Data protection
Data protection
Data protection
We take this not only seriously. But very seriously.
We take this not only seriously. But very seriously.
§ 1 Information on the collection of personal data and contact details of the data controller
We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data that can be used to identify you personally.
The data controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Nelta GmbH, Harvestehuder Weg 43, 20149 Hamburg, Germany, Telephone: +49 (0) 40 - 36940339, E-Mail: contact@nelta.de.
The data controller has appointed a data protection officer, who can be reached as follows: Ferhat Özkaya, Harvestehuder Weg 43, 20149 Hamburg, Germany, Telephone: +49 (0)157 - 839 221 04, E-Mail: datenschutz-auskunft@nelta.de.
§ 2 Data collection when visiting our website
When using our website purely informatively, i.e. when you do not register or otherwise transmit information to us, we only collect such data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:
Our visited website
Date and time of access
Amount of data sent in bytes
Source/referral from which you accessed the page
Used browser
Used operating system
Used IP address (possibly in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to review the server log files retrospectively if there are concrete indications of illegal use.
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser bar.
§ 3 Hosting & Content Delivery Network
Hosting by Webflow
For hosting our website and displaying the page contents, we use the system of the following provider: Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA
All data collected on our website is processed on the provider’s servers.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Cloudflare
We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, page content, or scripts faster through a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
IONOS
We use a content delivery network from the following provider: 1&1 IONOS Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany
This service enables us to deliver large media files such as graphics, page content, or scripts faster through a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
§ 4 Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, small text files that are placed on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device longer and allow the storage of page settings (so-called “persistent cookies”). In the latter case, you can find out the storage duration in the cookie settings overview of your web browser.
If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the event of consent given, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in ensuring the optimal functionality of the website and a customer-friendly and effective design of the page visit.
You can configure your browser to inform you about the setting of cookies and to individually decide on their acceptance or to exclude the acceptance of cookies for specific cases or generally.
Please note that the functionality of our website may be limited if cookies are not accepted.
§ 5 Contact
Salesforce
To provide an online appointment booking function, we use the services of the following provider: salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany
For the purpose of scheduling appointments, first and last names as well as email addresses (and possibly the telephone number if a phone appointment is desired) are collected in accordance with Art. 6 para. 1 lit. b GDPR and transmitted to the provider based on our legitimate interest in effective customer management and efficient appointment administration and stored there for appointment organization.
After the appointment or after the agreed appointment period has elapsed, your data will be deleted by the provider.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
Salesforce
To process customer inquiries, we use the email ticketing system of the following provider: Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany
If you submit contact inquiries via email through our website, these will be stored and organized in the ticket system to allow chronological processing and improve the service experience. You can always check the current status of your inquiry using the individually assigned ticket number.
For the organization and processing of inquiries, personal data will be collected based on the scope of their provision, but at least name, first name, and email address, transmitted to the provider, stored there, and retrieved.
The legal basis for processing this data is our legitimate interest in efficiently designing our customer service, promptly responding to your inquiry, and optimizing our service offerings in accordance with Art. 6 para. 1 lit. f GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
In the context of contacting us (e.g., via contact form or email), personal data is collected. Which data is collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used solely for the purpose of answering your query or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your inquiry in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case when it can be inferred from the circumstances that the affected matter has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “business version” of WhatsApp.
If you contact us regarding a specific business matter (for example, an order placed) via WhatsApp, we will store and use the mobile phone number you use on WhatsApp and, if provided, your first and last name in accordance with Art. 6 para. 1 lit. b. GDPR to process and respond to your inquiry. Based on the same legal basis, we may ask you on WhatsApp to provide further data (order number, customer number, address or email address) so that we can assign your inquiry to a particular process.
If you use our WhatsApp contact for general inquiries (e.g., about the range of services, availability or our website), we will store and use the mobile phone number you use on WhatsApp and, if provided, your first and last name in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in providing the requested information efficiently and promptly.
Your data will only be used to respond to your inquiry via WhatsApp. There is no disclosure to third parties.
Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transmits the phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device whose address book only contains the WhatsApp contact details of users who have also contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts upon first use of the app on their device by accepting the WhatsApp terms of use in accordance with Art. 6 para. 1 lit. a GDPR. The transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
The purpose and scope of data collection and further processing and use of data by WhatsApp as well as your related rights and options regarding the protection of your privacy can be found in the privacy notices from WhatsApp: www.whatsapp.com/legal/?eea=1#privacy-policy
In the context of the above-mentioned processing, there may be data transfers to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Data dissemination of employee data to partner companies
As far as necessary for contract processing for commissioning purposes, the personal data of our employees (e.g., consultants) collected by us will be forwarded in accordance with Art. 6 para. 1 lit. b GDPR to partner companies (e.g., clients for projects).
The required information includes general information about the employee (first and last name, address, date of birth, email, mobile number, landline number, job history) as well as performance-specific proofs of necessary qualifications. If necessary, health-related information may also be required, which must be specifically considered under labor and social law in the interest of social protection of the employee.
We inform you that applications, especially resumes, certificates, and other data transmitted by you to us, may contain particularly sensitive information regarding your health status, your racial or ethnic origin, your political opinions, your religious or philosophical beliefs, your memberships in a trade union or political party, or your sexual orientation. Your consent relates to the processing of all personal data of a special nature transmitted within the framework of your application documents in accordance with the provisions of this privacy policy.
You consent that your personal data may be shared by us with partner companies collaborating with us.
