Privacy Policy In Accordance With The GDPR

PRIVACY POLICY IN ACCORDANCE WITH THE General Data Protection Regulation For nuvisan.com

1. NAME AND ADDRESS OF THE CONTROLLERS

The joint controllers within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature are:

Nuvisan GmbH
Wegenerstr 13
D-89231 Neu-Ulm

and

Nuvisan ICB GmbH
Müllerstr 178
D-13353 Berlin

and

Nuvisan France SARL
2400 Route des Colles
06410 Biot
France

(the controllers are jointly referred to as “Nuvisan” in this policy)

Phone: +49 731 9840-0
Email: hello@nuvisan.com
Website: www.nuvisan.com

2. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

The data protection officer for Nuvisan GmbH and Nuvisan ICB GmbH is:

AVIATICS Cost & Safety Management GmbH & Co. KG
Attn. Mr Arnold / Mr Joisten
Edmund-Rumpler-Str. 6
51149 Cologne
Germany

Tel.: +49 211 95784 710
Email: datenschutz@aviatics.de
Website: www.aviatics.de

The data protection officer for Nuvisan France SARL is:

Legal department (Angèle Périllat-Amédée)
Nuvisan ICB GmbH
Muellerstr 178
13353 Berlin
Germany

Tel. : +49 731 9840-0
Email : angele.perillat-amedee@nuvisan.com

3. CREATION OF LOG FILES

Each time the website is accessed, Nuvisan records data and information using an automated system. This information is stored in the server’s log files.

The following data can be collected:

Information about the browser type and the version used
The user’s operating system
The user’s internet service provider
The user’s IP address
Date and time when the website was accessed
Websites from which the user’s system accesses our website (referrer)
Websites that are accessed by the user’s system via our website

The data is processed in order to deliver the contents of our website, ensure the functionality of our information technology systems and optimize our website. The data from the log files is always stored separately from other personal data belonging to the user.

The legal basis for the processing is our legitimate interest pursuant to Article 6 paragraph 1 sentence 1 letter f of the GDPR. Our legitimate interest lies in the secure and trouble-free operation and continuous optimization of our website.

4. USE OF COOKIES

The website of Nuvisan uses cookies. Cookies are small text files that are stored by the internet browser on the user’s computer system. The stored cookie information can be transmitted to a web page when it is called up and thus enable the user to be identified pseudonymously. Cookies help to make the use of websites easier and more convenient for users. For example, cookies ensure that certain settings such as the desired language or your cookie preferences do not have to be requested again each time you visit a website. Our website uses three different types of cookies.

Essential cookies are required to enable certain functionalities of our websites and thus to ensure trouble-free and secure operation of the websites. You can find an overview of the essential cookies used in our cookie consent manager ("cookie banner"). Since essential cookies are required for the operation of our website, they cannot be deselected in the cookie banner. The storage and use of essential cookies is based on our legitimate interest pursuant to Article 6 paragraph 1 sentence 1 letter f of the GDPR. Our legitimate interest is the trouble-free and secure operation of our websites.

We also use media, marketing, and statistic cookies. We use media cookies, also referred to as multimedia cookies, to enhance the user experience with multimedia content on our website, including videos and audio. These cookies store preferences like volume settings, playback options, and user interactions with media controls, ensuring a consistent and personalized viewing or listening experience. Additionally, they assist in tracking ad interactions, offering content recommendations, optimizing streaming performance, gathering viewer analytics, and managing content licensing. Please be assured that our use of these cookies complies with data protection regulations, and users can manage or disable them in their browser settings as needed.
Marketing and statistic cookies enable us to analyse the use of our websites in order to measure and improve its performance and to perform marketing, remarketing and advertisement operations.

You can find an overview of the media, marketing, and statistics cookies used in our cookie banner. We will only use media, marketing, and statistic cookies if you have agreed to these in advance in our cookie banner. In this respect, the legal basis for the storage and use is your consent pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR.

