Thank you very much for your interest in the company websites and other online offers of NOVA BUILDING IT GmbH, In der Mordach 1a, 64297 Muehltal (Hesse), Germany; hereafter referred to as "NOVA".
We take the issues of privacy and confidentiality very seriously and follow applicable European and national data protection rules; In particular, these are the General Data Protection Regulation (DS-GVO), the Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and the Hessian Data Protection and Freedom of Information Act (HDSIG).
For this reason, we would like to provide you with an overview of the processing of your personal data by us and your rights under data protection law, in particular Articles 13, 14 and 21 DS-GVO.
Which data is processed in detail and in which way will be used depends on the requested or agreed services. Therefore, not all parts of this information will apply to you.
"Personal Data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A natural person is considered to be identifiable, directly or indirectly, in particular by association with an identifier such as a name, with an identification number, with location data, with an online identifier or with one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
"Processing" means any process or series of operations performed with or without the aid of automated processes, such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading out, querying Use, disclosure by transmission, dissemination or other form of provision, matching or linking, restriction, erasure or destruction.
"Restriction of processing" is the marking of personal data stored with the aim of limiting its future processing.
"Profiling" is any type of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health to analyze or predict personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
"Pseudonymisation" means the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data are personal data are not assigned to an identified or identifiable natural person.
"Concerned person" means any identified or identifiable natural person whose personal data is processed by the controller.
"File system" means any structured collection of personal data accessible by specific criteria, whether that collection is centralized, decentralized or organized according to functional or geographical considerations.
"Controller or controller" means the natural or legal person, public authority, agency or other body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.
"Processor" means a natural or legal person, public authority, body or body that processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, agency or other entity to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered to be beneficiaries.
"Third party" means a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.
"Consent" means any expression of will voluntarily and unequivocally made by the data subject in the form, in the form of a statement or other unambiguous confirmatory act, to indicate to the data subject that they are involved in the processing of their personal data Data agrees.
Responsible for the data processing is:
NOVA BUILDING IT GmbH
In der Mordach 1a
D-64367 Mühltal (Hessen)
Phone center +49 (0)6151 / 629 086 0
Phone support +49 (0)6151 / 629 086 1
Fax +49 (0)6151 / 54 391
E-mail: firstname.lastname@example.org ; email@example.com
USt.Id.Nr.: DE 295 883 568.
Commercial Register Court: Darmstadt Local Court
Commercial Register No.: HRB 93500
Shareholders and Managing Directors: Mr. Felix Grau; Mr. Sven Walter
We process grds. only such personal data that we have received from you as part of our contractual or other business relationship.
In addition, we process personal data that we have legitimately gained from publicly available sources (eg debtor directories, land registers, trade and association registers, press, media) and are allowed to process.
Finally, we also work with personal data, which we have received from other third parties (eg Schufa); for example, on the basis of your consent. These are used to execute orders or to fulfill contracts.
Below is an example of some data that we process in cooperation with our customers, suppliers and employees:
We process personal data only for the fulfillment of contractual obligations, due to legal requirements, for our own advertising purposes and for the protection of legitimate interests. The lawfulness of the processing is based on the provisions listed under no. 1 (above), in particular on Article 6 GDPR.
Depending on the nature of the contract, we process personal data as listed below:
Insofar as you give us consent to the processing of personal data for specific purposes (eg disclosure of personal data to tax consultants as contract processors within the meaning of Article 28 DS-GVO or to financial and social authorities, etc.) Evaluation of customer data for internal marketing purposes; For example, to Schufa), the legality of this processing is based on your consent.
A given consent can be revoked at any time; see. Art. 7 para. 3 DS-GVO. This also applies to the revocation of declarations of consent, which - such as the SCHUFA declaration - were granted to us before the validity of the DS-GVO, ie before 25 May 2018.
Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.
