STATISTICAL PURPOSES.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical research purposes pursuant to Article 89(1) DSGVO, unless the processing is necessary for the performance of a task carried out in the public interest.