Nanoscribe GmbH & Co. KG
On this website we provide information pursuant to the EU's General Data Protection Guideline (GDPR) for all data processing undertaken by Nanoscribe GmbH & Co. KG (hereinafter: NANOSCRIBE).
In accordance with Article 4 (7) of the GDPR, Nanoscribe GmbH & Co. KG, Hermann-von-Helmholtz Platz 6, 76344 Eggenstein-Leopoldshafen, Phone: +49 (0)721 981 980-0, email firstname.lastname@example.org, is the data controller. Please direct questions regarding our processing of your personal data, or about privacy in general, to our data protection officer:
Mr. Steven Bösel
I. Definition of Personal Data
Personal data refers to any information related to an identified or identifiable natural person. This includes information such as your name, your (professional) contact information, your phone number, email address, as well as your relationship with a company and your interactions/activities with us.
When using our website, the processed data may include information about how you use our website. This includes, for example, connectivity information, or the sources you accessed. This information is generally gathered through log files and cookies.
In the context of job applications, the following personal data is included and processed, your name, your (professional and private) contact information, your address, hobbies, or information about illness and tax status (including religious affiliation) as well as your resume including your photo, potential information about your health, or other private information.
II. Privacy Notice for NANOSCRIBE Websites
In the following paragraphs, NANOSCRIBE, as the operator of the above-mentioned websites, provide you with an overview of how we ensure the protection of your personal data on our websites and online contact forms, which data we process, as well as the purposes and extent of processing.
1. Data Processing - The Features of Our Website
When our website is accessed, general information is automatically collected. This information is stored in so-called log files or cookies and contains the type of web browser used, the operating system, the access URL, the time of access, and the IP address. These data are not stored along with other personal data relating to the user.
This information is technically necessary to correctly deliver the websites' contents requested by you and are also essential for Internet use. For the temporary storage of data and log files, Article 6 (1) (1f) of the GDPR serves as the legal basis. The system's temporary storage of the IP address for the duration of the session is necessary to enable a proper displaying of the website on the user's computer. Furthermore, these data serve the optimization of the website and to ensure the security of our information technology system. These purposes also constitute our legitimate interest in data processing according to Paragraph 1 (1) (f) of the GDPR. In this context, the data are not used for marketing purposes.
The collection of data for the purposes of making the website available and the storage of data in log files is essential for the operation of the website. Therefore, users do not have the option to object.
The data will be erased as soon as they are no longer required for the purpose of its initial collection. The data for proper displaying of the website will be erased when the respective session ends. Data stored in log files or cookies will be erased after no later than seven days.
If you use services offered on our website, we may collect additional personal data about you. We acquire and process these data as required for the services requested by you. Further, you may also voluntarily save additional personal data. In the following paragraphs, we describe the legal basis according to the individually listed features and services. Your data will be treated confidentially and deleted or blocked in accordance with the legal guidelines.
If you send us a request via email, we collect the data you have provided to process your request and to fulfill your expressed wishes. In both cases, Article 6 (1) (1f) of the GDPR serves as the legal basis.
No additional processing of your data will be conducted by us or third parties beyond this purpose, with the exception of the following usage, unless legal permission exists, or you have given your consent.
If you provide us with your contact information in the context of a contract conclusion or by registering via our customer portal, please note the privacy notice described under III.
2. Safety Notes
We use technical and operational safety measures on our websites to protect the personal data we store against misuse by third parties, loss, or abuse and to ensure safe data transfer.
We are required to note that the makeup of the Internet makes unwanted access by third parties possible. For this reason, it is also within your scope of responsibility to protect your data against abuse through encryption or using other means. Without protective measures of this kind, third parties may be able to access data that were transferred without encryption, also via email. The websites operated by us are exclusively provided via an encrypted connection.
You can choose whether you wish to allow the placement of cookies. You can make the corresponding changes in your browser settings. In general, you can choose to accept cookies, to be informed about the placement of cookies, or to reject all cookies. If you choose the last option, you may not be able to use all features of our website. We will provide further information about the cookies we use and the connected data processing procedures in our discussion of the individual features and services below. In the following paragraphs, we will provide an overview of the features and services for which cookies are used on this website.
4. The Creation of User Statistics Using Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored in accordance with Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Demographic data collection by Google Analytics
This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".
