Data Privacy Statement
Data protection is important to us
The protection of your privacy when processing personal data is an important concern for us. The use of our website is generally possible without providing any personal data. However, if a data subject wishes to use specific services on our website, the processing of personal data may be required. Below, we inform you about the nature, scope, and purpose of the collection and use of personal data by the operator of this website.
As new technologies and the continuous development of this website may lead to changes in this privacy policy, we recommend that you read the data privacy statement again at regular intervals.
Personal data refers to any information that can be used to personally identify you. Using our website may involve the collection of personal data in order to provide services or to analyze your user behavior. Detailed information on this can be found in this privacy policy.
With the following checkbox, you can prevent our website from aggregating and analyzing your activities:
Responsible
nTwig Consulting GmbH
Röntgenstr. 14
95478 Kemnath
Phone: +49 155 6181 0128
E-mail: info@ntwig.de
Server Logs
When the data subject uses this website, the access is recorded on our servers.
The following data is collected:
- Complete IP address of the requester
- Date and time of the request
- Name of the requested file
- Access status (request successful, request failed, etc.)
- Amount of data transferred
- User agent of the browser
The recording of this data is necessary for security purposes, particularly to defend against attempted attacks on our web servers. There is no option to opt-out. However, this data will never be used for other purposes or shared with third parties. As the legal basis, we refer to Article 6(1) lit f DSGVO.
The data will be deleted from our servers after a maximum of 90 days.
We host the content of our website with IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. IONOS collects various log files, including IP addresses, when the website is visited. The use of IONOS is based on Article 6(1)(f) of the GDPR. We have concluded a data processing agreement (DPA) that ensures personal data is processed only according to our instructions and in compliance with the GDPR.
Contacting us
When contacting us via the contact or application form, the information provided by the data subject is stored to enable subsequent processing and response to the inquiry.
The data entered by the data subject will remain with us until they request its deletion, withdraw their consent for storage, or the purpose for data storage no longer applies. For data submitted via the contact form, this is usually the case once the inquiry has been fully processed.
Application data is stored on a legal basis for up to six months after the completion of the application process, unless a longer storage period is legally required or explicitly requested by the data subject.
For customers, we store personal data in accordance with data protection laws for up to ten years after the end of a contractual or business relationship. Data of prospects without a contractual or business relationship will not be kept longer than three years after the last contact.
We refer to Article 6(1) lit b DSGVO and Article 6(1) lit f DSGVO in this regard.
The data entered by the data subject will remain with us until they request its deletion, withdraw their consent for storage, or the purpose for data storage no longer applies. This is the case once the inquiry has been fully processed. Mandatory legal retention periods remain unaffected.
We refer to Article 6(1) lit b DSGVO and Article 6(1) lit f DSGVO in this regard.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content (e.g., in contact inquiries or applications), this page uses SSL or TLS encryption. An encrypted connection can be recognized by the fact that the browser’s address bar changes from "http://" to "https://" and by the padlock symbol in the browser bar.
When SSL or TLS encryption is enabled, the data transmitted to us cannot be read by third parties.
Links to external sites
Our website contains links to external websites of third parties, over whose content we have no control. Therefore, we cannot assume any responsibility for these external contents. The provider or operator of the linked pages is always responsible for the content of the linked sites.
When visiting external links, data of the data subject may be transmitted to the respective websites. This may include, in particular, the IP address, browser information, or similar technical data. The handling of personal data on these websites is governed by the respective privacy policies of the operators. Therefore, we recommend that the data subject review the privacy policies of the external sites.
External links on our website are marked with this symbol:
Matomo
This website uses Matomo, an open source, self-hosted software to collect anonymous usage data for this website.
Visitor behavior data is collected to identify potential issues such as missing or unpopular pages and to improve the user experience. Once the data is processed, Matomo generates reports that help us make layout adjustments or optimize our content. We rely on Article 6(1) lit f DSGVO for the use of this software.
Matomo processes the following information for this purpose:
- Anonymized IP addresses (the last two bytes of the address are removed)
- Pseudo-anonymized location (based on the anonymized IP address)
- Date and time
- Title of the page accessed
- URL of the page accessed
- URL of the previous page (if allowed)
- Screen resolution
- Local time
- Files that were clicked and downloaded
- External links
- Duration of the page load
- Country, region, city (with low accuracy due to anonymized IP address)
- Primary browser language
- User agent of the browser
- Interactions with forms (but not their content)
Matomo uses cookies that are stored on the user's computer and allow an analysis of website usage. We deliberately refrain from storing cookies that contain personal data. Only a cookie used to identify a session during a single visit to our website is set. This cookie is technically necessary and valid only for the duration of the current session, meaning until the browser is closed. It is then deleted.
