In our privacy policy, we inform you about the type, scope and purpose of processing your personal data within the scope of our service provision, on our websites and in our social media profiles.

With regard to the definition of the terms used (e.g. personal data, processing, responsible person, anonymised), we refer to Art. 4 of the General Data Protection Regulation (hereinafter "GDPR").

Responsible body

nexum AG, Vogelsanger Straße 321a, 50827 Cologne
Supervisory Board: Hans-Werner Scherer, Thomas Fell, Martin Hecker, Board of Directors: Dr. Michael Klinkers, Georg Kühl, Dirk Steinmetz
Tel: +49 221 99886-0
E-Mail: info@nexum.de

Data Protection Officer

We have appointed a data protection officer for our company. If you would like to make use of any of the rights listed below or would like further information on data protection, please feel free to contact our data protection officer. You can reach him as follows:

legal.solutions GmbH
Sophienstr. 1
10178 Berlin
E-Mail: datenschutz@nexum.de

You can exercise the following rights at any time by contacting the data protection officers:

• Information about your data stored with us and their processing, Art. 15 GDPR
• Correction of incorrect personal data, Art. 16 GDPR
• Deletion of your data stored with us or restriction of data processing, insofar as we are not yet allowed to delete your data due to legal obligations or the deletion represents a disproportionately high effort, Art. 17 und 18 GDPR
• Data transmission, Art. 20 GDPR
• If you have given us your consent, you can revoke it at any time with effect for the future, Art. 7 Abs.3 GDPR
• Objection to future data processing in accordance of Art. 21 GDPR
• You can contact the supervisory authority responsible for you at any time with a complaint, Art. 77 GDPR.

Your local regulatory authority will vary according to the state of your residence, work or alleged violation. You can find a list of the supervisory authorities and their addresses at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Contact

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the information of the inquiring person is processed to the extent necessary to respond to the contact requests and any requested actions (e.g. names, addresses, e-mail, telephone numbers, text entries).

The response to contact requests in the context of contractual or pre-contractual relationships is made to fulfill our contractual obligations or to respond to (pre)contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO) and otherwise on the base of legitimate interests in responding to the inquiries (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Service provision

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer inquiries. This includes inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contractual data (e.g. subject matter of contract, term).

We process this data to fulfill our (pre-) contractual obligations (Art. 6 para. 1 p. 1 lit. b. DSGVO), to secure our rights and for the purposes of the administrative tasks associated with this information as well as the entrepreneurial organization (Art. 6 para. 1 p. 1 lit. c and f. DSGVO). We only disclose the data of the contractual partners to third parties within the scope of applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the contractual partners (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities).

We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., if it must be retained for legal archiving reasons (e.g., for tax purposes generally 10 years).

As far as we use third party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third party providers or platforms apply in the relationship between the users and the providers.

Cloud services

We use software services accessible via the Internet and running on the servers of their providers (so-called "cloud services") for the following purposes: document storage and management, calendar management, e-mailing, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing websites, forms or other content and information, as well as chatting and participating in audio and video conferences.

In this context, personal data may be processed and stored on the servers of the providers if they are part of communication processes with us or otherwise processed by us as set out in this privacy policy. This data may include, in particular, master data (e.g. name, address) and contact data of the users (e.g. e-mail, telephone numbers), data on procedures, contracts, other processes and their contents (e.g. text entries, photographs, videos). The providers of the cloud services also process usage data and metadata (e.g. device information, IP addresses), which are used by them for security purposes and for service optimization.

If we ask for consent to use the cloud services, the legal basis for processing is consent (Art. 6 para. 1 sentence 1 lit. a DSGVO). Furthermore, their use may be part of our (pre)contractual services (Art. 6 para. 1 sentence 1 lit. b. DSGVO), provided that the use of the cloud services has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient and secure administration and collaboration processes) (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

We use the following service provider, which has integrated the EU standard contractual clauses into its terms of use:

Microsoft

Microsoft Office applications, teams and stream (audio and video meetings), cloud storage services

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: HTTPS://MICROSOFT.COM/EN-DE; Privacy Policy: HTTPS://PRIVACY.MICROSOFT.COM/EN-DE/PRIVACYSTATEMENT, Security Notice: HTTPS://WWW.MICROSOFT.COM/EN-EN/TRUSTCENTER.      