Google Tag Manager
5. The Generation of User Data Using Typo3
NANOSCRIBE makes the website available to users by means of the Content Management System (CMS) Typo3. To ensure that the CMS functions properly, personal form data are stored, which are entered by the users, for example for initiating contact. In addition, users can register in the CMS by entering additional personal data, in order to access other documents or other content. The CMS then saves the IP address of the user's last login. Nanoscribe processes the data to provide improved services and for marketing purposes. These data are not shared with third parties.
6. The Use of Google Remarketing
We use GoogleAdwords to draw attention to our offers on third-party websites using advertising (so-called Google ads). These ads are delivered by Google via so-called "Ad Servers." In this context, Ad Server cookies are used, which facilitate the analysis of performance parameters, such as Ad impressions, clicks, and conversions. This enables us to determine how successful individual marketing measures are by analyzing the data generated in the context of marketing campaigns. If you arrived on our website via a Google ad, Google Adwords stores a cookie on your device. These cookies typically expire after 30 days and do not serve the purpose of identifying you. Typically, the following analysis values are stored for this cookie:
- Unique Cookie ID
- Number of ad impressions per placement (frequency)
- Last impression (relevant for post-view conversions)
- Opt-out information (indicator that the user no longer wants to be contacted)
The cookies enable Google to recognize your web browser. When a user visits certain web pages of an Adwords client and the cookie stored on his or her computer is not yet expired, Google and the client can recognize that the user clicked on the ad and was referred to this site. Every Adwords customer is assigned a different cookie. Cookies can therefore not be tracked through the websites of Adwords customers. We do not collect or process personal data through the named marketing measures. We only receive statistical analyses from Google. Based on these analyses, we are able to see which of the advertising measures used are particularly effective. We do not receive additional data from the use of advertising measures; in particular, we are not able to identify users based on these data. Article 6 (1) (1a & f) of the GDPR serve as the legal basis for processing of your data.
Due to the deployed marketing tools, your browser automatically establishes a direct connection with the Google server. Please note that Google may process data outside of the European Union. Google has committed to complying with EU-US Privacy Shield, https://www.privacyshield.gov/. Furthermore, we have no influence on the extent and further usage of the data, which Google collects through the use of this tool, and therefore we inform you based on our level of knowledge:
By integrating "tracking tools", Google obtains the information that you opened one of the pages on our website, or clicked on one of our ads. If you are registered with a Google service, Google is able to associate the access to your account. Even if you are not registered with Google, or not logged in, there exists the possibility that the provider obtains and saves your IP address. Based on the company's remarketing technology, users who previously visited our website and online services and were interested in our offers are once again adressed through targeted advertising on the pages of the Google partner network. Find more information about privacy here: http://www.google.com/intl/de/policies/privacy/ and https://services.google.com/sitestats/de.html
We also use the application Google Remarketing. This involves retargeting to deliver interest-based advertising: By using this application, our ads can be displayed on other websites after you visited ours. This is achieved using cookies stored in your browser, through which Google records and evaluates your user behavior when you visit various websites. This enables Google to recognize your previous visits to our website. According to Google, the data collected in the context of retargeting will not be joined with your personal data, which may be stored by Google. Google states in particular, that it assigns pseudonyms for retargeting.
7. The Use of Google Web Fonts
This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
8. The use of Google Invisible reCAPTCHA
We use the service Invisible reCAPTCHA of Google, Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; “Google”) on our website.
This serves to distinguish entries made by a person from those made by automated machine processes. Operating in the background, Google collects, and analyses use data that are used by Invisible reCAPTCHA to distinguish between genuine users and bots. This is done by transferring your entry to Google and making further use of it there. In addition, the IP address and any other data Google requires for the service Invisible reCAPTCHA are transferred to Google. These data are processed by Google within the European Union and, under certain circumstances, in the USA as well. Google has obtained certification pursuant to the US-EU data protection treaty “Privacy Shield” and is consequently obligated to comply with European data protection regulations. Processing is based on point (f) of Art. 6 (1) GDPR in pursuit of our legitimate interest in protecting our website from automated espionage, misuse and spam. You will find details about Google reCAPTCHA and the related privacy statement at https://www.google.com/recaptcha/intro/android.html and https://www.google.com/intl/de/policies/privacy/.
9. The use of Google Maps
This page uses Google Maps through an API. This service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Your IP address must be stored to use Google Maps functions. This information is typically transmitted to a Google server in the USA, where it is then stored. The provider of this website has no control over this data transmission.
