Data protection and data security

The protection of your privacy is an important concern for us. To protect your data, our company takes a variety of technical and organisational measures to effectively prevent unauthorized access and disclosure, manipulation, loss, and unauthorized deletion.

The measures we take are subject to constant updating. In doing so, we are guided by legal requirements, best practice approaches and the state of the art.

In the following, we inform you about the type, scope, and purpose of the processing of your data in our company, insofar as these results from the visit or use of the functions of our website.

Controller of this privacy policy

NSIDE ATTACK LOGIC GmbH

Agnes-Pockels-Bogen 1

80992 München

Contact for data protection at the controller

NSIDE ATTACK LOGIC GmbH

Agnes-Pockels-Bogen 1

80992 München

datenschutz@nsideattacklogic.de

Telefon: +49 (0) 89 89 082 110

Personal data

According to Art. 4 No. 1 GDPR personal data is all information that relates to an identifiable natural person. This is, for example, information such as the first and last name, address, e-mail address, telephone, mobile phone number, but usually also the IP address.

Scope of data processing

We aim to limit the processing of data during your visit to our website to the minimum necessary. We also generally only collect the data from you that we absolutely need to fulfill the purpose. Likewise, we do not knowingly collect any data from minors (= persons under the age of 18). In cases where we discover that data has been provided to us by minors, we delete this data immediately. We recommend that legal guardians keep an eye on the Internet activities of minors in their care.

Duration of storage

Unless otherwise stated in the following notes, we only store data for as long as is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

Storage period for application documents: max. 6 months unless a longer storage period has been agreed with the respective applicant.

Storage period for inquiries: max. 6 months or earlier, provided that the purpose of the data processing has ceased to apply or has been fulfilled beforehand. If inquiries lead to a business relationship, until the end of the business relationship, taking into account the commercial and tax law requirements from the HGB and AO, in these cases between 6 and 10 years, depending on the type of communication content and document type (e.g. commercial letter, invoice, contracts, etc.).

Storage period for communication with business partners: until the end of the business relationship, taking into account the commercial and tax requirements of the HGB and AO, in these cases between 6 and 10 years, depending on the type of communication content and document type (e.g. commercial letter, invoice, contracts, etc.).

Profiling (= automated decision-making)

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

As a responsible company, we do not use automated decision-making or profiling.

Cookies

We use cookies on our website. Cookies are text files that are stored on the device from which you have accessed our website.

We use permanent cookies and temporary cookies (so-called session cookies).

Permanent cookies can be stored on your device for a few seconds to several years. Temporary cookies are automatically deleted as soon as you close your browser or end the session.

Cookies help us to

  • retain information for a certain period and to identify the website visitor’s computer as soon as they return to our website. This makes it possible, for example, to use the settings you have previously selected so that you do not have to make the settings again (e.g. language settings, log-in information).
  • identify the frequency of visits to the website
  • recognize the preferences of our website visitors and to design the website optimally.
  • simplify the navigation on our website and increase the user-experience of our website.

The use of cookies is partly technically necessary for the operation of our website and therefore permitted without the consent of the user.

In addition, for marketing and analysis purposes, we use cookies from third-party providers, which are not technically necessary and only with your consent according to Art. 25 TTDSG in conjunction with. Art. 6 para. 1 lit. a) GDPR.

If you do not want cookies to be stored on your device, you can set your browser to notify you when cookies are placed or to prevent the browser from accepting them. You can also decide whether to accept or block only a few or all categories of cookies. For more information on how to handle cookies, please refer to the online help of the browser you are using.

If you block cookies used by us, we would like to inform you that you may not be able to use individual functions of our website or that you may only be able to use them to a limited extent.

Online application

If you send us your application documents in electronic form, we will process this data, which you have voluntarily provided to us, solely for the purpose of processing the application procedure and possibly initiating an employment relationship with our company. Your data will only be passed on to third parties if you expressly authorize us to do so in writing, stating the recipients.

Online contact forms

Our website offers the possibility to contact us directly. For this purpose, some of our webpages contain contact forms through which you can send us messages. The transfer of your data is encrypted (recognizable by the “https” in the address line of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this data will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail address.

