On this website we provide information pursuant to the EU's General Data Protection Guideline (GDPR) for all data processing undertaken by NANOSCRIBE GmbH (hereinafter: NANOSCRIBE).
In accordance with Article 4 (7) of the GDPR, NANOSCRIBE GmbH, Hermann-von-Helmholtz Platz 1, 76344 Eggenstein-Leopoldshafen, Phone: +49 (0)721 981 980-0, email email@example.com, is the data controller. Please direct questions regarding our processing of your personal data, or about privacy in general, to our data protection officer:
Mr. Steven Bösel
I. Definition of Personal Data
Personal data refers to any information related to an identified or identifiable natural person. This includes information such as your name, your (professional) contact information, your phone number, email address, as well as your relationship with a company and your interactions/activities with us.
When using our website, the processed data may include information about how you use our website. This includes, for example, connectivity information, or the sources you accessed. This information is generally gathered through log files and cookies.
In the context of job applications, the following personal data is included and processed, your name, your (professional and private) contact information, your address, hobbies, or information about illness and tax status (including religious affiliation) as well as your resume including your photo, potential information about your health, or other private information.
II. Privacy Notice for NANOSCRIBE Websites
In the following paragraphs, NANOSCRIBE, as the operator of the above-mentioned websites, provide you with an overview of how we ensure the protection of your personal data on our websites and online contact forms, which data we process, as well as the purposes and extent of processing.
1. Data Processing - The Features of Our Website
When our website is accessed, general information is automatically collected. This information is stored in so-called log files or cookies and contains the type of web browser used, the operating system, the access URL, the time of access, and the IP address. These data are not stored along with other personal data relating to the user.
This information is technically necessary to correctly deliver the websites' contents requested by you and are also essential for Internet use. For the temporary storage of data and log files, Article 6 (1) (1f) of the GDPR serves as the legal basis. The system's temporary storage of the IP address for the duration of the session is necessary to enable a proper displaying of the website on the user's computer. Furthermore, these data serve the optimization of the website and to ensure the security of our information technology system. These purposes also constitute our legitimate interest in data processing according to Paragraph 1 (1) (f) of the GDPR. In this context, the data are not used for marketing purposes.
The collection of data for the purposes of making the website available and the storage of data in log files is essential for the operation of the website. Therefore, users do not have the option to object.
The data will be erased as soon as they are no longer required for the purpose of its initial collection. The data for proper displaying of the website will be erased when the respective session ends. Data stored in log files or cookies will be erased after no later than seven days.
If you use services offered on our website, we may collect additional personal data about you. We acquire and process these data as required for the services requested by you. Further, you may also voluntarily save additional personal data. In the following paragraphs, we describe the legal basis according to the individually listed features and services. Your data will be treated confidentially and deleted or blocked in accordance with the legal guidelines.
If you send us a request via email, we collect the data you have provided to process your request and to fulfill your expressed wishes. In both cases, Article 6 (1) (1f) of the GDPR serves as the legal basis.
No additional processing of your data will be conducted by us or third parties beyond this purpose, with the exception of the following usage, unless legal permission exists, or you have given your consent.
If you provide us with your contact information in the context of a contract conclusion or by registering via our customer portal, please note the privacy notice described under III.
2. Safety Notes
We use technical and operational safety measures on our websites to protect the personal data we store against misuse by third parties, loss, or abuse and to ensure safe data transfer.
We are required to note that the makeup of the Internet makes unwanted access by third parties possible. For this reason, it is also within your scope of responsibility to protect your data against abuse through encryption or using other means. Without protective measures of this kind, third parties may be able to access data that were transferred without encryption, also via email. The websites operated by us are exclusively provided via an encrypted connection.
You can choose whether you wish to allow the placement of cookies. You can make the corresponding changes in your browser settings. In general, you can choose to accept cookies, to be informed about the placement of cookies, or to reject all cookies. If you choose the last option, you may not be able to use all features of our website. We will provide further information about the cookies we use and the connected data processing procedures in our discussion of the individual features and services below. In the following paragraphs, we will provide an overview of the features and services for which cookies are used on this website.
4. The Creation of User Statistics Using PIWIK / Matomo
On our website, we use the open-source software tool Matomo (formerly PIWIK) for the analysis of the usage behavior of our users. The software places a cookie on the computer of the users (see information about cookies above). If sub-pages are accessed on our website, the following data are stored:
(1) Two bytes of the IP address of the accessing user's system
(2) The site accessed
(3) The website from which the user arrived at the accessed website (referrer)
(4) The sub-pages opened from the accessed website
(5) The length of stay on the website
(6) The frequency with which the website is accessed
The software runs on servers operated by NANOSCRIBE. The personal data of data subjects are only stored there. The data are not shared with third parties.
