Privacy Policy

Nanoscribe GmbH & Co. KG

On this website we provide information pursuant to the EU's General Data Protection Regulation (GDPR) for all data processing undertaken by Nanoscribe GmbH & Co. KG (hereinafter: NANOSCRIBE).

In accordance with Article 4 (7) of the GDPR, Nanoscribe GmbH & Co. KG, Hermann-von-Helmholtz Platz 6, 76344 Eggenstein-Leopoldshafen, Phone: +49 (0)721 981 980-0, email info@nanoscribe.com, is the data controller. Please direct questions regarding our processing of your personal data, or about privacy in general, to our external data protection officer:

ENSECUR GmbH
Mr. Steven Bösel
Kaiserstraße 86
76133 Karlsruhe

Germany
E-Mail: dsb-nanoscribe@ensecur.de

I. Definition of Personal Data

Personal data refers to any information related to an identified or identifiable natural person. This includes information such as your name, your (professional) contact information, your phone number, email address, as well as your relationship with a company and your interactions/activities with us.

When using our website, the processed data may include information about how you use our website. This includes, for example, connectivity information, or the sources you accessed. This information is generally gathered through log files and cookies.

In the context of job applications, the following personal data is included and processed, your name, your (professional and private) contact information, your address, hobbies, or information about illness and tax status (including religious affiliation) as well as your resume including your photo, potential information about your health, or other private information.

II. Privacy Notice for NANOSCRIBE Websites

The privacy notice applies to the following websites: https://www.nanoscribe.com

In the following paragraphs, NANOSCRIBE, as the operator of the above-mentioned websites, provide you with an overview of how we ensure the protection of your personal data on our websites and online contact forms, which data we process, as well as the purposes and extent of processing.

1. Data processing - the features of our website

When our website is accessed, general information is automatically collected. This information is stored in so-called log files or cookies and contains the type of web browser used, the operating system, the access URL, the time of access, and the IP address. These data are not stored along with other personal data relating to the user.

This information is technically necessary to correctly deliver the websites' contents requested by you and are also essential for Internet use. For the temporary storage of data and log files, Article 6 (1) (1f) of the GDPR serves as the legal basis. The system's temporary storage of the IP address for the duration of the session is necessary to enable a proper displaying of the website on the user's computer. Furthermore, these data serve the optimization of the website and to ensure the security of our information technology system. These purposes also constitute our legitimate interest in data processing according to Paragraph 1 (1) (f) of the GDPR. In this context, the data are not used for marketing purposes.

The collection of data for the purposes of making the website available and the storage of data in log files is essential for the operation of the website. Therefore, users do not have the option to object.

The data will be erased as soon as they are no longer required for the purpose of its initial collection. The data for proper displaying of the website will be erased when the respective session ends. Data stored in log files or cookies will be erased after no later than seven days.

If you use services offered on our website, we may collect additional personal data about you. We acquire and process these data as required for the services requested by you. Further, you may also voluntarily save additional personal data. In the following paragraphs, we describe the legal basis according to the individually listed features and services. Your data will be treated confidentially and deleted or blocked in accordance with the legal guidelines.

If you send us a request via email, we collect the data you have provided to process your request and to fulfill your expressed wishes. In both cases, Article 6 (1) (1f) of the GDPR serves as the legal basis.

No additional processing of your data will be conducted by us or third parties beyond this purpose, with the exception of the following usage, unless legal permission exists, or you have given your consent.
If you provide us with your contact information in the context of a contract conclusion or by registering via our customer portal, please note the privacy notice described under III.

2. Safety notes

We use technical and operational safety measures on our websites to protect the personal data we store against misuse by third parties, loss, or abuse and to ensure safe data transfer.

We are required to note that the makeup of the Internet makes unwanted access by third parties possible. For this reason, it is also within your scope of responsibility to protect your data against abuse through encryption or using other means. Without protective measures of this kind, third parties may be able to access data that were transferred without encryption, also via email. The websites operated by us are exclusively provided via an encrypted connection.

