This document was last updated on August, 2023
Privacy Policy
of Novasama Technologies GmbH, Schönhauser Allee 163, 10435 Berlin ("the Company")
The Company operates the website www.novasama.io ("Website") on which it provides information and offers contact options.
The protection of personal data is very important to the Company. The following Privacy Policy explains the extent to which data is collected when visiting the Website and using the services offered there, and the purpose for which this data is processed. The Company complies with all applicable legal provisions on the protection of personal data and data security.
The legal basis for data processing is Art. 6 (1) a), Art. 7 GDPR for consents, Art. 6 (1) b) GDPR for the performance of services and contractual obligations, Art. 6 (1) c) GDPR for the compliance with legal obligations and Art. 6 (1) f) GDPR for the safeguarding of legitimate interests.
I. Name and contact details of the responsible person („Controller“)
The person responsible for processing personal data within the meaning of Art. 4 GDPR:
Novasama Technologies GmbH
Schönhauser Allee 163
10435 Berlin
admin@novasama.io
II. Type of data processed / purpose of processing / legal basis
In the following we explain what kind of personal data is processed when visiting the Website and using the services provided. Processing in this sense means any form of use of the data, such as collection, recording, organization, structuring, storage, presentation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Personal data is only processed as far as it is necessary for the provision of the services, the communication with the users, the execution of the contractual/business relationship as well as for the optimisation of business processes and the demand-oriented design of our services.
We observe the principle of data minimisation and only process your personal data in strict compliance with data protection regulations. In particular, corresponding data is only processed if a legal permission/legal basis exists.
1. Accessing the Website
1.1. Server Logfiles
When accessing the Website, usage data are automatically transmitted by your browser and are saved in protocol data, so-called server logfiles. These server logfiles contain the IP address, browser information (type, version, browser plug-ins), the operating system of the device (type, version), screen resolution, language settings, timezone, installed fonts, MIME type, Silverlight data, HTTP header, the click behaviour on the Website, like the pages visited on the domain, the length of stay, visit date, time, duration and referrer, and error messages. Location data is only recorded anonymously and with limited accuracy (country/region/city), so that it is impossible to draw conclusions about the identity of the visitor.
Additional personal data, such as names, are not collected.
We process the data in order to establish a smooth connection to our Website. The processing is necessary to ensure the security and stability of the system and a comfortable use of the Website. It is impossible to allocate this data to a specific person.
We also use the log data for statistical evaluations, for the purpose of optimizing the processes and the security of the services. We reserve the right to check the log data retrospectively if, based on concrete indications, there is a suspicion of unlawful use of the service provided.
The legal basis for data processing is Art. 6 (1) b) and f) GDPR.
1.2. Cookies
The Website uses cookies, which can also be set by third-party providers. These are short data packages that are exchanged between computer programs or text files that are stored on the visitor's terminal device. Session cookies are deleted after you close your browser, whereas persistent cookies remain on your terminal device and enable us to recognise your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of the Website may be limited.
The legal basis for data processing is Art. 6 (1) b) and f) GDPR for cookies that are technically necessary for the operation of the website.
The legal basis for data processing for all other cookies that are not technically necessary for the operation of the website is your consent pursuant to Art. 6 (1) a) GDPR.
2. Contacting us
If you contact us using the postal or e-mail address provided on our Website, we will process the contact details you have provided, i.e. name, postal or email address, as well as any additional information you have voluntarily provided.
In this case, the processing of the contact data used by you is indispensable in order to get in touch with you and to be able to answer your request. If additional data has been provided, processing serves to individualize you and thus to be able to respond to your request in the best possible way.
The legal basis for data processing is Art. 6 (1) a), b) and f) GDPR.
III. Duration of storage
Your data will be stored for as long as is necessary to fulfill the above-mentioned purposes.
As soon as this is no longer the case, e.g. after complete termination of the contractual/business relationship, it will be deleted or blocked if and as long as commercial or tax retention obligations do not require further retention (Art. 6 (1) p. 1 c) GDPR). From the point in time when legal storage obligations no longer conflict with this, the data will be deleted unless you have expressly consented to further use (Art. 6 (1) p. 1 a) GDPR).
Personal data can also be manually deleted from the database at any time if requested.
Server log files are stored on the server for 30 days.
IV. Disclosure of data to third parties/transfer to third countries
In principle, the data you provide will not be made available to third parties. In individual cases, however, it may be necessary to pass on your personal data to companies entrusted by us with the provision of individual services (e.g. webhost, programmer, cloud provider, accounting) in order to execute the contract and provide our services.
If, in the course of our processing, we disclose data to third parties, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission, your consent, a legal obligation or on the basis of our legitimate interests. If we commission third-party providers with the processing of data on the basis of a so-called "Data Processing Agreement", this is done on the basis of Art. 28 GDPR. For their part, the third parties are obliged to comply with the statutory provisions when handling and processing this data.