The software does not store the complete IP address, but masks 2 bytes of the IP address (e.g. 192.168.xxx.xxx). In this way, it is not possible to associate the shortened IP address with the accessing computer.
The processing of the user’s personal data enables us to analyze the user behavior of our website users. The evaluation of the collected data enables us to compile information about the use of individual components of our website. This aids us in the continuous enhancement of our website and its user-friendliness. Furthermore, these purposes constitute our legitimate interest in data processing according to Article 6 (1f) of the GDPR. The anonymization of the IP address sufficiently protects the user’s interest in the protection of their personal data.
The data will be erased as soon as they are no longer required for the purpose of its initial collection.
You can find additional information about privacy settings in the Matomo software using the following link: https://matomo.org/privacy-policy/.
5. The Generation of User Data Using Concrete5
NANOSCRIBE makes the website available to users by means of the Content Management System (CMS) Concrete5. To ensure that the CMS functions properly, personal form data are stored, which are entered by the users, for example for initiating contact. In addition, users can register in the CMS by entering additional personal data, in order to access other documents or other content. The CMS then saves the IP address of the user's last login. Nanoscribe processes the data to provide improved services and for marketing purposes. These data are not shared with third parties.
6. The Use of Google Remarketing
We use GoogleAdwords to draw attention to our offers on third-party websites using advertising (so-called Google ads). These ads are delivered by Google via so-called "Ad Servers." In this context, Ad Server cookies are used, which facilitate the analysis of performance parameters, such as Ad impressions, clicks, and conversions. This enables us to determine how successful individual marketing measures are by analyzing the data generated in the context of marketing campaigns. If you arrived on our website via a Google ad, Google Adwords stores a cookie on your device. These cookies typically expire after 30 days and do not serve the purpose of identifying you. Typically, the following analysis values are stored for this cookie:
- Unique Cookie ID
- Number of ad impressions per placement (frequency)
- Last impression (relevant for post-view conversions)
- Opt-out information (indicator that the user no longer wants to be contacted)
The cookies enable Google to recognize your web browser. When a user visits certain web pages of an Adwords client and the cookie stored on his or her computer is not yet expired, Google and the client can recognize that the user clicked on the ad and was referred to this site. Every Adwords customer is assigned a different cookie. Cookies can therefore not be tracked through the websites of Adwords customers. We do not collect or process personal data through the named marketing measures. We only receive statistical analyses from Google. Based on these analyses, we are able to see which of the advertising measures used are particularly effective. We do not receive additional data from the use of advertising measures; in particular, we are not able to identify users based on these data. Article 6 (1) (1a & f) of the GDPR serve as the legal basis for processing of your data.
Due to the deployed marketing tools, your browser automatically establishes a direct connection with the Google server. Please note that Google may process data outside of the European Union. Google has committed to complying with EU-US Privacy Shield, https://www.privacyshield.gov/. Furthermore, we have no influence on the extent and further usage of the data, which Google collects through the use of this tool, and therefore we inform you based on our level of knowledge:
By integrating "tracking tools", Google obtains the information that you opened one of the pages on our website, or clicked on one of our ads. If you are registered with a Google service, Google is able to associate the access to your account. Even if you are not registered with Google, or not logged in, there exists the possibility that the provider obtains and saves your IP address. Based on the company's remarketing technology, users who previously visited our website and online services and were interested in our offers are once again adressed through targeted advertising on the pages of the Google partner network. Find more information about privacy here: http://www.google.com/intl/de/policies/privacy/ and https://services.google.com/sitestats/de.html
We also use the application Google Remarketing. This involves retargeting to deliver interest-based advertising: By using this application, our ads can be displayed on other websites after you visited ours. This is achieved using cookies stored in your browser, through which Google records and evaluates your user behavior when you visit various websites. This enables Google to recognize your previous visits to our website. According to Google, the data collected in the context of retargeting will not be joined with your personal data, which may be stored by Google. Google states in particular, that it assigns pseudonyms for retargeting.
6. The use of Google Maps
This page uses Google Maps through an API. This service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address must be stored to use Google Maps functions. This information is typically transmitted to a Google server in the USA, where it is then stored. The provider of this website has no control over this data transmission.
Google Maps is used in the interest of an appealing display of our website and easily find the locations specified on this website. This constitutes a legitimate interest according to Article 6(1)(f) of the GDPR.