3. Use of cookies

Our website uses cookies. Cookies are text files that are stored in or by the browser on the user's computer. The cookie contains a unique character string that enables the clear identification of the browser when the website is re-opened.

On the one hand, the use of cookies serves the display of the website. On the other hand, we use a variety of cookies to continuously improve our services for you and to enable the optimum operation of our website. The information collected using these cookies is statistically analyzed.

You can choose whether you wish to allow the placement of cookies. You can make the corresponding changes in your browser settings. In general, you can choose to accept cookies, to be informed about the placement of cookies, or to reject all cookies. If you choose the last option, you may not be able to use all features of our website. We will provide further information about the cookies we use and the connected data processing procedures in our discussion of the individual features and services below. In the following paragraphs, we will provide an overview of the features and services for which cookies are used on this website.

4. Google Analytics

This website temporarily uses Google Analytics alongside the services of eTracker in order to evaluate the performance of eTracker. After a test phase of several months, Google Analytics is expected to be switched off. Until then, the following applies.

Google is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored in accordance with Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
For more information about how Google Analytics handles user data, see Google's privacy policy: support.google.com/analytics/answer/6004245.

Demographic data collection by Google Analytics
This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".

Google Tag Manager
This website uses Google Tag Manager, which is a tag management system for managing JavaScript and HTML tags used to monitor websites. Tags are small code elements designed to measure traffic and visitor behavior on websites, especially to understand the effect of campaigns, online advertising and social channels and to test and optimize websites. The Google Tag Manager does not use or set cookies and no personal data is stored.

5. eTracker analytics

We use the services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. We do not use cookies for web analysis by default. Cookies are small text files that are stored by the Internet browser on the user's end device.
If we use analysis and optimization cookies, we will obtain your explicit consent separately in advance. If this is the case and you give your consent, cookies are used to enable a statistical analysis of the reach of this website, to measure the success of our online marketing measures and test procedures, e.g. to test and optimize different versions of our online offering or its components. etracker cookies do not contain any information that enables a user to be identified. The data generated with etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and has been awarded the ePrivacyseal data protection seal of approval.
Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (GDPR). Our concern within the meaning of the GDPR (legitimate interest) is the optimization of our online offer and our website. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, merging with other data or disclosure to third parties takes place.
You can object to the data processing described above at any time by clicking on the slider. The objection has no negative consequences. If no slider is displayed, data collection has already been prevented by other blocking measures.

6. Typo3 user data

NANOSCRIBE makes the website available to users by means of the Content Management System (CMS) Typo3. To ensure that the CMS functions properly, personal form data are stored, which are entered by the users, for example for initiating contact. In addition, users can register in the CMS by entering additional personal data, in order to access other documents or other content. The CMS then saves the IP address of the user's last login. Nanoscribe processes the data to provide improved services and for marketing purposes. These data are not shared with third parties.

7. Google Ads

We use Google Ads. However, it is not integrated into our website as a service, so Google does not find out when you visit our website (unless you visit our website via a link from a Google Ads advertisement). We use Google Ads exclusively by uploading and analyzing the fully anonymized web visitor data from eTracker. This means that Google can no longer identify you personally. If you visit our website because you clicked on a Google ad on google.com or on another website, our analysis tool eTracker learns that an anonymized visitor was linked to our site from a Google ad and from which page. This allows us to determine how successful individual marketing measures are by analyzing the data generated in the context of marketing campaigns.

We may use Google Ads to draw attention to our offers on third-party websites using advertising. These ads are delivered by Google via so-called "Ad Servers."

Find more information about privacy at Google here: https://www.google.com/intl/de/policies/privacy/ and https://services.google.com/sitestats/de.html

8. Google Web Fonts

This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

If your browser does not support web fonts, a standard font will be used by your computer. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

9. Invisible reCAPTCHA

We use the service Invisible reCAPTCHA of Google, Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; “Google”) on our website.

