Try for free

Data protection

Status: November 2023

1. general

Thank you for your interest in the company website and other online offers of NOVA BUILDING IT GmbH, In der Mordach 1a, 64367 Mühltal (Hessen), Germany; hereinafter referred to as “NOVA”.

We take the issues of data protection and confidentiality very seriously and comply with the applicable European and national data protection regulations; in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the Digital Services Act (DDG) and the Hessian Data Protection and Freedom of Information Act (HDSIG).

We would therefore like to provide you with the following information to give you an overview of the processing of your personal data by us and your rights under data protection law, in particular in accordance with Art. 13, 14 and 21 GDPR.

Which data is processed in detail and how it is used depends largely on the services requested or agreed. Therefore, not all parts of this information will apply to you.

2. definitions according to Art. 4 GDPR

This privacy policy should be easy to read and understand for the public as well as for our customers and business partners. For this reason, we are guided by the following definitions of terms of Art. 4 GDPR, which are also kept simple and understandable.

a) Personal data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

c) Restriction of processing

“Restriction of processing” is the marking of stored personal data with the aim of restricting its future processing.

d) Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

e) Pseudonymization

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

f) Person concerned

“Data subject” means any identified or identifiable natural person whose personal data is processed by the controller.

g) File system

“File system” means any structured collection of personal data that is accessible according to specific criteria, regardless of whether this collection is managed centrally, decentrally or according to functional or geographical aspects.

h) Controller or controller responsible for the processing

“Controller or controller responsible for the processing” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

i) Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

j) Recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

k) Third party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

l) Consent

“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. name and contact details of the controller (Art. 13 para. 1 lit. a GDPR)

The entity responsible for data processing is

NOVA BUILDING IT GmbH
In der Mordach 1a
D-64367 Mühltal (Hessen)

Head office phone +49 (0)6151 / 629 086 0
Support phone +49 (0)6151 / 629 086 1
Fax +49 (0)6151 / 54 391
E-mail: info@avanova.de ; support@avanova.de
Web: https://avanova.de/impressum

VAT ID No.: DE 295 883 568.
Commercial Register Court: Darmstadt Local Court
Commercial Register No.: HRB 93500
Shareholders and Managing Directors: Mr. Felix Grau; Mr. Sven Walter

4 What data do we use?

In principle, we only process personal data that we have received from you as part of our contractual or other business relationship.

In addition, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. debtor directories, land registers, commercial and association registers, press, media) and are permitted to process.

Finally, we also work with personal data that we have legitimately received from other third parties (e.g. Schufa), e.g. on the basis of your consent. These are used to execute orders or fulfill contracts.

The following are examples of some of the data that we process in cooperation with our customers, suppliers and employees:

  • Personal details and standard data (name, address, date and place of birth, nationality, RV no., bank details, telephone, fax, e-mail);
  • Identification and authentication data (ID card data, specimen signature);
  • Business data (documentation and consulting protocols, payment order, payment transactions).

5 Legal basis and purpose of data processing

We process personal data only to fulfill contractual obligations, due to legal requirements, for our own advertising purposes and to protect legitimate interests. The lawfulness of the processing is based on the provisions listed under No. 1 (see above), in particular Art. 6 GDPR.

Depending on the type of contract, we process personal data as listed below:

a) Based on your consent (Art. 6 (1) (a) GDPR)

If you have given us your consent to process personal data for specific purposes (e.g. transfer of personnel data to tax consultants as processors within the meaning of Art. 28 GDPR or to financial and social authorities, etc.; evaluation of customer data for internal marketing purposes; transfer of customer data, e.g. to Schufa), this processing is lawful on the basis of your consent.

Consent that has been given can be withdrawn at any time; see Art. 7 (3) GDPR. This also applies to the revocation of declarations of consent that were given to us – such as the SCHUFA declaration – before the GDPR came into force, i.e. before May 25, 2018.

Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

b) For the fulfillment of contractual obligations (Art. 6 para. 1 letter b GDPR)

The processing of personal data takes place e.g.