7. Social Media
a) Embedding of YouTube Videos
We embedded YouTube videos into some of our websites, which are stored on http://www.youtube.com and can be streamed directly via our website. These videos are embedded in "extended privacy mode," which means that no data about you as the user are transmitted to YouTube if you do not stream the videos. The following data are only transmitted when you stream the videos. We do not have any control over this data transfer.
By streaming the embedded videos, YouTube obtains the information that you accessed the corresponding page of our website; furthermore, additional data may be transferred to YouTube unbeknownst to us. This may occur independently of whether YouTube provides a user account through which you are logged in, or if no user account exists. If you are logged into YouTube, the data will be directly associated with your account. If you do not desire the association of your YouTube profile, you are required to log out before activating the button. YouTube saves your data as utilization profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. This type of analysis can result in the delivery of needs-based advertising (even for users that are not logged in) and in order to inform other YouTube users about your activity on our website. You have the right to object against the creation of these user profiles, although you must contact YouTube to exercise this right.
Our website provides the option of subscribing to our free newsletter to receive up-to-date information about product innovations as well as other information related with our products and applications. The data entered into the input mask to register for the newsletter are transmitted to us. The legal basis for data processing after a user subscribes to the newsletter is Article 6 (1a) GDPR if user consent is obtained.
In addition to the data from the input mask, the following data are collected upon subscription:
- The IP address of the computer from which access occurs
- Date and time of registration
For the distribution of a newsletter after the sale of products or services, § 7 (3) of Germany's law against unfair competition serves as the legal basis.
The newsletter is distributed by the email marketing provider Rapid Mail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany. Information about the email marketing provider's data protection guidelines can be accessed at: https://www.rapidmail.de/datenschutz.
Based on this, the user's email address and data are stored as long as the newsletter subscription remains active. The user can unsubscribe from our newsletter at any time. A link to unsubscrib can be found in each newsletter.
9. Contact Form and Registration
On our website, users have the option to register with personal data. The data are entered into an input mask and then transmitted to us and stored. The data are not shared with third parties. The same personal data are collected as in the context of newsletter subscription (see Section 8). The legal basis for data processing is Article 6 (1a) GDPR if user consent is obtained. As a user, you have the option of terminating your registration at any time. The data stored about you can be changed at any time.
The processing of personal data from the input mask are solely used for processing contact initiation. If contact is initiated via email, it constitutes the required legitimate interest for processing the data.
The other personal data processed upon sending serve the prevention of misuse of the form and to ensure the security of our information technology systems.
The data will be erased as soon as they are no longer required for the purpose of their initial collection. For personal data entered via input mask of the contact form or sent via email, this is the case once the respective conversation with a user is concluded. The user may withdraw his or her consent to the processing of personal data at any time. If the user contacts us via email, he or she may object to the storage of his or her personal data at any time. In this case, it is not possible to continue the conversation
9. Use of External Links
Our websites contain links to other websites by other providers. NANOSCRIBE is not responsible for the privacy policies or contents of these other websites.
III. Privacy Notice for NANOSCRIBE Customers and Interested Parties
1. Extent and Purposes of Personal Data Processing
a) Contract Performance
NANOSCRIBE processes data we received in the context of your requests or existing contractual relationships. In addition to your business contact information, this particularly includes all exchanged information, such as emails, orders, wishes regarding our products, payment information. For existing business relationships, you are required to provide the personal data necessary for the preparation or performance of the contracts, or data we are legally obligated to process; otherwise, we are unable to perform the contracts.
NANOSCRIBE processes the data provided in the context of order fulfillment and potentially deploys specialized service providers for the performance of the contract. Data processing in the context of contract performance includes the use of the data for the provision of contractually owed services, including the provision of services in the context of service agreements, or the processing of potential warranty claims. Furthermore, in the context of a request for financing, the data required for tendering are used by NANOSCRIBE and are forwarded to the contracting parties, if necessary. Additional details about the purposes depend on the respective contract documents. Article 6 (1) (1b) GDPR serves as the legal basis for the processing of these data.
b) Address and Credit Checks
In rare cases, NANOSCRIBE may request your address and credit information from the databases of credit agencies, including information determined based on mathematical/statistical methods (scoring). This occurs if NANOSCRIBE takes a financial risk by entering a contract and uses the credit check to safeguard against financial loss. For the data processing discussed in this context, Article 6 (1) (1f) of the GDPR serves as the legal basis.
c) Data Usage for Advertising Purposes by NANOSCRIBE
NANOSCRIBE uses your phone number for advertising purposes, if your consent was obtained, or the prerequisites for probable consent - for example, in the context of an existing business relationship or after prior contact - exist. Furthermore, NANOSCRIBE uses the email address obtained from contacts in the context of contract conclusions, in order to market similar offers. Of course, you have the right to object being contacted for advertising purposes. We provide separate information about the right to object to advertisement.