10. Social Media
a) Embedding of YouTube Videos
We embedded YouTube videos into some of our websites, which are stored on www.youtube.com and can be streamed directly via our website. These videos are embedded in "extended privacy mode," which means that no data about you as the user are transmitted to YouTube if you do not stream the videos. The following data are only transmitted when you stream the videos. We do not have any control over this data transfer.
By streaming the embedded videos, YouTube obtains the information that you accessed the corresponding page of our website; furthermore, additional data may be transferred to YouTube unbeknownst to us. This may occur independently of whether YouTube provides a user account through which you are logged in, or if no user account exists. If you are logged into YouTube, the data will be directly associated with your account. If you do not desire the association of your YouTube profile, you are required to log out before activating the button. YouTube saves your data as utilization profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. This type of analysis can result in the delivery of needs-based advertising (even for users that are not logged in) and in order to inform other YouTube users about your activity on our website. You have the right to object against the creation of these user profiles, although you must contact YouTube to exercise this right.
b) Embedding of Vimeo Videos
Some videos on our website are embedded by the video portal Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Every time a page that offers one or many Vimeo video clips is called up, a direct connection is created between your browser and a Vimeo server in the USA. Information about your visit and your computer’s IP address is stored there. Your interaction with the Vimeo player (e.g. clicking the Start button) is also transmitted to Vimeo and stored.
The iframe that opens when a Vimeo video is clicked also launches the tracking service Google Analytics. We have no control over this analysis and no access to the collected data. You can prevent Google Analytics from tracking your activity by using deactivation tools that Google provides for certain browsers. You can also download and install a browser plugin that will prevent Google collecting and analyzing your activity on the Arsenal website and of your personal data (incl. your computer’s IP address) by clicking here: http://tools.google.com/dlpage/gaoptout?hl=en.
Our website provides the option of subscribing to our free newsletter to receive up-to-date information about product innovations as well as other information related with our products and applications. The data entered into the input mask to register for the newsletter are transmitted to us. The legal basis for data processing after a user subscribes to the newsletter is Article 6 (1a) GDPR if user consent is obtained.
In addition to the data from the input mask, the following data are collected upon subscription:
- The IP address of the computer from which access occurs
- Date and time of registration
For the distribution of a newsletter after the sale of products or services, § 7 (3) of Germany's law against unfair competition serves as the legal basis. The newsletter is distributed by the email marketing provider Rapid Mail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany. Information about the email marketing provider's data protection guidelines can be accessed at: www.rapidmail.de/datenschutz. Based on this, the user's email address and data are stored as long as the newsletter subscription remains active. The user can unsubscribe from our newsletter at any time. A link to unsubscribe can be found in each newsletter.
12. Contact Form and Registration
On our website, users have the option to register with personal data. The data are entered into an input mask and then transmitted to us and stored. The data are not shared with third parties. The same personal data are collected as in the context of newsletter subscription (see Section 8). The legal basis for data processing is Article 6 (1a) GDPR if user consent is obtained. As a user, you have the option of terminating your registration at any time. The data stored about you can be changed at any time.
The processing of personal data from the input mask are solely used for processing contact initiation. If contact is initiated via email, it constitutes the required legitimate interest for processing the data. The other personal data processed upon sending serve the prevention of misuse of the form and to ensure the security of our information technology systems.
The data will be erased as soon as they are no longer required for the purpose of their initial collection. For personal data entered via input mask of the contact form or sent via email, this is the case once the respective conversation with a user is concluded. The user may withdraw his or her consent to the processing of personal data at any time. If the user contacts us via email, he or she may object to the storage of his or her personal data at any time. In this case, it is not possible to continue the conversation
13. Use of External Links
Our websites contain links to other websites by other providers. NANOSCRIBE is not responsible for the privacy policies or contents of these other websites.
14. Use of Cloudflare
For the domains of Nanoscribe GmbH we use the service Cloudflare, which is provided by the company Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) in order to operate our website more securely and faster.
a) Cloudflare provides the following services and functions
Nanoscribe GmbH primarily uses the Content Delivery Network (CDN) of the service provider. A CDN is a network of worldwide distributed servers which are responsible for ensuring that the Nanoscribe website is displayed on your monitor as quickly as possible. For this purpose, Cloudflare makes copies of our website and stores them on its own servers. Each time a Nanoscribe domain is accessed, Cloudflare's CDN uses a load distribution system to ensure that the contents of our website requested by you are delivered by the server that can deliver the information the fastest. Therefore, the content of our website is not necessarily or exclusively delivered to you from our own web server, but from servers all over the world. Besides the fast delivery of websites Cloudflare also offers various security services, such as the DoS protection or the Web Application Firewall.
