GDPR Privacy Notice

1. Introduction GDPR privacy notice

Link to the general transparency declaration according to DSGVO Art. 13, 14, 21.

The protection of your personal data is very important to us. This is why we treat your personal data with the utmost confidentiality in accordance with the General Data Protection Regulation (GDPR Regulation (EU) 2016/679) and this privacy notice.

We process personal data from your visit to our website to such an extent as is absolutely necessary to provide service to our customers such as the IP address (Internet Protocol) of the person accessing the content which is technically necessary and only stored for the duration of the visit or for any further service provision, e.g. sending information by post.

If the data subject makes use of one of the services offered on our website (such as providing contact information, subscribing to our newsletter), processing further personal data may become necessary. In the event of missing legal provisions, we will ask the data subject for their consent.

When processing personal data (name, address, phone number and/or e-mail address), this will always be done in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG-Neu)).

In order to provide complete protection – as far as possible – when processing personal data, we have taken comprehensive technical and organizational measures. However, we cannot guarantee absolute protection since Internet-based data transfer may be subject to breaches. Alternatively, you can therefore provide us with your personal data via e-mail or phone.

This privacy policy notifies the public about the manner, extent, and purpose of the personal data collected, processed and used, and informs data subjects about their rights.

Our website uses SSL/TSL encryption for the secure transmitting of personal data, e.g. via the contact form, visible by the HTTPS designation of our URL. Data is encrypted before transmission and protected against tampering and eavesdropping.

2. Definition of Terms

Our privacy notice contains terms based on the General Data Protection Regulation (GDPR). With the help of the following definitions, the privacy notice is easy to read and understand:

a) Personal data

Personal data is any information pertaining to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Any identified or identifiable natural person whose personal data is processed by a controller or processor (e.g. customer, potential buyer, business associate, or other visitors of our website).

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

f) Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Controller

Responsible controller in accordance with the GDPR, other applicable data protection laws within the member states of the EU, and other regulations pertaining to data protection:

NeuroCheck GmbH

represented by
Dipl.-Ing. Bernd Streicher-Abel
Dipl.-Ing. Dirk Zinnäcker

Neckarstraße 76/1
71686 Remseck am Neckar
Germany

Phone +49 7146 8956-0
E-mail info@neurocheck.com
German URL www.neurocheck.de
English URL www.neurocheck.com

4. Data Protection Officer

Pursuant to Section 4, Article 37 GDPR and Section 3, Article 5 Federal Data Protection Act (BDSG), visitors of our website can contact our data protection officer should questions pertaining to data protection and security arise:

Dirk Wolters
NeTec GmbH
Porschestraße 4
70435 Stuttgartg
Germany

Phone +49 711 54991-333
Fax +49 711 342 05 906
E-mail: datenschutz@netec.de
Internet: https://www.netec.de

5. Cookies

This website uses so-called Cookies. Cookies do not damage the visitor’s device nor do they contain viruses. Cookies are used to make your experience more enjoyable, effective, and secure. Cookies are small text files that are placed on your computer and saved by your browser when you visit a website.

Most of the cookies we use are session cookies, i.e., they are automatically deleted at the end of your visit to this website. Other cookies remain on your device until they are deleted. These cookies enable us to recognize your browser when you next visit.

Visitors can configure their browser in such a way that they are notified when cookies are set. In addition, you can prevent cookies from being set in certain cases or in general, and activate automatic deletion of cookies when closing the browser. Preventing cookies from being set may downgrade certain elements of the site’s functionality.

Legal basis for the use of cookies is GDPR Article 6 (1) Point f.

6. Collection of General Data and Information

Each time our website is accessed, general data/information about the visitor (natural person or automated system) is collected and stored in log files on our server. The following information is stored:

a) browser type/version used,
b) operating system used by visitor,
c) original website referring visitor to our website,
d) sub-sites that are accessed,
e) access date/time,
f) visitor’s source IP address,
g) visitor’s internet service provider and
h) further information to prevent and deflect the danger of security breaches to our IT systems.

The information collected is used to

a) display the content of our website in a correct way,
b) present content and potential advertisements in an optimal way,
c) reliably guarantee the technical functionality of our Internet pages and
d) to support the prosecution of cyber attacks by law enforcement agencies.