  • for the implementation of any pre-contractual measures;
  • to conclude, execute or otherwise fulfill our contracts (sales contracts with NOVA customers; contracts for work and services with third parties such as suppliers, etc.);
  • to carry out all necessary activities associated with the sale of our web-based tendering software “NOVA-AVA”, such as the software maintenance contract (SWV) offered by us.

Further details on the purpose of data processing can be found in the respective contractual documents and the terms of use of the Software as a Service (SaaS).

c) Due to legal requirements, for the protection of vital interests or in the public interest (Art. 6 (1) (c), (d), (e) GDPR)

As NOVA, we are also subject to various legal obligations, i.e. statutory requirements that may also be in the public interest:

The processing of personal data may therefore be necessary, for example, to fulfill control and reporting obligations under tax law, for the purpose of fraud and money laundering prevention and/or for identity and age verification; such obligations arise from the German Banking Act, Money Laundering Act and/or various tax laws, among others.

In rare cases, the processing of personal data may also become necessary if vital interests of the data subject or another natural person are to be protected. This would be the case, for example, if a visitor (e.g. customer) were to be injured at our company in Mühltal (In der Mordach 1a, D-64367 Mühltal in Hesse), at one of our trade fair stands or in seminar rooms rented by us and their data (including name, age, health insurance data or other vital information) would then have to be passed on to a doctor, hospital or other third party.

d) As part of the balancing of interests (Art. 6 para. 1 letter f GDPR)

Ultimately, the processing of your personal data may be based on Art. 6 I lit. f GDPR. Processing operations are based on this legal basis if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

According to recital 47 sentence 2 GDPR, an overriding legitimate interest can also be assumed if the data subject is a customer of the controller.

We therefore also process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Examples of this are

  • the further development and marketing of NOVA products and own services;
  • the marketing of products or product parts offered by our contractual partners;
  • the legally permissible documentation of business contacts;
  • Advertising, unless you have objected to the use of your data;
  • Assertion of legal claims and defense in legal disputes;
  • Ensuring the IT security and IT operations of NOVA;
  • Prevention and investigation of criminal offenses;
  • Video surveillance (to the extent permitted by law) is used to collect evidence in the event of criminal offenses. It therefore serves to protect customers and employees and to exercise domiciliary rights;
  • Measures for building security (e.g. access controls);
  • Measures to prevent the unauthorized use of NOVA products;
  • Measures for business management and further development of services and products.

6. how long will my data be stored?

Where necessary, we process and store your personal data for at least the period prescribed by applicable law. The respective statutory retention and documentation obligations serve to fulfill legal requirements; they result, among other things, from the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG) or the German Money Laundering Act (GwG).

However, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally 3 years, but in certain cases can be up to thirty years.

Longer retention periods are possible if operational requirements (e.g. proper administration of customer, supplier and personnel data) or compliance with official orders make this necessary.

As NOVA, for example, we retain most customer data for the duration of the contractual relationship and for a period of eleven years after the end of the contract. This is due to the 10-year limitation period pursuant to Section 199 (3) sentence 1 no. 1 and (4) BGB. In the case of interested parties without subsequent conclusion of a contract, a retention period of six to 14 months applies depending on the intensity of the contract initiation; in special cases up to 3 years (limitation period for claims for damages arising from culpa in contrahendo pursuant to Section 311 (2) BGB in conjunction with Section 195 BGB). § 195 BGB).

7 Who receives my data?

Within NOVA, your data will be received by those departments that need it to fulfill our contractual and legal obligations. External processors employed by us (within the meaning of Art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of credit services, IT services, logistics, printing services, telecommunications, debt collection, tax advice and sales and marketing.

With regard to the transfer of data to recipients outside NOVA, it should first be noted that we are obliged to maintain confidentiality about all customer-related facts and evaluations of which we become aware.

We may only pass on information about you if this is required by law, if you have given your consent or if we are otherwise authorized to do so. Under these conditions, recipients of personal data may be, for example Tax authorities; social security funds and authorities; employment agencies; credit agencies; Schufa; other public bodies and institutions.