The processing of personal data takes place eg
In addition, as NOVA we are subject to various legal obligations, ie legal requirements that may also be based on the public interest:
The processing of personal data may therefore be necessary, for example, to fulfill tax control and reporting obligations, to prevent fraud and money laundering and / or to verify identity and age; such arise, inter alia, from the Banking Act, Money Laundering Act and / or various tax laws.
In rare cases, the processing of personal data may be required even if the vital interests of the data subject or another natural person are to be protected. This would be the case, for example, if a visitor (for example, a customer) in our company in Mühltal (In der Mordach 1a, D-64367 Mühltal in Hesse), on one of our exhibition stands or in our rented seminar rooms would be violated and then his data Name, age, health insurance or other vital information should be passed on to a doctor, hospital or other third party.
In the end, processing of your personal data can be based on Art. 6 I lit. f DS GMOs are based. Processing operations are based on this legal basis if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail.
An overriding legitimate interest can also be accepted according to the second sentence of Recital 47 DS-GVO if the person concerned is a customer of the person responsible.
Therefore, we process your data in addition to the actual fulfillment of the contract for the protection of legitimate interests of us or third parties. Examples are:
If necessary, we process and store your personal data at least for the period required by applicable law. The respective legal storage and documentation obligations serve the fulfillment of legal claims; They result from the German Commercial Code (HGB), the German Tax Code (AO), the Banking Act (KWG) or the Money Laundering Act (GwG).
The storage period is also assessed according to the statutory limitation periods, eg gem. §§195 ff. Of the German Civil Code (BGB) can generally be 3 years, but in certain cases up to 30 years.
Longer retention periods are possible, as far as operational needs (eg: proper management of customer, supplier and personal data) or the compliance with official regulations require this.
For example, as NOVA, we keep most customer information for the duration of the contract and for a period of eleven years after the end of the contract. This is due to the 10-year limitation period. Section 199 (3) sentence 1 no. 1 and section 4 BGB. For interested parties without subsequent contract conclusion, depending on the intensity of the contract initiation, a retention period of six to 14 months applies; in special cases up to 3 years (limitation of claims for damages due to culpa in contrahendo in accordance with § 311 paragraph 2 BGB in conjunction with § 195 BGB).
Within the company NOVA, those entities receive the data they need to fulfill our contractual and legal obligations. Our external processors (within the meaning of Art. 28 DS-GVO) may also receive data for these purposes. These are companies in the categories of credit-related services, IT services, logistics, printing services, telecommunications, debt collection, tax consultancy and sales and marketing.
With regard to the data transfer to recipients outside of NOVA, it must first be noted that we are obliged to maintain secrecy about all customer-related facts and evaluations from which we obtain knowledge.
We may only disclose information about you if statutory provisions require it, if you have consented to it or if we are otherwise authorized to do so. Under these conditions, recipients of personal data may be eg: tax authorities; Social funds and authorities; Employment agencies; bureaus; schufa; other public bodies and institutions.
For security reasons and to protect the transmission of confidential content, our company homepage uses a transmission method based on the SSL protocol (Secure Sockets Layer) or on a TLS (Transport Layer Security) encryption.
These protocols allow encryption of all traffic between your browser and our servers. This protects your data against manipulation and unauthorized access by third parties as far as possible.
An encrypted connection is indicated by the browser's address bar changing from "http: //" to "https: //" and the lock icon in your browser bar. If SSL or TLS encryption is enabled, the data you submit to us may be grds. not be read by third parties.
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f DSGVO.
We require cookies for the following applications:
The user data collected by technically necessary cookies will not be used to create user profiles. For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f DSGVO.
Thus you have the option to allow or block the setting of cookies only for individual cases or to exclude them in general and to delete already set cookies. In such a case, we must point out that certain features on our website no longer work, not properly or only partially. You can deactivate the storage of cookies in the corresponding settings for "Third-party cookies" of your web browser. The settings can be found for the respective common browsers under the following links:
cc) Internet Explorer:
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected here:
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
The lawfulness of the processing (temporary storage of data and log files) is based - in order to safeguard our legitimate interest in improving the functionality and stability of our website - on Art. 6 (1) lit. f DS-GMO.