In addition to the settings in our cookie banner, it is also possible at any time to object to the setting of cookies by changing the setting in the Internet browser accordingly. Cookies that have been set can be deleted. Please note that if you deactivate cookies, you may not be able to use all the functions of our website to their full extent.

5. USE OF GOOGLE SERVICES (GOOGLE ANALYTICS, GOOGLE TAG MANAGER AND GOOGLE OPTIMIZE), YOUTUBE, VIMEO, AND MATOMO ON-PREMISE

5.1 Google Analytics

Provided you have consented to the setting of the respective statistic cookies in our cookie banner, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses cookies, which help analyze how users use this website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The legal basis for this is your consent pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time with effect for the future.

Since we have activated the IP anonymization on this website, your IP address will be truncated beforehand by Google within member states of the European Union (“EU”) or in other contracting states to the Agreement on the European Economic Area (“EEA”). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In such exceptional cases, the associated data transfers to the USA are subject to the EU Standard Contractual Clauses (see https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en) concluded with Google’s parent company Google LLC.

On our behalf, Google will use the information collected for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.

We evaluate the data collected using Google Analytics by means of monthly reports. We also use this data for A/B testing using Google Optimize (cf. section 5.3 below).

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Besides the settings in our cookie banner, you can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

We have implemented an automatic process for the deletion of personal data in Google Analytics. Based on this process, your data is retained for 26 or 14 months (Google Analytics 4) and then automatically deleted.

5.2 Google Tag Manager

For the implementation of Google Analytics, we use Google Tag Manager, a service of Google. This service is used to load other services on our website. In this process, the Google Tag Manager can also forward personal data such as your IP address to the tools loaded by it. We use the Google Tag Manager exclusively for the implementation of Google Analytics. Other tools are not loaded using the Google Tag Manager. In this respect, we refer to the explanations regarding Google Analytics under section 5.1 above with regard to data processing in the context of the use of the Google Tag Manager. The legal basis is your consent given in the context of our cookie banner for the use of the respective statistic cookies pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time with effect for the future. If you have not given your consent, Google Analytics will not be loaded using the Google Tag Manager.

5.3 Google Optimize

We use the service Google Optimize for A/B tests to optimize our website. This service is also provided by Google. Data from analytics tools (here: Google Analytics, cf. section 5.1 above) is used to analyze the effect of certain changes in the design of our website on the usage behavior of visitors to our website and to create reports on this. In doing so, the data collected by Google Analytics (cf. section 5.1 above) is processed to create the A/B tests. The legal basis for the tracking of your activities on our website via Google Analytics is your consent given in the context of our cookie banner pursuant with Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time with effect for the future. If you have not given your consent, your usage behavior will not be evaluated. The legal basis for performing A/B tests is our legitimate interest pursuant with Article 6 paragraph 1 sentence 1 letter f of the GDPR. Our legitimate interest lies in the optimization of our website and marketing measures. You may, in accordance with Article 21 of the GDPR, object to the processing of your personal data based on our legitimate interest, e.g., by sending an e-mail to our Data Protection Officer (datenschutz@aviatics.de).

For the rest, we refer to the explanations on Google Analytics under section 5.1 above with regard to data processing in the context of the use of Google Optimize.

5.4 Youtube

Our website harnesses the power of YouTube as a video hosting service to provide a seamless and engaging experience for our visitors. YouTube, a service offered by Google, allows us to effortlessly deliver high-quality video content that enhances your interaction with our platform.

Video Content Delivery:
YouTube serves as our primary video hosting platform, enabling us to deliver a wide range of video content directly to you.

Purpose of Video Hosting:
Our hosted videos serve various purposes, including providing informative content, tutorials, product demonstrations, and other materials relevant to our offerings. These videos are instrumental in improving your understanding and interaction with our products and services.

Data Processing for Optimization:
To continuously enhance our website and the quality of the content we provide, we may analyze the impact of specific video changes on visitor behavior. This analysis is conducted using data collected by YouTube's analytics tools.