8. encryption of personal data (SSL or TLS encryption)

For security reasons and to protect the transmission of confidential content, our company website uses a transmission method based on the SSL protocol (Secure Sockets Layer) or TLS encryption (Transport Layer Security).

These protocols enable encryption of all data traffic between your browser and our servers. This protects your data from manipulation and unauthorized access by third parties during transmission as far as possible.

You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

9. special data protection information on the application and use of data collection, analysis tools and advertising in our online offers

a) Data protection information on the use and application of so-called “cookies”

We have a legitimate interest in making our websites attractive and enabling the use of certain functions as well as making our offer more user-friendly, effective and secure. We therefore use cookies in order to optimize our website and continue to provide it without technical errors.

We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung.

1. description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

2. legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

3. purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.

We need cookies for the following applications:

  1. Simplification of the login process (storage of subdomain, user name if necessary)
  2. If applicable, assignment of a registration to a cooperation partner (affiliate)
  3. Permanent storage of UI settings (here: preferred language)

The user data collected by technically necessary cookies is not used to create user profiles. These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

4. duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies.

You have the option of allowing or blocking the setting of cookies only in individual cases or generally excluding them and deleting cookies that have already been set. In such a case, we must inform you that certain features on our website will no longer work, will not work properly or will only work to a limited extent. If necessary, you can deactivate the storage of cookies in the corresponding settings for “third-party cookies” in your web browser. You can find the settings for the respective common browsers under the following links:

aa) Firefox:
https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

bb) Chrome:
http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

cc) Internet Explorer:
https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

dd) Safari:
https://support.apple.com/kb/ph21411?locale=de_DE

ee) Opera:
http://help.opera.com/Windows/10.20/de/cookies.html

b) Data protection information on the use and utilization of so-called “server log data”

1. description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:

  1. Information about the browser type and version used
  2. The user’s operating system
  3. The user’s internet service provider
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user’s system accesses our website
  7. Websites that are accessed by the user’s system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. legal basis for data processing

The lawfulness of the processing (temporary storage of data and log files) is based on Art. 6 (1) (f) GDPR in order to safeguard our legitimate interest in improving the functionality and stability of our website.

3. purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

4. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

5. possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

c) Registration for the chargeable services

For the provision of chargeable services, such as remote maintenance as part of a software maintenance contract (SWV) for the web-based tendering program NOVA AVA, we request additional data, such as payment details etc., in order to be able to execute your order properly.

1. description and scope of data processing

On our website, we offer users the opportunity to register for the services offered for a fee by providing personal data. The data is entered into an input mask and transmitted to us and stored. The following data is collected as part of the registration process:

  1. Names
  2. Company
  3. Email address

For the same purposes, we also process the data that the user voluntarily provides when registering.
The data is initially used by us to provide the respective user account for our services. They are stored in a central user account of the user and can be viewed, changed and updated there at any time

For billing purposes, we also collect and process the user’s payment data after registration, namely the bank details provided by the user or any other payment and billing data.

2. legal basis for data processing

The legal basis for the processing of data to the aforementioned extent is the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, Art. 6 para. 1 lit. b GDPR.

3. purpose of data processing

User registration is required to fulfill a contract with the user or to carry out pre-contractual measures.
The provision of our services is a continuing obligation that requires registration. User registration is required for the provision of certain content and services on our website.

4. duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures with us if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

5. possibility of objection and removal

As a user, you have the option of canceling your registration at any time. You can have the data stored about you amended at any time. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

d) Sending newsletters via e-mail

If you are offered the option of subscribing to a newsletter on our website and you register for such a newsletter, we process the data collected from you in this context as listed below:

(1) Ordering and shipping

The only mandatory information for sending the newsletter is your e-mail address. We store your e-mail address for the purpose of sending you the newsletter.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a) GDPR.

The provision of further, separately marked data and information is voluntary. They are used for the purpose of addressing you personally and/or personalizing the e-mail newsletter.