Data collection on our website

Server log files

Our website is operated by a hosting service provider. Depending on the use of our website, our hosting service provider (hereinafter "hosting company") automatically stores and collects information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This is due to our legitimate interest in an efficient and secure provision of our online offer in accordance with Art. 6 Para. 1 lit. f in conjunction with Art. 28 GDPR.

Our hosting service provider is Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel has committed under a DPA and under the SCCs, which you can view below: HTTPS://VERCEL.COM/LEGAL/DPA#SCHEDULE-3.

SSL or TLS encryption

We use SSL or TLS encryption on our website. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

Prismic

We use Prismic as a content management system for our website. This is a service of Prismic Networks, Inc. 185 Alewife Brook Parkway, #410 Cambridge, MA 02138 hereinafter referred to as "Prismic".

In order to enable the content of our website to be displayed, a connection to the Prismic servers is established when our website is accessed.

This is due to our legitimate interests in making our online offer available efficiently and securely in accordance with Article 6 Paragraph 1 Letter f in conjunction with Article 28 GDPR.

Through the connection established to Prismic when you access our website, Prismic can determine from which website your request was sent and to which IP address the content is to be transmitted.

Prismic provides more information at https://prismic.io/legal/privacy and https://prismic.io/security and advises that Prismic's privacy policy is compliant with EU data protection laws (GDPR).

Cookies

Our websites partly use so-called cookies. These serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

If the cookies are so-called "session cookies", they are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser.

Detailed information about cookies on our website can be found in a separate section: TO COOKIE STATEMENT.

Contact form

If you contact us via the contact form, your data from the contact form will be stored by us for the purpose of processing the request and in case of follow-up questions.

The processing of the data entered in the contact form is based on Art. 6 para. 1 lit. b DSGVO or on your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can object to this processing or revoke a declared consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The lawfulness of the data processing operations carried out until the objection or revocation remains unaffected.

The data you entered in the contact form will remain with us until you request us to delete it or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.

Salesforce Sales Cloud

For communication via the contact form, we use the Service Sales Cloud, of the provider salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich. The data provided via the contact form is stored within the Salesforce Sales Cloud.

To manage the user accounts, we use the Salesforce Sales Cloud as a CRM system to be able to process user inquiries more quickly and efficiently. The use of the Salesforce Sales Cloud is thus made pursuant to Art. 6 (1) p. 1 lit. f DSGVO based on our legitimate economic interest to optimize our sales activities and to manage user accounts. These interests are considered legitimate within the meaning of the provision.

Salesforce assures that they process data in compliance with the GDPR and ensure the protection of data subjects' rights. Salesforce is certified under the EU-U.S. Data Privacy Framework and therefore provides an adequate level of data protection. In addition, Salesforce relies on binding corporate rules to comply with the GDPR and the EU Standard Contractual Clauses, both of which are included in Salesforce's Data Processing Addendum.

HTTPS://WWW.SALESFORCE.COM/CONTENT/DAM/WEB/EN_US/WWW/DOCUMENTS/LEGAL/AGREEMENTS/EU-DATA-TRANSFER-MECHANISMS-FAQ.PDF

Salesforce uses the user's data only for the technical processing of the requests and does not pass them on to third parties. To use Salesforce, at least the provision of a correct e-mail address is necessary. Use under pseudonyms is possible. In the course of processing service requests, it may be necessary to collect further data (name, address).

If you do not agree to data collection via and data storage in Salesforce's external system, we offer you alternative contact options for submitting service requests by e-mail, telephone, fax or mail.