By submitting the form, you also agree that a partner company may contact you regarding a potential project by phone or via email. The partner company will use your contact and application data solely for the purpose of making a non-binding contact.
You can withdraw your consent at any time with effect for the future. To do this, you can send us an email to the address datenschutz-auskunft@nelta.de. If data has already been shared, we will promptly request deletion of the data from the company. Please note that the withdrawal of consent can only be declared for the future and does not affect the lawfulness of data processing that has already occurred based on your consent.
You are not obliged to consent to data processing and to provide us with the above-mentioned data. Without the provision of your contact and applicant data as well as the required data, we are usually unable to provide the desired services for you.
The legal bases for this data processing are those of Art. 6 para. 1 lit. b GDPR (which allows the processing of data to fulfill a contract or pre-contractual measures – here directed at the conclusion of an employment contract with you) as well as Art. 6 para. 1 lit. a GDPR (which permits data processing based on your consent).
In order for us to process your data and transmit it to a company, you must give the following declaration of consent when providing your contact and applicant data and further inquiry-specific personal data:
Consent to the use of my personal data
I agree that my data collected in the context of a job profile (e.g. first name and last name, address, postal code and city, country, telephone number, email, profile picture (if provided), proof of necessary qualifications, resume) will be shared with a suitable company for the purpose of getting in touch, so that the company can process my application request and contact me. I can withdraw my consent in this regard at any time for the future by email to datenschutz-auskunft@nelta.de.
§ 6 Use of customer data for direct marketing
Newsletter sending via Brevo
The sending of our email newsletters is done through this provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided during the newsletter registration to this provider in accordance with Art. 6 para. 1 lit. f GDPR so that they can take over the newsletter sending on our behalf.
Subject to your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the provider also carries out a statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the content of the newsletter. Device information (e.g., access time, IP address, browser type, and operating system) is also collected and evaluated but not merged with other datasets.
You can withdraw your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider, which protects the data of our website visitors and prohibits disclosure to third parties.
§ 7 Web analytics services
Google Analytics 4
This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables analysis of your use of our website.
By default, cookies are set by Google Analytics 4 when visiting the website, which are small text blocks stored on your device that collect certain information. This information includes your IP address, which is truncated by Google at the last digits to exclude direct personal referability.
The information is transmitted to Google servers and further processed there. Transfers to Google LLC based in the USA are also possible.
Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activities for us, and provide additional services related to website use and internet usage. The IP address transmitted by your browser in the context of Google Analytics and truncated will not be merged with other data from Google. The data collected during the use of Google Analytics 4 is stored for a duration of two months and then deleted.
All processing described above, especially the setting of cookies on the used device, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, the use of Google Analytics 4 during your site visit will not occur. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the “cookie consent tool” provided on the website.
We have concluded a data processing agreement with Google, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
Further legal information on Google Analytics 4 can be found at policies.google.com/privacy?hl=de&gl=de and at policies.google.com/technologies/partner-sites
Demographic characteristics
Google Analytics 4 uses the special feature "demographic characteristics" and can create statistics that make statements about the age, gender, and interests of website visitors. This is done by analyzing advertisements and information from third parties. This allows target groups for marketing activities to be identified. The collected data cannot, however, be assigned to a specific person and will be deleted after a storage period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google, subject to your consent to use Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, can analyze your usage behavior across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can deactivate the “Personalized Advertising” feature in your Google account settings. Please follow the instructions on this page: support.google.com/ads/answer/2662922?hl=de
For more information on Google Signals, please refer to the following link: support.google.com/analytics/answer/7532985?hl=de
User IDs
As an extension to Google Analytics 4, the "UserIDs" function may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, have set up an account on this website and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
§ 8 Page functionalities
Google Sign-In
On our website, we provide a single sign-on function from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
In addition to transmitting data to the above-mentioned provider location, data may also be transmitted to: Google LLC, USA
If you have an account with the provider, you can sign in with these account details to create a user account or register on our website.
When visiting this page, a direct connection can be established between your browser and the provider's servers via this login function, even if you do not have an account with the provider or are not logged into such an account. This allows the provider to be informed that you visited our page. The information collected in this regard (possibly including your IP address) will be transmitted directly from your browser to a server of the provider and stored there. However, the information will not be used to identify you personally and will not be disclosed to third parties.
These data processing operations are carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a user-friendly and interactive design of our online presence.
If you press the login button to register on our website with your account data with the provider, the provider will only transmit the generally and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender) to us solely based on your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
We store and use the data transmitted by the provider to set up a user account with the necessary data (title, first name, last name, address data, country, email address, date of birth), provided you have released this to the provider. Conversely, based on your consent, data (e.g., information about your surfing or buying behavior) can be transmitted from us to your account with the provider.
The consent given can be revoked at any time with effect for the future.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Google Meet
For conducting online meetings, video conferences, and/or webinars, we use this provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
There may also be a transmission to the servers of Google LLC. in the USA.
The provider processes different data, depending on which data you provide before or during participation in an online meeting, video conference, or webinar. Your data as a communication participant are processed and stored on the provider’s servers. This may include your login data (name, email address, telephone number (optional), and password) and session data (topic, participant IP address, device information, description (optional)).
Additionally, contributions of participants via image and sound as well as speech input in chats may be processed.
For the processing of personal data necessary for the fulfillment of a contract with you (this also applies to processing operations necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us consent for the processing of your data, processing will take place based on Art. 6 para. 1 lit. a GDPR. You can revoke your granted consent at any time with effect for the future.