With the following checkbox, you can prevent our website from aggregating and analyzing your activities:
hCaptcha
We use the security service hCaptcha on our website. This service is provided by Intuition Machines, Inc., a company based in Delaware, USA ("IMI"). hCaptcha is used to verify whether user actions on our website (e.g., submitting a contact or application form) meet our security requirements. To do this, hCaptcha analyzes the behavior of the data subject based on various characteristics. This analysis starts automatically as soon as a visitor enters an area of the website or app where hCaptcha is enabled. For the analysis, hCaptcha evaluates various information (e.g., IP address, how long the visitor stays on the website or app, mouse movements of the user, interactions with forms). When using our contact or application form, our website must ensure that it is interacting with a human and not a bot, and that the activities performed by the user are not related to fraud or abuse.
The processing of personal data is carried out on the basis of Article 6(1) lit f DSGVO: Our legitimate interest lies in protecting the service from abusive automated crawling, spam, and other forms of misuse that could harm our service or other users.
If the relevant consent has been obtained, the processing is additionally based on Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). Consent can be withdrawn at any time.
IMI acts as a "processor" within the meaning of the DSGVO and as a "service provider" within the meaning of the California Consumer Privacy Act (CCPA). We have concluded Standard Contractual Clauses (SCC) with this service provider to ensure an adequate level of data protection when transferring data to the USA.
The data processing is carried out on the basis of the standard contractual clauses of the European Commission to ensure data protection when transferring data to the USA. In addition, IMI is certified under the “EU-US Data Privacy Framework” (DPF). Further information can be found at: https://www.dataprivacyframework.gov/participant/6388
Further information on hCaptcha's privacy policy and terms of use can be found here: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.
Note: hCaptcha is technically necessary to protect our forms from misuse. It cannot be deactivated without restricting the use of the affected functions.
Google Fonts (local hosted)
Our website uses Google Fonts for the uniform display of fonts, which are installed locally on our servers. No connection to Google’s servers takes place. The purpose of this measure is to ensure a consistent and appealing presentation of our content across all devices and browsers.
Google Maps
To embed maps on our website, we use the Google Maps service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this process, the user’s IP address is usually transmitted to a Google server in the USA and processed there. The purpose of this processing is to provide an attractive presentation of our online offerings and to make the locations we specify easily findable. The use of Google Maps is based on Article 6(1)(f) of the GDPR. If consent has been obtained, the processing is additionally based on Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG; consent can be withdrawn at any time. The transfer to the USA is based on the European Commission’s standard contractual clauses, and Google is also certified under the “EU-US Data Privacy Framework” (DPF), ensuring European data protection standards. Further information can be found at: https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ and https://www.dataprivacyframework.gov/participant/5780.
Rights of the Data Subject
In any case, the data subject has the right to obtain information about their personal data. The data subject may also request that their personal data be corrected or deleted. Furthermore, the data subject has the right to object to the processing of their personal data or to request a restriction of processing. In addition, the data subject has the right to receive their personal data in a structured and commonly used format. If the processing is based on consent, this consent can be withdrawn at any time for the future. The lawfulness of processing carried out before the withdrawal of consent remains unaffected. Data subjects also have the right to object to the processing of their data for the purposes of direct marketing, including profiling, insofar as it is related to such direct marketing. In any case, the data subject also has the right to lodge a complaint with the competent data protection authority if they believe that the processing of their personal data violates the GDPR. Moreover, the data subject may request that their personal data be transmitted directly to another controller, insofar as this is technically feasible (right to data portability).
Revocation and Objection to Direct Marketing
If we process personal data for advertising purposes, e.g., for newsletters, this is done only with the explicit consent of the data subject (Art. 6(1) lit a DSGVO).
The data subject can revoke this consent at any time, for example, via an unsubscribe link in the newsletter or by notifying the email address provided in the imprint. After the consent has been revoked, the data will be promptly deleted for advertising purposes.
In addition, the data subject may object at any time to the processing of their personal data for direct marketing purposes (Art. 21 DSGVO). In the event of an objection, the relevant data will no longer be used for advertising purposes.