Statistical evaluation of anonymous information helps us to increase the protection level for processing personal data. We will draw no conclusions as to the identity of the data subject from the personal data of data subjects stored in anonymous log files.

7. Subscribing to Newsletter and other Services

At regular intervals, NeuroCheck GmbH will supply you with newsletters provided you explicitly consent; of course, you can at any time revoke this consent in writing (using the unsubscribe button or by sending an e-mail). We use the newsletter to let potential buyers, customers, and business associates know about special offers, news, events, and the like.

The personal data collected when registering for the newsletter using the form will only be used for mailing the newsletter or requested information / Evaluation License.

For the actual mailing, it may be necessary to  disclose personal data to third parties such as our newsletter software provider rapidmail. To mail our newsletter, we use the online tool rapidmail of the newsletter software provider rapidmail.GmbH. repidmail GmbH and NeuroCheck GmbH have entered into a contract concerning order processing in accordance with GDPR Article 28 Section 3. When subscribing to our newsletter, you data will be shared with rapidmail GmbH. rapidmail GmbH is prohibited from using your data other than for the purpose of mailing the newsletter. rapidmail GmbH is prohibited from commercial or other sharing of your data. rapidmail is a German, certified provider of newsletter software that was carefully selected based on the requirements of GDPR and BDSG. On the website of rapidmail you can find the privacy policy of our newsletter software provider.

Registration makes use of the double opt-in process. This requires that the visitor must have a valid e-mail address and be able to receive a confirmation mail we send. Only after accessing the activation link from the confirmation mail within a certain period of time is the registration finalized; should this not happen, the personal data is deleted. This process is designed to protect the visitor’s e-mail address.

You can revoke your consent to store your personal data and use them for mailing our newsletter at any time, e.g. by using the unsubscribe link in the newsletter or by sending an e-mail to marketing@neurocheck.com.

During registration, your IP address, date and time of the visit are stored. This is necessary to prevent tampering with the visitor’s e-mail address and provide assistance in the prosecution of crimes. Legal basis for the use of cookies is GDPR Article 6 (1) Points a, b, and f respectively. The data stored is only disclosed to third parties if legal regulations or prosecution by law enforcement agencies make this necessary.

Visitors who have registered can at any time exercise their data subject rights (see chapter Data Subject Rights).

8. Contact via Website

Due to legal regulations, our website contains information allowing you to contact / communicate with us quickly. If you contact us by e-mail or using the contact form, the personal data that was voluntarily disclosed by the data subject is automatically stored. This data is processed for the purpose of responding to a request or making contact; however, they are not disclosed to third parties unless this is necessitated by the purpose.

9. Regular Deletion and Destruction of Personal Data

The data subject’s personal data is only stored for the time period determined by the storage purpose or by overriding laws and regulation. At the end of the storage time period prescribed by laws or regulations or if the reason for storing the data becomes void, the personal data is blocked or deleted pursuant to laws and regulations.

If the intended purpose of pre-processing pursuant to GDPR Article 6 (1) Point b is a pre-contractual measure, the data subject’s personal data is deleted 6 months after the termination of the pre-contractual measure if

a) no new basis has arisen from the contractual relationship or
b) the data subject has not given consent to store and process personal data or
c) no other reasons prevent deletion.

10. Data Subject Rights

a) Right of confirmation

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. Please contact the data protection officer or controller.

b) Right of access

The data subject shall have the right to obtain from the controller information about the data subject’s personal data being stored. Apart from personal data, the access information will contain the following:

  • the purposes of the processing,
  • the categories of personal data concerned,
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations,
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing,
  • the right to lodge a complaint with a supervisory authority,
  • where the personal data are not collected from the data subject, any available information as to their source,
  • the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organization, the data subject will be informed of the appropriate safeguards relating to the transfer.

For this right of access, the data subject can contact the data protection officer or controller to obtain above stated information.

c) Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

For this right to rectification, the data subject can contact the data protection officer or controller to obtain above stated information.

d) Right to erasure (‘right to be forgotten’)

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay if no processing is necessary and where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2), and there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21 (2).
  • The personal data have been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1).