In addition, the legal basis for data processing during online meetings, video conferences, or webinars is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in effectively conducting the online meeting, webinar, or video conference.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Google Forms
For conducting surveys or online forms, we use the services of the following provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
In addition to transmitting data to the above-mentioned provider location, data may also be transmitted to: Google LLC, USA
The provider allows us to create and evaluate surveys and online forms. Along with the respective personal data you enter in the forms, information about your operating system, browser, date and time of your visit, referrer URL, and your IP address are also collected, transmitted to the provider, and stored on the servers of the provider.
Information you enter into the forms is stored password-protected to ensure that third-party access is excluded and that only we can evaluate the data for the purpose stated in the respective form.
In processing personal data that are necessary to fulfill a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us consent for the processing of your data, processing will take place based on Art. 6 para. 1 lit. a GDPR. Any consent granted can be revoked at any time with effect for the future.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Online applications via a form
On our website, we currently advertise vacant positions in a separate section, which interested parties can apply for via an appropriate form.
Applicants must provide all personal data necessary for a sound assessment, including general information such as name, address, and contact options, as well as performance-related proof and any health-related information. Details regarding the application can be found in the job advertisement.
Upon submission of the form, the applicant data will be transmitted to us encrypted according to the state of technology, stored by us, and evaluated exclusively for the purpose of processing the application. The processing is carried out based on Art. 6 para. 1 lit. b GDPR (or § 26 para. 1 BDSG), whereby passing through the application procedure is considered as an initiation of an employment relationship.
If special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data such as information about disability status) are requested from applicants during the application process, processing will take place in accordance with Art. 9 para. 2 lit. b GDPR, so that we can exercise the rights arising from labor law and social security law and fulfill our corresponding obligations.
Cumulatively or alternatively, the processing of special data categories may also be based on Art. 9 para. 1 lit. h GDPR when it is conducted for the purposes of health care, occupational medicine, assessing the applicant’s work ability, diagnostic medical care, treatment in the health or social field, or for the administration of systems and services in the health or social sector.
If an applicant is not selected or withdraws their application prematurely, the submitted data as well as all electronic correspondence, including the application email, will be deleted after an appropriate notification no later than 6 months. This period corresponds to our legitimate interest in being able to answer any follow-up questions regarding the application and to fulfill our documentation obligations under the provisions on equal treatment of applicants.
In the case of a successful application, the provided data will be processed based on Art. 6 para. 1 lit. b GDPR (for processing in Germany in connection with § 26 para. 1 BDSG) for the purpose of conducting the employment relationship.
Applications for job advertisements via email
On our website, we currently advertise vacant positions in a separate section, which interested parties can apply for via email to the provided contact address.
Applicants must provide all personal data necessary for a sound assessment, including general information such as name, address, and contact options, as well as performance-related proof and any health-related information. Details regarding the application can be found in the job advertisement.
Upon receipt of the application via email, the data will be stored and evaluated solely for the purpose of processing the application. For follow-up inquiries, we use either the applicant's email address or telephone number. Processing takes place based on Art. 6 para. 1 lit. b GDPR (or § 26 para. 1 BDSG), whereby passing through the application procedure is considered as an initiation of an employment relationship.
If special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data such as information about disability status) are requested from applicants during the application process, processing will take place in accordance with Art. 9 para. 2 lit. b GDPR, so that we can exercise the rights arising from labor law and social security law and fulfill our corresponding obligations.
Cumulatively or alternatively, the processing of special data categories may also be based on Art. 9 para. 1 lit. h GDPR when it is conducted for the purposes of health care, occupational medicine, assessing the applicant’s work ability, diagnostic medical care, treatment in the health or social field, or for the administration of systems and services in the health or social sector.
If an applicant is not selected or withdraws their application prematurely, the submitted data as well as all electronic correspondence, including the application email, will be deleted after an appropriate notification no later than 6 months. This period corresponds to our legitimate interest in being able to answer any follow-up questions regarding the application and to fulfill our documentation obligations under the provisions on equal treatment of applicants.
In the case of a successful application, the provided data will be processed based on Art. 6 para. 1 lit. b GDPR (for processing in Germany in connection with § 26 para. 1 BDSG) for the purpose of conducting the employment relationship.
Zapier
This website uses the services of the following provider: Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA, to integrate and synchronize databases and web applications.
In this context, our processing operations are automated and different workflows established to efficiently manage and execute internal processes in our processing system. If personal data is also processed in this context, this is done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in optimizing our internal organization.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Airtable
This website employs the services of the following provider: Formagrid Inc, 769 Dolores Street, San Francisco, CA 94110, USA, for the organization and management of data in a cloud-based environment, creation of databases with custom fields and filters, automation of workflows, real-time collaboration, and integration with other services.
In this context, our processing operations are automated and different workflows established to efficiently manage and execute internal processes in our processing system. If personal data is also processed in this context, such processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in optimizing our internal organization.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider relies on standard contractual clauses of the European Commission, which intend to ensure compliance with the European level of data protection.
§ 9 Tools and Miscellaneous
Cookie Consent Tool
This website uses a so-called "Cookie Consent Tool" to obtain effective user consents for cookies and cookie-based applications requiring consent. The "Cookie Consent Tool" is displayed to users in the form of an interactive user interface when the page is accessed, on which consents for specific cookies and/or cookie-based applications can be granted by ticking boxes. By using the tool, all cookies/services requiring consent are only loaded when the respective user grants the corresponding consent by ticking boxes. This ensures that only if consent is granted, such cookies are set on the user’s device.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is not generally processed here.