This serves to distinguish entries made by a person from those made by automated machine processes. Operating in the background, Google collects, and analyses use data that are used by Invisible reCAPTCHA to distinguish between genuine users and bots. This is done by transferring your entry to Google and making further use of it there. In addition, the IP address and any other data Google requires for the service Invisible reCAPTCHA are transferred to Google. These data are processed by Google within the European Union and, under certain circumstances, in the USA as well. Google has obtained certification pursuant to the US-EU data protection treaty “Privacy Shield” and is consequently obligated to comply with European data protection regulations. Processing is based on point (f) of Art. 6 (1) GDPR in pursuit of our legitimate interest in protecting our website from automated espionage, misuse and spam. You will find details about Google reCAPTCHA and the related privacy statement at https://www.google.com/recaptcha/intro/android.html and https://www.google.com/intl/de/policies/privacy/.

10. Google Maps

Instead of a direct integration of Google Maps via API interface, we use links to Google Maps to provide you with our respective company locations. If you follow the link, you will be redirected to Google Maps. Google Maps is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Your IP address will be transmitted to Google. This information is typically transmitted to a Google server in the USA, where it is then stored. The provider of this website has no control over this data transmission.

Google Maps is used in the interest of an appealing display of our website and easily find the locations specified on this website. This constitutes a legitimate interest according to Article 6(1)(f) of the GDPR. For more information about how user data is handled, please refer to the Google privacy policy: https://policies.google.com/privacy.

11. Social media

a) Embedding of YouTube videos
We embedded YouTube videos into some of our websites, which are stored on www.youtube.com and can be streamed directly via our website. These videos are embedded in "extended privacy mode," which means that no data about you as the user are transmitted to YouTube if you do not stream the videos. The following data are only transmitted when you stream the videos. We do not have any control over this data transfer.

By streaming the embedded videos, YouTube obtains the information that you accessed the corresponding page of our website; furthermore, additional data may be transferred to YouTube unbeknownst to us. This may occur independently of whether YouTube provides a user account through which you are logged in, or if no user account exists. If you are logged into YouTube, the data will be directly associated with your account. If you do not desire the association of your YouTube profile, you are required to log out before activating the button. YouTube saves your data as utilization profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. This type of analysis can result in the delivery of needs-based advertising (even for users that are not logged in) and in order to inform other YouTube users about your activity on our website. You have the right to object against the creation of these user profiles, although you must contact YouTube to exercise this right.

Additional information about the purpose and extent of data collection and processing can be found in YouTube's privacy policy. It provides additional information about your rights and settings to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the US and has committed to adhering to the EU-US privacy shield, https://www.privacyshield.gov.

b) Embedding of Vimeo videos

Some videos on our website are embedded by the video portal Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Every time a page that offers one or many Vimeo video clips is called up, a direct connection is created between your browser and a Vimeo server in the USA. Information about your visit and your computer’s IP address is stored there. Your interaction with the Vimeo player (e.g. clicking the Start button) is also transmitted to Vimeo and stored.

If you have a Vimeo account but do not want Vimeo to collect data about you via our website and connect it with data that you have stored at Vimeo you will have to log out of Vimeo before visiting our website. You will find Vimeo’s privacy policy and information about how the company collects and uses personal data by clicking here https://vimeo.com/privacy.

The iframe that opens when a Vimeo video is clicked also launches the tracking service Google Analytics. We have no control over this analysis and no access to the collected data. You can prevent Google Analytics from tracking your activity by using deactivation tools that Google provides for certain browsers. You can also download and install a browser plugin that will prevent Google collecting and analyzing your activity on the Arsenal website and of your personal data (incl. your computer’s IP address) by clicking here: https://tools.google.com/dlpage/gaoptout?hl=en.

12. Newsletter

Our website provides the option of subscribing to our free newsletter to receive up-to-date information about product innovations as well as other information related with our products and applications. The data entered into the input mask to register for the newsletter are transmitted to us. The legal basis for data processing after a user subscribes to the newsletter is Article 6 (1a) GDPR if user consent is obtained.

