Data protection

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used are not gender-specific.

 

Status: August 14, 2024

 

Table of Contents

Preamble

Controller

Overview of Processing Activities

Relevant Legal Bases

Security Measures

Rights of Data Subjects

Provision of the Online Offering and Web Hosting

Use of Cookies

Blogs and Publication Media

Contact and Inquiry Management

Presences in Social Networks (Social Media)

Plug-ins and Embedded Functions and Content

 

 

 

Controller

ProNexum Consulting GmbH

An der Obstwiese 9

33775 Versmold

 

Email address: info@pronexum.de

Legal notice: http://www.pronexum.de/impressum

​

​

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing and refers to the data subjects concerned.

​

​

Types of Data Processed

• Master data

• Contact data

• Content data

• Usage data

• Meta, communication, and procedural data

 

 

​

Categories of Data Subjects

• Communication partners

• Users

​

​

​

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations

• Contact requests and communication

• Security measures

• Administration and response to inquiries

• Feedback

• Marketing

• Provision of our online offering and user-friendliness

• Information technology infrastructure

 

 

 

 

Relevant Legal Bases

Relevant legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases apply in individual cases, we will inform you of these in this privacy policy.

 

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data concerning them for one or more specific purposes.

 

Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures at the request of the data subject.

 

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests, fundamental rights and freedoms of the data subject requiring protection of personal data do not override them.

 

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Act on Protection against the Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases including profiling. Furthermore, data protection laws of the individual federal states may also apply.

 

 

 

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the differing likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

 

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, securing availability and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data and responses to data threats. In addition, we consider the protection of personal data already during the development or selection of hardware, software and procedures according to the principle of data protection by design and by default.

 

Securing online connections through TLS/SSL encryption technology (HTTPS):

To protect the data of users transmitted via our online services from unauthorized access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the further developed and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and encrypted.

 

 

 

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

 

Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

 

Right to withdraw consent: You have the right to withdraw consent given at any time.

 

Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to receive information about this data as well as further information and a copy of the data in accordance with legal requirements.

 

Right to rectification: In accordance with legal requirements, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.

 

Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to demand that data concerning you be deleted without delay or, alternatively, to request a restriction of the processing of the data in accordance with legal requirements.

 

Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with legal requirements or to request its transmission to another controller.

 

Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you violates the provisions of the GDPR.