b) Why we use Cloudflare on our website
Cloudflare helps us to make our website faster and more secure. Besides the CDN, Cloudflare offers web optimizations as well as security services, such as a Denial of Service protection (DoS protection) and a web firewall. Through appropriate web optimizations and the distribution over the CDN, the requested contents are displayed faster. The average loading time of our website is significantly reduced by this measure.
c) These data are stored by Cloudflare
In addition to the information processed on the Nanoscribe domains, Cloudflare may collect information about the use of our website.
Typically, Cloudflare processes the following data:
- Contact information
- IP addresses
- DNS protocol data
- Performance data for websites derived from browser activity
Cloudflare uses the log data to analyze new security threats and to improve services. Cloudflare processes this data within the framework of the services in compliance with the applicable laws, especially the basic data protection regulation (GDPR).
For security reasons Cloudflare also uses a cookie to identify individual users sharing one IP address. Through the identification it is possible to apply specific security settings for each individual user. The cookie contains no personal data and is strictly necessary for Cloudflare's security functions. It cannot be deactivated.
d) Storage location and duration
The information is stored mainly in the USA and the European Economic Area (EEA). Cloudflare can transfer the above described information from all servers of the Content Delivery Network and process the data. Typically, Cloudflare stores data for less than 24 hours. In the case of Nanoscribe GmbH the Cloudflare logs have been activated, therefore the data can be stored up to 7 days. However, if IP addresses trigger security warnings at Cloudflare, exceptions to the above-mentioned storage period may occur. The data will then be stored until the situation is clarified.
e) How can I delete my data or prevent data storage?
The storage of the logs is strictly purpose bound. If log data is no longer required, it is deleted as soon as possible. This usually happens after 24 hours. Cloudflare usually does not store personal data. In exceptional cases, such as security warnings in connection with your IP address, these may be stored. In addition, there is information that Cloudflare stores for an indefinite period as part of permanent protocols. This improves the overall performance of Cloudflare and helps to detect possible security risks at an early stage. You can see which data is involved here.
All permanently stored data and protocols are anonymised and can then no longer be assigned to a natural person. You can prevent the entire collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by integrating a script blocker into your browser.
Cloudflare is an active participant in the EU-U.S. Privacy Shield Framework which ensures the correct and secure data transfer of personal data. You can find more information about this here. Information on data protection at Cloudflare can be found at this webpage.
III. Privacy Notice for NANOSCRIBE Customers and Interested Parties
1. Extent and Purposes of Personal Data Processing
a) Contract Performance
NANOSCRIBE processes data we received in the context of your requests or existing contractual relationships. In addition to your business contact information, this particularly includes all exchanged information, such as emails, orders, wishes regarding our products, payment information. For existing business relationships, you are required to provide the personal data necessary for the preparation or performance of the contracts, or data we are legally obligated to process; otherwise, we are unable to perform the contracts.
NANOSCRIBE processes the data provided in the context of order fulfillment and potentially deploys specialized service providers for the performance of the contract. Data processing in the context of contract performance includes the use of the data for the provision of contractually owed services, including the provision of services in the context of service agreements, or the processing of potential warranty claims. Furthermore, in the context of a request for financing, the data required for tendering are used by NANOSCRIBE and are forwarded to the contracting parties, if necessary. Additional details about the purposes depend on the respective contract documents. Article 6 (1) (1b) GDPR serves as the legal basis for the processing of these data.
b) Address and Credit Checks
In rare cases, NANOSCRIBE may request your address and credit information from the databases of credit agencies, including information determined based on mathematical/statistical methods (scoring). This occurs if NANOSCRIBE takes a financial risk by entering a contract and uses the credit check to safeguard against financial loss. For the data processing discussed in this context, Article 6 (1) (1f) of the GDPR serves as the legal basis.
c) Data Usage for Advertising Purposes by NANOSCRIBE
NANOSCRIBE uses your phone number for advertising purposes, if your consent was obtained, or the prerequisites for probable consent - for example, in the context of an existing business relationship or after prior contact - exist. Furthermore, NANOSCRIBE uses the email address obtained from contacts in the context of contract conclusions, in order to market similar offers, or for surveys using external platforms specialized for this purpose. Of course, you have the right to object being contacted for such advertising purposes. We provide separate information about the right to object to advertisement.
