Privacy notice

We attach great importance to protecting your data, and therefore we inform you about the use of your data when using our website.

Privacy Policy

Handling your user data transparently is particularly important to us. We, the company Nonomella GmbH, would therefore like to inform you in detail about the use of your data when visiting our homepage www.fidella.org

  1. Definitions

Our Privacy Policy is based on the terminology used by the European legislator in the General Data Protection Regulation (GDPR). In order to ensure good readability and comprehensibility, we would like to explain the terminology used in advance.

In this Privacy Policy, we use the following terms, among others:

  1. Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). Identifiable refers to a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  1. Data subject

The data subject is any identified or identifiable person, whose personal data is processed by the controller responsible for the processing.

  1. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection or recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  1. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

  1. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

  1. Pseudonymisation

Pseudonymisation means processing personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

  1. Person responsible for the processing

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  1. Order processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  1. Recipient

Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

  1. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  1. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the wishes of the data subject by which he / she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him / her.

  • Server log files

You can visit our web pages without disclosing any personal information. Whenever our website is accessed, user data is transmitted through your internet browser and stored in log data (server log files). This stored data includes, for example, the name of the page accessed, the date and time of the retrieval, the amount of data transferred and the requesting provider. These data is used solely to ensure the trouble-free operation of our website and to improve our offer. It is not possible to assign or connect such data to a specific person.

  1. Collection of data

Our website collects a series of general data and information every time a data subject or an automated system accesses the website. This general data and information is stored in the server's log files. The following may be recorded

  • browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system reaches our website ("referrer"),
  • the subpages, which are accessed via an accessing system on our website,
  • The date and time of access of the website.
  • the internet protocol address (IP address),
  • The Internet service provider of the accessing system and
  • other similar data and information used in the event of attacks on our information technology systems.

This general data and information does not allow us to draw any conclusions about the data subject. This information is necessary to

  • to deliver the contents of our website correctly,
  • to optimise the contents of our website as well as the advertising for it,
  • to ensure the permanent functionality of our information technology systems and the technology of our website, as well as
  • to provide law enforcement authorities with the necessary information for prosecution in the event of a cyberattack.

This anonymously collected data and information is therefore evaluated by us statistically with the aim of increasing data protection and data security in our company. Our goal is to ensure the best possible level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

  1. Provision of personal data as a statutory or contractual requirement; Its necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; Possible consequences of failure to provide such data

We advise you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In some cases, it may be necessary for a contract to be concluded if a data subject provides us with personal data which must subsequently be processed by us, for example for the purpose of entering into a contractual relationship. Failure to provide personal data would mean that the contract with the data subject could not be concluded. You can contact our data protection officer, who can inform you on a case-by-case basis whether the provision of the personal data is required by law or contractually, or is required for the conclusion of a contract, whether there is an obligation to provide the personal data, and what consequences failure to provide personal data would have in your particular case.

  1. Customer account

When opening a customer account, we collect your personal data to the extent stated therein. The purpose of data processing is to improve your shopping experience and to simplify order processing. Processing takes place on the basis of Art. 6 (1) (a) GDPR (General Data Protection Regulation) with your consent. You may revoke your consent at any time by notifying us, without affecting the legality of processing carried out on the basis of consent until the time of revocation. Your customer account shall then be deleted.

  1. Collection, processing, and use of personal data when ordering

When placing an order, we collect and use your personal data only insofar as this is necessary to fulfil and process your order and to process your enquiries. The provision of the data is necessary for conclusion of the contract. Failure to make it available means that no contract can be concluded. Processing is carried out on the basis of Art. 6 (1) (b) GDPR and is necessary for the fulfilment of a contract with you. Your data shall not be disclosed to third parties for advertising purposes without your express consent. Excluded from this are only our service partners that we need to conduct the contractual relationship, or service providers we use in the course of order processing. In addition to the recipients named in the respective clauses of this privacy policy, these are, for example, recipients in the following categories: shipping service providers, payment service providers, merchandise management service providers, service suppliers for order processing, web hosters, IT service providers and dropshipping dealers. We strictly observe the legal requirements in all cases. The amount of data transmitted is restricted to a minimum.

