Data protection

  1. Data protection
    The operator of this website takes the protection of your personal data very seriously. We will handle your personal data in a confidential manner in accordance with the statutory data protection provisions of GDPR* and this Privacy Policy. It is generally possible to use our website without giving out any of your personal data. The collection of personal data on our site (e.g. name, address or email address) is always voluntary as far as possible. This data shall not be passed on to third parties without your express permission. We would like to point out that the transfer of data on the internet (e.g. when communicating via email) can involve security risks. Complete protection of data against access by third parties is not possible.
  2. Procedure for regular review, assessment and evaluation
    The employees of Necatec AG will be given training in data protection legislation at regular intervals and will be familiar with the procedural instructions and user guidelines as regards commissioned data processing, including with regard to the client’s right to exercise influence. Each employee is obliged to give his/her written undertaking to observe the data protection provisions of GDPR*, doing so no later than the first day his/her duties commence. The employee in question will not obtain access to personal data without this declaration. With Necatec AG's working environment, users will be given every opportunity as required to process data in a GDPR* compliant form and manner. Necatec AG structures its technology and applications in such a way so that privacy settings are in principle paid for in advance. There is a record of processing activities within the meaning of Article 30(1) and (2) GDPR* and a follow-up assessment process (DSFA), which is undertaken on a regular basis and is used as a permanent element of the evaluation and implementation of new functions within Necatec AG.
  3. Privacy Policies of service partners

    Privacy Policy in place with weclapp SE
    In order to facilitate the commercial processing of all quotes, orders, delivery notes, invoices and reminders, Necatec AG makes use of the cloud-based software developed by weclapp SE (www.weclapp.com). weclapp is responsible for processing commercial and personal data on behalf of Necatec AG within the meaning of Article 4(8) and Article 28 of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR). For the purpose of ensuring GDPR* compliance, Necatec AG has concluded an agreement regarding the protection of data with weclapp SE. This agreement governs the rights and obligations of the parties in conjunction with the processing of personal data according to GDPR*. Where the term “data processing” or “processing” (of data) is used in this agreement, the definition of “processing” within the meaning of Article 4(2) GDPR is used as the basis. weclapp will process personal data solely within the framework of the agreements reached and/or in compliance with any additional instructions given by Necatec, where applicable. This does not include any statutory provisions, which obligate easybill to undertake other forms of processing, where applicable. Should this be the case, easybill will notify the customer about these statutory requirements, unless the law in question prohibits such notification due to a substantial public interest. The purpose, nature and scope of the data processing will otherwise be exclusively in accordance with this agreement and/or instructions issued by the customer. weclapp will not be permitted to process the data in any other way, unless Necatec AG has given its written consent to do so. Necatec AG is the controller within the meaning of Article 4(7) GDPR* for the processing of data on behalf of weclapp. weclapp is entitled to notify the customer if it believes the subject of the assignment and/or instructions involves data processing that is prohibited by law.

    Privacy Policy for the use of etracker
    Necatec AG's website uses the analytical service, etracker. The provider is etracker GmbH, Erste Brunnenstraße 1 20459 Hamburg Germany. This data is used in order to create user profiles under a pseudonym. Cookies may also be used for this purpose. Cookies are small data files, which are stored locally in the cache of your internet browser. These cookies allow us to recognise your browser again. The data collected by using etracker technologies are neither being used to personally identify visitors to our website, nor are they combined with the personal data of the pseudonym's bearer, without the separate consent of the data subject to do so. You can object to the collection and storage of your data at any time and with immediate effect for the future. In order to object to the collection and storage of your visitor data to take effect in the future, you can obtain an opt-out cookie from etracker by going to the following link, which will ensure that none of your visitor data from your browser is collected and stored by etracker in future: http://www.etracker.de/privacy?et=V23Jbb This will result in an opt-out cookie named “cntcookie” being placed on your system by etracker. Please delete this cookie if you no longer wish to uphold your objection. Further information on this can be found in etracker's data protection provisions at: http://www.etracker.com/de/datenschutz.html

    Privacy Policy for the use of Facebook plugins (Like Button)
    Plugins from the social network Facebook, provided by Face-book Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on Necatec AG's website. You will recognise these plugins on our website through the Facebook logo or the "Like Button". An overview of Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/. When you visit our site, the plugin establishes a direct connection between your browser and the Facebook server. Facebook is thereby notified that you have visited our website with your IP address. If you click on the Facebook "Like Button" whilst logged in to your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to link your visit to our website to your user account. We would like to point out that we, as the administrators of this website, do not have any knowledge of the content of the data trans-ferred or of its use by Facebook. Further information about this can be found in Facebook's Privacy Policy at http://de-de.facebook.com/policy.php. If you do not want Facebook to be able to link your visit to our website to your Facebook user account, please ensure you log out of your Facebook user ac-count.

