If special services are to be used via the web publication or a separately offered web service, storage or processing of personal data may become necessary. In such cases, if the storage and/or processing does not take place due to legal requirements, consent is obtained from the person in question or from his/her legal representative.
The storage and processing of personal data, such as name (s), address (es), telephone number (s) or e-mail address (es), is always in accordance with the General Data Protection Regulation and in accordance with the requirements of Pro Nautas B.V. GmbH data protection regulations.
Pro Nautas B.V. GmbH has implemented numerous organizational and technical measures to ensure the most complete protection of personal data processed via our web channels. Nevertheless, data transfers, as well as storage can in general have security risks. Absolute protection cannot be guaranteed. If technically possible personal (data/information) may be transmitted to us in alternative ways.
a) Personal Data
Personal data is, according to Article 4 of the GDPR, all information relating to an identified or identifiable natural person, hereinafter also referred to as “data subject”, “person” or “user”. A natural person is considered to be an identifiable person who, directly or indirectly, in particular can be associated with an personal identification. Including a name, an identification number, location data, an online identification or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of which a natural person can be identified. Furthermore, this personal data can also be called “data”, “data base” or “user data”.
b) The Person Affected
Affected person(s) is any identified or identifiable natural person whose (personal) data we process. Also referred to in short text as the “affected person”, “person” or “user”.
Processing means any process or series of processes related to personal data such as collection, organizing, ordering, storage, adaptation or modification, read-out, queries, use, disclosure by transmission, dissemination or any other form, with or without the help of automated processes, matching or linking, restriction, deletion or destruction.
d) Restriction of Processing
Restriction of processing is the appropriate identification/categorization of stored data with the aim to limit their future processing.
Profiling is any type of automated processing of personal data that consists of using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health or personal situation in order to analyze or predict preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
Pseudonymization is the processing of personal data in a manner in which personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
g) Controller or collector
The controller or collector is the natural or legal person, public authority, body or body that, alone or in conjunction with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by EU law or the law of the Member States, the controller or the specific criteria for his/her designation may be provided for under EU or national law.
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, agency, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under EU or national law in connection with a particular mission are not considered as beneficiaries.
j) Third Parties
Third Party is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
Consent is any voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the data subject for the particular case, by which the data subject indicates that they consent to the processing of the personal data concerning him / her.
Name and address of the controller
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with data protection is:
Pro Nautas B.V. GmbH
Cornelius van der Oever
Phone: +49 491 98790-0
Hereafter, also called “Responsible”, “Pro Nautas B.V. GmbH “,” we “,” us “or” pronautas.com “.
Any data subject can contact our data protection officer at any time with any questions or suggestions regarding data protection in our company.
By using cookies, we can provide users of our web services with more user-friendly services that would not be possible without them.
With cookies, the information and offers on our website can be optimized for the benefit of the user. The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the web browser used and thus permanently change the setting of cookies. Furthermore, already set cookies can be deleted at any time via the web browser used – this is possible in all common web browsers – or other software programs. If the setting of cookies in the web browser used is deactivated, not all functions of our website may be fully or partially usable.
Collection of general data and information
The website (s) of Pro Nautas B.V. GmbH collects a series of general, mainly technical, data and information with each call of the same by an affected person or an automated system. This general data and information of the calling system are in the log files of the web hosting server of the website rendered or accessed.
In general, we shall collect:
1. Browser type and version
2. Used operating system and version
3. The IP address assigned by the Internet service provider
4. The used internet service provider
5. The address of origin (website), so-called referrer
6. The requested page or file from our web publication
7. Date and time of access
8. Other related data and information
This data collection is, among others, technically necessary for the operation of the web publications, these are also used for the purposes of security against attacks on our web publication or the underlying technical systems, as well as for tracking in such incidents.
When using this general data, we do not provide any link between stored personal information and this data, unless absolutely necessary for the prevention of danger or corresponding follow-up. This information, which is collected anonymously, is collected and evaluated by us for statistical and technical reasons, primarily to increase data security and data protection in relation to our web publications in order to ensure an optimal level of protection of the personal data processed by us.
The log files of the web hosting server as well as any corresponding additional evaluations and analysis based thereon, if any, are stored separately from all personal data provided by the affected person in question.
Contact via the website
The web publications of Pro Nautas B.V. Gmbh, due to regulations, contain information which enables fast electronic contact to our company as well as direct communication with us.
This also includes one or more contact e-mail addresses and, if necessary, corresponding contact forms. If a user contacts us by e-mail or via a contact form the personal data transmitted by the user will be automatically saved. Such personal data transmitted to us by a user on a voluntary basis will be stored for purposes of processing or contacting the user. There is no disclosure of this personal data to third parties.