  1. Data collection and processing of payment methods by credit card and by direct debit via secupay AG

The components secupay direct debit and secupay credit card from secupay AG (Goethestr. 6, 01896 Pulsnitz; "secupay") are integrated into our website. secupay is a payment institution registered (register number: 126737)  within the meaning of the German Payment Services Supervision Act (ZAG) and the Federal Financial Supervisory Authority (Graurheindorfer Str. 108, 53117 Bonn; "BaFin"), which allows a cashless payment of products and services on the Internet. Secupay forms a procedure by which the purchase price claim is assigned to secupay. This enables a retailer to deliver goods, services or downloads to the customer immediately after the order is placed. If you select "direct debit" or "credit card" as a payment option via secupay during the order process in our online shop, data will automatically be transmitted to secupay. By selecting one of these payment options, you consent to the transfer of personal data required for payment processing. When purchasing via secupay, the payment data is transmitted to secupay. secupay then carries out a technical review of the risk of payment default. Execution of the financial transaction is then communicated to the online retailer automatically. The personal data transmitted to secupay is your first name, last name, address, email address, IP address, telephone number, or other data required for payment processing. The purpose of this data transfer is to process payments and prevent fraud. We will also provide secupay with other personal information if there is a legitimate interest for the transfer. The personal data exchanged between secupay and us may be transmitted by secupay to credit reference agencies. This transmission aims at the identity and credit check. secupay may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfil contractual obligations or to process the data on behalf of the customer. You have the possibility to revoke your consent to secupay to handle your personal data at any time. Withdrawal of consent does not affect personal data, which must mandatorily be processed, used or transmitted for (contractual) payment processing. The applicable data protection provisions of secupay can be found at https://www.secupay.com/de/datenschutz.

  1. Payment Privacy Notice

For your order with the dealer, you would to use the instalment purchase by easyCredit of TeamBank AG Nuremberg, Beuthener Straße 25, 90471 Nuremberg (hereinafter referred to as TeamBank AG). In doing so, the dealer works with TeamBank AG, which helps them to determine the probability of proper payment. In order to be able to carry out these risk assessments, the merchant relies on submitting your customer data to TeamBank AG. To carry out the risk assessment, TeamBank AG also requires your consent for the transmission of selected data to credit bureaus and other cooperation partners. Data will only be transmitted if you expressly agree to this in a separate consent form. The declaration of consent is, of course, voluntary. Please understand, however, that you cannot make an instalment purchase without giving this consent.

  1. Data transmission from the dealer to TeamBank AG

The dealer transmits data to TeamBank AG for instalment purchases on its website, provided that you have given your consent to the dealer. These are personal details, contact details, account information and data regarding your current and previous orders. Making instalment purchases at the dealer's branch does not require the transfer of data.

  1. Collection of credit and risk information by TeamBank AG

If you give your consent to TeamBank AG, credit rating data and risk information will be obtained from credit bureaus and other cooperation partners. The credit data is information about your credit rating, such as information about any titled claims against you and other creditworthiness data, with each instance of such data only being used as long as it is permitted under the relevant data protection regulations. In order to avoid cases of fraud, risk information is gathered from cooperation partners. The cooperation partner collects and processes data with the help of cookies and other tracking technologies to identify the device used by the visitor to this website and other data on the use of the website.

  1. Assignment of claims to TeamBank AG

The claims arising from the use of the instalment purchase are assigned by the dealer to TeamBank AG as part of an ongoing factoring agreement. TeamBank AG processes and uses your customer data as far as this is necessary to assert and enforce the assigned claims.