(2) Double opt-in procedure

If you register for an email newsletter, the personal data and information you provide and send to us will be collected and stored electronically by us.
No other data is collected. The data will be used exclusively for sending the newsletter and will not be passed on to third parties. The purpose of this processing is initially to carry out the so-called double opt-in procedure, with which you can consent to the regular sending of the e-mail newsletter. This means that after you have submitted your data and information, we will send you an e-mail to the e-mail address you have provided and ask you to confirm in this e-mail that you wish to receive the newsletter. If you do not confirm your registration, your data will be deleted.

After your confirmation, we store your IP address and the time of confirmation. The purpose of this procedure is to prove your registration for the e-mail newsletter and, if necessary, to be able to recognize and prevent any possible misuse of your personal data.

The legal basis for the processing is Art. 6 para. 1 sentence lit. f) GDPR.

(3) Newsletter tracking

We would like to point out that we do not evaluate the behavior of the readers of our e-mail newsletter.

(4) Sending e-mails via Newsletter2Go

To send our newsletter, we use Newsletter2Go, a service provided by “Newsletter2Go GmbH”, based at: Köpenicker Str. 126, D-10179 Berlin.

The email addresses of the recipients of our newsletters, as well as their other data described in this notice, are stored on the servers of Newsletter2Go in data centers in Germany and are subject to the data protection laws applicable there. Newsletter2Go uses this information to send and analyze the newsletter on our behalf. Furthermore, Newsletter2Go may use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter.

However, Newsletter2Go does not use the data of the recipients of our newsletters to write to them itself or pass the data on to third parties.

You can find out more about data protection at Newsletter2Go at the following link:
https://newsletter2go.de/hilfe/sicherheit-und-datenschutz.

(5) Duration of storage

The data collected during registration (e-mail address and voluntary information) will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case if you unsubscribe from the newsletter or withdraw your consent.

After you unsubscribe or withdraw your consent, we store your data purely statistically and anonymously.

(6) Revocation

You can revoke your consent to the transmission of the newsletter at any time and thus unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter or by sending an e-mail to info@avanova.de.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

e) Contact form and e-mail contact

There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. The following data is also stored when the message is sent: The user’s IP address and the date and time of registration. Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

(1) Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

(2) Purposes of data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

(3) Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of thirty days at the latest.

(4) Possibility of objection and removal

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

f) Data protection information on the application and use of Google Maps / Google Earth

Our website uses the online map service “Google Maps API” for the interactive presentation of NOVA’s company headquarters, to make it easy to find our company location and to show directions to and from the company address (In der Mordach 1a, D-64367 Mühltal in Hesse).

The lawfulness of the processing is based on Art. 6 para. 1 lit. f GDPR to protect our legitimate interests.

The online map services are operated by the US company “Google LLC” based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, California, USA.

By using these interactive maps, information about the use of the NOVA website, including your IP address, is transmitted to Google servers in the USA and stored there.

Although Google undertakes not to pass on any information to third parties as part of its own data protection declaration, it does make certain exceptions to this. The data collected in this way may therefore be transferred to third parties if this is required by law in the USA or if third parties process the data on behalf of Google.

The additional terms of use for Google Maps and Google Earth can be found here:
https://www.google.com/intl/de_US/help/terms_maps.html

The privacy policy of Google Inc. can be found here:
http://www.google.com/policies/privacy/

You have the option of switching off the online map service and preventing data transmission to Google. To do this, deactivate Java Script in your browser. In this case, you will no longer be able to use the corresponding services (route planner etc.) and possibly other services/functions.

g) Data protection information on the deployment and use of YouTube

On our website, we use the “social bookmark” of the social video portal YouTube, a subsidiary of Google LLC. This is only a link and not a so-called “social plugin”.

If you do not use the button, no information will be transmitted to YouTube and no YouTube cookie will be placed on your computer.

As soon as you click on the button without being logged in to YouTube, the following YouTube login form opens in a new window:
https://www.youtube.com/channel/UCITQsWaboXVyQWlhlK-smIA

At the same time, YouTube places cookies on your hard disk. If you click the button as a YouTube user who is already logged in, YouTube can assign the visit to your YouTube account.

Information about NOVA BUILDING IT GmbH via the online video portal YouTube is provided in the interest of an appealing presentation of our online offers. This constitutes a “legitimate interest” within the meaning of Art. 6 para. 1 lit. f GDPR.