To achieve advertising goals, the data are processed for the life cycle of our products and your characteristics as a customer or interested party. Exceptions apply if longer use is permitted through consent and/or data are subject to legal retention requirements. In the latter case, the data are deleted after the retention period expires. Exercising your right to object, about which we inform you under V., may lead to a shorter processing period.
For commercial use, Article 6 (1) (1f) of the GDPR serves as the legal basis, or if your consent is obtained, Article 6 (1) (1a) of the GDPR. Below, we provide information about your rights regarding commercial use, particularly the right to object to data processing for advertising purposes.
d) Processing of Personal Data due to Legal Requirements
As every company in Europe, NANOSCRIBE is subject to various legal obligations to examine the data of our customers and business partners. In these cases, we only process your personal data if processing is necessary for meeting the legal requirements. Meeting the legal requirements may necessitate the partially automated processing of your data with the goal of evaluating personal aspects (profiling). Unless you are expressly informed, automatic case-by-case decisions are made. Article 6 (1) (1c) of the GDPR serves as the legal basis in conjunction with the respectively relevant legal provisions.
These legal requirements particularly pertain to:
- Fraud and money laundering prevention
- Monitoring and reporting requirements according to tax law
- Risk assessment and management in the corporation
- Sanctions lists.
2. Data Sharing Within the NANOSCRIBE Group
NANOSCRIBE may share your customer master data (company name, contact person, address and contact information, such as phone number and email address) with other companies in the NANOSCRIBE group and potentially update them to ensure that all NANOSCRIBE companies involved in a process with you (e.g. performance of a contract) have access to uniform data about you. This serves the simplification of our processes and free you from providing your customer master data again if you contact a different company in the group. For this processing of data, Article 6 (1) (1b or f) of the GDPR serves as the legal basis.
In addition to the customer master data, other data may also be shared with other NANOSCRIBE companies, if this is required for the fulfillment of contractually owed services. Article 6 (1) (1b) of the GDPR serves as the legal basis.
IV. Privacy Information for NANOSCRIBE Applicants
If you apply to NANOSCRIBE, the following policies regarding data processing are effective. We will provide separate information about data processing after hiring if a contract is concluded.
1. Extent and Purposes of Personal Data Processing
a) Internal Data Processing for Application Reviews
We process the data you provided in the context of your application for reviewing your application and qualifications for the advertised position. We retain your data exclusively in our own data center in Germany. If you consented during the application process, we check during the hiring process, whether you are qualified for other positions than the one you named in your application. We may commission specialized service providers for the review of your application. Applications qualified for a position are transferred from human resources to the respective specialized department or national subsidiary for further review. The extensive evaluation of your application requires your resume, as well as diplomas or relevant proof. Additional information, as well as a picture, may be provided voluntarily.
We delete your application information 6 months after the hiring process is concluded, i.e. after the position is filled, if you do not wish to be added to our applicant pool (see 3). Article 6 (1) (1b) of the GDPR serves as the basis for the processing of these data.
If you are younger than 18 years of age, we need the consent of your parent or guardian to conclude a contract with you. The extended retention of your application data (e.g. for a future internship) will only occur with your consent and the consent of your parent or guardian, as noted in the templates.
b) Retaining Your Application in Our Applicant Pool
If you submit a speculative application, we will retain your application in our applicant pool. Simply state in your application that you are submitting a speculative application. This enables us to contact you, if a position opens up for which you are qualified.
If you consent, we retain your data for no more than 5 years, after which we delete your data, if you do not desire further storage. Art. 6 (1) (1a) of the GDPR serves as the legal basis.
V. Your Rights as a Data Subject
You, as a data subject, have several rights. Please contact us using the above-mentioned contact information to exercise your rights. Every data subject has the following rights:
- Right of access (Article 15 GDPR)
- The right to rectification of inaccurate personal data (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Artile 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR).
You may object to the processing of personal data for advertising purposes, including the analysis of customer data or transfer to third parties for advertising purposes at any time and without providing any reasons.
Furthermore, any data subject has a general right to object data processing (compare Article 21  GDPR). In this case, reasons for objecting data processing must be provided. If data processing occurs with consent, you may withdraw your consent at any time with future effect by writing an email to firstname.lastname@example.org. The revocation of consent does not affect the legality of processing conducted based on consent until the revocation has been affected.