  1. Your right of revocation, access, correction, blocking and deletion

You can revoke your consent with future effect at any time. Furthermore, you are entitled to free access, correction, blocking and possibly deletion of your personal data. Please contact the dealer with your request at the address provided in their imprint. With regard to the data stored about you with the credit bureaus, you will receive the relevant information directly from the respective credit bureaus:

•          Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss, Germany.

•          SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden

•          Infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden

In addition, please note the Privacy Policy of the dealer.

  1. Using PayPal, PayPal Express and Klarna.
  1. If you decide on the PayPal or PayPal Express payment method, your personal data will be transmitted to PayPal. The prerequisite for the use of PayPal is to open a PayPal account. When using or opening a PayPal account, your name, address, telephone number and email address must be transmitted to PayPal. The legal basis for the transmission of data is Article 6 para. 1 lit. a GDPR (Consent) or Article 6 para. 1 lit. b GDPR (Processing for the purpose of fulfilling a contract).

The operator of the PayPal payment service is:

PayPal (Europe) S.à r.l. et Cie, S.C.A.

22-24 Boulevard Royal

L-2449 Luxembourg

Email: impressum@paypal.com

Any further data collected by PayPal results from the respective privacy policy of PayPal. This can be found at: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

  1. If a Klarna payment service is selected, the payment will be processed by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as “Klarna”).. In order to enable payment to be processed, your personal data (first and last name, street, house number, postcode, town, gender, email address, telephone number, and IP address) as well as data in connection with the order (e.g. invoice amount, article, and type of delivery) will be passed on to Klarna for the purpose of identity and creditworthiness checks provided that you have expressly consented to this in accordance with Art. 6(1)(a) GDPR as part of the ordering process.

    The creditworthiness information may contain probability values (score values). When score values form a part of the creditworthiness information, they are based on a scientifically recognised mathematical-statistical procedure. Address data is one type of information included in the calculation of the score values. Klarna uses the information obtained about the statistical probability of a payment default to make a balanced decision whether to enter into, pursue or terminate a contract. You can revoke your consent at any time by sending a message to the data controller or by contacting Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.

    Your personal data will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna’s data protection regulations for data subjects based in Germany. https://www.klarna.com/de/datenschutz/

  1. Use of Amazon Payments

We use Amazon Payments payment service on our website, from Amazon Payments Europe s.c.a. (38 avenue John F. Kennedy, L-1855 Luxembourg; "Amazon Payments"). It is essential that Amazon Payments collects, stores and analyses data when accessing the website (e.g. IP address, device type, operating system, browser type, device location) to integrate this payment service. Cookies may be used for this purpose. Cookies allow your internet browser to be recognised. Data processing allows you to pay using the Amazon Payments payment service.

This data processing is carried out on the basis of Article 6(1)(f) GDPR due to our legitimate interest in a customer-oriented range of varying payment methods. By selecting and using "Amazon Payments", the data required for payment processing will be submitted to Amazon Payments to execute the agreement with you using the selected payment method. The data is processed on the basis of Article 6(1)(b) GDPR. Further information on data processing when using the Amazon Payments payment service can be found here in the associated data privacy statement: https://pay.amazon.com/uk/help/201212490

  1. Data use in signing up for email newsletters

On our website, users are given the opportunity to subscribe to our company's newsletter. Which personal data are transmitted to the controller upon ordering the newsletter is determined by the input form used for this purpose. We inform our customers and business partners about company offers regularly in a newsletter. Our company newsletter can as a matter of principle only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers to receive the newsletter. For legal reasons, a confirmation -mail will be sent to the email address entered by a data subject for the first time for newsletter mailing using the double-opt-in procedure. This confirmation e-mail serves to check whether the owner of the email address has authorised the receipt of the newsletter as the data subject. If you sign up to our newsletter, we use the data that is necessary, or separately provided by you, to send you our email newsletter regularly based on your consent given per Art. 6 Para. 1 p. 1 lit. a GDPR.