    Privacy Policy regarding the use of Google Analytics
    Necatec AG’s website makes use of the various functions of the web analytics service, Google Analytics. The provider is Google Inc.,1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files stored on your computer and which allow an analysis of how you use the website. The information generated by these cookies regarding your use of this website is usually transferred to a Google server in the USA where they are stored. If IP anonymisation is activated on this website, however, your IP address will be shortened by Google in advance within the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services to the website operator regarding website and internet use. The IP address communicated by your browser as part of Google Analytics is not associated with any other data held by Google. You can prevent the storage of cookies by selecting the appropriate settings on your browser software; however, please note that if you do so, you may not be able to use all the functions of this website to their full extent. Right to object via the opt-out widget: You can also prevent the release of data generated by the cookies about your use of the website (including your IP address) to Google as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

    Privacy Policy for the use of services provided by GOD Gesellschaft für Organisation und Datenverarbeitung mbH
    In order to store commercial data for service processing purposes, Necatec AG makes use of the cloud-based software developed by GOD Gesellschaft für Organisation und Datenverarbeitung mbH (GOD) (www.datenbank24.de). Necatec AG is responsible for processing commercial and personal data on behalf of the customer within the meaning of Article 4(8) and Article 28 of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR*). For the purpose of ensuring GDPR* compliance, Necatec AG has concluded an agreement regarding the protection of data with GOD. This agreement governs the rights and obligations of the parties in conjunction with the processing of personal data according to GDPR*. Where the term “data processing” or “processing” (of data) is used in this agreement, the definition of “processing” within the meaning of Article 4(2) GDPR is used as the basis. GOD will process personal data solely within the framework of the agreements reached and/or in compliance with any additional instructions given by Necatec, where applicable. This does not include any statutory provisions, which obligate GOD to undertake other forms of processing, where applicable. Should this be the case, GOD will notify the customer about these statutory requirements, unless the law in question prohibits such notification due to a substantial public interest. The purpose, nature and scope of the data processing will otherwise be exclusively in accordance with this agreement and/or instructions issued by the customer. GOD will not be permitted to process the data in any other way, unless Necatec AG has given its written consent to do so. Necatec AG is the controller within the meaning of Article 4(7) GDPR* for the processing of data on behalf of GOD. GOD is entitled to notify the customer if it believes the subject of the assignment and/or instructions involves data processing that is prohibited by law.

    Privacy Policy for the use of services provided by dropbox Inc.
    In order to store commercial data for service processing purposes, Necatec AG makes use of the cloud-based software developed by dropbox Inc. (www.dropbox.com). Dropbox Inc. offers guidance on security, compliance and data protection, is a certified provider of data protection measures in accordance with ISO/IEC 27018:2014 and fulfils the requirements of EU GDPR*. Dropbox does not process any personal data on behalf of Necatec AG within the meaning of Article 4(8) and Article 28 of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR*). For the purpose of ensuring GDPR* compliance, Necatec AG has concluded an agreement regarding the protection of data with Dropbox Inc.. This agreement governs the rights and obligations of the parties in conjunction with the processing of personal data according to GDPR*. This agreement governs access to and use of the various services and software. Customer and end users may access the services in compliance with this agreement. Security measures – Dropbox staff with access to customer data are bound by appropriate non-disclosure agreements. In order to transfer, store and process customer data, Dropbox will take industry standard technical and operational safety precautions, which must at the very least comply with the security measures. These security measures should ensure the integrity of customer data and provide protection against the unauthorised or unlawful access of customer data, as well as the use and processing of such data. Dropbox reserves the right to update its security measures from time to time. Dropbox will inform customers at least 60 days in advance of any such update, if the administrative, technical or physical security measures forming part of the service would be significantly impaired as a whole in the event of such an update. Data processing – This agreement constitutes the instruction given by the customer to Dropbox to process his/her customer data. Dropbox and its sub-processors will only process customer data in order to provide the various services and fulfil its obligations with regard to this agreement. The customer acknowledges that Dropbox and its sub-processors may also transfer, store and process data outside of his/her country of residence. Dropbox will inform the customer of all statutory requirements preventing the company from following the customer's instructions, unless Dropbox is prohibited from doing so either by law or due to a justified public interest. The parties agree that customer data may also include personal data. In terms of which data is involved, along with further information about processing, this can be found in the data processing agreement. EU-U.S. and Swiss-U.S. Privacy Shield Frameworks – Dropbox is certified in accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and ensures compliance with their provisions. Should the Privacy Shield Frameworks become invalid, Dropbox will take all commercially reasonable steps to adhere to the provisions of other or subsequently applicable data transfer agreements. Data processing agreement – Insofar as customer data is subject to European data protection laws and is processed by Dropbox on behalf of the customer, (i) Dropbox will use and process these customer data in accordance with the customer's instructions in order to provide the services and ensure Dropbox adheres to the obligations laid down in the agreement; and (ii) the customer gives his/her consent to the transfer of personal data by way of the data processing agreement with Dropbox, Inc.. The data processing agreement only applies to the various services; it does not apply to beta-services.