Pages within YouTube are operated exclusively by the company “YouTube LLC” based at: 901 Cherry Ave, San Bruno, CA 94066, California, USA.

Which data YouTube collects on its pages is therefore beyond our knowledge and sphere of influence. General information on this can be found in the privacy policy of YouTube’s parent company, which can be found at
https://policies.google.com/privacy/update?hl=de&gl=de

h) Data protection information on the use and application of Instagram

We use the “social bookmark” of the social network Instagram on our website. This is only a link and not a so-called “social plugin”.

If you do not use the button, no information will be transmitted to Instagram and no Instagram cookie will be placed on your computer.

As soon as you click on the button without being logged in to Instagram, the following Instagram login form opens in a new window:
https://www.instagram.com/avanova_de/

At the same time, Instagram places cookies on your hard disk. If you click the button as an Instagram user who is already logged in, Instagram can assign the visit to your Instagram account.

Information about NOVA BUILDING IT GmbH via the social network Instagram is provided in the interest of an appealing presentation of our online offers. This constitutes a “legitimate interest” within the meaning of Art. 6 para. 1 lit. f GDPR.

Pages within Instagram are operated exclusively by the company “Instagram LLC” based in: 1601 Willow Road, Menlo Park, CA 94025, California, USA.

Which data Instagram collects on its pages is therefore beyond our knowledge and sphere of influence. General information on this can be found in Instagram’s privacy policy, which can be found at
https://help.instagram.com/519522125107875?helpref=page_content

i) Data protection information on the application and use of Facebook

We use the “social bookmark” of the social network Facebook on our website. This is only a link and not a so-called “social plugin”.

If you do not use the button, no information will be transmitted to Facebook and no Facebook cookie will be placed on your computer.

As soon as you click on the button without being logged in to Facebook, the following Facebook login form opens in a new window:
https://www.facebook.com/avanova.de/

At the same time, Facebook places cookies on your hard disk. If you click the button as a Facebook user who is already logged in, Facebook can assign the visit to your Facebook account.

Information about NOVA BUILDING IT GmbH via the social network Facebook is provided in the interest of an appealing presentation of our online offers. This constitutes a “legitimate interest” within the meaning of Art. 6 para. 1 lit. f GDPR.

Pages within Facebook are operated exclusively by the company “Facebook Inc.” based in: 1601 S. California Ave, Palo Alto, CA 94304, California, USA.

What data Facebook collects on its pages is therefore beyond our knowledge and sphere of influence. General information on this can be found in Facebook’s privacy policy, which can be found at
https://www.facebook.com/about/privacy

j) Data protection information on the application and use of Twitter

We use the “social bookmark” of the online short message service Twitter on our website. This is only a link and not a so-called “social plugin”.

If you do not use the button, no information will be transmitted to Twitter and no Twitter cookie will be placed on your computer.

As soon as you click on the button without being logged in to Twitter, the following Twitter login form opens in a new window:
https://twitter.com/avanova_de

At the same time, Twitter places cookies on your hard disk. If you click the button as a Twitter user who is already logged in, Twitter can assign the visit to your Twitter account.

Information about NOVA BUILDING IT GmbH, which is distributed via the short message service Twitter, is done in the interest of an appealing presentation of our online offers. This constitutes a “legitimate interest” within the meaning of Art. 6 para. 1 lit. f GDPR.

Pages within Twitter are operated exclusively by the company “Twitter Inc.” based in: 1355 Market Street, Suite 900, San Francisco, CA 94103, California, USA.

What data Twitter collects on its pages is therefore beyond our knowledge and sphere of influence. You can find general information on this in Twitter’s privacy policy, which can be found at
https://twitter.com/de/privacy#update

k) Matamo (formerly: Piwik)

We use the open source web analysis service Matomo (https://matomo.org/) on our website.

Matomo also uses cookies. These are text files that are stored on your computer and enable your use of the website to be analyzed. For this purpose, the information generated by the cookies about the use of this website is stored on our server. The IP address is anonymized before it is saved.