When registering for the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration assigned by the Internet Service Provider (ISP) as well as the date and time of registration. The collection of this data is necessary in order to trace the possible misuse of a data subject's email address at a later point in time and therefore serves the legal protection of the responsible person. The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. In addition, subscribers to the newsletter may be notified by email if this is necessary for operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. The personal data collected in the context of the newsletter service will not be passed on to third parties.

Subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the person concerned has given us for the newsletter dispatch, can be revoked at any time. You will find a corresponding link in every newsletter for the purpose of revoking your consent. It is also possible to unsubscribe from the newsletter at any time directly on website of the controller, or to inform the controller of this in another way.

  1. Newsletter tracking

Our newsletters receive "tracking pixels". A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format to enable recording and analysis of log data.

This allows statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, we can detect whether and when an email was opened by the person in question and which links in the email were accessed by the person in question. Such personal data collected via the tracking pixels in the newsletters is stored and evaluated by the controller for the purpose of optimising dispatch of the newsletter and to adapt the content of future newsletters to the interests of data subjects to an even better degree. The data will not be disclosed to third parties. The data subject is entitled at any time to revoke the separate declaration of consent given via the double opt-in procedure. Once consent is revoked, this personal data will be deleted by the controller. We automatically interpret unsubscribing from receiving the newsletter as a revocation.

  1. It is possible to contact us via the website

Our website contains information that enables quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address for electronic mail (email address). If a data subject contacts the controller by email or via a contact form, any personal data transmitted by the data subject is stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the data controller is stored for the purpose of processing or contacting the data subject. We will not pass on this personal information to third parties.

  1. Facebook-, Custom Audiences and Facebook Marketing Services

Within our online offer - provided that you have given us your explicit consent - the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is used for the purpose of analysis, optimisation and the economic operation of our online offer.

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law.

With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences").

With the help of Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. Using Facebook pixels, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing if users have been referred to our website after clicking on a Facebook ad ("conversion").

After you have given your consent, the Facebook pixel is integrated by Facebook and can store a so-called cookie on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our online service is noted in your profile. The data collected about you is anonymous to us and therefore does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we transmit data to Facebook for comparison purposes, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of matching it with data that is similarly encrypted by Facebook.

Furthermore, when using the Facebook pixel, we use the additional function "extended comparison" where data for the formation of target groups ("Custom Audiences" or "Look Alike Audiences") are transmitted to Facebook in encrypted form. Further information can be found here

https://www.facebook.com/help/794535777607370
 

Facebook processes the data in accordance with the Facebook Data Usage Policy. Specific information and details about Facebook pixels and how they work can be found in the Facebook help section:

https://www.facebook.com/privacy/explanation
https://www.facebook.com/help/
 

You can revoke your consent to the collection of your personal data by the Facebook pixel and use of your data to display Facebook ads at any time. To set what types of ads you see within Facebook, you can go to the page set up by Facebook and follow the instructions on how to set up usage-based ads. The settings are platform-independent (desktop or mobile): https://www.facebook.com/settings?tab=ads

A revocation of the consent leaves data processing unaffected until the time of revocation.

  1. Use of Google reCAPTCHA

We use the service reCAPTCHA of Google Inc. on our website. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“). The tool checks whether the input is made by a human being or is done automatically by a machine. This service involves sending Google the IP address and any other data required by Google for the reCAPTCHA service. To that end, your input will be transmitted to Google and used there. Your IP address will be truncated by Google within the member states of the European Union or in other parties to the Agreement on the European Economic Area. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and truncated there. Google will use this information to evaluate your use of this service on behalf of the operator of this website. The IP address transmitted by your browser as part of reCAPTCHA is not conflated with other Google data. Your data may also be transferred to the USA. The European Commission has passed an adequacy resolution for data transfers to the USA, called the "Privacy Shield". Google participates in the "Privacy Shield" and has submitted to the specifications. By activating the query, you consent to your data being processed. Processing takes place on the basis of Art. 6 (1) (a) GDPR with your consent. You may revoke your consent at any time, without affecting the legality of processing carried out on the basis of consent until the time of revocation. For more information about Google Remarketing and the associated privacy policy, please see:

            https://www.google.com/privacy/ads/

  1. Use of cookies

In order to make your visit to our website more attractive, and to enable you to use certain functions, we use so-called cookies on certain pages. These are small text files that are stored on your computer. Some of the cookies we use are deleted after the browser session, i.e., after you close your browser ("session cookies"). Other cookies remain on your terminal and enable us to recognise your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the use of cookies and decide individually on whether to accept them or to deactivate the acceptance of cookies in certain cases or completely. If you reject the use of cookies, our website may have limited functionality.

  1. Use of Google (Universal) Analytics for Web Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Inc. (www.google.com). Google (Universal) Analytics uses methods which allow your use of the website to be analysed, such as "cookies", text files that are stored on your computer. The information generated by the cookie about your use of this website is generally transmitted to and stored in a Google server in the USA. Through the activation of the IP anonymisation on this website, the IP address is thereby reduced before transmission within the Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics is not merged with any other data held by Google.

You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en

As an alternative to the browser plug-in, you can click on this link to prevent the acquisition by Google Analytics on this website in the future. This stores an opt-out cookie on your device. If you delete your cookies, you will need to click on the link again.

  1. Google Analytics opt-out

You can opt out of Google Analytics at any time by installing the Google Analytics opt-out add-on for your browser. The Google Analytics opt-out add-on for your browser allows visitors to prevent their data from being collected and used by Google Analytics.

Alternatively, you can disable Google Analytics data collection by clicking on the following opt-out link: Analytics Please note that this link uses a special opt-out cookie to record Google Analytics data only on the browser in which the link was clicked. If the opt-out cookie is deleted in the browser, Google Analytics recording is enabled again.

You can disable or customise Google Display Network Ads by visiting the page Google Ads Settings.

  1. Use of Google Maps

We use the feature for embedding Google Maps on our website. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").

This feature enables the visual display of geographical information and interactive maps. Google also collects, processes and uses the data of visitors to the pages in which GoogleMaps maps are integrated. You will find more detailed information on the scope and use of the data by Google in Google's privacy policy at https://www.google.com/privacypolicy.html. You also have the option to change your settings in the Privacy Centre, so that you can manage and protect your data processed by Google. Your data may also be transferred to the USA. The European Commission has passed an adequacy resolution for data transfers to the USA.

You have the right at any time to object, for reasons arising from your particular situation, to the processing of your personal data based on Art. 6 (1) (f) GDPR. To do this, you must disable the JavaScript application in your browser. However, we would like to point out that if you do this, not all the functions of this website may be available to you to their full extent, for example, the interactive map display.

  1. Embedded videos and images from external websites

Some of our pages contain embedded content from YouTube or Instagram. If you only visit a website from our website with integrated videos or images from our YouTube and/or Instagram channels, no personal data will be transmitted, with the exception of the IP address. In the case of YouTube, the IP address will be sent to Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA ("Google") and, in the case of Instagram, to Instagram Inc., 181 South Park Street 2, San Francisco, California 94107, USA ("Instagram").

  1. Publication of amendments

Changes to the law or changes to our internal processes may necessitate an adaptation of this Privacy Policy. In the event of such a change, we will inform you at the latest 6 weeks before its entry into force. In general, you are entitled to a right of objection regarding the granting of your consent (Point 6). Please note that (unless you use your right of revocation) the current version of the Privacy Policy is the valid one.

  1. Updating / revoking consent / deletion of your personal data

You have the opportunity at any time to review, change or delete the personal data provided to us by sending us an email to datenschutz@nonomo.de.

Likewise, you have the right to withdraw your consent at any time with effect for the future at any time.

Saved personal data is deleted if you revoke your agreement to its storage. The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or so long as this is granted by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with legal requirements.