When using a contact form the scope of the personal data transmitted to us results from the input mask. used for this purpose.
Routine deletion and blocking of personal data>
We only process and store the user’s personal data for the period of time required to achieve the processing and storage purposes or as provided by laws or regulations to which we are subject.
If the purpose of the storage is omitted or if a storage period prescribed by the relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory requirements.
Rights of the user
a) Right to confirmation
Each user has the right to ask us for confirmation of the processing of personal data concerning them. If a user wishes to exercise this confirmation right, he / she can contact an employee of our company at any time.
b) Right to information
Any user affected by the processing of personal data shall have the right at all times to obtain from the controller any information relating to the personal data stored about him or her and a copy of this information will be provided free of charge.
Furthermore, the user has the right to information about:
1. The processing purposes
2. The categories of processed personal data
3. The recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
4. The planned storage duration or, if this is not possible, the criteria for determining this duration
5. The existence of a right to rectification or deletion of the personal data concerning them or to the restriction of our processing or a right to object to such processing
6. The existence of a right of appeal to a supervisory authority
7. If the personal data are not collected from the user: All available information about the origin of the data
8. The existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) of the GDPR and, if there is profiling, meaningful information about the underlying logic, scope and intended impact of such processing on the user
The user also has a right of access whether personal data has been transmitted to a third country or to an international organization. If this is the case, the user is also entitled to receive information about the appropriate guarantees in connection with the transmission.
If a user wishes to exercise this right to information, he can contact an employee of our company at any time.
c) Right to Rectification
Each user has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the user has the right to demand the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If a user wishes to exercise this right of rectification, he / she can contact an employee of our company at any time.
d) Right to be forgotten
Any person concerned in the processing of personal data shall have the right to request that the personal data concerning him / her be deleted without delay, provided that one of the following reasons is satisfied and the processing is not required:
1. The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
2. The data subject revokes the consent on which the processing was based, in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and lacks any other legal basis for the processing.
3. In accordance with Art. 21 (1) of the GDPR, the data subject submits an objection against the processing and there are no legitimate reasons for the processing or the data subject objects to the processing pursuant to Art. 21 (2) of the GDPR.
4. The personal data were processed unlawfully.
5. The deletion of personal data is required to fulfill a legal obligation.
6. The personal data were collected in relation to information security services offered pursuant to Art. 8 (1) of the GDPR.
If a user desires the deletion of his / her personal data stored by us and one of the reasons mentioned above applies he / she may contact an employee of our company at any time.
The deletion is then promptly initiated.
If the personal data has been made public by us in accordance with the GDPR or in the context of service fulfillment or other agreements between the user and us and/or if our company is responsible for deleting personal data in accordance with Art. 17 para. 1 GDPR. We shall take into account the technology available and the implementation costs, reasonable measures to inform other data controllers processing the published data that the data subject also removes, in part, the deletion of all links to such personal data or copies or other duplications , this data has requested that the processing is no longer required.
e) Right to restriction / restriction of processing
Each user has the right to demand the limitation and / or limitation of the processing and / or the individual processing operations if one of the following conditions exists:
The accuracy of personal data is disputed by the user. In such a case, the restriction is for a period of time that allows us to verify the accuracy of data.
The processing is unlawful and the user refuses the deletion of the personal data and requires instead the restriction of the use of the data.
The controller no longer needs the data for processing purposes, but the data subject needs them to assert, exercise or defend legal claims.
The person concerned has objection to the processing acc. Art. 21 para. 1 of the GDPR and the examination of whether the legitimate reasons on our part prevail over those of the user.
If one of the above conditions is given and the user requires the restriction of stored and processed data with us, he/she may take up contact at any time with an employee of our company.
We will initiate the restriction of processing accordingly.
f) Data transferability
Each user has the right to receive the data related to him/her which has been provided to us by the user in a common, machine-readable and structured format. He/she also has the right to transmit this data to a third party without interference from us, if the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or to a contractual relationship pursuant to Art. 6 Paragraph 1 (b) of the GDPR and the processing is carried out using automated procedures.
When exercising this claim, the user has the right to request the direct transfer of the data from us to a third party to be designated by the user, provided that this is technically feasible and the rights of third parties are not affected by this process.
If we have to take precautions or expenses outside of the normal, legally prescribed framework, we can refuse such a direct transfer or assert the additional expenses incurred against the user.