We process the data for the purpose of answering your inquiry. If your request is directed towards the conclusion or performance of a contract with us, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing. Otherwise, we process the data based on our legitimate interest in contacting inquiring persons. The legal basis for data processing in this case is Art. 6 para. 1 lit. f) GDPR.

Technical administration and security of the website

For technical administration and ensuring the security of our website, we process the following data, e.g. in the context of creating log files:

  • Date and time of the website visit
  • The website from which you have accessed our website
  • The operating system you are using
  • The browser you are using
  • The IP address with which you visit our website
  • The language settings used on your device
  • The pages of our website that you have accessed or the files that you have downloaded from our website
  • The amount of data transferred during your visit to our website
  • A message stating whether the call to our website was successful

We process this data exclusively for the above-mentioned purposes in anonymized or pseudonymized form, so that an identification of your person is prevented as far as possible.

The processing is carried out to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR.

Google Tag Manager

To integrate external services, we use the ” Google Tag Manager” from Google Ireland Limited (Ireland/EU). For this purpose, we have concluded a contract with Google.

The Google Tag Manager helps us to integrate external services (e.g. Google Analytics) on our website. For this purpose, your IP address is transmitted to the Google servers.

The transmission of your IP address only takes place after your consent according to Art. 6 para. 1 lit. a) GDPR and can be withdrawn at any time with effect for the future.

In the case of Google services, the transmission of data to Google Inc. in the USA cannot be avoided. Please also note the information in the section “Data transfer to third countries”.

Further information on data protection at Google can be found in Google’s data protection information at https://www.google.com/policies/privacy.

Google Analytics

If you have given your consent, this website uses Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Scope of processing

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use the function ‘anonymizeIP’ (so-called IP-Masking): Due to the activation of IP-anonymization on this website, your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.

During your website visit the following data will be collected:

  • the pages you call up, your “click behavior“
  • Achievement of “website goals” (conversions, e.g. newsletter registrations, downloads, purchases)
  • Your user behavior (for example clicks, dwell time, bounce rates)
  • Your approximate location (region)
  • Your IP address (in abbreviated form)
  • technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
  • Your internet provider
  • the referrer URL (via which website/advertising medium you came to this website)

Purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your (pseudonymous) use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns.

Recipient

The data recipient is

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

as data processor. For this purpose, we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.

Duration of storage

The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

a) not giving your consent to the setting of the cookie or

b) downloading and installing the browser add-on to disable Google Analytics.

By setting your browser software accordingly you can also prevent the storage of cookies. If your browser is set to refuse all cookies, the functionality of this and other websites may be limited.

Legal basis and right of withdrawal

Your consent is the legal basis for this data processing, Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by changing your selection in the cookie settings.

For more information about Google Analytics terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/gb/ and https://policies.google.com/?hl=en

Newsletter

On our website we offer the possibility to register for our newsletter. After registration we will inform you regularly about the latest news on our services and events. A valid e-mail address is required to register for the newsletter. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to a newsletter on our website, we process personal data such as your e-mail address and name based on the consent you have given. The provision of further data is optional. The processing is based on the legal basis of Art. 6 para. 1 lit. a) GDPR. You can revoke the consent given at any time with effect for the future, for example via the “unsubscribe” link in the newsletter or by contacting us via info@nsideattacklogic.de. The legality of the data processing operations already carried out remains unaffected by the revocation.

When you register for the newsletter, we store your registration data and the date of registration. The processing of this data is necessary to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 lit. c) in conjunction with. Art. 7 para. 1 DSGVO).

Newsletter-Analysis

Our newsletter uses tracking pixels to analyze your reading behavior. Tracking pixels are small image files that are integrated into the newsletter email and thus allow a log file recording as well as a log file analysis.

When you open the newsletter e-mail, the tracking pixel is loaded from the server of the newsletter service and at the same time some information about you is transmitted, such as whether the e-mail was opened, the time of the call and the associated IP address. In addition, links in the e-mail can provide information about which products are more interesting – i.e., clicked more often than others.

The respective tracking pixel and the links in the e-mail can be clearly assigned to the e-mail address used for sending and thus allow conclusions to be drawn about the respective newsletter recipient.