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f DSGVO.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
To provide paid services such as remote maintenance in the context of a software maintenance contract (SWV) for the web-based tender program NOVA AVA, we ask for additional data, such as payment details, etc., in order to properly execute your order.
On our website, we offer users the opportunity to register with the provision of personal data for the services offered for a fee. The data is entered into an input mask and transmitted to us and stored. The following data is collected during the registration process:
Furthermore, for the same purposes, we also process the data that the user voluntarily states when registering.
The data is first used by us to provide the respective user account for our services. They are stored in a central user account of the user and can be viewed, changed and updated there at any time
For the purposes of billing, we also collect and process the payment data of the user after registration, namely the bank details specified by him or any other payment and billing information.
The legal basis for the processing of the data to the aforementioned extent is the fulfillment of a contract of which the user is a party or the implementation of pre-contractual measures, Art. 6 para. 1 lit. b DSGVO.
Registration of the user is required to fulfill a contract with the user or to carry out pre-contractual measures.
Providing our services is a continuing obligation that requires registration. User registration is required for the provision of certain content and services on our website.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This is the case during the registration process to fulfill a contract or to carry out pre-contractual measures with us when the data is no longer required for the execution of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to comply with contractual or legal obligations.
As a user, you have the option of canceling the registration at any time. The data stored about you can be changed at any time. If the data are necessary for the fulfillment of a contract or for the execution of pre-contractual measures, a premature deletion of the data is only possible, as far as contractual or legal obligations do not preclude a deletion.
If you are offered the opportunity to order a newsletter on our website and you register for such a newsletter, we process your data collected in this context as follows:
The only requirement for sending the newsletter is your e-mail address. We save your e-mail address for the purpose of delivering the newsletter.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a) GDPR.
The specification of further separately marked data and information is voluntary. They are used for the purpose of personal contact and / or personalization of the e-mail newsletter.
If you register for an e-mail newsletter, we will electronically record and store the personal data and information you provide us with.
Further data is not collected. The data will be used exclusively for newsletter delivery and will not be passed on to third parties. The purpose of this processing is initially the implementation of the so-called double-opt-in procedure, with which you can agree to the regular mailing of the e-mail newsletter. This means that after submitting your data and information, we will send you an e-mail to the e-mail address you have provided and ask you in this e-mail for confirmation that you wish to receive the newsletter. If no confirmation of your registration, your data will be deleted.
After your confirmation we will store your IP address and the time of the confirmation. The purpose of this procedure is to prove your registration for the e-mail newsletter and, if necessary, to detect and prevent possible misuse of your personal data.
The legal basis for the processing is Art. 6 para. 1 sentence lit. f) GDPR.
We point out that we do not evaluate the behavior of the readers of our e-mail newsletter.
For the dispatch of our newsletter we use Newsletter2Go, a service of the "Newsletter2Go GmbH", with seat in: Köpenicker Str. 126, D-10179 Berlin.
The e-mail addresses of the recipients of our newsletter, as well as their other data described in the context of these notices, are located on the servers of Newsletter2Go in data centers in Germany and are subject to the data protection laws in force there. Newsletter2Go uses this information to send and evaluate the newsletter on our behalf. Furthermore, Newsletter2Go may use this data for the optimization or improvement of its own services, eg for the technical optimization of shipping and the presentation of newsletters.
However, Newsletter2Go does not use the data of the recipients of our newsletter in order to write them down themselves or passes on the data to third parties.
You can find more information on the privacy of Newsletter2Go at the following link:
The data collected during registration (e-mail address and voluntary information) will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case after a cancellation of the newsletter or a revocation of your consent.
After your cancellation or after the revocation of your consent, we store your data purely statistically and anonymously.