Consent and Opt-Out:
Your consent, obtained through our cookie banner, is the foundation for tracking your activities on our website via YouTube, in compliance with Article 6 paragraph 1 sentence 1 letter a of the GDPR. . You have the option to withdraw this consent at any time, which will affect future data processing. If you choose not to provide consent, your usage behavior will not be evaluated.

5.5 Matomo On-Premise

Provided you have consented to the setting of the respective statistic cookies in our cookie banner, this website uses Matomo On-Premise, a web analytics application provided by Innocraft Limited, Po625, 7 Waterloo Quay, Pipitea, Wellingtom, 6011, New Zealand (“Matomo”).

We use Matomo as our analytics tool to gather insights into the usage of our website. To protect your privacy, we have implemented IP anonymization within Matomo.
The Matomo application uses cookies, which help analyze how users use this website. The information generated by the cookie about your use of this website is hosted on Nuvisan’s own servers in Germany. The legal basis for this is your consent pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time with effect for the future.

With IP anonymization enabled, your IP address is truncated before any data is processed. This process occurs within the member states of the European Union (“EU”) or in other contracting states to the Agreement on the European Economic Area (“EEA”). In most cases, only a portion of your IP address is transmitted to our self-hosted Matomo, making it impossible to identify you personally.
We will use the information collected for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.

We evaluate the data collected using the Matomo application by means of monthly reports.

The IP address transmitted by your browser as part of the Matomo application will not be merged with other data that we have obtained from Google.

We have implemented an automatic process for the deletion of personal data in the Matomo application. Based on this process, your data is retained for 12 months and then automatically deleted.

6. USE OF LINKEDIN SERVICES (LINKEDIN INSIGHT TAG, LINKEDIN ANALYTICS AND LINKEDIN ADS)

6.1 LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag for conversion tracking and retargeting if you have consented to the use of the respective marketing cookies in our cookie banner. The LinkedIn Insight Tag is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”).

The LinkedIn Insight Tag uses a pixel on our website that helps us retarget our site visitors and optimize our campaigns. The service enables the collection of data regarding a users’ visits to our website. This concerns, in particular, the processing of device and browser information, referrer URL, IP address and a timestamp. As a data minimization and pseudonymization measure, IP addresses are truncated or hashed.

The LinkedIn Insight Tag also provides retargeting for website visitors, enabling us to show personalized ads off our website by using the data described above, however, without identifying individual visitors. As a registered LinkedIn user, you can control the use of your personal data for advertising purposes in the account settings of your LinkedIn account.

The use of the LinkedIn Insight Tag serves marketing, retargeting and analytics purposes.

The legal basis for the processing of your personal data in the context of the use of the LinkedIn Insight Tag is your consent pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time with effect for the future.

We have concluded a data processing agreement with LinkedIn Ireland as a processor. As LinkedIn Ireland is a subsidiary of LinkedIn, Inc., 1000 West Maude Avenue, Sunnyvale, CA 94085, USA (“LinkedIn”), an international company with processing facilities in many locations around the world, it cannot be precluded that your personal data may be processed in countries outside the EU/EEA, e.g., in the USA or Singapore (“third countries”). For cases in which personal data is transferred to third countries that don’t offer an adequate level of data protection, the data processing agreement we have concluded with LinkedIn Ireland incorporates standard contractual clauses pursuant to Article 46 paragraph 2 letter c of the GDPR.

LinkedIn Ireland will not share the personal data of users with us. They only provide us with reports and alerts about our website audience and ad performance. Such reports and alerts do not identify natural persons.

We have implemented an automatic process for the deletion of personal data in the context of the LinkedIn Insight Tag. Based on this process, your data is retained for 180 days and then automatically deleted.

6.2 LinkedIn Analytics

If you have consented to the use of the respective marketing cookies in our cookie banner, we use LinkedIn Analytics, an analytics service of LinkedIn Ireland (cf. section 6.1 above), to compare metrics like clicks, impressions and social actions in order to learn which campaigns and ad creatives are most effective. This concerns, in particular, add-on information, device identifiers, operating system information, browser information, ISP/connection speed, referrer URL and your IP address. The data processed in this context is automatically stored in our CRM (cf. section 13 below).