If, in individual cases, it becomes necessary to process personal data (such as the IP address) for the purpose of storing, assigning, or logging cookie settings, this will be done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in lawful, user-specific, and user-friendly consent management for cookies and thus in a lawful design of our internet presence.
Another legal basis for processing is also Art. 6 para. 1 lit. c GDPR. As data controllers, we are legally obliged to make the use of technically non-necessary cookies dependent on user consent.
If required, we have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
Further information about the operator and options regarding the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
§ 10 Rights of the Data Subject
The applicable data protection law grants you the following rights regarding the processing of your personal data by the data controller (rights to information and intervention), with the exercise requirements referring to the cited legal basis:
Right to information in accordance with Art. 15 GDPR;
Right to rectification in accordance with Art. 16 GDPR;
Right to deletion in accordance with Art. 17 GDPR;
Right to restriction of processing in accordance with Art. 18 GDPR;
Right to notification in accordance with Art. 19 GDPR;
Right to data portability in accordance with Art. 20 GDPR;
Right to withdraw consent granted in accordance with Art. 7 para. 3 GDPR;
Right to complain in accordance with Art. 77 GDPR.
RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS DUE TO OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
§ 11 Duration of Storage of Personal Data
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and – where applicable – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).
When processing personal data based on explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, this data will be stored until the data subject revokes their consent. If there are statutory retention periods for data processed within the framework of contractual or quasi-contractual obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided they are no longer required for contract fulfillment or initiation and/or we no longer have a legitimate interest in further storage.
When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises their right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for the purposes of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises their right to object under Art. 21 para. 2 GDPR.
Unless otherwise stipulated in the other information in this statement regarding specific processing situations, stored personal data will then be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
§ 12 Our Social Media Presence
This privacy policy applies to the following social media presences
https://www.instagram.com/nelta_official/
https://www.linkedin.com/company/nelta-magnified-efficieny/mycompany/
https://www.tiktok.com/@nelta_official_
https://www.xing.com/pages/nelta
Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. You can find the specific social networks we use below.
Social networks such as Instagram, LinkedIn, TikTok, XING can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). By visiting our social media presences, a multitude of data processing operations are triggered. Below, we provide an overview of which of your personal data is collected, used, and stored when you visit our profiles.
Specifically:
When you visit our profiles, your personal data is collected not only by us but also by the operators of the respective social network. This occurs regardless of whether you are logged into your social network or not, and even if you do not have a profile in the respective social network.
With the help of the data collected in this way, the operators of the respective social network can create user profiles that record your preferences and interests. This way, interest-based advertising can be displayed within and outside the respective social network. If you have an account with the respective social network, interest-based advertising may be displayed on all devices on which you are logged in or have been logged in.
Please note that the individual data processing operations and their scope are not necessarily traceable to us. They differ depending on the operator of the respective social network. Details on how your personal data is collected and stored, as well as the nature, scope, and purpose of their use by the operator of the respective social network, can be found in the terms of use and privacy policies of the respective operator.
Legal Basis
The data processing within our social networks aims to enhance the user experience when visiting our fan pages and to ensure a comprehensive presence on the Internet.
The legal basis for the data processing is thus a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases that the operators of the social networks must state (e.g., consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Controller and Assertion of Rights
If you visit one of our social networks (e.g., Instagram, LinkedIn, TikTok, XING), we are jointly responsible with the operator of the respective social network for the data processing operations triggered during this visit. You can assert your rights (information, rectification, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social network (e.g., against Instagram, LinkedIn, TikTok, XING).
Please note that despite joint responsibility with the operators of social media portals, we do not have full influence over the data processing operations of the respective social network. Our possibilities are mainly determined by the corporate policy of the respective provider.
Storage Duration
The data collected by us directly from social networks will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage ceases to exist. Stored cookies remain on your device until you delete them. Mandatory legal provisions – particularly retention periods – remain unaffected.
We have no influence on the storage duration of your data, which are stored by the operators of the social networks for their own purposes. For details, please contact the operators of the respective social networks directly (e.g., in their privacy policy as outlined below).
Your Rights
As a person affected by data processing, you have the following rights:
You have the right to receive free information from us about the processing of your personal data to the extent of Art. 15 DS-GVO;
You have the right to demand from us the immediate rectification of inaccurate personal data concerning you and/or completion of incomplete personal data to the extent of Art. 16 DS-GVO;
You have the right to demand the immediate deletion of personal data concerning you to the extent of Art. 17 DS-GVO;
You have the right to request the restriction of processing of personal data concerning you to the extent of Art. 18 DS-GVO; – You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another controller to the extent of Art. 20 DS-GVO;
You have the right to object, for reasons relating to your particular situation, at any time to the processing of your personal data that concerns you, if the processing is based on a prevailing interest or your data is used for direct marketing purposes to the extent of Art. 21 DS-GVO;
You have the right to withdraw your consent to data processing at any time, without affecting the lawfulness of the data processing based on your consent up to the point of withdrawal;
You have the right to lodge a complaint with a supervisory authority regarding our processing of your data.
Social Networks in Detail
We have a profile on Instagram. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
Details on how they handle your personal data can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission. You can get more information from the provider at the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Find details here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
TikTok
We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Details on how they handle your personal data can be found in TikTok's privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de.
The data transfer to insecure third countries is based on the standard contractual clauses of the EU Commission. Find details here: https://www.tiktok.com/legal/privacy-policy?lang=de.