For this right to erasure, the data subject can contact the data protection officer or controller.

Where we have made the personal data public, and we are obliged pursuant to GDPR Article 17 (1) to erase the personal data and if there is no processing necessary, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

e) Right to restriction of processing

The data subject has the right to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
  • The data subject has objected to processing pursuant to GDPR Article 21 (1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

For this right to restriction of processing, the data subject can contact the data protection officer or controller.

f) Right to data portability

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, the data subject has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to GDPR point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract pursuant to point (b) of Article 6 (1); and the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to paragraph 1, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right of data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

For this right to data portability, the data subject can contact the data protection officer or controller.

g) Right to object

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) or (f) of Article 6 (1), including profiling based on those provisions.

We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves for the establishment, exercise or defense of legal claims.

Where we process personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to GDPR Article 89 (1), the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

For this right to object, the data subject can contact the data protection officer or controller.

h) Automated individual decision making, including profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The aforesaid does not apply if the decision

a) is necessary for entering into, or performance of, a contract between the data subject and the data controller or
b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or
c) is based on the data subject’s explicit consent.

We implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision, if said decision

a) is necessary for entering into, or performance of, a contract between the data subject and the data controller or
b) is based on the data subject’s explicit consent.

For this right to automated individual decision making, the data subject can contact the data protection officer or controller.

i) Right to withdraw consent

The data subject has the right to withdraw his or her consent at any time.

For this right to withdraw consent, the data subject can contact the data protection officer or controller.

j) Right to lodge a complaint with a supervisory authority

Every data subject has the right to lodge a complaint with a supervisory authority,. To find the appropriate supervisory authority, click https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

We are in the jurisdiction of this supervisory authority:

State Commissioner for Data Protection Baden-Württemberg
Königstraße 10a
70173 Stuttgart
Germany

Phone +49 711 615541-0
Fax +49 711 615541-15
E-mail poststelle@lfd.bwl.de
URL www.baden-wuerttemberg.datenschutz.de

11. Data Protection for Job Applications and during Application Process

In order to carry out the application process, personal data will be collected and processed by the controller. Application documents may be submitted in digital form (e-mail or contact form on website), through the post or personally. When concluding an employment contract, the personal data collected are stored in accordance with legal regulations for the purpose of processing the contract. If the employment contract is not concluded between the applicant and the employer, the application documents are automatically deleted 6 months after the applicant has been informed about the negative decision unless there is a legitimate interest not to do so (e.g. burden of proof pursuant to the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AAG).

12. Integration of Third Party Services and Contents

Because of a legitimate interest, we integrate third party web content or services (hereafter: content) into our website to make those contents and services such as videos, fonts or navigational maps available:  A prerequisite is that said third parties are given the visitor’s IP address for without it, they would not be able to refer the content to the visitor’s browser. The IP address is necessary to display these contents. We endeavor to use only content of providers that use the IP address merely to deliver content.

Overview of third parties and their respective contents including links to their privacy policies containing information about data processing and ways to object (opt-out):

 

13. Using Google Analytics (including anonymization)

[google_analytics_optout]This website uses Google Analytics. If you choose not to be tracked, please click.[/google_analytics_optout]

To enhance your experience of this website, we use the web analysis tool Google Analytics with anonymization. This is a standard analysis tool by Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google uses cookies (see above)  for the purpose of evaluating your use of the website (e.g. what site a visitor came from, what browser is being used, what sub sites were accessed, or the time spent on a page), and analyzing this behavior. We have a legitimate interest pursuant of GDPR Article 6 (1) Point f to model our website in such a way as to enhance and improve a visitor’s experience.

We only use Google Analytics in combination with IP anonymization. This means, Google will truncate the visitor’s IP address within member states of the European Union or other members of the European Economic Area. Only very rarely will the complete IP address transmitted to the Google server in the U.S.A. and truncated there. The IP address transmitted by the visitor’s browser will not be associated with any other data held by Google.

Google Analytics uses “cookies”, which are text files placed on the visitor’s computer. Visitors can configure their browser in such a way that they are notified when cookies are set. In addition, visitor’s of our website can prevent cookies from being set in certain cases or in general, and activate automatic deletion of cookies when closing the browser.

