Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific laws applicable to us. With the help of this privacy notice, we inform you comprehensively about the processing of your personal data by nextevidence GmbH (hereinafter referred to as "nextevidence") when using our website and the rights to which you are entitled.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Data is considered anonymous if no personal reference to the individual/ user can be made.
Responsible body and data protection officer
T | +49 (0) 89 4445 1156
F | +49 (0) 89 4445 1157
E | firstname.lastname@example.org
Contact info of the data protection officer
Last updated on 05 July 2021.
Your rights as a data subject
We would first like to inform you of your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR, and include:
• The right of access (Art. 15 EU GDPR),
• The right to rectification (Art. 16 GDPR),
• The right to erasure / right to be forgotten (Art. 17 EU GDPR),
• The right to restriction of data processing (Art. 18 EU GDPR),
• The right to data portability (Art. 20 EU GDPR),
• The right to object to data processing (Art. 21 EU GDPR).
To exercise these rights, please contact: email@example.com. The same applies if you have any questions regarding data processing at our company or when you withdraw your consent. You also have the right of appeal to the relevant data protection supervisory authority.
Right to object
Please note the following with respect to your right to object:
When we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes. The objection is free of charge and can be made in any form, if possible to: firstname.lastname@example.org
Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.
We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the EU GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from art. 6 EU GDPR.
We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing.
Your consent also constitutes permission to data processing under data privacy law. In this respect, we will inform you of the purposes of data processing and your right of objection. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.
Processing of special categories of personal data within the meaning of art. 9 (1) EU GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data or you have given your consent to the processing of these data according to art. 9 (2) EU GDPR.
Data transfers / Disclosure to third parties
We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).
Data recipients / categories of recipients
In our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.
In many cases, service providers assist our specialist departments to fulfil their tasks. The necessary data protection contracts have been concluded with all service providers. Service providers are accounting clerks, providers of CRM/ERP services and providers of website hosting, cookie and web tracking management.
Transfers of personal data to third countries
A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law or if you have provided your consent for such a transfer.
We transfer your personal data to service providers or group companies outside the European Economic Area as follows: United States of America
In such cases, compliance with the required level of data protection is ensured by EU standard contractual clauses, the binding corporate data protection regulations of the service provider according to the established data protection contracts as well as compliance of the service provider to the EU/US Privacy Shield.
Period of data storage
We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.
We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.
Personal data of job applicants with whom no employment contract has been concluded will be deleted after six months.
Secure transfer of data
We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.
The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website, and always use the current encryption protocols. When you use the contact form on our website to contact us, the content is sent over https to a secure server of Webflow where the form submission data is stored in an encrypted database. Employees of Webflow do not have direct access to these data. In general, it is also possible to use alternative communication channels (e.g. surface mail).
Obligation to provide data
A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website and the various functions we provide.
We have summarised the relevant details in the above point. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.
Data categories, sources and origin of data
The data we process is defined by the relevant context: it depends on whether, for example, you place an order online, enter a request on our contact form or if you want to send us an application or submit a complaint.
Please note that we may also provide information at specific points for specific processing situations separately where appropriate, e.g. when downloading our flyer or when making a contact request.
We collect and process the following data when you visit our website:
• Your IP address which is immediately hashed by removing the last two digits
• The URL and the title of the page you are viewing
• The browser (name) you are using
• Viewport or viewing pane (the size of the browser window)
• Your screen resolution
• Whether or not you have Java enabled
• The version of Adobe Flash you are using
• The language enabled in your browser
For reasons of technical security (in particular to safeguard against attempts to attack our web server), this data is stored in accordance with Article 6 (1) lit f EU GDPR. Anonymisation takes place immediately by abbreviating the IP address so that no reference is made to the user.
Our website uses Google Fonts which are provided by Google servers upon loading of the website. More information on data privacy you can find in the Google FAQ.