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
§ 1 Information on the collection of personal data and contact details of the data controller
We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data that can be used to identify you personally.
The data controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Nelta GmbH, Harvestehuder Weg 43, 20149 Hamburg, Germany, Telephone: +49 (0) 40 - 36940339, E-Mail: contact@nelta.de.
The data controller has appointed a data protection officer, who can be reached as follows: Ferhat Özkaya, Harvestehuder Weg 43, 20149 Hamburg, Germany, Telephone: +49 (0)157 - 839 221 04, E-Mail: datenschutz-auskunft@nelta.de.
§ 2 Data collection when visiting our website
When using our website purely informatively, i.e. when you do not register or otherwise transmit information to us, we only collect such data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:
Our visited website
Date and time of access
Amount of data sent in bytes
Source/referral from which you accessed the page
Used browser
Used operating system
Used IP address (possibly in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to review the server log files retrospectively if there are concrete indications of illegal use.
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser bar.
§ 3 Hosting & Content Delivery Network
Hosting by Webflow
For hosting our website and displaying the page contents, we use the system of the following provider: Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA
All data collected on our website is processed on the provider’s servers.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Cloudflare
We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, page content, or scripts faster through a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
IONOS
We use a content delivery network from the following provider: 1&1 IONOS Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany
This service enables us to deliver large media files such as graphics, page content, or scripts faster through a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
§ 4 Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, small text files that are placed on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device longer and allow the storage of page settings (so-called “persistent cookies”). In the latter case, you can find out the storage duration in the cookie settings overview of your web browser.
If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the event of consent given, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in ensuring the optimal functionality of the website and a customer-friendly and effective design of the page visit.
You can configure your browser to inform you about the setting of cookies and to individually decide on their acceptance or to exclude the acceptance of cookies for specific cases or generally.
Please note that the functionality of our website may be limited if cookies are not accepted.
§ 5 Contact
Salesforce
To provide an online appointment booking function, we use the services of the following provider: salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany
For the purpose of scheduling appointments, first and last names as well as email addresses (and possibly the telephone number if a phone appointment is desired) are collected in accordance with Art. 6 para. 1 lit. b GDPR and transmitted to the provider based on our legitimate interest in effective customer management and efficient appointment administration and stored there for appointment organization.
After the appointment or after the agreed appointment period has elapsed, your data will be deleted by the provider.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
Salesforce
To process customer inquiries, we use the email ticketing system of the following provider: Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany
If you submit contact inquiries via email through our website, these will be stored and organized in the ticket system to allow chronological processing and improve the service experience. You can always check the current status of your inquiry using the individually assigned ticket number.
For the organization and processing of inquiries, personal data will be collected based on the scope of their provision, but at least name, first name, and email address, transmitted to the provider, stored there, and retrieved.
The legal basis for processing this data is our legitimate interest in efficiently designing our customer service, promptly responding to your inquiry, and optimizing our service offerings in accordance with Art. 6 para. 1 lit. f GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
In the context of contacting us (e.g., via contact form or email), personal data is collected. Which data is collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used solely for the purpose of answering your query or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your inquiry in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case when it can be inferred from the circumstances that the affected matter has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “business version” of WhatsApp.
If you contact us regarding a specific business matter (for example, an order placed) via WhatsApp, we will store and use the mobile phone number you use on WhatsApp and, if provided, your first and last name in accordance with Art. 6 para. 1 lit. b. GDPR to process and respond to your inquiry. Based on the same legal basis, we may ask you on WhatsApp to provide further data (order number, customer number, address or email address) so that we can assign your inquiry to a particular process.
If you use our WhatsApp contact for general inquiries (e.g., about the range of services, availability or our website), we will store and use the mobile phone number you use on WhatsApp and, if provided, your first and last name in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in providing the requested information efficiently and promptly.
Your data will only be used to respond to your inquiry via WhatsApp. There is no disclosure to third parties.
Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transmits the phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device whose address book only contains the WhatsApp contact details of users who have also contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts upon first use of the app on their device by accepting the WhatsApp terms of use in accordance with Art. 6 para. 1 lit. a GDPR. The transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
The purpose and scope of data collection and further processing and use of data by WhatsApp as well as your related rights and options regarding the protection of your privacy can be found in the privacy notices from WhatsApp: www.whatsapp.com/legal/?eea=1#privacy-policy
In the context of the above-mentioned processing, there may be data transfers to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Data dissemination of employee data to partner companies
As far as necessary for contract processing for commissioning purposes, the personal data of our employees (e.g., consultants) collected by us will be forwarded in accordance with Art. 6 para. 1 lit. b GDPR to partner companies (e.g., clients for projects).
The required information includes general information about the employee (first and last name, address, date of birth, email, mobile number, landline number, job history) as well as performance-specific proofs of necessary qualifications. If necessary, health-related information may also be required, which must be specifically considered under labor and social law in the interest of social protection of the employee.
We inform you that applications, especially resumes, certificates, and other data transmitted by you to us, may contain particularly sensitive information regarding your health status, your racial or ethnic origin, your political opinions, your religious or philosophical beliefs, your memberships in a trade union or political party, or your sexual orientation. Your consent relates to the processing of all personal data of a special nature transmitted within the framework of your application documents in accordance with the provisions of this privacy policy.
You consent that your personal data may be shared by us with partner companies collaborating with us.
By submitting the form, you also agree that a partner company may contact you regarding a potential project by phone or via email. The partner company will use your contact and application data solely for the purpose of making a non-binding contact.