In addition to the data from the input mask, the following data are collected upon subscription:

• The IP address of the computer from which access occurs
• Date and time of registration

For the distribution of a newsletter after the sale of products or services, § 7 (3) of Germany's law against unfair competition serves as the legal basis. The newsletter is distributed by the email marketing provider Rapid Mail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany. Information about the email marketing provider's data protection guidelines can be accessed at: www.rapidmail.de/datenschutz. Based on this, the user's email address and data are stored as long as the newsletter subscription remains active. The user can unsubscribe from our newsletter at any time. A link to unsubscribe can be found in each newsletter.

We have concluded an data processing agreement with rapidmail, which obliges the service provider to process the processed data only within the scope of the contractual relationship with us and never for its own purposes. We have also checked the measures taken by the service provider to protect personal data and subject them to regular reviews to ensure that your data is kept safe.

13. Contact form and registration

On our website, users have the option to register with personal data. The data are entered into an input mask and then transmitted to us and stored. The data are not shared with third parties. The same personal data are collected as in the context of newsletter subscription (see Section 8). The legal basis for data processing is Article 6 (1a) GDPR if user consent is obtained. As a user, you have the option of terminating your registration at any time. The data stored about you can be changed at any time.

The processing of personal data from the input mask are solely used for processing contact initiation. If contact is initiated via email, it constitutes the required legitimate interest for processing the data. The other personal data processed upon sending serve the prevention of misuse of the form and to ensure the security of our information technology systems.

The data will be erased as soon as they are no longer required for the purpose of their initial collection. For personal data entered via input mask of the contact form or sent via email, this is the case once the respective conversation with a user is concluded. The user may withdraw his or her consent to the processing of personal data at any time. If the user contacts us via email, he or she may object to the storage of his or her personal data at any time. In this case, it is not possible to continue the conversation

14. Use of external links

Our websites contain links to other websites by other providers. NANOSCRIBE is not responsible for the privacy policies or contents of these other websites.

15. Use of Cloudflare

For the domains of Nanoscribe GmbH we use the service Cloudflare, which is provided by the company Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) in order to operate our website more securely and faster.

a) Cloudflare provides the following services and functions

Nanoscribe GmbH primarily uses the Content Delivery Network (CDN) of the service provider. A CDN is a network of worldwide distributed servers which are responsible for ensuring that the Nanoscribe website is displayed on your monitor as quickly as possible. For this purpose, Cloudflare makes copies of our website and stores them on its own servers. Each time a Nanoscribe domain is accessed, Cloudflare's CDN uses a load distribution system to ensure that the contents of our website requested by you are delivered by the server that can deliver the information the fastest. Therefore, the content of our website is not necessarily or exclusively delivered to you from our own web server, but from servers all over the world. Besides the fast delivery of websites Cloudflare also offers various security services, such as the DoS protection or the Web Application Firewall.

b) Why we use Cloudflare on our website

Cloudflare helps us to make our website faster and more secure. Besides the CDN, Cloudflare offers web optimizations as well as security services, such as a Denial of Service protection (DoS protection) and a web firewall. Through appropriate web optimizations and the distribution over the CDN, the requested contents are displayed faster. The average loading time of our website is significantly reduced by this measure.

c) These data are stored by Cloudflare

In addition to the information processed on the Nanoscribe domains, Cloudflare may collect information about the use of our website.

Typically, Cloudflare processes the following data:

• Contact information
• IP addresses
• DNS protocol data
• Performance data for websites derived from browser activity

Cloudflare uses the log data to analyze new security threats and to improve services. Cloudflare processes this data within the framework of the services in compliance with the applicable laws, especially the basic data protection regulation (GDPR).

For security reasons Cloudflare also uses a cookie to identify individual users sharing one IP address. Through the identification it is possible to apply specific security settings for each individual user. The cookie contains no personal data and is strictly necessary for Cloudflare's security functions. It cannot be deactivated.