We collect and process the following data as part of a contact request:
• Name and salutation
• E-mail address
• Information on your interests and inquiries (your message), if provided by you
• Company / organization
We process the following data as part of the ordering process:
• Last name, first name (title, if applicable)
• Delivery address, Invoice address
• Contact data (street address, email address, telephone number)
• Data that may be legitimately processed from other / external sources
• Descriptions of your business systems or installation situations
We process the following data as part of a job application you send us:
• Name and salutation
• Contact details you provide to us
• Information on your professional career (CV), qualifications and certificates
• Information you provide during application interviews and our notes thereof
• The position you applied for, your salary expectations, you expected entry date and in exceptional cases your piece of identification
• Any other information you provide to us during the application process
Contact form / Contact via email (Article 6 (1) lit a, b EU GDPR)
A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the data you submitted in the contact form to respond to your queries and requests.
In so doing, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to contact you, which is your name, salutation, email address and the type of your request. Your IP address will also be processed (and hashed immediately) for technical reasons and for legal protection. All other data is voluntary, and additional fields are optional (e.g. to provide a more detailed response to your questions).
If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request.
Application Download / Customer account (Article 6 (1) lit a, b EU GDPR)
At the current time we do not provide download of our application or the creation of customer accounts directly on our website nextevidence.io or on www.nextevidence.io.
Marketing purposes (Article 6 (1) lit f EU GDPR)
nextevidence is keen to nurture the customer relationship with you and to send you information and offers about our product / services. We therefore process your data to send you the relevant information and offers via email.
You may object to the use of your personal data for the purpose of direct marketing at any time; this also applies to profiling insofar as it is associated with direct marketing. If you object, we will cease processing your personal information for this purpose.
You can withdraw your consent at any time free of charge and informally without stating the reasons for such and should be sent via email to email@example.com or via surface mail to nextevidence GmbH, Balanstraße 71a, 81541 Munich, Germany.
Automated decisions in individual cases
We do not use purely automated processing to make decisions.
Our website uses “cookies” at various locations, which serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser (locally on your hard disk). Cookies enable us to analyse how users use our websites so we can design the website content in accordance with the visitor’s needs. Cookies also allow us to measure the effectiveness of a particular advertisement and, for example, to place it based on the user's interests.
When you first visit our website, a pop-up opens from which you can give your consent to the use of categories of cookies which are described below as well as in the pop-up itself.
The following categories of cookies are used on our website:
• Strictly necessary cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. These cookies include for example the ones used by the cookies script to maintain cookies based on your consent. You can set your browser to block or alert you about these cookies, but some parts of the site will then not work. These cookies do not store any personally identifiable information.
• Performance cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
• Targeting cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Most of the cookies we use are "session cookies", which will be automatically deleted after your visit. Persistent cookies are automatically deleted from your computer when their validity period (maximum 14 months) has expired or you delete them yourself prior to expiry.
Please note: If you deactivate the placing of cookies on your device, you may not be able to access all our website functions in certain circumstances.
Web tracking (Article 6 (1) lit a EU GDPR)
Google is certified under the EU-US Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google as described in section ‘Cookies’ above.
The personal data of users will be deleted or made anonymous after 14 months.
We do not use any social plugins.
Online offers for children
Persons under the age of 16 may not submit personal data to us or give a declaration of consent without the authorisation of their legal guardian. We encourage parents and guardians to actively participate in the online activities and interests of their children.
Links to other providers
Our website also contains clearly identifiable links to the Internet sites of other companies. Although we provide links to websites of other providers, we have no influence on their content, and no guarantee or liability can therefore be assumed for such. The content of these pages is always the responsibility of the respective provider or operator of the pages.
The linked pages were checked at the time of linking for potential legal violations and identifiable infringements. No illegal content was identified at the time of linking. However, a permanent content control of the linked pages is not reasonable without concrete evidence of an infringement and, upon notification of a violation of rights, such links will be promptly removed.