You can withdraw your consent at any time with effect for the future. To do this, you can send us an email to the address datenschutz-auskunft@nelta.de. If data has already been shared, we will promptly request deletion of the data from the company. Please note that the withdrawal of consent can only be declared for the future and does not affect the lawfulness of data processing that has already occurred based on your consent.
You are not obliged to consent to data processing and to provide us with the above-mentioned data. Without the provision of your contact and applicant data as well as the required data, we are usually unable to provide the desired services for you.
The legal bases for this data processing are those of Art. 6 para. 1 lit. b GDPR (which allows the processing of data to fulfill a contract or pre-contractual measures – here directed at the conclusion of an employment contract with you) as well as Art. 6 para. 1 lit. a GDPR (which permits data processing based on your consent).
In order for us to process your data and transmit it to a company, you must give the following declaration of consent when providing your contact and applicant data and further inquiry-specific personal data:
Consent to the use of my personal data
I agree that my data collected in the context of a job profile (e.g. first name and last name, address, postal code and city, country, telephone number, email, profile picture (if provided), proof of necessary qualifications, resume) will be shared with a suitable company for the purpose of getting in touch, so that the company can process my application request and contact me. I can withdraw my consent in this regard at any time for the future by email to datenschutz-auskunft@nelta.de.
§ 6 Use of customer data for direct marketing
Newsletter sending via Brevo
The sending of our email newsletters is done through this provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided during the newsletter registration to this provider in accordance with Art. 6 para. 1 lit. f GDPR so that they can take over the newsletter sending on our behalf.
Subject to your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the provider also carries out a statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the content of the newsletter. Device information (e.g., access time, IP address, browser type, and operating system) is also collected and evaluated but not merged with other datasets.
You can withdraw your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider, which protects the data of our website visitors and prohibits disclosure to third parties.
§ 7 Web analytics services
Google Analytics 4
This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables analysis of your use of our website.
By default, cookies are set by Google Analytics 4 when visiting the website, which are small text blocks stored on your device that collect certain information. This information includes your IP address, which is truncated by Google at the last digits to exclude direct personal referability.
The information is transmitted to Google servers and further processed there. Transfers to Google LLC based in the USA are also possible.
Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activities for us, and provide additional services related to website use and internet usage. The IP address transmitted by your browser in the context of Google Analytics and truncated will not be merged with other data from Google. The data collected during the use of Google Analytics 4 is stored for a duration of two months and then deleted.
All processing described above, especially the setting of cookies on the used device, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, the use of Google Analytics 4 during your site visit will not occur. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the “cookie consent tool” provided on the website.
We have concluded a data processing agreement with Google, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
Further legal information on Google Analytics 4 can be found at policies.google.com/privacy?hl=de&gl=de and at policies.google.com/technologies/partner-sites
Demographic characteristics
Google Analytics 4 uses the special feature "demographic characteristics" and can create statistics that make statements about the age, gender, and interests of website visitors. This is done by analyzing advertisements and information from third parties. This allows target groups for marketing activities to be identified. The collected data cannot, however, be assigned to a specific person and will be deleted after a storage period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google, subject to your consent to use Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, can analyze your usage behavior across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can deactivate the “Personalized Advertising” feature in your Google account settings. Please follow the instructions on this page: support.google.com/ads/answer/2662922?hl=de
For more information on Google Signals, please refer to the following link: support.google.com/analytics/answer/7532985?hl=de
User IDs
As an extension to Google Analytics 4, the "UserIDs" function may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, have set up an account on this website and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
§ 8 Page functionalities
Google Sign-In
On our website, we provide a single sign-on function from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
In addition to transmitting data to the above-mentioned provider location, data may also be transmitted to: Google LLC, USA
If you have an account with the provider, you can sign in with these account details to create a user account or register on our website.
When visiting this page, a direct connection can be established between your browser and the provider's servers via this login function, even if you do not have an account with the provider or are not logged into such an account. This allows the provider to be informed that you visited our page. The information collected in this regard (possibly including your IP address) will be transmitted directly from your browser to a server of the provider and stored there. However, the information will not be used to identify you personally and will not be disclosed to third parties.
These data processing operations are carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a user-friendly and interactive design of our online presence.
If you press the login button to register on our website with your account data with the provider, the provider will only transmit the generally and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender) to us solely based on your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
We store and use the data transmitted by the provider to set up a user account with the necessary data (title, first name, last name, address data, country, email address, date of birth), provided you have released this to the provider. Conversely, based on your consent, data (e.g., information about your surfing or buying behavior) can be transmitted from us to your account with the provider.
The consent given can be revoked at any time with effect for the future.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Google Meet
For conducting online meetings, video conferences, and/or webinars, we use this provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
There may also be a transmission to the servers of Google LLC. in the USA.
The provider processes different data, depending on which data you provide before or during participation in an online meeting, video conference, or webinar. Your data as a communication participant are processed and stored on the provider’s servers. This may include your login data (name, email address, telephone number (optional), and password) and session data (topic, participant IP address, device information, description (optional)).
Additionally, contributions of participants via image and sound as well as speech input in chats may be processed.
For the processing of personal data necessary for the fulfillment of a contract with you (this also applies to processing operations necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us consent for the processing of your data, processing will take place based on Art. 6 para. 1 lit. a GDPR. You can revoke your granted consent at any time with effect for the future.
