1. Responsible for data processing in accordance with Art. 4 No. 7 EU General Data Protection Regulation (GDPR)
Nect GmbH
Großer Burstah 21
20457 Hamburg
2. Contact details of the data protection officer
You can contact our data protection officer at privacy@nect.com and via our postal address (see section 1) with the addition ‘the data protection officer’.
3. Processing of personal data when using the Nect Portal and legal basis
3.1 Nect generally only processes personal data to the extent permitted or required by the GDPR or another legal provision or if you as a user have given a corresponding declaration of consent.
No obligation to provide
There is neither a contractual nor a legal obligation to provide personal data. You are not obliged to provide data.
Consequences of non-provision
In the case of required data (your e-mail address), failure to provide it will mean that the relevant service (use of the Nect portal) cannot be provided.
Consent
We process your data exclusively for the purpose of using the Nect Portal. Your consent is also used to contact you (updates, advertising).
3.2 On the Nect Portal, we offer you, your employees and your business partners and their employees the opportunity to register on our portal by providing personal data. The data is entered into an input mask and transmitted to us and stored.
3.3 If you, your employees or your business partners and their employees register to use the Nect Portal, we process the personal data required to set up and manage your access (e.g. your e-mail address). Each time you visit the Nect Portal, we collect and store your IP address, the browser used and the times of use. This personal data is processed for the purpose of ensuring the security and functionality of the Nect Portal.
- If you, your employees or your business partners and their employees consent to the processing for the purpose of using the Nect Portal, Art. 6 para. 1 letter a) GDPR is relevant. You agree that by logging in via Single-Sign-On (SSO) or Magic Link, data is automatically transmitted to Nect and used to provide the services offered.
- Furthermore, your explicit declaration of consent means that we can contact you electronically for status updates or marketing activities (advertising) using your email address. In addition, data processing is carried out to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is the interest in the preparation, optimisation and/or implementation of needs-based advertising measures and/or target group-oriented advertising in order to continuously improve the quality of products and/or services. The processing of the e-mail address will not lead to any conclusions about sensitive information about your person or references to your private and / or intimate sphere. Under no circumstances will negative profiles or similar be created by processing your e-mail address.
- The legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR if the data processing is necessary for the fulfilment of a contract. The registration serves the fulfilment of our agreement (‘Nect Portal’), to which you (direct customer of Nect) are a party, or the implementation of pre-contractual measures.
- If you as a user of the Nect portal do not maintain a contractual relationship with us (business partner of the direct customer of Nect or the employees of the business partners), but the direct customer of Nect does, the legal basis is Art. 6 para. 1 letter f) GDPR (legitimate interest). Our legitimate interest lies in the provision of our service/fulfilment of our contractual obligation to our direct customer.
- To protect your data, in particular to detect and prevent unauthorised login attempts, login attempts to the Nect Portal are logged, Art. 6 (1) (f) GDPR. If the logs are no longer required for the aforementioned purposes, they are automatically deleted.
4. Duration of data storage
We store your data as long as the purpose of collection and/or processing has not ceased to exist or you have not revoked your declaration of consent. Thereafter, your data will be restricted for further use and will only be available for the purposes provided for in Art. 17 and 18 GDPR. These purposes include, in particular, compliance with the statutory retention periods and the assertion, exercise and defence of legal claims, for example to provide evidence of proper advice. The statutory limitation periods are up to 30 years, the statutory retention periods up to 10 years. If your data is no longer required for the above-mentioned purposes and all retention periods have expired, it will be permanently deleted.
5. your rights
You have the following rights with regard to your personal data:
5.1 General rights
If the legal requirements are met, you have the right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), objection to processing (Art. 21 GDPR) and data portability (Art. 20 GDPR).
If processing is based on your consent, you have the right to revoke your consent to us at any time, in whole or in part, without giving reasons, by post by letter (see section 1) or electronically by e-mail (see section 2) or by web form via
https://nect.com/de/privacy-concern/. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Furthermore, withdrawal of consent may mean that contractual obligations cannot be fulfilled or can no longer be fulfilled in accordance with the contract. (Art. 7 para. 3 GDPR).
5.2 Rights in the case of data processing based on legitimate interest
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing for the purposes of a legitimate interest). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
5.3 Right to complain to a supervisory authority
You also have the right to complain to a competent data protection supervisory authority about the processing of your personal data. The competent supervisory authority is
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg
Telephone: 040/428 54 - 4040
Fax: 040/4279 - 11 811
E-mail: mailbox@datenschutz.hamburg.de
6. Recipients of your personal data
Personal data will not be passed on to unauthorised third parties. In particular, there is no transfer to third countries.
7. Data security
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.