Your consent to the transmission of the newsletter can be revoked at any time and unsubscribe from the newsletter. The revocation can be explained by clicking on the link provided in each newsletter or by sending an e-mail to firstname.lastname@example.org.
The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts are finally clarified.
The additional personal data collected during the sending process will be deleted after a period of thirty days at the latest.
The user has the opportunity to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue. All personal data stored in the course of contacting will be deleted in this case.
Our website uses the online map service "Google Maps API" for the interactive display of the NOVA head office, for easy locating of our company location as well as for the presentation of directions from and to the company address (in the Mordach 1a, D-64367 Mühltal in Hesse).
The lawfulness of the processing is based on Art. 6 para. 1 lit. f DS-GMO.
The online map services are operated by the US company "Google LLC", located at: 1600 Amphitheater Parkway, Mountain View, CA 94043, California, USA.
By using these interactive maps, information about the use of the NOVA website, including your IP address, is transmitted to Google's servers in the United States and stored there.
You have the option to turn off the online map service and prevent data from being sent to Google. Deactivate the Java script in your browser. The corresponding services (route planner, etc.) and possibly other services / functions are then no longer available for you in this case.
On our website we use the "Social Bookmark" of the social video portal YouTube, a subsidiary of Google LLC. This is just a link and not a so-called "social plugin".
So if you do not use the button, no information will be transmitted to YouTube and no YouTube cookie will be placed on your computer.
As soon as you click on the button without being logged in to YouTube, the following login window opens from YouTube in a new window:
At the same time, YouTube places cookies on your hard drive. If you click the button as an already logged in YouTube user, YouTube can assign the visit to your YouTube account.
Information about NOVA BUILDING IT GmbH via the online video portal YouTube is provided in the interest of an attractive presentation of our online offers. This constitutes a "legitimate interest" within the meaning of Art. 6 (1) lit. f DS-GMO.
Sites within YouTube are operated solely by the company "YouTube LLC", located at: 901 Cherry Ave., San Bruno, CA 94066, California, USA.
On our website we use the "social bookmark" of the social network Instagram. This is just a link and not a so-called "social plugin".
If you do not use the button, no information will be transmitted to Instagram and no Instagram cookie will be placed on your computer.
As soon as you click on the button without being logged in to Instagram, Instagram will open the following login mask in a new window:
At the same time Instagram places cookies on your hard drive. If you click the button as an already logged in Instagram user, Instagram can assign the visit to your Instagram account.
Information on NOVA BUILDING IT GmbH via the social network Instagram is made in the interest of an appealing presentation of our online offers. This constitutes a "legitimate interest" within the meaning of Art. 6 (1) lit. f DS-GMO.
Sites within Instagram are operated solely by the company Instagram LLC, located at: 1601 Willow Road, Menlo Park, CA 94025, California, USA.
On our website we use the "Social Bookmark" of the social network Facebook. This is just a link and not a so-called "social plugin".
If you do not use the button, no information will be transmitted to Facebook and no Facebook cookie will be placed on your computer.
As soon as you click on the button without being logged in to Facebook, the following login mask will open in a new window:
At the same time Facebook places cookies on your hard drive. If you press the button as a logged-in Facebook user, Facebook can assign the visit to your Facebook account.
Information on NOVA BUILDING IT GmbH via the social network Facebook is made in the interest of an attractive presentation of our online offers. This constitutes a "legitimate interest" within the meaning of Art. 6 (1) lit. f DS-GMO.
Pages within Facebook are operated solely by the company "Facebook Inc." located at: 1601 S. California Ave, Palo Alto, CA 94304, California, USA.
On our website we use the "Social Bookmark" of the online short message service Twitter. This is just a link and not a so-called "social plugin".
If you do not use the button, no information will be transmitted to Twitter and no Twitter cookie will be placed on your computer.
As soon as you click on the button without being logged in to Twitter, the following login mask opens from Twitter in a new window:
At the same time, Twitter places cookies on your hard drive. If you press the button as an already logged in Twitter user, Twitter can assign the visit to your Twitter account.
