Privacy policy

We take the protection of your personal data seriously. This information applies to the processing of your personal data when you visit our website.

1. responsible person and data protection officer

The controller within the meaning of the EU General Data Protection Regulation (“GDPR”) is

Nexis GRC GmbH
Hans-Henny-Jahnn-Weg 53, 22085 Hamburg, Germany

Telephone number: +49 941 85097900
E-mail: sales@nexis-qsec.com

We have appointed a data protection officer. You can reach our data protection officer at datenschutz@nexis-qsec.com.

2. processing on our website

The following personal data is processed in connection with your visit to our website.

2.1. Webhosting

When you visit our website, we process personal data in order to guarantee the smooth, functional and secure operation of our website. The following data may be processed (so-called log files):

• Operating system and current IP address (last octet shortened) of the device you use to visit our website
• Browser (type, version and language setting)
• the amount of data retrieved
• Date and time of access
• the URL of the previously visited website (referrer)
• the URL of the (sub)page that you call up on the website
• the Internet service provider of the accessing system

The collection of log files is technically necessary in order to display our website to you and to ensure the stability and security of the website. This is also our legitimate interest in data processing. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. This website is hosted by the service provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, with whom we have concluded a data processing agreement. Your data is processed in a German data center and deleted after 8 weeks.

2.2. Contact us

If you contact us via our form or by e-mail, we process your e-mail address, your name and any other personal data transmitted by your message. The data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR in the context of initiating or implementing pre-contractual measures or on the basis of our legitimate interest in processing and responding to your other concerns in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Further information is not mandatory for establishing contact and is therefore provided voluntarily on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Your personal data will be deleted – subject to statutory retention periods – as soon as the purpose of storage no longer applies, i.e. your request has been fully processed and no further communication with you is required or requested by you.

We work with Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland to provide our email inbox. The data is generally processed in the EU. However, as a data transfer to Microsoft Inc. in the USA (third country) cannot be completely ruled out, an order processing contract has been concluded with Microsoft using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission.

2.3. Expert sessions and online events

When you participate in Expert Sessions and online events, we also process your name, email address, IP address and other technically required data, as well as any audio, video and text content you send, your telephone number and your profile picture. The webinars are part of your membership and the processing is therefore carried out for the execution of your membership contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. The provision of the information is necessary for participation in the webinars. We store your data for as long as it is necessary for the execution of the corresponding event and delete it, subject to relevant statutory retention obligations, as soon as processing is no longer necessary.

We work with the Teams software provided by Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, to conduct webinars and online events. The data is generally processed in the EU. However, as a data transfer to Microsoft Inc. in the USA (third country) cannot be completely ruled out, an order processing agreement has been concluded with Microsoft using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission.

2.4. Newsletter

If you register for our newsletter, we will process your e-mail address to inform you about news and offers. You can voluntarily subscribe to our newsletter at any time on our website. To send our newsletter, we work with the service rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany. We have concluded an order processing contract with the service provider. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which you can revoke at any time and without giving reasons with effect for the future (e.g. via the corresponding link at the end of each newsletter). We store your data for as long as the consent for sending the newsletter exists.

2.5. Cookies

Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall. We use technically necessary cookies that are required for the provision of the website. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR i.V.m. § 25 para. 2 no. 2 TTDSG. Our legitimate interest lies in the technically flawless and user-friendly presentation of the website.

For cookies that are not technically necessary, the processing is based on your consent in accordance with § 25 para. 1 TTDSG and Art. 6 para. 1 sentence 1 lit. a GDPR. We request your consent as part of our cookie banner. You can revoke your consent at any time and without giving reasons with effect for the future by removing the check mark you have set for consent in the cookie banner under the respective category and then saving the settings. You can open the cookie banner at any time via the overlay displayed in the bottom left-hand corner of your screen. You can find more information about the cookies used on this website in our cookie banner.

2.6. Borlabs Consent Management

We use the Borlabs Consnet Manager to store your consent. The provider is Borlabs GmbH Hamburger Str. 11, 22083 Hamburg Germany. This software enables us to query consents on our website. Your IP address and your corresponding decisions are processed and stored in the Consent Manager. The legal basis for the processing is Art. 6 para. 1 lit. c GDPR i.V.m. § 25 para. 1 sentence 1 TTDSG. Borlabs stores the consent you have given in a cookie on your end device. Your data will be stored for a maximum of 6 months. You can adjust and revoke your consent at any time using the button under 2.2. or at the bottom left of your screen.

