Data protection information for business clients
This information applies to the processing of your personal data in the context of establishing and conducting a business relationship with us.
1. Who is responsible for the processing of your personal data?
The responsible within the meaning of the EU General Data Protection Regulation (‘GDPR’) is:
Nexis GmbH, Rudolf-Vogt-Str. 6, 93053 Regensburg, Deutschland
E-Mail: contact@nexis-secure.com
Telephone number: +49 941 85097900
2. Data protection officer
You can contact our data protection officer at privacy@nexis-secure.com or by post at the address given above with the addition ‘Data Protection Officer’.
3. For what purposes and on what legal basis is data processing carried out?
We process your personal data for the purpose of implementing pre-contractual measures and for contract fulfilment (Art. 6 para. 1 sentence 1 lit. b GDPR).
We also process your personal data to fulfil legal obligations (Art. 6 para. 1 sentence 1 lit. c GDPR). This includes the processing of your data to fulfil retention and storage obligations (e.g. § 147 AO; § 257 HGB) as well as existing obligations to process customer data (e.g. due to tax obligations). Furthermore, we process your personal data on the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) for the purpose of communicating with contact persons at business customers.
In individual cases, we process data because you have expressly consented (Art. 6 (1) a GDPR), for example when receiving advertising by email. You will be informed of this separately when you give your consent. We may process your data for the assertion and defence of legal claims. This is the case, for example, if we are involved in a judicial or extrajudicial dispute with you, e.g. regarding the existence or non-existence of payment obligations. The legal basis for this processing is our legitimate interest in the assertion and defence of legal claims (Art. 6 para. 1 lit. f GDPR).
4. Which of your personal data do we process?
We process the following personal data within the scope of the above-mentioned processing purposes:
- First name, surname, job title
- Company and company address
- Business communication data (e-mail address, telephone)
5. To which recipients will your data be transmitted?
Your personal data may be transmitted to the following recipients in order to fulfil our contractual and legal obligations
- IT service provider
- tax consultants
- Public authorities
6. Will your data be transferred to countries outside the European Union (so-called third countries)?
We work with Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P52, Ireland, to provide our email inbox. The data is generally processed in the EU. However, a data transfer to Microsoft in the USA (third country) cannot be completely ruled out. We have therefore concluded an order processing contract with Microsoft using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. In addition, Microsoft is certified in accordance with the EU-US Data Privacy Framework. The European Commission’s adequacy decision therefore applies to transfers of personal data.
We use HubSpot as our CRM system. Our contractual partner is HubSpot Germany GmbH (address: HubSpot Ireland Limited, HubSpot House, One Sir John Rogerson’s Quay, Dublin 2, Ireland). The data is generally processed in the EU. However, a data transfer to Hubspot Inc. in the USA (third country) cannot be completely ruled out. We have therefore concluded an order processing contract with Hubspot using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. In addition, Hubspot Inc. is certified under the EU-US Data Privacy Framework. The European Commission’s adequacy decision therefore applies to transfers of personal data.
7. How long will your personal data be stored?
We store your personal data for the duration of our business relationship and beyond that only for as long as we are required to do so by law. In order to fulfil statutory retention obligations (e.g. commercial and tax law), your data may be stored for up to 10 years. To preserve evidence, the limitation periods under civil law may in some cases be up to 30 years and the data may therefore be stored for this period.
8. What are your rights?
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed by us. If this is the case, we will be happy to provide you with information about this personal data and the information listed in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object to processing (Art. 21 GDPR) under the respective legal requirements. If the processing is based on your consent, you have the right to withdraw this consent at any time (Art. 7 para. 3 GDPR), although the lawfulness of the processing carried out on the basis of the consent and until the withdrawal remains unaffected.
You also have the right to lodge a complaint with a competent supervisory authority at any time if you are of the opinion that the processing of your personal data by us violates data protection regulations (Art. 77 GDPR).
9. Where does the personal data come from?
We process the personal data that you provide to us.
10. is there an obligation to provide your personal data?
In order to establish a business relationship, you must provide us with the personal data required to conclude a contract. Otherwise it will not be possible to conclude a contract.
11. Updating and changing the customer information
We reserve the right to amend this customer information at any time in compliance with the applicable data protection regulations.
The current status is: February 2025.