The processing of your personal data in this context serves marketing purposes.

The legal basis is your consent given in the context of our cookie banner for the use of the respective marketing cookies pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time with effect for the future.

As the data collected via LinkedIn Analytics is automatically stored in our CRM, please refer to section 13 below with respect to retention periods and periods for deletion. For the rest, we refer to the explanations on the LinkedIn Insight Tag under section 6.1 above with regard to data processing in the context of the use of LinkedIn Analytics.

6.3 LinkedIn Ads

We use the advertising service LinkedIn Ads if you have given us your consent for the setting of the respective marketing cookies in our cookie banner. LinkedIn Ads is provided by LinkedIn Ireland (cf. section 6.1 above). It is used to build brand awareness, drive consideration and engagement and generate leads and conversions. We use links and lead gen forms to promote our content or company. However, we never use personal data to set up ad campaigns. This concerns, in particular, an advertising identifier, ads viewed, articles viewed, pages visited, videos viewed, search terms, connections, information provided on profile, followers, user agent data, device identifiers and device information, operation system information and your IP address. The data processed in this context is automatically stored in our CRM (cf. section 13 below).

The use of LinkedIn Ads serves advertisement, optimization, conversion tracking and remarketing purposes.

The legal basis in this regard is your consent pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time with effect for the future.

With respect to details on retention periods and periods for deletion in the context of the use of LinkedIn Ads, please refer to the following website of the provider: https://www.linkedin.com/help/linkedin/answer/87080/linkedin-marketing-solutions-and-the-general-data-protection-regulation-gdpr-?lang=en. However, as the data processed in this context is also stored in our CRM (cf. section 13 below), the retention periods and periods for deletion mentioned there apply respectively. For the rest, we refer to the explanations on the LinkedIn Insight Tag under section 6.1 above with regard to data processing in the context of the use of LinkedIn Ads.

6.4 LinkedIn Organic Event Page

On LinkedIn, you have the possibility to register for one of our events through https://www.linkedin.com/company/nuvisan/events/. In the registration process, you can also consent to the receipt of email communications by us about our offerings.

If you use the possibility to register for one of our events through LinkedIn, the data indicated in the registration form will be transmitted to us, namely an email address, and, if you have provided such information to LinkedIn, your company’s name, your job title, your last name, your first name and your country/region. The data will be stored exclusively for our internal use to communicate with you about the event you have registered for. If you have consented to the receipt of email communications about our offerings, the data will also be used for this.

Data transmitted to us in the course of your registration through LinkedIn to one of our events will be stored in our CRM system (cf. section 12 below).

The data will not be passed on to third parties. An exception to this is if there is a legal obligation to pass on the data.

The provision of personal data is necessary for the provision of our content and services. Registered persons have the option of having the stored data deleted or modified at any time, e.g., by sending an e-mail to our Data Protection Officer (datenschutz@aviatics.de). You can obtain information about the personal data stored about you at any time (cf. section 15 below).

The legal basis for the processing of data voluntarily provided by you is your consent pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time, e.g., by sending an e-mail to our Data Protection Officer (datenschutz@aviatics.de). In that case, we will delete the personal data voluntarily provided by you.

7. REGISTRATION ON OUR WEBSITE, LOGIN AREA

On our website, you have the possibility to register as a user of our login area through https://insights.nuvisan.com/register. In the registration process, you can also register for the receipt of e-mail communications by us.

In the login area, accessible through https://insights.nuvisan.com/login, you can access non-public content such as PDF documents and videos.

If you use the possibility to register on our website by providing personal data, the data in the respective input fields will be transmitted to us. The data will be stored exclusively for our internal use in order to provide you with the content and services accessible in our login area.

For your registration for the login area, the provision of your first name, last name, an e-mail address and a password are mandatory. Furthermore, you can voluntarily enter a salutation, a title, your company and your country. Additionally, during registration, your IP-address as well as the date and time of registration are stored. This serves to prevent misuse of the services.

Data you provide in the course of registering on our website will be stored in our CRM system (cf. section 12 below).