2.7. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The cookie used for this purpose enables us to analyze the use of our website. Google uses this information on our behalf to evaluate the use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The information generated by the cookie may also be transmitted to a Google LLC server in the USA and stored there. On our website, Google Analytics has therefore been extended by the code “anonymizeIp” to ensure an anonymized collection of IP addresses (so-called IP masking). This means that the user’s IP address is first truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA (third country) and truncated there. The IP address transmitted by the browser used as part of Google Analytics is not merged with other Google data. We have concluded an order processing contract with Google using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. In addition, Google is certified in accordance with the EU-US Data Privacy Framework. The adequacy decision of the European Commission therefore applies to transfers of personal data.

The legal basis for the use of Google Analytics is your consent in accordance with Section 25 (1) sentence 1 TTDSG, Art. 6 (1) sentence 1 lit. a GDPR, which you can give via the cookie banner and also revoke at any time without giving reasons with effect for the future in cookie management. The personal data processed by Google Analytics is stored for 14 months and then automatically deleted.

2.8. Google Tag Manager

We use the Google Tag Manager service provided by Google of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager enables us to integrate scripts and plug-ins into our website faster and more user-friendly. We have concluded an order processing contract with Google. Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. The Google Tag Manager ensures the loading of other components, which in turn may collect data. Google Tag Manager does not access this data. The legal basis is your voluntary consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via our consent management with effect for the future. The data is generally processed in the EU. However, since a data transfer to Google in the USA (third country) cannot be completely ruled out, we have concluded an order processing contract with Google using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. In addition, Google is certified in accordance with the EU-US Data Privacy Framework. The adequacy decision of the European Commission therefore applies to transfers of personal data.

2.9. Google Ads Conversion Tracking

We use the online advertising program “Google Ads” on our website and in this context conversion tracking (visit action evaluation). Google Conversion Tracking is an analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you click on an advertisement placed by Google, a cookie for conversion tracking is stored on your computer. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you have clicked on the ad and have been redirected to this page. Each Google Ads customer receives a different cookie. It is therefore not possible for cookies to be tracked via the websites of Ads customers.

The information collected with the help of the conversion cookie is used to compile statistics on the effectiveness of our ads. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.

The use of Google Ads Conversion Tracking takes place with your consent on the basis of § 25 para. 1 sentence 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. Your personal data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

Your data may be transferred to the USA. We have therefore concluded an order processing contract with Google using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. The legal basis for the use of Google Analytics is your consent in accordance with Section 25 (1) sentence 1 TTDSG, Art. 6 (1) sentence 1 lit. a GDPR, which you can give via cookie management and also revoke at any time without giving reasons with effect for the future in cookie management. Your processed personal data will be deleted by us after 90 days.

2.10. Outfunnel Marketing Tracking

We use the campaign analysis and marketing synchronization service Outfunnel from Outfunnel OÜ, Valgevase 13, Tallinn, 10414, Estonia. The purpose of data processing is to analyze your use of our website and to manage and measure the success of marketing campaigns. For this purpose, we process your data such as page views, date and time of page views, IP address, referrer (source, medium), device data, browser information.

Outfunnel is used with your consent on the basis of § 25 para. 1 sentence 1 TTDSG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is based on your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. We store your data for as long as it is necessary for the fulfillment of the purpose or you revoke your consent. We have concluded an order processing contract with Outfunnel.

3. Social media presence LinkedIn

We operate the LinkedIn site: https://www.linkedin.com/company/nexis-grc-gmbh. We work together with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. When you visit these pages, your personal data is processed by LinkedIn. This includes your connection data, such as your IP address, data about the device you are using and data about your activities on LinkedIn. If you are logged into your LinkedIn account while visiting our pages, this information can also be assigned to you personally and your account. To avoid this, you can log out of your account.

We have no influence on the personal data used by LinkedIn for its own purposes or the extent to which activities are assigned to users, stored, analyzed or passed on to third parties. LinkedIn ensures that they provide an appropriate legal basis for the processing of your personal data and inform you of this. We have no precise information about the storage duration of the data processed by LinkedIn. For (“German”) IP addresses, anonymization and deletion takes place after 90 days. To assert your rights mentioned below in the context of data processing by LinkedIn, you can contact LinkedIn’s contact information at: https://www.linkedin.com/legal/privacy-policy.

4. your rights

You have the right to request confirmation as to whether personal data concerning you is being processed by us. If this is the case, we will be happy to provide you with information about this personal data and the information listed in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object to processing (Art. 21 GDPR) under the respective legal requirements. If the processing is based on your consent, you have the right to withdraw this consent at any time (Art. 7 para. 3 GDPR); however, the lawfulness of the processing carried out on the basis of the consent and until the withdrawal remains unaffected.

To exercise your rights as a data subject, please contact the address stated in section 1.

You also have the right to lodge a complaint with a competent supervisory authority at any time if you are of the opinion that the processing of your personal data by us violates data protection regulations (Art. 77 GDPR).

5. updating and amending the privacy policy

We reserve the right to amend this privacy policy at any time in compliance with the applicable data protection regulations.

The current status is: April 2024