Cloudflare also works together with third party providers. These may only process personal data under instructions from Cloudflare and in accordance with the privacy policy and other confidentiality and security measures.

d) Storage location and duration

The information is stored mainly in the USA and the European Economic Area (EEA). Cloudflare can transfer the above described information from all servers of the Content Delivery Network and process the data. Typically, Cloudflare stores data for less than 24 hours. In the case of Nanoscribe GmbH the Cloudflare logs have been activated, therefore the data can be stored up to 7 days. However, if IP addresses trigger security warnings at Cloudflare, exceptions to the above-mentioned storage period may occur. The data will then be stored until the situation is clarified.

e) How can I delete my data or prevent data storage?

The storage of the logs is strictly purpose bound. If log data is no longer required, it is deleted as soon as possible. This usually happens after 24 hours. Cloudflare usually does not store personal data. In exceptional cases, such as security warnings in connection with your IP address, these may be stored. In addition, there is information that Cloudflare stores for an indefinite period as part of permanent protocols. This improves the overall performance of Cloudflare and helps to detect possible security risks at an early stage. You can see which data is involved here.

All permanently stored data and protocols are anonymised and can then no longer be assigned to a natural person. You can prevent the entire collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by integrating a script blocker into your browser.

Cloudflare is an active participant in the EU-U.S. Privacy Shield Framework which ensures the correct and secure data transfer of personal data. You can find more information about this here. Information on data protection at Cloudflare can be found at this webpage.

III. Privacy Notice for NANOSCRIBE Customers and Interested Parties

1. Extent and Purposes of Personal Data Processing

a) Contract performance
NANOSCRIBE processes data we received in the context of your requests or existing contractual relationships. In addition to your business contact information, this particularly includes all exchanged information, such as emails, orders, wishes regarding our products, payment information. For existing business relationships, you are required to provide the personal data necessary for the preparation or performance of the contracts, or data we are legally obligated to process; otherwise, we are unable to perform the contracts.

NANOSCRIBE processes the data provided in the context of order fulfillment and potentially deploys specialized service providers for the performance of the contract. Data processing in the context of contract performance includes the use of the data for the provision of contractually owed services, including the provision of services in the context of service agreements, or the processing of potential warranty claims. Furthermore, in the context of a request for financing, the data required for tendering are used by NANOSCRIBE and are forwarded to the contracting parties, if necessary. Additional details about the purposes depend on the respective contract documents. Article 6 (1) (1b) GDPR serves as the legal basis for the processing of these data.

The data collected by NANOSCRIBE about the purchases of our products, or the use of services may also be provided to external auditors and/or tax consultants of NANOSCRIBE for auditing and consulting purposes. NANOSCRIBE stores the data collected for contract performance in the operating system as long as warranty claims or other usage purposes outlined in this privacy policy exist. Data processing for warranty claims is conducted in accordance with Article 6 (1) (1b) of the GDPR, as well as the fulfillment of legal requirements according to Article 6 (1) (1c) of the GDPR.

b) Address and credit checks
In rare cases, NANOSCRIBE may request your address and credit information from the databases of credit agencies, including information determined based on mathematical/statistical methods (scoring). This occurs if NANOSCRIBE takes a financial risk by entering a contract and uses the credit check to safeguard against financial loss. For the data processing discussed in this context, Article 6 (1) (1f) of the GDPR serves as the legal basis.

c) Data usage for advertising purposes by NANOSCRIBE
NANOSCRIBE uses your phone number for advertising purposes, if your consent was obtained, or the prerequisites for probable consent - for example, in the context of an existing business relationship or after prior contact - exist. Furthermore, NANOSCRIBE uses the email address obtained from contacts in the context of contract conclusions, in order to market similar offers, or for surveys using external platforms specialized for this purpose. Of course, you have the right to object being contacted for such advertising purposes. We provide separate information about the right to object to advertisement.

To achieve advertising goals, the data are processed for the life cycle of our products and your characteristics as a customer or interested party. Exceptions apply if longer use is permitted through consent and/or data are subject to legal retention requirements. In the latter case, the data are deleted after the retention period expires. Exercising your right to object, about which we inform you under V., may lead to a shorter processing period.