  1. Rights of data subjects

Every data subject shall have the right granted by the European legislator to demand confirmation from the controller of whether personal data concerning them is being processed. If a data subject wishes to exercise this right to rectification, they may contact an employee of the controller at any time.

Any data subject whose personal data is processed shall have the right granted by the European legislator to obtain, at any time and free of charge, information from the controller concerning the stored personal data relating to them, and a copy of that information.

Furthermore, the European legislator has granted the data subject the following information:

  • the processing purposes,
  • the categories of personal data which are processed,
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations,
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
  • the existence of a right to rectification or erasure of the personal data concerning them or of a restriction of the processing by the controller or of a right to object to such processing,
  • the possibility, according to Art. 77 GDPR, to complain to a supervisory authority. with jurisdiction for your customary domicile or place of work or for our registered office,
  • where the personal data is not collected from the data subject, any available information as to its source,
  • the existence of automated decision-making, including profiling according to Art. 22 para. 1 and para. 4 of the GDPR and - at least in these cases- meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, the data subject has a right of access to information as to whether personal data has been transferred to a third party or to an international organisation. If this is the case, the data subject, in addition, has the right to obtain information about the appropriate guarantees in connection with the transfer. If a data subject wishes to exercise this right to obtain information, they contact any employee of the controller at any time.

Each data subject whose personal data is processed shall have the right granted by the European legislator to request the immediate correction of inaccurate personal data concerning them. Furthermore, taking into account the purposes of the processing, the data subject has the right to request that incomplete personal data be completed, including by means of a supplementary declaration.

If a data subject wishes to exercise this right to rectification, they may contact any employee of the controller at any time.

Each data subject whose personal data is processed shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have the obligation to erase this personal data without undue delay where one of the following grounds applies and so long as processing is not necessary:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • the data subject withdraws their consent to the processing in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing.
  • The data subject makes an objection according to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for continued processing, or the data subject makes an objection to the processing according to Art. 21 para. 2 of the GDPR.
  • The personal data have been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation under European Union or Member State law to which the data controller is subject.
  • The personal data has been collected in relation to the services offered by the information society according to Art. 8 para. 1 of the GDPR.

If one of the above-mentioned reasons applies and a data subject wishes to have their personal data stored deleted, they may contact our data controller or an employee of the data controller at any time. Our data protection officer or another employee will arrange that the deletion request be fulfilled immediately.

If the personal data has been made public by us and our company is responsible according to Art. 17 para. 1 GDPR for the deletion of personal data, we are obliged to take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform other data processors who process the published personal data that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other data processors, insofar as the processing is not necessary. Our data protection officer or another employee will arrange what is necessary in individual cases.

Each data subject shall have the right granted by the European legislator to demand that the control restricts processing where one of the following conditions applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required to by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to the processing according to Art. 21 para. 1 GDPR and it is not yet clear whether the entitled parties outweigh the interests of the data controller in relation to those of the data subject.

If any one of the above mentioned conditions is fulfilled and a data subject wishes to request the restriction of personal data stored by the company, they can contact our data controller or an employee of the data controller at any time. Our data controller or another employee will arrange for processing to be restricted.

Each data subject whose personal data is processed shall have the right granted by the European legislator to receive personal data relating to them, and provided by the data subject to a controller, in a structured, current and machine-readable format. They also have the right to transmit this data to another party without hindrance from the data controller to whom the personal data was originally provided, provided that the processing is based on the consent provided for in Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 (a) of the GDPR or on a contract in accordance with Art. 6 para. 1 lit. b GDPR and processing is carried out by means of automated procedures, except where such processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

Furthermore, in exercising their right to data portability according to Art. 20 para. 1 of the GDPR, the data subject has the right to require that the personal data be transmitted directly from one controller to another as far as this is technically feasible and provided that this does not affect the rights and freedoms of others.

To assert the right to data portability, the data subject may contact our data controller or another employee at any time. 

