Our data protection officers can be reached at: datenschutz@novopano.de

This privacy policy describes the collection, use, sharing, storage, and protection of personal data as collected by novopano UG (limited liability).

By using our websites and services, individuals, in the sense of the GDPR, accept this privacy policy and expressly agree to the collection, use, and storage of their personal data.

We only use personal data to the extent strictly necessary for specific purposes. This is done in accordance with the European General Data Protection Regulation (GDPR) and the German Telemedia Act.

Data Security The personal data provided to us is secured according to the latest technical and organizational standards to make it inaccessible to unauthorized third parties. All stored data is located on a central server in Germany rented by novopano.

Email By using our email address, senders agree to this privacy policy and to the collection, use, and storage of their data in the manner described here. Personal data is only used to the extent necessary for ongoing communication. If you include personal data in your email (signatures, business cards, contact details) unsolicited, you consent to the use of this data in line with this privacy policy. Our employees may also use email programs on their own personal devices (computers, tablets, smartphones) without storing email content or contact data beyond email addresses on these devices. Complete data security for email communication cannot be guaranteed.

Data, documents, and images sent to us are used, stored, and deleted on our central server according to this privacy policy.

Legal Basis for Processing Personal data is collected and stored by us only with explicit consent (through the use of our services or given in writing), unless legal regulations require otherwise.

Duration of Data Storage Personal data is only stored as long as it is strictly necessary for specific purposes. Generally, this is while a membership, employment, an approved communication bond (newsletter, information mail, alumni connection), or other contractual relationship exists, unless legal regulations specify otherwise.

Right to Object If there are no strictly necessary reasons for storing your personal data, you can withdraw your previously given consent for your personal data storage at any time by emailing datenschutz@novopano.de. The data will then be promptly deleted. This contact is also valid for updating your data or exercising your right to information about your stored data.

Handling Access Data and Server Log Files Every time our website is accessed and every time a file is retrieved from our website, your browser automatically sends data that our system captures.

The legal basis for the collection and temporary storage of data and log files is Art. 6.1f GDPR. By visiting and using our website, you agree to data collection and temporary storage.

For each access/request, the following data is transmitted and automatically recorded:

Browser type and version

Operating system used

IP address of the requesting computer

Access date/time

Client file request (filename and URL)

Data volume transferred

Notification of successful access/request

Name of your Internet Service Provider

This data is also stored in our system’s log files. It is not stored alongside other personal user data.

Purpose of Data Processing Temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.

Data may also be stored for statistical purposes in isolated cases. Data is not shared with third parties for commercial or non-commercial purposes. We reserve the right to review the data if there is suspicion of illegal use of our services.

Storage in log files is necessary to ensure the functionality of the website. The data is also used to optimize the website and ensure the security of our IT systems. These purposes constitute our legitimate interest in data processing under Art. 6.1f GDPR.

Data Retention Period Access data is deleted as soon as it is no longer needed for the purpose of its collection. When data is collected to provide the website, this occurs once the session is over.

When data is stored in log files, it is deleted within seven days. Extended storage is possible, but in this case, the user’s IP address will be anonymized, so it can no longer be linked to the requesting client.

Right to Object and Removal Option The collection of data and storage in log files is essential for the operation of the website. Therefore, the user has no right to object.

SSL Encryption Our website is encrypted using SSL (Secure Socket Layer) to securely transmit confidential and personal information from our users, including personal data. Data encrypted via SSL is unreadable to third parties. You can recognize SSL encryption by the “https://” in your browser’s address bar.

Links to Other Websites Our online services contain links to other websites. The privacy policies of these websites’ providers apply. We have no influence over whether these providers comply with data protection regulations.

Disclosure of Personal Data to Third Parties Data is not shared with third parties, nor is it transferred without your prior express consent. We reserve the right, however, to transfer data to third parties without consent if it is necessary to protect public order or for criminal prosecution. In such cases, data is only shared based on an authorization from the requesting party. When such circumstances arise, your personal data will be shared particularly with relevant law enforcement or regulatory authorities.

Rights of the Data Subjects Every data subject has the following rights:

Right to Access (Art. 15 GDPR): You may request information at any time about whether and how personal data concerning you is processed.

Right to Rectification (Art. 16 GDPR): You have the right to request correction and/or completion of inaccurate or incomplete personal data. The controller must carry out the correction promptly.

Right to Object (Art. 21 GDPR): You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you under Art. 6 (1) e or f GDPR, including profiling based on these provisions.

Right to Erasure (Art. 17 GDPR) and Right to Be Forgotten: You can request the deletion of personal data concerning you, and the controller is obliged to delete it immediately if one of the reasons provided applies. Otherwise, the deletion rules of this privacy policy apply.

Right to Restriction of Processing (Art. 18 f. GDPR): Under certain conditions, you can request the restriction of processing your personal data. See Art. 18 GDPR for a list of these conditions.

Right to Data Portability (Art. 20 GDPR): You have the right to receive personal data you provided to us in a structured, common, and machine-readable format. You also have the right to transmit this data to another controller without obstruction by us.

You also have the right to withdraw your consent for data processing at any time. Withdrawal of consent does not affect the lawfulness of processing conducted based on consent before its withdrawal (Art. 7 para. 3 GDPR).

The data subject also has the right to file a complaint with a supervisory authority if they believe that the processing of their personal data violates the GDPR (Art. 77 GDPR).

To exercise your rights, contact datenschutz@novopano.de. Please note that, in such requests, we must verify the identity of the data subject.