The data will not be passed on to third parties. An exception to this is if there is a legal obligation to pass on the data.

Additionally, we process your IP-address as well as the date and time of registration based on our legitimate interest pursuant to Article 6 paragraph 1 sentence 1 letter f of the GDPR. Our legitimate interest lies in the prevention of misuse of our services. You may, in accordance with Article 21 of the GDPR, object to the processing of your personal data based on our legitimate interest, e.g. by sending an e-mail to our Data Protection Officer (datenschutz@aviatics.de).

Your personal data will be stored until you withdraw your consent, e.g., by writing an e-mail to our Data Protection Officer (datenschutz@aviatics.de).

8. USE OF ZOOM FOR WEBINARS

To deliver our webinars, which you can register for through our login area (cf. section 7 above), we use Zoom, a video conferencing service provided by Zoom Video Communications, Inc., 55 Almaden Blvd, 6^th Floor, San Jose, CA 95113, USA (“Zoom, Inc.”). Registered users can attend our webinars on demand, either by using the Zoom app which can be downloaded from https://support.zoom.us/hc/en-us/articles/4415294177549-Herunterladen-von-Zoom-Desktop-Client-und-Mobile-App or by participating via the browser version accessible through https://zoom.us/join. Please note: if you use the Zoom website, Zoom, Inc. is the responsible controller for the processing of your personal data in the context of your visit of the website.

When participating in a webinar, the following personal data of the participants may be processed, depending on the settings of the respective webinar:

Participant information, in particular first and last name, telephone number (optional), e-mail address, password, profile picture (optional)
Meeting meta data, in particular meeting subject, description, IP addresses of participants, device/hardware information
Recordings (optional), in particular MP4 files of all video, audio and presentation recordings, M4A files of all audio recordings, text file of the online meeting chat

If you participate by telephone, the following data may be processed

Information on the incoming and outgoing telephone number
country name
start and end time
If necessary, further connection data such as the IP address of the device used

During our webinars, you have the possibility to activate and deactivate your camera and microphone according to your preferences. However, we may restrict the activation of your camera and/or microphone by respective default settings.

The legal basis for the processing of your personal data in the context of our webinars delivered via Zoom is Article 6 paragraph 1 sentence 1 letter b of the GDPR, if the performance of the webinar is part of the contractual relationship between you and us. If there is no contractual relationship between you and us, the legal basis for processing is our legitimate interest pursuant to Article 6 paragraph 1 sentence 1 letter f of the GDPR. In this case, our legitimate interest lies in the effective and efficient conduct of webinars. You can, pursuant to Article 21 of the GDPR, object to the processing of your personal data on the basis of our legitimate interest at any time. To do so, please contact our Data Protection Officer at datenschutz@aviatics.de. However, without the processing of personal data, your participation in our webinars delivered via Zoom is not possible.

On Zoom, you have the possibility to consent to optional cookies. If you have consented to such optional cookies, our legal basis for the processing of data voluntarily provided by you is your consent pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time, e.g., by sending an e-mail to our Data Protection Officer (datenschutz@aviatics.de). In that case, we will delete the personal data voluntarily provided by you.

We have concluded a data processing agreement in accordance with Article 28 of the GDPR with Zoom, Inc. as a processor. As Zoom is a service of a US service provider, it cannot be precluded that your personal data is processed in the USA. For cases in which personal data is transferred to the USA the data processing agreement we have concluded with Zoom, Inc. incorporates standard contractual clauses pursuant to Article 46 paragraph 2 letter c of the GDPR.

9. NEWSLETTER

On our website you have the possibility to register for our newsletter.

If you subscribe to our newsletter, the data in the respective input fields will be transmitted to us. We will then send an e-mail with a link to the e-mail address you have provided, which you can use to confirm that the information you have provided is correct and that you wish to receive the newsletter. We will only use the personal data you provide online to send you the newsletter that matches your profile. You have the option to cancel your newsletter subscription at any time. To do so, use the form on our newsletter page or the opt-out link that you will find at the end of each newsletter. No more newsletters will be sent to your e-mail address.