Each data subject whose personal data is processed has the right granted by the European legislator, for reasons arising from their particular situation, to at any time oppose the processing of personal data relating to them which is undertaken on the basis of Art. 6 para. 1 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

We will no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If we process personal data in order to carry out direct advertising, the data subject has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If the data subject objects to the company processing for direct advertising purposes, we will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data concerning them for scientific or historical research purposes or for statistical purposes at the company in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task in the public interest.

In order to exercise the right of objection, the data subject may contact our data controller or another employee directly. The data subject shall also be free to exercise their right to objection in relation to the use of information society services by means of automated procedures using technical specifications, Directive 2002/58/EC notwithstanding. Any data subject affected by the processing of personal data shall have the right granted by the European legislator of directives and regulations, not to be subject to automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner, insofar as it

  1. is not necessary for entering into, or for the performance of, a contract between the data subject and a data controller, or
  2. is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard the rights and freedoms of the data subject and legitimate interests or
  3. is made with the express consent of the data subject.

If the decision

  1. is not necessary for entering into, or for the performance of, a contract between the data subject and a data controller, or
  2. it is carried out with the express consent of the data subject,

we will take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the data controller, to state their own position and to challenge the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, they may contact an employee of the data controller at any time.

Each data subject whose personal data is processed shall have the right granted by the European legislator to withdraw their consent to the processing of their personal data at any time.

If the data subject wishes to exercise the right to revoke consent, they may contact the data controller or an employee of the data controller at any time.

  1. Legal basis of the processing

Art. 6 para. 1 lit. a GDPR serves our company as a legal basis for processing operations through which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to such processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our company and their name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. Then the processing would be based on Art. 6 para. 1 lit d GDPR. Ultimately, processing operations could be based on Art. 6 para. 1 lit. f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not take priority. We are allowed to carry out such processing procedures because they have been specifically mentioned by the European legislator. In this respect, a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, clause 2, GDPR).

  1. Legitimate interests in processing pursued by the controller or by a third party

If the processing of personal data is based on Art. 6 para. 1 lit. f GDPR, our legitimate interest is to conduct our business for the benefit of all of our employees and our shareholders.

  1. Contact options and your rights

You have the following rights:

  • pursuant to Art. 15 GDPR the right to request information about your personal data processed by us to the extent described therein;
  • pursuant to Art. 16 GDPR to obtain the correction of incorrect or incomplete personal data stored by us;
  • pursuant to Art. 17 GDPR to obtain the deletion of your personal data stored by us, unless further processing is necessary
    • to exercise your rights to freedom of expression and information;
    • to fulfil a legal obligation;
    • reasons of public interest, or
    • to assert, exercise, or defend legal claims
    • ;
  • according to Art. 18 GDPR, the right to obtain the restriction of the processing of your personal data, insofar as
    • you dispute its accuracy;
    • it is being processed unlawfully, but you refuse to have it deleted;
    • we no longer need the data, but you do need it to assert, exercise, or defend legal claims; or
    • you have lodged an objection to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data, which you have provided, in a structured, current and machine-readable format or to request its transfer to another responsible person;
  • pursuant to Art. 77 GDPR to complain to a supervisory authority. with jurisdiction for your customary domicile or place of work or for our registered office.
  1. The controller or your contact person

If you have questions about the collection, processing or use of your personal data, the disclosure, correction, blocking or deletion of data and if applicable revocation of permission granted, or objection to a particular use of the data, please contact

Nonomella GmbH
represented by the Managing Director Alexander B. Bühlow, Katharina Kullick
Bußmannstraße 18
45896 Gelsenkirchen 
Germany

Telephone: 49 (0) 209 604889-0                                               
Fax: 49 (0) 209 604889-29                                                         
Email: datenschutz@nonomo.de

Nonomella GmbH has appointed a data controller. His contact details are:
Dr Christian Velten
Email: info@datenschutz-mittelhessen.de