With this data protection notice, we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TTDSG). Responsible for data processing is NovoCarbo GmbH (hereinafter referred to as “we” or “us”).
I. General Information
1. Responsible Party
If you have any questions or suggestions regarding this information, or you wish to contact us about asserting your rights, please send your requests to
Managing Directors: Caspar von Ziegner, Sven Wissebach, Paul Doertenbach
We are not obliged to appoint a data protection officer.
2. Legal Basis
The term “personal data” under data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, particularly the GDPR and the Federal Data Protection Act. Data processing by us only takes place based on legal permission. We process personal data only with your consent (s. 25 (1) TTDSG or Art. 6 (1) lit. a GDPR), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 (1) lit. b GDPR), for compliance with a legal obligation (Art. 6 (1) lit. c GDPR) or if the processing is necessary in order to protect our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (Art. 6 (1) lit. f GDPR).
If you apply for a vacant position in our company, we will also process your personal data for the purpose of deciding about the establishment of an employment relationship (s. 26 (1) Sentence 1 BDSG).
3. Duration of Storage
Unless otherwise stated in the following notes, we store the data only for as long as it is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention requirements may arise particularly from commercial or tax law provisions. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. Additionally, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
4. Categories of Recipients of Data
Regarding the processing of your data, we use processors. Processing operations carried out by such processors include, for example, hosting, sending e-mails, maintenance and support of IT systems, customer and order management, order processing, accounting, and billing, marketing measures or file and data carrier destruction. A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. Processors do not use data for their own purposes but perform data processing exclusively for the controller and are contractually obligated to ensure appropriate technical and organizational data protection measures. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company’s bank, tax advisors/auditors or the tax authorities. For the purpose of infection control, data may be transferred to the responsible health department. Further recipients may result from the following information.
5. Processing in the Exercise of Your Rights
If you exercise your rights under Articles 15 to 22 GDPR, we will process the personal data provided for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will process data stored for the purpose of providing information and preparing it only for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 GDPR.
These processing operations are based on the legal basis of Art. 6 (1) lit. c GDPR in conjunction with Art. 15 to 22 GDPR and s. 34 (2) BDSG.
6. Your Rights
As data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- In accordance with Art. 15 GDPR and s. 34 BDSG, you have the right to request information about whether and, if so, to what extend we are processing personal data relating to you or not.
- You have the right to demand that we correct your data in accordance with Art. 16 GDPR
- You have the right to demand that we delete your personal data in accordance with Art. 17 GDPR and Art. 35 GDPR.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
- You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
- If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until revocation.
- If you believe that the processing concerning your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You can find an overview of the supervisory authorities at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
7. Right to Object
In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) lit. e or lit. f GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing pursuant to Art. 21 (2) and (3) GDPR.
To revoke your consent, send an email to email@example.com.
II. Data Processing on our Website
During your use of the website, we collect information that you provide yourself. In addition, during your visit to the website, we automatically collect certain information about your use of the website. In data protection law, the IP address is also generally considered to be personal data. An IP address is assigned to every device connected to the internet by the internet provider so that it can send and receive data.
1. Processing of Server Log Files
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e., not via registration). This includes by default:
- browser type/version,
- operating system used,
- page viewed,
- the previously visited page (referrer URL),
- IP address,
- date and time of server request and
- HTTP status code.
The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f GDPR. This processing is for the technical management and security of the website. The stored data will be deleted after 3 months unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject based on the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 (2) of the GDPR, unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.
The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
2. Contact Options and Requests
Our website contains a contact form that you can use to send us messages. The transfer of your data is encrypted (recognizable by the “https” in the address line of the browser). Marked data fields are required to process your request. Failure to do so will result in us not being able to process your request. Alternatively, you can send us a message via the contact e-mail.
We process the data for the purpose of answering your request. In this case, the personal data is processed with your consent and on the basis of Art. 6 (1) lit. a GDPR. If your request is directed towards the conclusion or performance of a contract with us, Art. 6 (1) lit. b GDPR is the legal basis for data processing. Otherwise, we process the data based on our legitimate interest to get in contact with inquiring persons. The legal basis for the data processing is then Art. 6 (1) lit. f GDPR.
You have the opportunity to apply to our company in our job offers section. For this purpose, you will be redirected to the website of our service provider, Personio GmbH (Germany/EU). For more information on the processing of your data when submitting your application, please refer to the following link https://novocarbo-gmbh.jobs.personio.com/privacy-policy?language=de .
You can find information about the purposes, providers, technologies used, data stored and the storage period of individual cookies in the following list:
Essential cookies enable basic functions and are necessary for the proper function of the website. The legal basis is Section 25 (2) TTDSG and Article 6 (1) (f) GDPR.
|Provider||Owner of this website, Legal Notice|
|Purpose||Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.|
|Cookie Expiry||1 Year|
Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website. The legal basis your consent according to Section 25 (1) TTDSG and Article 6 (1) (a) GDPR.
|Purpose||Cookie by Matomo used for website analytics. Generates statistical data on how the visitor uses the website.|
|Cookie Expiry||1000 days|
Content from video platforms and social media platforms is blocked by default. If External Media cookies are accepted, access to those contents no longer requires manual consent. External Media services process personal data in the USA. With your consent to use these services, you also consent to the processing of your data in the USA pursuant to Art. 49 (1) lit. a GDPR. The ECJ classifies the USA as a country with insufficient data protection according to EU standards. For example, there is a risk that U.S. authorities will process personal data in surveillance programs without any existing possibility of legal action for Europeans. Legal basis for using External Media cookies is your consent according to Section 25 (1) TTDSG and Article 6 (1) (a) GDPR.
|Provider||Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland|
|Purpose||Used to unblock YouTube content.|
|Cookie Expiry||6 Month|
If you want to make a new decision, you can change your data protection settings by clicking this button: Change Cookie-settings.