For commercial use, Article 6 (1) (1f) of the GDPR serves as the legal basis, or if your consent is obtained, Article 6 (1) (1a) of the GDPR. Below, we provide information about your rights regarding commercial use, particularly the right to object to data processing for advertising purposes.

d) Processing of personal data due to legal requirements

As every company in Europe, NANOSCRIBE is subject to various legal obligations to examine the data of our customers and business partners. In these cases, we only process your personal data if processing is necessary for meeting the legal requirements. Meeting the legal requirements may necessitate the partially automated processing of your data with the goal of evaluating personal aspects (profiling). Unless you are expressly informed, automatic case-by-case decisions are made. Article 6 (1) (1c) of the GDPR serves as the legal basis in conjunction with the respectively relevant legal provisions.

These legal requirements particularly pertain to:

• Fraud and money laundering prevention
• Monitoring and reporting requirements according to tax law
• Risk assessment and management in the corporation
• Sanctions lists.

2. Data sharing within the NANOSCRIBE Group

NANOSCRIBE may share your customer master data (company name, contact person, address and contact information, such as phone number and email address) with other companies in the NANOSCRIBE group and potentially update them to ensure that all NANOSCRIBE companies involved in a process with you (e.g. performance of a contract) have access to uniform data about you. This serves the simplification of our processes and free you from providing your customer master data again if you contact a different company in the group. For this processing of data, Article 6 (1) (1b or f) of the GDPR serves as the legal basis.

In addition to the customer master data, other data may also be shared with other NANOSCRIBE companies, if this is required for the fulfillment of contractually owed services. Article 6 (1) (1b) of the GDPR serves as the legal basis.

IV. Privacy information for NANOSCRIBE applicants

If you apply to NANOSCRIBE, the following policies regarding data processing are effective. We will provide separate information about data processing after hiring if a contract is concluded.

1. Extent and purposes of personal data processing

a) Internal data processing for application reviews
We process the data you provided in the context of your application for reviewing your application and qualifications for the advertised position. We retain your data exclusively in our own data center in Germany. If you consented during the application process, we check during the hiring process, whether you are qualified for other positions than the one you named in your application. We may commission specialized service providers for the review of your application. Applications qualified for a position are transferred from human resources to the respective specialized department or national subsidiary for further review. The extensive evaluation of your application requires your resume, as well as diplomas or relevant proof. Additional information, as well as a picture, may be provided voluntarily.

We delete your application information 3 months after the hiring process is concluded, i.e. after the position is filled, if you do not wish to be added to our applicant pool (see 3). Article 6 (1) (1b) of the GDPR serves as the basis for the processing of these data.

If you are younger than 18 years of age, we need the consent of your parent or guardian to conclude a contract with you. The extended retention of your application data (e.g. for a future internship) will only occur with your consent and the consent of your parent or guardian, as noted in the templates.

b) Retaining your application in our applicant pool
If you submit a speculative application, we will retain your application in our applicant pool. Simply state in your application that you are submitting a speculative application. This enables us to contact you, if a position opens up for which you are qualified.

If you consent, we retain your data for no more than 5 years, after which we delete your data, if you do not desire further storage. Art. 6 (1) (1a) of the GDPR serves as the legal basis.

V. Your rights as a data subject

You, as a data subject, have several rights. Please contact us using the above-mentioned contact information to exercise your rights. Every data subject has the following rights:

• Right of access (Article 15 GDPR)
• The right to rectification of inaccurate personal data (Article 16 GDPR)
• Right to erasure (Article 17 GDPR)
• Right to restriction of processing (Artile 18 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to lodge a complaint with a supervisory authority (Article 77 GDPR).

You may object to the processing of personal data for advertising purposes, including the analysis of customer data or transfer to third parties for advertising purposes at any time and without providing any reasons.

Furthermore, any data subject has a general right to object data processing (compare Article 21 [1] GDPR). In this case, reasons for objecting data processing must be provided. If data processing occurs with consent, you may withdraw your consent at any time with future effect by writing an email to privacy@nanoscribe.com. The revocation of consent does not affect the legality of processing conducted based on consent until the revocation has been affected.