When subscribing to the newsletter, the user’s IP address as well as the date and time of registration are stored. This serves to prevent misuse of the services or the email address of the data subject and to prove the newsletter registration if necessary. The data is not passed on to third parties. An exception to this is if there is a legal obligation to pass on the data.

Data you provide in the course of registering for our newsletter will be stored in our CRM system (cf. section 12 below).

The legal basis for the processing of personal data within the framework of our newsletter is your consent pursuant to Article 6 paragraph 1 sentence 1 letter 1 of the GDPR.

To send the newsletter, we use our CRM system (c.f. section 12 below).

10. OPTIONS FOR CONTACTING US

Our website contains a contact form that can be used for contacting us electronically. Alternatively, it is possible to contact us using the email address hello@nuvisan.com. You can also get in touch with our Business Developers via their respective profiles on the platform Pardot. If you contact us via one of these channels, the personal data you transmit will be stored automatically.

Your contact information provided through our contact form will be stored in our CRM system (cf. section 12 below).

For using our contact form, the provision of your first name, last name and an e-mail address is mandatory. You can provide further information voluntarily in the “Your message” section.

The data is processed solely for the purpose of processing the inquiry or contacting the data subject. The data will not be passed on to third parties.

The legal basis for data processing in connection with responding to enquiries is Article 6 paragraph 1 sentence 1 letter b of the GDPR if the enquiry is about the initiation or performance of a contractual relationship with you. Otherwise, the processing is based on our legitimate interest pursuant to Article 6 paragraph 1 sentence 1 letter f of the GDPR, whereby our legitimate interest is to respond to enquiries voluntarily addressed to us.

11. SCHEDULING APPOINTMENTS WITH MICROSOFT BOOKINGS

On our website, we offer you the possibility to schedule appointments, meetings, and events (e.g., phone calls or site visits) through Microsoft Bookings, a scheduling service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399 (“Microsoft Corporation”).

For scheduling a phone or video call, we will ask you to specify date and time of the call and to enter your name, an e-mail address, a phone number and – voluntarily – any further information that will help us prepare for the meeting. You can also enter the e-mail addresses of up to 10 additional guests for the scheduled call.

All data you enter in the context of scheduling a call will be handled by our sales team and stored in our CRM (cf. section 12 below).

The use of Microsoft Bookings serves the purpose of scheduling appointments, meetings, and events with you, i.e., the fast and efficient interactions with our customers and interested parties.

The legal basis for the processing of your personal data in the context of scheduling appointments, meetings, and events via Microsoft Bookings is our legitimate interest pursuant to Article 6 paragraph 1 sentence 1 letter f of the GDPR. Our legitimate interest lies in the efficient scheduling of appointments, meetings and events with you.

We have concluded a data processing addendum in accordance with Article 28 of the GDPR with Microsoft Corporation. as a processor. Microsoft Corporation processes personal data on servers in the European Union.

We will process your personal data as long as it is necessary to schedule and prepare the respective call and delete it afterwards. However, all data that is stored in our CRM (cf. section 12 below) is subject to the retention periods and periods for deletion specified in section 12.

12. COLLECTION, ADMINISTRATION AND MAINTENANCE OF CONTACT DATA IN OUR CUSTOMER RELATIONSHIP MANAGEMENT SYSTEM (CRM SYSTEM)

In order to maintain business contacts and to ensure smooth communication within the scope of contract fulfillment and customer acquisition, we store client and prospect contact information that we receive from you in our CRM system (Salesforce). This concerns in particular the following personal data:

First and last name
Title
Company
E-mail address
Telephone number
Relevant communication (e-mails and calls)

This data is usually provided by you, e.g., by registration for a Nuvisan event, by request via our contact form, by providing us with this information at a conference or other in-person meeting, e.g. by providing us your business cards for the purpose of exploring business opportunities with Nuvisan. We may also collect information you have made publicly available on your LinkedIn profile.