Visitors can also object to data being collected by Google Analytics. For this, the installation of the following free browser add-on is necessary:
Google Browser-Plugins

Alternatively, this link can be used (opt-out):
[google_analytics_optout]This website uses Google Analytics. If you choose not to be tracked, please click.[/google_analytics_optout]
The opt-out is only valid for this browser and this domain. An opt-out cookie is placed on your device. If you delete cookies in this browser, you’ll have to click this link again.

For more information on the terms of use of Google Analytics please refer to
Google Analytics terms of use

For Google Analytics Privacy Policy please refer to
Google Analytics Privacy Policy.

14. Lawfulness of Processing

Personal data are processed based on the following:

  • GDPR Article 6 (1) Point a Consent has been given to the processing of personal data for one or more specific purposes.
  • GDPR Article 6 (1) Point b processing is necessary for the performance of a contract (e.g. supplying goods or rendering a service) to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (e.g. processing of requests or preparing quotes).
  • GDPR Article 6 (1) Point c Processing is necessary for compliance with a legal obligation (e.g. tax obligations).
  • GDPR Article 6 (1) Point d Processing is necessary in order to protect the vital interests of the data subject or of another natural person (e.g. a visitor is hurt while visiting the company and it is compulsory to disclose personal data to a physician, hospital or other third party).
  • GDPR Article 6 (1) Point f Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. Pursuant to GDPR Recital 47, second sentence, such legitimate interest could exist in situations such as where the data subject is a client of the controller. The interests, freedoms and fundamental rights of the data subject must not override the interest of the data controller in this case.

Personal data is only disclosed if

a) necessary for the performance of a contract or prior to entering into a contract,
b) consent has been given,
c) necessary for the purpose of the legitimate interest pursued by the controller or
d) necessary for compliance with a legal obligation.

15. Legitimate Interest in Processing

If personal data is processed pursuant to GDPR Article 6 (1) Point f, then the legitimate interest is conducting business for the benefit of our employees and entrepreneurs, and the protection of our services against abuse and, if necessary, prosecution of said abuse.

16. Storage Period of Personal Data

The storage period of personal data is subject to

a) legal retention periods or
b) consent given.

Where the data is no longer needed to fulfill a contract or for measures prior to entering into a contract, the data is routinely deleted after the lapse of the basis for storage.

17. Disclosure of Personal Data

A disclosure of personal data may be necessary for compliance with legal (e.g. tax law) or contractual obligations (e.g. contact data of parties to contract).  This entails collecting a data subject’s personal data to conclude a legally binding contract. If these data are not provided, the contract with the data subject cannot be entered into. Prior to entering into a contract, our staff will be happy to provide you with the lawfulness of collecting said data and the consequences of not providing them.

18. Automated Decision-making

We do not use processes for automated decision-making or profiling.

19. Data Security and Processing

Visitors access the contents of our website via SSL (Secure Socket Layer) encrypted connections, signified in the browser’s address bar as “https://“.

We have implemented appropriate technical and organizational measures to protect personal data from arbitrary or deliberate manipulation, partial or total loss, destruction or unauthorized access by third parties. We take these measures pursuant to GDPR Article 6 (1) Point f and Article 32.

20. Change of Privacy Notice

We reserve the right to modify/complement this privacy notice. This may become necessary due to legal changes, modifications in data processing or formal revisions. The data subject shall be asked to give consent should these changes affect existing contractual relationships or consent given by data subject.

We ask visitors to our website to check the most current privacy notice on a regular basis.

21. Cookies used

Name Provider Expiration date Cookie type
catAccCookies www.neurocheck.com 1 month Preferences
gaoop_hide_info www.neurocheck.com 1/1/2100 Preferences
_ga google.com 2 years Statistics
_gid google.com Session Statistics
_gat google.com Session Statistics
NID google.com 6 months Preferences

Note: This Privacy Policy applies solely to our websites. Unfortunately, when linking to external websites, we have no influence or control as to whether and how other providers comply with the data protection regulations in accordance with DSGVO.

» Link to the imprint