Privacy Policy

Privacy Policy Website and Services

As per: 06-05-2021

Content

1. About Us
2. Why we process your data
3. Which data we collect and process from you
4. Who has access to your data and to whom we transmit your data
a) Access
b) Data exchange within the group of companies
c) Transfer to third countries and legal basis
d) Transmission to law enforcement and criminal investigation authorities
5. Retention periods
6. Your Rights
a) Subject Access Request (SAR) and data transferability
b) Right to rectification, restriction and deletion
c) Rights of objection
d) Right of revocation
e) Right of appeal to the Supervisory Authority
f) Contact information
7. Use of our Website – profiling, cookies and web tracking
a) Basic information on cookies and opt-out options
b) Google Analytics
c) Further cookies
8. Supplementary notes and provisions on specific services
a) Knowledge Centre
b) Live Chat
c) Contact form
d) Online application process
e) Social Media Buttons
f) Youtube
g) LinkedIn
h) Google Maps
i) Data processing for direct marketing purposes

1. About Us
Newson Gale Ltd. (“Newson Gale”, “we”, “us”, “our”) is responsible for the collection, processing and storage of your data. For more information about us, please visit About Us any time.

The careful handling of your personal data is our highest priority. We process your personal data in compliance with applicable law including. the General Data Protection Regulation (GDPR) and the respective national provisions.

This Privacy Policy applies to all Websites of our company which are accessible under our domain:

as well as to our fan pages on YouTube and LinkedIn. If you switch to websites of other operators within the scope of our offer, their own privacy policies apply, for the content of which the respective operators of these websites are responsible.

This Privacy Policy provides an overview of the personal data processing practices of our group companies. You will find below an overview of all our services in the context of which we collect and process personal data.

If separate or additional conditions apply to individual services or we ask you for your consent, we will point this out to you separately before using the respective service (e.g. for newsletter subscription or purchase in our online shop).

We also maintain various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organizational measures to always protect your data.

2. Why we process your data

You can use our Website without disclosing your identity. If you would like to register for one of our personalised services, subscribe to our newsletter or contact us, we will ask you for your name and other personal information. It is your free decision whether you provide this (extended) data. Data that we absolutely need from you to provide our services are indicated as such.

Your personal data is collected and processed for the following purposes on the basis of the following legal bases:

  • Contract initiation pursuant to Art. 6 (1) lit. a) and b) GDPR
  • Contract execution in accordance with Art. 6 (1) lit. b) GDPR
  • Customer management in accordance with Art. 6 (1) 1 lit. b) and c), f) GDPR
  • Communication and data exchange pursuant to Art. 6 (1) lit. a), b), c), f) GDPR
  • Direct marketing and advertising pursuant to Art. 6 (1) lit. a), f) GDPR
  • Implementation of declarations of consent pursuant to Art. 6 (1) lit. a) GDPR
  • Ensuring the proper operation of a data processing system in accordance with Art. (1) lit. c) and f) GDPR
  • Applicant selection procedures within the framework of personnel and resource management on the basis of Art. 6 (1) lit. a), b) GDPR.

3. Which data we collect and process from you

We collect different categories of personal data from you. Personal data is all information relating to an identified or identifiable natural person or as defined under applicable law an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data includes, for example, information such as your name, your address, your telephone number and your date of birth (if stated). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of individual websites of our offer or the number of users of a page – does not qualify as personal data. Data is collected directly and indirectly. In both cases, data will only be collected to the extent necessary; the data will only be processed for the purposes stated under point 2. It is your decision whether you want to transmit data to us that optimizes the use of our services for you, yet is not necessary. Required fields are indicated as such with an asterisk.

The personal data we collect directly from you include:

  • Your salutation, title and name, e.g. to personalize our communication with you
  • Mail address and, if applicable, a password chosen by you, e.g. for the purpose of newsletter subscription, to contact you via our contact form
  • Candidate data submitted in connection with our online application procedure
  • Data that you voluntarily (actively and deliberately) transmit to us as part of the use of our services, plus further data that you choose to provide

In addition, data about you is collected indirectly when using our services:

  • Technical connection data, e.g. the page called up on our Website, your IP address, shortened by the last three digits, date and time of the call, terminal device used
  • Data collected in the context of website tracking and newsletter tracking
  • Data that we receive from our service providers as part of order processing in our online shop, e.g. information on payment probabilities and payment disruptions or delivery notifications

Minors:

Our Website is not intended for minors under the age of 16 and we do not knowingly collect personal data from minors.

If persons under the age of 16 transmit personal data to us, this is only permitted if the parent/guardian has consented or has consented to the consent of the minor. For this purpose, the contact data of the legal guardian must be communicated to us in accordance with Art. 8 (2) GDPR in order to convince us of the consent or the consent of the legal guardian. These data as well as the data of the minor will then be processed in accordance with this data protection declaration.

If we determine that a minor under the age of 16 has sent us personal data without the parental consent or consent of the minor, we will delete the data immediately.

4. Who has access to your data and to whom we transmit your data

a) Access

Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who require use ore access to your personal data due to their tasks.

If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.

We also use service providers to provide services and process your data (including hosting, sending newsletters, sending letters or e-mails and maintaining and analysing databases, securing our web servers or for website tracking). Insofar service providers are commissioned, we indicate this in Section 7 and/or 8. The service providers are bound by contractual obligations to keep personal data confidential, to process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.

b) Data exchange within the group of companies

We are part of a global company. As such, we may disclose or share personal data we collect or you provide within the group of companies to which we belong for internal administrative purposes worldwide. The servers of some of the service providers our group commissions are located in the US and other countries outside the European Economic Area (“EEA”). Companies in these countries may be subject to data protection laws that do not protect personal data to the same extent as is the case in the EEA. If your data is processed in a country that does not have a recognized high level of data protection such as the EEA, we use contractual regulations or other recognized instruments to adequately protect your personal data.

c) Transfer to third countries and legal basis

The servers of some of the service providers we use are located in the US and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data are processed in a country that does not have a recognised high level of data protection such as the European Union, we use contractual regulations or other recognised instruments to ensure that your personal data are adequately protected. We expressly point this out to you again within the scope of the individual services.

Insofar as personal data is transferred to third countries, this is done on the basis of the EU Model Clauses 2010 pursuant to Art. 46 (2) lit. c GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU) or your consent pursuant to Art. 49 (1) lit. a) GDPR.

d) Transmission to law enforcement and criminal investigation authorities

In exceptional cases we transmit personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws or international laws as they may apply.