In addition, the legal basis for data processing during online meetings, video conferences, or webinars is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in effectively conducting the online meeting, webinar, or video conference.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Google Forms
For conducting surveys or online forms, we use the services of the following provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
In addition to transmitting data to the above-mentioned provider location, data may also be transmitted to: Google LLC, USA
The provider allows us to create and evaluate surveys and online forms. Along with the respective personal data you enter in the forms, information about your operating system, browser, date and time of your visit, referrer URL, and your IP address are also collected, transmitted to the provider, and stored on the servers of the provider.
Information you enter into the forms is stored password-protected to ensure that third-party access is excluded and that only we can evaluate the data for the purpose stated in the respective form.
In processing personal data that are necessary to fulfill a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us consent for the processing of your data, processing will take place based on Art. 6 para. 1 lit. a GDPR. Any consent granted can be revoked at any time with effect for the future.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Online applications via a form
On our website, we currently advertise vacant positions in a separate section, which interested parties can apply for via an appropriate form.
Applicants must provide all personal data necessary for a sound assessment, including general information such as name, address, and contact options, as well as performance-related proof and any health-related information. Details regarding the application can be found in the job advertisement.
Upon submission of the form, the applicant data will be transmitted to us encrypted according to the state of technology, stored by us, and evaluated exclusively for the purpose of processing the application. The processing is carried out based on Art. 6 para. 1 lit. b GDPR (or § 26 para. 1 BDSG), whereby passing through the application procedure is considered as an initiation of an employment relationship.
If special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data such as information about disability status) are requested from applicants during the application process, processing will take place in accordance with Art. 9 para. 2 lit. b GDPR, so that we can exercise the rights arising from labor law and social security law and fulfill our corresponding obligations.
Cumulatively or alternatively, the processing of special data categories may also be based on Art. 9 para. 1 lit. h GDPR when it is conducted for the purposes of health care, occupational medicine, assessing the applicant’s work ability, diagnostic medical care, treatment in the health or social field, or for the administration of systems and services in the health or social sector.
If an applicant is not selected or withdraws their application prematurely, the submitted data as well as all electronic correspondence, including the application email, will be deleted after an appropriate notification no later than 6 months. This period corresponds to our legitimate interest in being able to answer any follow-up questions regarding the application and to fulfill our documentation obligations under the provisions on equal treatment of applicants.
In the case of a successful application, the provided data will be processed based on Art. 6 para. 1 lit. b GDPR (for processing in Germany in connection with § 26 para. 1 BDSG) for the purpose of conducting the employment relationship.
Applications for job advertisements via email
On our website, we currently advertise vacant positions in a separate section, which interested parties can apply for via email to the provided contact address.
Applicants must provide all personal data necessary for a sound assessment, including general information such as name, address, and contact options, as well as performance-related proof and any health-related information. Details regarding the application can be found in the job advertisement.
Upon receipt of the application via email, the data will be stored and evaluated solely for the purpose of processing the application. For follow-up inquiries, we use either the applicant's email address or telephone number. Processing takes place based on Art. 6 para. 1 lit. b GDPR (or § 26 para. 1 BDSG), whereby passing through the application procedure is considered as an initiation of an employment relationship.
If special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data such as information about disability status) are requested from applicants during the application process, processing will take place in accordance with Art. 9 para. 2 lit. b GDPR, so that we can exercise the rights arising from labor law and social security law and fulfill our corresponding obligations.
Cumulatively or alternatively, the processing of special data categories may also be based on Art. 9 para. 1 lit. h GDPR when it is conducted for the purposes of health care, occupational medicine, assessing the applicant’s work ability, diagnostic medical care, treatment in the health or social field, or for the administration of systems and services in the health or social sector.
If an applicant is not selected or withdraws their application prematurely, the submitted data as well as all electronic correspondence, including the application email, will be deleted after an appropriate notification no later than 6 months. This period corresponds to our legitimate interest in being able to answer any follow-up questions regarding the application and to fulfill our documentation obligations under the provisions on equal treatment of applicants.
In the case of a successful application, the provided data will be processed based on Art. 6 para. 1 lit. b GDPR (for processing in Germany in connection with § 26 para. 1 BDSG) for the purpose of conducting the employment relationship.
Zapier
This website uses the services of the following provider: Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA, to integrate and synchronize databases and web applications.
In this context, our processing operations are automated and different workflows established to efficiently manage and execute internal processes in our processing system. If personal data is also processed in this context, this is done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in optimizing our internal organization.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.
Airtable
This website employs the services of the following provider: Formagrid Inc, 769 Dolores Street, San Francisco, CA 94110, USA, for the organization and management of data in a cloud-based environment, creation of databases with custom fields and filters, automation of workflows, real-time collaboration, and integration with other services.
In this context, our processing operations are automated and different workflows established to efficiently manage and execute internal processes in our processing system. If personal data is also processed in this context, such processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in optimizing our internal organization.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider relies on standard contractual clauses of the European Commission, which intend to ensure compliance with the European level of data protection.
§ 9 Tools and Miscellaneous
Cookie Consent Tool
This website uses a so-called "Cookie Consent Tool" to obtain effective user consents for cookies and cookie-based applications requiring consent. The "Cookie Consent Tool" is displayed to users in the form of an interactive user interface when the page is accessed, on which consents for specific cookies and/or cookie-based applications can be granted by ticking boxes. By using the tool, all cookies/services requiring consent are only loaded when the respective user grants the corresponding consent by ticking boxes. This ensures that only if consent is granted, such cookies are set on the user’s device.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is not generally processed here.