Information about NOVA BUILDING IT GmbH, which is distributed via the short message service Twitter, is made in the interest of an appealing presentation of our online offers. This constitutes a "legitimate interest" within the meaning of Art. 6 (1) lit. f DS-GMO.
Pages within Twitter are operated solely by the company Twitter Inc., located at: 1355 Market Street, Suite 900, San Francisco, CA 94103, California, USA.
We use the open-source web analysis service Matomo (https://matomo.org/) on our website.
Matomo cookies remain on your device until you delete them. Matomo cookies are stored on the basis of Art. 6 para. 1 lit. f DS-GMO. The website operator has a legitimate interest in the anonymous analysis of user behavior in order to optimize both its website and its advertising.
The information generated by the cookies on the use of this website will not be disclosed to third parties. You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the functions of this website in full.
If you do not agree with the storage and use of your data, you can deactivate or adapt the storage and use under the following link:
In this case, an opt-out cookie is deposited in your browser that prevents Matomo from saving usage data. Deleting your cookies will result in deletion of the Matomo opt-out cookie as well. The opt-out must be reactivated when visiting our site again.
Further information on Matamo is available at the following link:
We collect and process personal data of applicants for the purpose of processing the application process.
The processing can also be done electronically. This is particularly the case if an applicant submits the corresponding application documents to us electronically, for example by e-mail. To this end, we reserve the right to offer on our website the possibility to send an application by e-mail to us via a click of a corresponding e-mail address listed there.
If there is a contract of employment with an applicant, we store the data transmitted to us for the purpose of the employment relationship in accordance with the legal regulations.
However, if no contract of employment is concluded with the applicant, the application documents will be automatically deleted seven months after notification of the rejection decision, unless we assert any other legitimate interests in deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
Your rights as a "data subject" are fully guaranteed by NOVA. With regard to your stored personal data, you are entitled to the following listed rights that you can assert against us.
To exercise these rights, please refer to the following chapter ("Exercise of the rights of the affected person").
In principle, you have the right to request confirmation from us as to whether personal data relating to you is being processed. However, this right to information is subject to certain restrictions under § 34 BDSG.
If, in your opinion, your personal information is incorrect or incomplete, you may request that such information be changed accordingly.
You may request that your personal information be (immediately) deleted, to the extent permitted by applicable law. Restrictions are provided for in § 35 BDSG.
Each data subject is entitled to a restriction of the processing of his data (under the further requirements of Art. 18 (1) of the GDPR).
As far as legally possible, you can have the personal data provided to us reclaimed or have it transmitted to a third party, if this is technically feasible.
You have the right to revoke your consent to data collection at any time. This right applies with effect for the future; the data collected up to the legal force of the revocation remain unaffected.
For reasons that arise from your particular situation, you have the right at any time against the processing of personal data relating to you, for example due to Art. 6 para. 1 lit. f DS-GVO ("Data processing on the basis of a balance of interests") takes an objection; this also applies to a profiling based on this provision (within the meaning of Art. 4 No. 4 DS-GVO), which we use for advertising purposes, for example.
If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims. This also applies to profiling based on these provisions.
In individual cases, we process your personal data in order to operate direct mail. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising or market and opinion research; this also applies to profiling insofar as it is associated with such direct mail.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes; for this purpose, the data must then be blocked.
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you is against the DSGVO violates.
The addresses of the respective supervisory authorities can be found in the following link:
The supervisory authority responsible for us is:
The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Tel: 0611 – 1408 0
Fax: 0611 – 1408 611
In order to assert your rights listed in No. 11, please contact us in writing or by e-mail: NOVA BUILDING IT GmbH
NOVA BUILDING IT GmbH
In der Mordach 1a
D-64367 Mühltal (Hessen)
Please understand that we must verify your identity before any information. Please enclose a (scanned) copy of your identity card (front and back) or a corresponding official ID or passport.