Our CRM system Salesforce is operated by Salesforce, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. Salesforce, Inc. as a processor within the meaning of Article 4 No. 8 of the GDPR will only process your data based on our instructions. We have concluded a data processing agreement pursuant to Article 28 paragraph 3 of the GDPR.

As Salesforce, Inc. is an international company with processing facilities in many locations around the world, it cannot be precluded that your personal data stored in our CRM system may be processed in countries outside the EU/EEA, e.g., in the USA (“third countries”). For cases in which personal data is transferred to third countries that don’t offer an adequate level of data protection, we have concluded standard contractual clauses pursuant to Article 46 paragraph 2 letter c of the GDPR with Salesforce, Inc. Salesforce, Inc. also offers supplementary measures to safeguard personal data processed in unsafe third countries.

We also use our CRM system to identify sales opportunities, manage the sales pipeline of Nuvisan, track the order entry per business development manager and business unit and as a tracking tool for forecasting order entries and sales representatives activities.

Data processing in connection with our CRM system is based on our legitimate interest pursuant to Article 6 paragraph 1 sentence 1 letter f of the GDPR. Our legitimate interest is to be able to contact you again at a later date, in particular to establish a new business relationship or to expand an existing one and to perform direct marketing activities. If you are already a customer of ours, the processing of your contact data is furthermore necessary for the fulfillment of the contract existing between you and us and is thus carried out on the legal basis of the fulfillment of the contract pursuant to Article 6 paragraph 1 sentence 1 letter b of the GDPR.

The processing serves the purpose of maintaining customer relations and relations with interested parties.

Data processing in connection with online marketing functions mentioned here is also carried out on the basis of our legitimate interests pursuant to Article 6 paragraph 1 sentence 1 letter f of the GDPR. Our legitimate interest in this respect is the implementation of marketing measures to address, acquire and maintain customers.

If a business relationship exists between you and us, we store your data for this purpose until it is no longer required for the fulfillment of the contractual or pre-contractual measures between you and us and subsequent retention periods. Irrespective of this, we store your data until a (possibly renewed or extended) business relationship with us is no longer recognizably of interest to you or you object to the processing.

You can, pursuant to Article 21 of the GDPR, object to the processing of your personal data on the basis of our legitimate interest (Article 6 paragraph 1 sentence 1 letter f of the GDPR) at any time. To do so, please contact our data protection officer at datenschutz@aviatics.de.

13. MARKETING AUTOMATION WITH PARDOT

We use the marketing automation solution Pardot to identify prospective customers in order to empower our sales team to close more deals. In this regard, we use Pardot for lead nurturing, e-mail campaigns registration/contact forms, landing pages and performance tracking. This concerns in particular the following personal data:

First and last name
Company
Country
E-mail address
Job title
Your activities on our website and landing pages

We collect the relevant personal data for this purpose from data you provide on our website, e.g., for the login area, our contact form, our newsletter (cf. sections 7 and 9 above), and from physical events (business cards). Furthermore, we use data from webinar registrations via LinkedIn. We also track your activities on our website and landing pages if you have given your consent to the use of Pardot cookies in our cookie banner.

Pardot is a service of Salesforce, Inc. (cf. section 12 above). Salesforce, Inc. as a processor within the meaning of Article 4 No. 8 of the GDPR will only process your data based on our instructions. We have concluded a data processing agreement pursuant to Article 28 paragraph 3 of the GDPR.

We store your data until a (possibly renewed or extended) business relationship with us is no longer recognizably of interest to you. In practice, this means that if, in accordance with the data stored on our CRM, you have not been in contact with Nuvisan for more than two years, we will contact you and request your consent to further process your data. If you do not consent to this, we will delete your data from our CRM.

If you consent to the further processing of your data after the two-year period mentioned above, the legal basis for the processing of your data is your consent pursuant to Article 6 paragraph 1 sentence 1 letter a of the GDPR. You can withdraw your consent at any time, e.g., by sending an e-mail to our Data Protection Officer (datenschutz@aviatics.de). In that case, we will delete the personal data for which you had consented to further processing.