This analysis takes place based on the consent given by you. The processing is based on the legal basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future, for example via the “unsubscribe” link in the newsletter or by contacting us at info@nsideattacklogic.de. The legality of the data processing operations already carried out remains unaffected by the revocation.

We use an external service provider that helps us to provide you with a newsletter containing current information and deals and makes it easier for us to manage the newsletter.

We work with the newsletter system of the company CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede. The service is a cloud-based service for sending newsletters. The service can be used for creating, sending, and administrating the newsletters.

Linked websites

Our website contains links to external websites. We have no influence on the content of these websites and therefore accept no responsibility or liability for the permissibility, accuracy, presentation, and completeness of the content published, displayed or retrievable there.

We hereby inform you that when you access these external websites, your IP address may be logged by the relevant website operator.

When you leave our website, we recommend that you check the privacy policy of the external websites before you access the websites or use the functions there.

Transfer of personal data

A transfer of your personal data to our business partners will not take place without your consent unless this is

  • necessary for the processing of our contractually assured services.
  • necessary to enforce our demands.
  • legitimized by a legal authorization or we are legally obligated to share the data.
  • for law enforcement purposes, to avert danger or to protect our website.
  • necessary to enforce the rights of third parties or within the scope of the legal obligations to provide information or a court order to provide the information.

Data transfer to third countries

Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is ensured in such a third country.

Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of data to processors in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087

If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Art. 49 para. 1 lit. a) GDPR.

Right of access by the data subject

According to Art. 15 GDPR, you have the right to request information about your personal data processed by our company at any time and free of charge. The scope of the information results from Art. 15 GDPR.

Please send your request for information by e-mail to the following address (datenschutz@nsideattacklogic.de) or by post to the following address (NSIDE ATTACK LOGIC GmbH, Agnes-Pockels-Bogen 1, 80992 Munich).

Right to rectification

According to Art. 16 GDPR you have the right to request the correction or completion of incorrect or incomplete personal data about you. We will examine corresponding requests and take the necessary measures in justified cases.

Right to erasure

According to Art. 17 GDPR, you have the right to have your data deleted.

The data we have stored about you will be destroyed or deleted in accordance with data protection law if

  • the legal retention periods have expired, or
  • the collection or processing is or was unlawful, or
  • the data is no longer required to fulfill the purposes for which it was collected, or
  • if you have revoked your consent to the processing and use of the data
  • if you object to the processing of your data in accordance with Art. 21 GDPR and there are no overriding legitimate grounds for the processing.

We inform you that complete deletion will only take place after the expiry of the relevant deadlines of the tax and commercial regulations. Until the expiry of these periods and until final deletion, your data will be blocked accordingly and will not be further processed by us.

Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to request that we restrict the processing of your data. We will examine corresponding requests and take the necessary measures in justified cases.

Right to object

You have the right to revoke the consent you have given us to process your data for the future at any time and without giving reasons and free of charge. In addition, you have the right in accordance with Art. 21 GDPR to object to the processing of your data. Please send your revocation of your consent or objection via mail to the following address (datenschutz@nsideattacklogic.de) or by post to the following address (NSIDE ATTACK LOGIC GmbH, Agnes-Pockels-Bogen 1, 80992 Munich).

Right to lodge a complaint with a supervisory authority

According to Art. 14 GDPR in conjunction with Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR. The competent supervisory authority is the one in which our company has it headquarter.

Right to an effective judicial remedy against a controller

In accordance with Art. 79 GDPR, you have the right to an effective judicial remedy if you believe that your previously listed rights have been violated because of processing your data by us or by a processor engaged by us that is not in compliance with the requirements of the GDPR.

Right to compensation and liability

According to Art. 82 GDPR, you have the right to compensation against us or the processors commissioned by us, insofar as you have suffered material or immaterial damage due to a breach of the GDPR.

Change of the data protection declaration

This data protection declaration will be updated with effect for the future in the event of new legal requirements or significant changes to the functional scope of our website. We therefore recommend that you read through our data protection declaration at regular intervals.

Last change: 06.05.2022