    Privacy Policy for the use of services provided by Mittwald CM Service GmbH & Co. KG
    Mittwald CM Service GmbH & Co. KG (Mittwald) is responsible for providing hosting services on behalf of Necatec AG. It is possible in this context that Mittwald will have access to per-sonal data and/or obtain knowledge of this data. The conclu-sion of an agreement regarding commissioned processing is therefore necessary according to Article 28 GDPR*. Necatec AG has selected Mittwald as a service provider within the framework of the due diligence obligations stipulated in Arti-cle 28 GDPR*. A prerequisite for ensuring the reliability of commissioned data processing is that the client has issued the request to the contractor in writing and/or electronically as well. By virtue of the will of the parties, including in particular the client, this agreement contains the request for commis-sioned processing within the meaning of Article 28(3) GDPR* and governs the rights and obligations of the parties regarding data protection in the context of the provision of hosting ser-vices. Necatec AG has concluded such an agreement with Mittwald. Ownership of the personal data remains exclusively with Necatec AG as the “controller” within the meaning of GDPR*. Based on this controlling responsibility, the client may also demand the rectification, erasure, blocking and release of personal data during the term of the agreement, as well as following termination of the agreement.

    Privacy Policy for the use of services provided by rapidmail GmbH
    The subject of the agreement is the processing of the client’s address data in order to send newsletters via email and transactional emails. Further details about the various services can be found in the General Terms and Conditions of Business (https://www.rapidmail.de/agb), which were accepted by the client upon registration. The purpose, nature and scope of the data processing are derived from the use of address and personal data in order to send newsletters via email and transactional emails, as well as the generation of personal recipient statistics. The purpose, nature and scope of the processing of personal data are also sufficiently derived from the service agreement as well. It is possible in this context that rapidmail will have access to personal data and/or obtain knowledge of this data. The conclusion of an agreement regarding commissioned processing is therefore necessary according to Article 28 GDPR*. Necatec AG has selected rapidmail as a service provider within the framework of the due diligence obligations stipulated in Article 28 GDPR*. A prerequisite for ensuring the reliability of commissioned data processing is that the client has issued the request to the contractor in writing and/or electronically as well. Necatec AG has concluded an agreement with rapidmail to safeguard the requirements for data protection according to GDPR*. By virtue of the will of the parties, including in particular the client, this agreement contains the request for commissioned processing within the meaning of Article 28(3) GDPR* and governs the rights and obligations of the parties regarding data protection in the context of the provision of hosting services. Data is processed exclusively within the territory of the Federal Republic of Germany, the Member States of the European Union or other signatories to the Agreement on the European Economic Area. Any (partial) transfer to a third country will require the prior consent of the client, and may only take place if the specific requirements of Article 44 et seq. GDPR are met (e.g. adequacy decision by the Commission, standard data protection clauses, approved rules of conduct etc.).
  4. Access, erasure and blocking
    You are entitled at all times to obtain free access to your stored personal data, their origin and recipient and the purpose of the data processing, and also have the right to rectification, blocking or erasure of this data. If you have any queries regarding this or on the subject of personal data, you can contact us at any time using the address listed in the Imprint.
  5. Server log files
    The provider of the website automatically collects and stores information in so-called server log files, which your browser transmits to us automatically. This infor-mation includes:
    - Browser type/browser version
    - Operating system used
    - Referrer URL
    - Host name of the accessing computer
    - Time of server request
    This data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to verify this data later should we be-come aware of specific indicators of unlawful use.
  6. Cookies
    The websites make partial use of so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our service offering more user-friendly, more effective and safer. Cookies are small text files which are placed on your computer and saved by your browser. Most of these cookies are so-called “session cookies”. These are automatically deleted after the end of your visit. Other cookies are stored on your device, until you delete them. These cookies help us to recognise your browser when you next visit our site. You can also adjust your browser in such a way that you will be informed about the setting of cookies and only accept them in individual cases, reject the acceptance of cookies, either for specific cases or in general, as well as activate the automatic erasure of cookies when closing your browser. Our website’s functionality can be restricted if cookies are deactivated.
  7. Contact form/request for proposal
    If you send queries to us via the contact form, your de-tails contained in the request form, including any con-tact details you have provided, will be stored by us for the purpose of processing the query and handling any follow-up queries. We will not disclose this data with-out your consent.
  8. Objection to advertising mail
    The use of contact details published within the framework of the “Imprint” obligations in order to send advertising or informational materials that have not been expressly requested is hereby rejected. The website operators expressly reserve the right to take legal action in the event of the unsolicited dispatch of advertising materials, such as spam emails. It is possible to opt out of newsletters, for example.
  9. Modifications
    Necatec AG's Privacy Policy may be modified from time to time. Necatec AG will not restrict your rights accord-ing to this Privacy Policy without your explicit consent. Any modifications to the Privacy Policy will be pub-lished by us on this website. If the modifications are expected to be material, we will ensure you are in-formed in an even more precise manner (including, in cases involving specific services, notification via email regarding the modifications to the Privacy Policy). We will also keep hold of the older versions of this Privacy Policy in an archive in order for you to be able to con-sult them.*“Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the proc-essing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”.

    Sources:
    www.haendlerbund.de
    www.e-recht24.de

NECATEC AG
Bredeneyer Str. 2B
45133 Essen, Germany
Tel.: +49 201 - 99 99 96 60
Tel.: +49 201 - 61 20 43 97
Fax: +49 201 - 61 20 43 99
info@necatec.de