14. ROUTINE ERASURE AND BLOCKING OF PERSONAL DATA

We process and store the data subject’s personal data only for as long as is necessary to achieve the purpose of the processing and storage. The data may be stored for a longer period if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject.

As soon as the processing and storage purpose ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely erased or anonymized.

Please refer to section 17 of this privacy policy for deletion periods or criteria for determining the storage period.

15. RIGHTS OF THE DATA SUBJECT

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis us:

Right of access (Article 15 of the GDPR): You have the right to receive information about the data we have stored and process about you.
Right to rectification, right to erasure (Article 16 and Article 17 of the GDPR): You can demand that we correct incorrect data and – insofar as the legal requirements are met – delete your data.
Right to restriction of processing (Article 18 of the GDPR): You can demand that we – insofar as the legal requirements are met – restrict the processing of your data.
Right to data portability (Article 20 of the GDPR): If you provide us with data on the legal basis of a contract or your consent, you may – if the legal requirements are met – demand that you receive the data you have provided in a structured and common format or that we transfer it to another responsible party.
Right to object to processing based on legitimate interests (Article 21 of the GDPR): You have the right to object to data processing by us at any time for reasons arising from your particular situation, insofar as the processing is based on legitimate interests within the meaning of Article 6 paragraph 1 sentence 1 letter f of the GDPR. If you exercise your right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for further processing that override your rights.
Revocation of consent (Article 7 of the GDPR): If you have given us consent to process your data, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected. If you wish to revoke your consent to the processing of certain cookies, please refer to our explanations under sections 4 and 5.
Right to lodge a complaint with a supervisory authority Article 77 of the GDPR): You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. To do this, you can choose to contact the data protection authority responsible for your place of residence, your place of work or the place of the alleged infringement, or the data protection authority responsible for us. The data protection supervisory authority responsible for Nuvisan GmbH is the Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision), Promenade 18, 91522 Ansbach, Germany (lda.bayern.de). The data protection supervisory authority responsible for Nuvisan ICB GmbH is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commission for Data Protection and Freedom of Information), Alt-Moabit 59-61, 10555 Berlin, Germany (www.datenschutz-berlin.de).

If you have any questions regarding the processing of your personal data, your rights as a data subject or any consent you may have given, please contact our Data Protection Officer using the contact details provided in section 2.

16. LEGAL BASIS FOR THE PROCESSING

Please refer to the sections on the individual processing activities for the relevant legal basis of the processing.

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 paragraph 1 sentence 1 letter a of the GDPR serves as the legal basis.

When processing personal data that is necessary for pre-contractual measures or the performance of a contract to which the data subject is a party, Article 6 paragraph 1 sentence 1 letter b of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 paragraph 1 sentence 1 letter c of the GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Article 6 paragraph 1 sentence 1 letter d of the GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6 paragraph 1 sentence 1 letter f of the GDPR serves as the legal basis for the processing. The legitimate interest of our company generally lies in the performance of our business activities and is specifically named in the sections on the individual processing activities.

17. DURATION FOR STORING PERSONAL DATA

We store personal data for as long as is necessary to fulfil the purpose of the processing. In addition, personal data may be subject to legal retention periods. In this case, we store the data until the retention period expires and then delete it. We also delete data if you, as the data subject, revoke your consent to processing or object to processing on the basis of legitimate interests and no retention periods or other legal obligations prevent this.

Drug Discovery

Discovery Pharmacology

In Vitro Biology

In Vivo Pharmacology

Functional Genomics

Discovery Biosciences

Protein Sciences

Biochemical Assays

Cell-based Assays

High-content Analysis

Biophysics

Mass Spectrometry

Structural Biology

2Go Platform

Screening

Translational Research - Biomarkers

Life Science Chemistry

Design & Synthesis

Purification & Analytics

Microbiological Chemistry

Digital Life Sciences

Omics Data Analysis & Bioinformatics

DMPK (Discovery)

In Vitro PK & DDI

Biotransformation & MetID

Animal Management and Welfare

Drug Development

DMPK (Development)

Toxicology

In Vivo Toxicology

About Us

Partner With Us