5. Consent Management Tool
This website uses a Consent Management Banner to control cookies. The consent banner allows users of our website to give consent to certain data processing operations or to revoke consent they have given. By confirming the “I accept all” button or by saving individual cookie settings you consent to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 (1) lit. a GDPR and 25 (1) TTDSG.
In addition, the banner helps to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect these data.
The processing of this data is necessary to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 (1) lit. c in conjunction with Art. 7 (1) GDPR).
We use the web analytics service Matomo (formerly Piwik). Matomo is an open-source software for measuring reach. In this process, accesses to our website are recorded and evaluated anonymously without the use of tracking cookies. The IP address is anonymized immediately after collection and before storage. Additionally, the following data is collected:
- date and time of visit,
- referrer URL
- duration of visit,
- viewed pages,
- browser and operating system,
- rough geografic location.
Matomo is only used with your consent pursuant to Art. 6 (1) lit. a GDPR and 25 (1) TTDSG.
7. SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
8. External Media and Third-Party Services
We integrate functional and content elements into the online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers").
The integration always presupposes that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content or functions.
a. Data Transfer to Third Countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is warranted in such third country. In the absence of such an adequacy decision by the European Commission, a transfer of personal data to a third country shall only take place if appropriate safeguards are in place pursuant to Article 46 of the GDPR or if one of the conditions of Article 49 of the GDPR is met.
Unless otherwise stated below, we use EU standard contractual clauses as appropriate safeguards for transfers of personal data to third countries. If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Article 49 (1) lit. a GDPR.
For such a video-integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to YouTube and they set their own cookies. YouTube-Videos are only displayed with your consent according to s. 25 (1) TTDSG and Art. 6 (1) lit. a GDPR.
With YouTube, a transfer to the U.S. cannot be ruled out. Please note the information in the section “Data Transfer to Third Countries”.
c. Job-display via Personio
For such an integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Personio and their CDN Cloudfront (provider: Amazon Web Services, Inc.;). This data processing is carried out to protect our legitimate interests in the optimal and economic operation of our website and is based on the legal basis of Art. 6 (1) lit. f GDPR). You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Please note that this may result in functional restrictions on the website.
III. Data Processing on our Social Media Profiles
We are represented on several social media platforms with a company profile. Through this, we would like to offer further opportunities to obtain information about our company and to interact. Our company has company profiles on the following social media platforms:
When you visit or interact with our profiles on social media platforms, personal data may be processed. The information associated with a social media profile used also regularly constitute as personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit of social media platforms, which may also be considered as personal data.
1. Visit of a Social Media Page
a. LinkedIn Company Page
When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights about the types of actions people take on our site (so-called Page Insights). For this purpose, LinkedIn processes in particular information that you already provided to LinkedIn in your profile, such as information on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you are interacting with our LinkedIn company page, e.g., whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarized Page Insights. It is also not possible to draw conclusions about individual members from the information of the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves out legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these findings. The legal basis for this processing is Art. 6 (1) f GDPR. We have entered into a joint controller agreement with LinkedIn, which specifies the distribution of data protection obligations between us and LinkedIn. This agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:
- LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.
Twitter (provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) is the sole responsible party. Further information about the processing of personal data by Twitter Inc. can be found at https://twitter.com/de/privacy, (settings) https://twitter.com/personalization.
2. Comments and Direct Messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations are carried out by us as the sole data controller. We process this data based on our legitimate interest to get in contact with requesting persons. The legal basis for data processing is Art. 6 (1) lit. f GDPR. Further data processing may take place if you have consented (Art. 6 (1) lit. a GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6 (1) lit. c GDPR).
We use software to manage our company pages. If a user asks a question specified in the software via the comment function on one of our company pages, the text is displayed via the software together with the user’s username. This data is also transmitted to the provider of the software. The transmitted text as well as the username will be deleted as soon as the question has been answered.
IV. Further Data Processing
1. Contact by E-Mail
If you send a message to us via the contact e-mail provided, we will process the transmitted data for the purpose of responding to your inquiry. We process this data based on our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6 (1) lit. f GDPR.
2. Customer and Prospect Data
If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of the provided personal master data, contract data and, if applicable, payment data as well as contact and communication data of our contact persons at commercial customers and business partners. The legal basis for this processing is Art. 6 (1) lit. b GDPR. We also process customer and prospect data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) lit. f GDPR and serves our interest to further develop our offerings and to inform you specifically about our offers. Further data processing may take place if you have consented (Art. 6 (1) lit. a GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6 (1) lit. c GDPR).
If you order a product by telephone, we process personal data exclusively for the purpose of processing the contract or to provide you with the ordered product. Within the framework of the ordering process, we only process the data that you yourself have provided. In order to be able to deliver the ordered products to you, we transmit your data required for the delivery to one of our shipping service providers as specified in the order. The legal basis for the processing is in each case Art. 6 (1) lit. b GDPR. All data collected by us by telephone are necessary for processing your order. Failure to provide it will result in us not being able to process your order. The provision of further data is voluntary.
4. Use of the E-Mail Address for Marketing Purposes.
We may use the e-mail address you provided during registration to inform you about our own similar products and services offered by us. The legal basis is Art. 6 (1) lit. f GDPR in conjunction with s. 7 (3) UWG (Law Against Unfair Competition). You can object to this at any time without incurring any costs other than the transmission costs according to the prime rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an e-mail to firstname.lastname@example.org.