It is possible that the seat of a third party is located in a third country, i.e. in a country in which the GDPR does not have direct legal effect. In this case, data will only be transferred if your consent has been given, an adequate level of data protection prevails, for example due to individual agreements, the use of EU standard contractual clauses, the existence of an EU adequacy decision, or other legal permission exists.
Transmission to authorities and state institutions entitled to receive information is also possible, but will only take place within the framework of the legal obligations to provide information and in the event of a court decision obliging us to do so. In these cases, the Company may provide the information, e.g. for the assertion, exercise and defense of legal claims, enforcement of existing contracts, in the context of allegations of fraud, security measures or generally legally applicable regulations.
Personal data will not be disclosed outside the scope described here without express consent.
Under no circumstances will the Company sell or rent personal data to third parties.
V. Online Presentations / Company Profile in Social Media
Our company has an online presence on social platforms like LinkedIn, Twitter, Youtube, Github, Telegram. Through this, we simplify the search for our services for interested parties and offer an additional channel of communication.
When visiting our profile, the provider of the platform may process your personal data. The purpose of the processing of user data by the respective social media and platforms is usually user-specific advertising, i.e. individualized advertising can be displayed that corresponds to the presumed interests of the user or results from the user's previous usage behavior.
It is possible that the seat of the provider is located in a third country, i.e. in a country in which the GDPR has no direct legal effect. We expressly point out that we ourselves have no influence on the scope of the data that these companies collect. We must therefore rely on the information provided by the respective companies with regard to data protection. Further information on the handling of user data can be found here: LinkedIn, Twitter, Youtube, Github, Telegram.
We would like to make it clear that in the event of information requests and/or the assertion of other data subject rights, users should contact the respective companies directly. They have insight and access rights to the user data stored and processed there and can provide information and/or take measures accordingly. If you contact us directly, we will try to support your request as best we can. However, since we have no insight into or access to the data stored by these companies, our options for action are limited.
Please inform yourself about the data processing principles of the respective companies by reading the corresponding data protection statements.
VI. Your rights as a data subject
1. Right to withdraw the declaration of consent
Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your consent to processing at any time. The lawfulness of the processing carried out on the basis of the consent until withdrawal is not affected. The right of withdrawal may be exercised by means of an informal declaration. A written declaration or alternatively an e-mail to the above contact address is sufficient.
2. Right of access
Pursuant to Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data relating to you is processed. If this is the case, you have a right to access this personal data and the information specified in Art. 15 (1) GDPR. These include in particular the purpose of the processing, the categories of personal data concerned, the recipients to whom data have been or will be disclosed, as far as possible the envisaged duration of the storage or the criteria for the determination of the duration of the storage.
3. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to obtain from us the rectification of any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary statement.
4. Right to erasure
Pursuant to Art. 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay. We are obliged to delete personal data immediately if one of the provisions of Art. 17 (1) GDPR applies. One of these reasons is that the data are no longer necessary for the purposes for which they are collected or otherwise processed.
5. Right to restriction of processing
Pursuant to Art. 18 GDPR, you have the right to obtain from us the restriction of processing if one of the conditions set out in Art. 18 GDPR applies. This includes, for example, that you contest the accuracy of the personal data. Then we may process the data only to a limited extent as long as it takes to verify the accuracy of the personal data.
6. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you which you have provided to us in a structured, common and machine-readable format. You have the right to transfer this data to another data controller, i.e. another entity that processes the data, without hindrance, if the original processing was based on consent or was necessary for the execution of a contract.
7. Right to object
Pursuant to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you if these data are processed on the basis of Art. 6 para. 1 e) or f) GDPR and there are reasons arising from your personal situation. The processing of data for the purpose of direct marketing can be objected to at any time. Personal data will then no longer be processed for this purpose. The right to object may be exercised by means of an informal declaration. A written declaration or alternatively an e-mail to the above contact address is sufficient.
8. Automated individual decision-making, including profiling
According to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effect on you or similarly significantly affects you. Art. 22 (1) GDPR provides for exceptions to this rule, whereby Art. 22 (4) GDPR again contains some exceptions to withdrawal.
9. Right to lodge a complaint with a supervisory authority
Pursuant to Art. 77 GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR.
In the present case, the competent supervisory authority is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219, 10969
Berlin Telephone: 030/13 889-0
Telefax: 030/215-5050
E-Mail: mailbox@datenschutz-berlin.de
http://www.datenschutz-berlin.de
VII. Technical and organizational measures
We take technical and organizational measures to ensure that the security and protection requirements of the GDPR are met and that personal data is protected against loss, destruction, manipulation or access by unauthorized persons. The measures are always adapted to the current state of the art.
VIII. Changes to the Privacy Policy
We reserve the right to change this Privacy Policy at any time. You are requested to inform yourself regularly about the content of the Privacy Policy.