To achieve advertising goals, the data are processed for the life cycle of our products and your characteristics as a customer or interested party. Exceptions apply if longer use is permitted through consent and/or data are subject to legal retention requirements. In the latter case, the data are deleted after the retention period expires. Exercising your right to object, about which we inform you under V., may lead to a shorter processing period.
For commercial use, Article 6 (1) (1f) of the GDPR serves as the legal basis, or if your consent is obtained, Article 6 (1) (1a) of the GDPR. Below, we provide information about your rights regarding commercial use, particularly the right to object to data processing for advertising purposes.
d) Processing of Personal Data due to Legal Requirements
As every company in Europe, NANOSCRIBE is subject to various legal obligations to examine the data of our customers and business partners. In these cases, we only process your personal data if processing is necessary for meeting the legal requirements. Meeting the legal requirements may necessitate the partially automated processing of your data with the goal of evaluating personal aspects (profiling). Unless you are expressly informed, automatic case-by-case decisions are made. Article 6 (1) (1c) of the GDPR serves as the legal basis in conjunction with the respectively relevant legal provisions.
These legal requirements particularly pertain to:
- Fraud and money laundering prevention
- Monitoring and reporting requirements according to tax law
- Risk assessment and management in the corporation
- Sanctions lists.
2. Data Sharing Within the NANOSCRIBE Group
NANOSCRIBE may share your customer master data (company name, contact person, address and contact information, such as phone number and email address) with other companies in the NANOSCRIBE group and potentially update them to ensure that all NANOSCRIBE companies involved in a process with you (e.g. performance of a contract) have access to uniform data about you. This serves the simplification of our processes and free you from providing your customer master data again if you contact a different company in the group. For this processing of data, Article 6 (1) (1b or f) of the GDPR serves as the legal basis.
In addition to the customer master data, other data may also be shared with other NANOSCRIBE companies, if this is required for the fulfillment of contractually owed services. Article 6 (1) (1b) of the GDPR serves as the legal basis.
IV. Privacy Information for NANOSCRIBE Applicants
If you apply to NANOSCRIBE, the following policies regarding data processing are effective. We will provide separate information about data processing after hiring if a contract is concluded.
1. Extent and Purposes of Personal Data Processing
a) Internal Data Processing for Application Reviews
We process the data you provided in the context of your application for reviewing your application and qualifications for the advertised position. We retain your data exclusively in our own data center in Germany. If you consented during the application process, we check during the hiring process, whether you are qualified for other positions than the one you named in your application. We may commission specialized service providers for the review of your application. Applications qualified for a position are transferred from human resources to the respective specialized department or national subsidiary for further review. The extensive evaluation of your application requires your resume, as well as diplomas or relevant proof. Additional information, as well as a picture, may be provided voluntarily.
We delete your application information 3 months after the hiring process is concluded, i.e. after the position is filled, if you do not wish to be added to our applicant pool (see 3). Article 6 (1) (1b) of the GDPR serves as the basis for the processing of these data.
If you are younger than 18 years of age, we need the consent of your parent or guardian to conclude a contract with you. The extended retention of your application data (e.g. for a future internship) will only occur with your consent and the consent of your parent or guardian, as noted in the templates.
b) Retaining Your Application in Our Applicant Pool
If you submit a speculative application, we will retain your application in our applicant pool. Simply state in your application that you are submitting a speculative application. This enables us to contact you, if a position opens up for which you are qualified.
If you consent, we retain your data for no more than 5 years, after which we delete your data, if you do not desire further storage. Art. 6 (1) (1a) of the GDPR serves as the legal basis.
V. Your Rights as a Data Subject
You, as a data subject, have several rights. Please contact us using the above-mentioned contact information to exercise your rights. Every data subject has the following rights:
- Right of access (Article 15 GDPR)
- The right to rectification of inaccurate personal data (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Artile 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR).
You may object to the processing of personal data for advertising purposes, including the analysis of customer data or transfer to third parties for advertising purposes at any time and without providing any reasons.
Furthermore, any data subject has a general right to object data processing (compare Article 21  GDPR). In this case, reasons for objecting data processing must be provided. If data processing occurs with consent, you may withdraw your consent at any time with future effect by writing an email to email@example.com. The revocation of consent does not affect the legality of processing conducted based on consent until the revocation has been affected.