To assert the right to data portability, the user can always contact an employee of our company.
g) Right to object
Any user affected by the processing of personal data shall have the right to object at any time, for reasons arising out of his particular situation, to the processing of personal data relating to him pursuant to Article 6 (1) (e) or (f) of the GDPR. This also applies to profiling based on these provisions.
In the event of an objection, we will no longer process personal data unless we can establish compelling legitimate grounds for processing that outweigh the interests, rights and freedom of the data subject, or the processing is for the purpose of asserting, exercising or defending legal claims.
If we process personal data in order to operate direct mail, the user has the right to object at any time to the processing of the data for the purpose of such advertising. Also, included is profiling when it is associated with such direct mail. If the user objects to processing for direct marketing purposes, we will no longer process the data for these purposes.
In addition, the user has the right, for reasons that arise from their particular situation, to object to the processing of personal data relating to him/her, which occurs for scientific, historical research purposes or for statistical purposes pursuant to Art. 89 (1) of the GDPR. Excluded from this possibility of opposition are processing operations which are necessary to fulfill a task of public interest.
To exercise the right to object, the user can always contact an employee of our company. The user is also free to exercise his/her right of objection by means of automated procedures using technical specifications.
h) Automated decisions in individual cases, including profiling
Each user has the right not to be subject to a decision based solely on automated processing – including profiling – which has a legal effect on them or, in a similar manner, significantly affects them, provided the decision
1. is not required for the conclusion or performance of a contract between the user and us.
2. is permitted by the EU or Member State legislation to which we are subject, and where such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject.
3. With the express consent or at the request of the user and according to documented consent.
We shall take reasonable steps to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person on our part, to express our own position and to contest the decision.
If the user wishes to assert rights with respect to automated decisions, he can contact an employee of our company at any time.
i) Right to revoke data processing consent
Any user affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
If a user wishes to assert his right to revoke consent, he can contact an employee of our company at any time.
Data protection in applications and in the application process
We collect and process the personal data of applicants for the purpose of processing the application. The processing can also be done electronically. This is especially the case if an applicant submits the corresponding application documents to us electronically, for example by e-mail or via a web form located on the website. If we conclude a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the legal requirements. If we do not conclude a contract of employment with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests on our part. Other legitimate interest in this sense, for example, a burden of proof in a procedure under the Equal Treatment Act (ETA).
We use the traffic analysis service Google Analytics with anonymization function on our web publications, also referred to as “traffic analysis service” for short. Traffic analysis is the collection, sorting and analysis of data about the behavior of visitors to websites. The service investigates among others the origin of the visitors, their length of stay on individual pages as well as the use of search engines and thus allows a better success control of our offer and is mainly used for the optimization of a website and for the cost-benefit analysis of web advertising.
This traffic analysis service is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
We use this traffic analysis service with the addition “_gat._anonymizeIp”. By means of this addendum, the IP address of the web access of the data subject will be shortened and anonymized by Google if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.
The traffic analysis service sets a cookie on the user’s information technology system.
The cookie stores personally identifiable information such as access time, the place from which access was made and the frequency of visits to our internet publications by the user. Each time you visit our website, this data, including the IP address, is transmitted to the traffic analysis service. This personal information is stored by the Traffic Analysis Service in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
The data subject can prevent the setting of cookies by the traffic analysis service at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent the traffic analysis service from setting a cookie on the user’s information technology system.
Furthermore, the user has the possibility of recording the data collected by the traffic analysis service and referring to the use of our website, as well as their processing of this data by the traffic analysis service and to prevent such. This requires the download and installation of a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on automatically informs the traffic analysis service that no data and information may be transmitted to the traffic analysis service. The installation of the browser add-on will be considered as a contradiction by the traffic analysis service. This applies as long as the browser add-on is installed and active.
Legal basis of processing
The data policy published by the provider is available at https://www.google.com/intl/en/policies/privacy/ and at http://www.google.com/analytics/terms/en.html.
A detailed description of the traffic analysis service is available at https://www.google.com/intl/de_de/analytics/.
For all processes in which we perform storage and processing operations with data of a user in which we obtain the consent of the user for a particular processing purpose, Article 6 of the GDPR serves as the legal basis.
If necessary, we explicitly point out in the individual case when obtaining the declaration of consent on the basis of the collection as well as on the legal basis.
Processing operations may also be based on Article 6, Section 1 f of the GDPR. This legal basis is based on processing operations necessary to safeguard the legitimate interests of our company or a third party, provided the interests, fundamental rights and fundamental freedoms of the person concerned do not prevail.
If the processing of personal data is based on Article 6, Section 1 f of the GDPR, our legitimate interest is the performance of our business and the associated objective of overall economic success.