For more information about Salesforce's data processing, click here:

Salesforce Privacy Policy: HTTPS://WWW.SALESFORCE.COM/EN/COMPANY/PRIVACY/FULL_PRIVACY/

Documents about Salesforce's compliance with the EU GDPR (in English): HTTPS://COMPLIANCE.SALESFORCE.COM/EN/GDPR

Mailchimp

To send our newsletters and for automated mailings (e.g. welcome mailings, event invitations), we use Mailchimp, a product of Intuit Inc. and a service of

The Rocket Science Group LLC d/b/a Mailchimp 75 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA

This allows us to contact subscribers directly. In addition, we analyze your usage behavior in order to optimize our offer.

For this purpose, we share the following personal data with Mailchimp as a processor for us:

• E-mail address
• First name
• Last name

Our e-mails contain a link with which you can update your personal data.

The legal basis for this processing is first and foremost your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. By declaring the revocation, the lawfulness of the processing carried out so far is not affected.

Your data will be processed as long as a corresponding consent is available. Apart from this, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.

Mailchimp is a company based in the USA, which also stores data in the USA. Data is transferred to the USA on the basis of standard contractual clauses (SCCs) agreed with the company in accordance with Article 46 (2) c of the GDPR. A transfer impact assessment has also been carried out. For more information, see:

HTTPS://MAILCHIMP.COM/EN/HELP/MAILCHIMP-EUROPEAN-DATA-TRANSFERS/.

In addition, Mailchimp claims to have implemented compliance measures for international data transfers. For more information, please visit: 

HTTPS://MAILCHIMP.COM/LEGAL/DATA-PROCESSING-ADDENDUM/.

In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web pages were opened). According to Mailchimp, this data is needed to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of abuse. This corresponds to the legitimate interest of Mailchimp (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). Furthermore, Mailchimp evaluates performance data, such as the delivery statistics of emails and other communication data. This information is used to create usage and performance statistics of the services.

In addition, Mailchimp collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process.

You can find more information about objection and removal options vis-à-vis Mailchimp at:

HTTPS://WWW.INTUIT.COM/PRIVACY/STATEMENT/

Google Tag Manager

We use the service called Google Tag Manager. The provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of consent given, in accordance with Art. 6 (1) lit. a DSGVO; consent can be revoked at any time.

The terms and conditions for the order processing for the Google Tag Manager can be found under the following link:

https://business.safety.google/adsprocessorterms/.

Google is certified under the EU-U.S. Data Privacy Framework and therefore provides an adequate level of data protection. In addition, data transfer to the U.S. is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://business.safety.google/adsprocessorterms/sccs/p2p/.

Google Conversion Tracking

Our website uses the conversion tracking function as part of Google Ads from Google. The provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

When you click on an ad placed by Google, a cookie is set for conversion tracking. This cookie loses its validity after 30 days and does not serve to identify you personally. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked across Ads customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to participate in the tracking, you can object to this use by deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.

Google Conversion Tracking is used on the basis of consent granted, in accordance with Art. 6 (1) lit. a DSGVO; consent can be revoked at any time.

The terms and conditions for order processing for Google Conversion Tracking can be found under the following link:

https://business.safety.google/adsprocessorterms/.

Google is certified under the EU-U.S. Data Privacy Framework and therefore provides an adequate level of data protection. In addition, data transfer to the U.S. is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://business.safety.google/adsprocessorterms/sccs/p2p/.

etracker

We use our own services to analyze the use of our application. For this purpose, we do not use cookies by default. Insofar as we use analysis and optimization cookies, we obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used that enable a statistical analysis of the use of the application. Cookies are small text files that are stored by the Internet browser on the user's terminal device. etracker cookies do not contain any information that enables the identification of a user.

The data generated with etracker is processed and stored exclusively in Germany and is thus subject to strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and awarded the EPRIVACYSEAL data protection seal of approval.

The data processing is carried out on the basis of the legal provisions of Art. 6 para.1 lit. f (legitimate interest) of the General Data Protection Regulation (DSGVO). Our concern in terms of the DSGVO (legitimate interest) is the optimization of our service. Since the privacy of our customers is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data or disclosure to third parties takes place.

You can object to the aforementioned data processing at any time. The objection has no adverse consequences.