If, in individual cases, it becomes necessary to process personal data (such as the IP address) for the purpose of storing, assigning, or logging cookie settings, this will be done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in lawful, user-specific, and user-friendly consent management for cookies and thus in a lawful design of our internet presence.
Another legal basis for processing is also Art. 6 para. 1 lit. c GDPR. As data controllers, we are legally obliged to make the use of technically non-necessary cookies dependent on user consent.
If required, we have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
Further information about the operator and options regarding the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
§ 10 Rights of the Data Subject
The applicable data protection law grants you the following rights regarding the processing of your personal data by the data controller (rights to information and intervention), with the exercise requirements referring to the cited legal basis:
Right to information in accordance with Art. 15 GDPR;
Right to rectification in accordance with Art. 16 GDPR;
Right to deletion in accordance with Art. 17 GDPR;
Right to restriction of processing in accordance with Art. 18 GDPR;
Right to notification in accordance with Art. 19 GDPR;
Right to data portability in accordance with Art. 20 GDPR;
Right to withdraw consent granted in accordance with Art. 7 para. 3 GDPR;
Right to complain in accordance with Art. 77 GDPR.
RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS DUE TO OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
§ 11 Duration of Storage of Personal Data
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and – where applicable – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).
When processing personal data based on explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, this data will be stored until the data subject revokes their consent. If there are statutory retention periods for data processed within the framework of contractual or quasi-contractual obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided they are no longer required for contract fulfillment or initiation and/or we no longer have a legitimate interest in further storage.
When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises their right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for the purposes of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises their right to object under Art. 21 para. 2 GDPR.
Unless otherwise stipulated in the other information in this statement regarding specific processing situations, stored personal data will then be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
§ 12 Our Social Media Presence
This privacy policy applies to the following social media presences
https://www.instagram.com/nelta_official/
https://www.linkedin.com/company/nelta-magnified-efficieny/mycompany/
https://www.tiktok.com/@nelta_official_
https://www.xing.com/pages/nelta
Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. You can find the specific social networks we use below.
Social networks such as Instagram, LinkedIn, TikTok, XING can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). By visiting our social media presences, a multitude of data processing operations are triggered. Below, we provide an overview of which of your personal data is collected, used, and stored when you visit our profiles.
Specifically:
When you visit our profiles, your personal data is collected not only by us but also by the operators of the respective social network. This occurs regardless of whether you are logged into your social network or not, and even if you do not have a profile in the respective social network.
With the help of the data collected in this way, the operators of the respective social network can create user profiles that record your preferences and interests. This way, interest-based advertising can be displayed within and outside the respective social network. If you have an account with the respective social network, interest-based advertising may be displayed on all devices on which you are logged in or have been logged in.
Please note that the individual data processing operations and their scope are not necessarily traceable to us. They differ depending on the operator of the respective social network. Details on how your personal data is collected and stored, as well as the nature, scope, and purpose of their use by the operator of the respective social network, can be found in the terms of use and privacy policies of the respective operator.
Legal Basis
The data processing within our social networks aims to enhance the user experience when visiting our fan pages and to ensure a comprehensive presence on the Internet.
The legal basis for the data processing is thus a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases that the operators of the social networks must state (e.g., consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Controller and Assertion of Rights
If you visit one of our social networks (e.g., Instagram, LinkedIn, TikTok, XING), we are jointly responsible with the operator of the respective social network for the data processing operations triggered during this visit. You can assert your rights (information, rectification, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social network (e.g., against Instagram, LinkedIn, TikTok, XING).
Please note that despite joint responsibility with the operators of social media portals, we do not have full influence over the data processing operations of the respective social network. Our possibilities are mainly determined by the corporate policy of the respective provider.
Storage Duration
The data collected by us directly from social networks will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage ceases to exist. Stored cookies remain on your device until you delete them. Mandatory legal provisions – particularly retention periods – remain unaffected.
We have no influence on the storage duration of your data, which are stored by the operators of the social networks for their own purposes. For details, please contact the operators of the respective social networks directly (e.g., in their privacy policy as outlined below).
Your Rights
As a person affected by data processing, you have the following rights:
You have the right to receive free information from us about the processing of your personal data to the extent of Art. 15 DS-GVO;
You have the right to demand from us the immediate rectification of inaccurate personal data concerning you and/or completion of incomplete personal data to the extent of Art. 16 DS-GVO;
You have the right to demand the immediate deletion of personal data concerning you to the extent of Art. 17 DS-GVO;
You have the right to request the restriction of processing of personal data concerning you to the extent of Art. 18 DS-GVO; – You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another controller to the extent of Art. 20 DS-GVO;
You have the right to object, for reasons relating to your particular situation, at any time to the processing of your personal data that concerns you, if the processing is based on a prevailing interest or your data is used for direct marketing purposes to the extent of Art. 21 DS-GVO;
You have the right to withdraw your consent to data processing at any time, without affecting the lawfulness of the data processing based on your consent up to the point of withdrawal;
You have the right to lodge a complaint with a supervisory authority regarding our processing of your data.
Social Networks in Detail
We have a profile on Instagram. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
Details on how they handle your personal data can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission. You can get more information from the provider at the following link: www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Find details here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
TikTok
We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Details on how they handle your personal data can be found in TikTok's privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de.
The data transfer to insecure third countries is based on the standard contractual clauses of the EU Commission. Find details here: https://www.tiktok.com/legal/privacy-policy?lang=de.
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