Matomo cookies remain on your end device until you delete them. Matomo cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behaviour in order to optimize both its website and its advertising.

The information generated by the cookies about the use of this website is not passed on to third parties. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

If you do not agree with the storage and use of your data, you can deactivate or adjust the storage and use under the following link:
https://matomo.org/docs/privacy/

In this case, an opt-out cookie is stored in your browser that prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again.

Further information on Matamo can be found at the following link:
https://www.datenschutzzentrum.de/uploads/projekte/verbraucherdatenschutz/20110315-webanalyse-piwik.pdf

l) Other links to external providers

Insofar as there are links to websites of other providers, this data protection declaration also does not apply to their content. NOVA has no knowledge of and no influence over what data the operators of external websites may collect. You may receive information in the data protection notices of the respective websites.

10. data protection for applications and in the application process

We collect and process personal data from applicants for the purpose of handling the application process.

Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by e-mail. In this case, we reserve the right to offer the option on our website of sending us an application by e-mail by clicking on a corresponding e-mail address listed there.

If an employment contract is concluded with an applicant, we store the data transmitted to us for the purpose of processing the employment relationship in compliance with the statutory provisions.

However, if no employment contract is concluded with the applicant, the application documents will be automatically deleted seven months after notification of the rejection decision, provided that we have no other legitimate interest in deleting them. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

11. rights of data subjects (Art. 12 ff. GDPR)

Your rights as a “data subject” are comprehensively guaranteed by NOVA. To this end, you are entitled to the following rights with regard to your stored personal data, which you can assert against us.

To exercise these rights, please refer to the following section (“Exercising the rights of data subjects”)

a) Right to information (Art. 15 GDPR)

In principle, you have the right to request confirmation from us as to whether personal data concerning you is being processed. However, this right to information is subject to certain restrictions in accordance with Section 34 BDSG.

b) Right to rectification (Art. 16 GDPR)

If you believe that your personal data is incorrect or incomplete, you can request that this data be amended accordingly.

c) Right to erasure (Art. 17 GDPR)

You can request that your personal data be deleted (immediately), insofar as this is permitted under applicable law. Restrictions are provided for in § 35 BDSG.

d) Right to restriction of processing (Art. 18 GDPR)

Every data subject has the right to restrict the processing of their data (under the further conditions of Art. 18 (1) GDPR).

e) Right to data portability (Art. 20 GDPR)

As far as legally possible, you can reclaim the personal data provided to us or have it transferred to a third party if this is technically feasible.

f) Right of revocation (Art. 7 para. 3 GDPR)

You have the right to withdraw your consent to the collection of data at any time. This right applies with effect for the future; the data collected until the revocation becomes legally effective remains unaffected by this.

g) Right to object (Art. 21 GDPR)

aa) Right to object on a case-by-case basis

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based, for example, on Article 6(1)(f) GDPR (“data processing on the basis of a balancing of interests”); this also applies to profiling based on this provision (within the meaning of Article 4(4) GDPR), which we use, for example, for advertising purposes.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. This also applies to profiling based on these provisions.

bb) Right to object to the processing of data for direct marketing purposes

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising or market and opinion research; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes; the data must then be blocked for these purposes.

h) Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The addresses of the respective supervisory authorities can be found in the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The supervisory authority responsible for us is

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Tel: 0611 – 1408 0
Fax: 0611 – 1408 611
Mail: poststelle@datenschutz.hessen.de
Web: https://datenschutz.hessen.de/impressum

12. exercise of the rights of data subjects

In order to assert your rights listed in No. 11, please contact us in writing or by e-mail at:
NOVA BUILDING IT GmbH
In der Mordach 1a
D-64367 Mühltal (Hessen)
E-mail: info@avanova.de

Please understand that we will need to verify your identity before providing any information. For this purpose, please enclose a (scanned) copy of your identity card (front and back) or a corresponding official ID or passport.

13. other

This privacy policy will be updated from time to time in light of the ongoing harmonization of data protection law throughout Europe and the further development of our web content. The date of the last update can be found at the beginning of this statement. The current version is always available online; you can find it under the following link:
https://avanova.de/datenschutz