You can find more information about data protection at etracker HERE.

LinkedIn

Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser, which enables the collection of, among other things, the following data: IP address, device and browser properties, and page events (e.g. page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with nexum, but offers anonymized reports on website audience and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. Nexum can use this data to display targeted advertising outside of its website without identifying you as a website visitor. For more information on data protection at LinkedIn, please refer to LinkedIn's privacy policy https://de.linkedin.com/legal/privacy-policy.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

SalesViewer

On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH, Huestr. 30, 44787 Bochum, Germany, based on the legitimate interests of the website operator (Art. 6 para.1 lit.f DSGVO).

For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.

The data stored as part of Salesviewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

You can object to the collection and storage of data at any time with effect for the future by clicking on this link here [https://www.salesviewer.com/de/opt-out/] to prevent the collection by SalesViewer® within this website in the future. This will place an opt-out cookie for this website on your device. If you delete your cookies in this browser, you must click this link again.

Social Media Profile

Facebook and Instagram

We maintain the Facebook and Instagram profiles "nexum AG" and "nexum Spain". The provider of the platform is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Harbour, Dublin 2, Ireland.

We use our profile on Facebook and Instagram to provide regular information about our company and our projects.

The maintenance of our Facebook and Instagram profile is based on our legitimate interest in promoting our company and our services in accordance with Art. 6 para. 1 lit.f GDPR.

If you use Facebook or Instagram, your data is regularly processed for analysis and advertising purposes in order to display interest-related advertising within and outside of Facebook and Instagram. For this purpose, cookies and pixels are regularly stored on the user's devices, also across devices, through which the user's usage behaviour and interests can be tracked.

For more information on data usage by Facebook and Instagram, settings and opt-out options, please see the Facebook Privacy Policy: https://www.facebook.com/policy Responsibility under data protection law within the meaning of Art. 26 GDPR is regulated in the Page Controller Addendum, which you can download from https://www.facebook.com/legal/terms/page_controller_addendum.

Twitter

We maintain the Twitter account "nexum". The provider is Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We use our Twitter account to provide regular information about our company and our projects.

The maintenance of our Twitter account is based on our legitimate interest in the promotion of our company and our services in accordance with Art. 6 para. 1 lit.f GDPR.

Information on which data is processed by Twitter and for which purposes it is used can be found in the Twitter privacy policy:

https://twitter.com/de/privacy.

If you use Twitter, your data will be processed regularly for analysis and advertising purposes to deliver interest-based advertising and content inside and outside Twitter. For this purpose, cookies and pixels are regularly stored on the user's devices, also across devices, which can be used to track the usage behaviour and interests of the users.

You can limit the processing of your data in the general settings of your Twitter account as well as in the section "Privacy and Security" and under the link:

https://twitter.com/personalization. In addition, you can restrict Twitter access to contact and calendar information, photos, location information, etc. on mobile devices in their settings. For more information on these items, please visit the following Twitter support pages: https://support.twitter.com.

LinkedIn

We maintain the LikedIn accounts "nexum AG" and "nexum Agency Switzerland AG". The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

LinkedIn has integrated the EU standard contract clauses into its terms of use and thereby offers a guarantee of compliance with European data protection law.

We use our LinkedIn account to provide regular information about our company and our projects.

The maintenance of our LinkedIn account is based on our legitimate interest in the promotion of our company and our services in accordance with Art. 6 para. 1 lit.f DSGVO.

Information on what data is processed by LinkedIn and for what purposes it is used can be found in the LinkedIn privacy policy: https://www.linkedin.com/legal... you use LinkedIn, your data is regularly processed for analysis and advertising purposes, in order to provide interest-related advertising and content within and outside LinkedIn. For this purpose, cookies and pixels are regularly stored on the user's devices, also across devices, through which the usage behaviour and interests of the users can be tracked.

You can object to the processing of your data by using the opt-out facility: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. In addition, you can restrict LinkedIn's access to contact and calendar data, photos, location data, etc. on mobile devices in the settings options there.