Privacy Policy

Privacy Policy

Last updated: June 24, 2025

 1. Introduction and Contact Details of the Data Controller

 1.1 Data Controller

We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data is any data that can be used to personally identify you.

Data Controller under the General Data Protection Regulation (GDPR):

Nexuswelt UG (Limited Liability)
Represented by: Anna Lackner (Managing Director)
Holzstraße 15
82256 Fürstenfeldbruck
Germany
Email: sales@nexuswelt.com
Commercial Register: Munich Local Court HRB 300704

1.2 Data Protection Contact

For data protection inquiries, you can contact us at:

– Email: sales@nexuswelt.com
– Phone: +49 162 986 4264
– Address: Holzstraße 15, 82256 Fürstenfeldbruck, Germany

 2. Data Collection When Visiting Our Website

2.1 Server Log Files

During informational use of our website (when you do not register or otherwise transmit information to us), we only collect data that your browser transmits to our server (so-called “server log files”).

The following data is automatically collected:

– Visited website pages
– Date and time of access
– Amount of data transferred in bytes
– Referrer URL (source from which you reached our page)
– Browser type and version
– Operating system used
– IP address (anonymized when possible)
– Browser language settings
– Device information (screen resolution, device type)

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in improving website stability and functionality)

Storage duration: Data is automatically deleted after 30 days unless required for investigating legal violations.

2.2 SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognize an encrypted connection by the “https://” protocol and the lock symbol in your browser’s address bar.

 3. Cookies and Tracking Technologies

 3.1 What are Cookies?

Cookies are small text files stored on your device to make our website more user-friendly. Some cookies are automatically deleted when you close your browser (session cookies), while others remain on your device and enable recognition of your browser (persistent cookies).

 3.2 Cookie Categories

Strictly Necessary Cookies (§ 25 TTDSG)

These cookies are essential for website operation:

– Session management and security
– Load balancing and performance
– Basic website functionality
– Shopping cart functionality
– Login authentication

Legal basis: § 25 para. 2 no. 2 TTDSG (technical necessity)
Storage duration: Session end or up to 30 days

Functional Cookies

These cookies enhance user experience:

– Language preferences
– Design settings
– User interface customizations
– Remember login status

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
Storage duration: Up to 12 months

Analytical Cookies

For website usage analysis and optimization:

– Visitor numbers and behavior patterns
– Performance measurements
– Page load times and errors
– A/B testing functionality

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
Storage duration:Up to 26 months

Marketing/Advertising Cookies

For personalized advertising and remarketing:

– Audience segmentation
– Conversion tracking
– Personalized content delivery
– Cross-site tracking

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
Storage duration: Up to 24 months

3.3 Cookie Management

You can manage your cookie preferences through our Cookie Consent Tool or your browser settings. Please note that disabling cookies may limit website functionality.

Cookie Settings: You can modify your preferences at any time through the cookie banner that appears on first visit or via our privacy center.

 3.4 Consent Management Platform

We use a Cookie Consent Management Platform that:

– Displays cookie information clearly
– Allows granular consent choices
– Stores your preferences
– Provides easy withdrawal options
– Ensures compliance with TTDSG and GDPR

4. Third-Party Services and International Data Transfers

4.1 Google Web Fonts

Provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Purpose: Uniform display of fonts across our website
Data transmitted:IP address, browser information, font requests
Legal basis: Art. 6 para. 1 lit. a GDPR (consent) or Art. 6 para. 1 lit. f GDPR (legitimate interest)
Data transfer: EU-US Data Privacy Framework provides adequate protection

4.2 Content Delivery Networks (CDN)

We may use CDN services to improve website performance:
Data processed:IP address, browser information, requested files
Purpose: Faster content delivery and improved user experience
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

 4.3 Social Media Integration

Our website may include social media plugins from:

– LinkedIn:LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
– Facebook/Meta Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
– Twitter/X: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

Data sharing occurs only with your explicit consent through our consent management system.**

4.4 International Data Transfers

Data transfers to third countries only occur when:

– EU Commission adequacy decision exists
– Appropriate safeguards are in place (Standard Contractual Clauses)
– Your explicit consent has been obtained
– Transfer is necessary for contract performance

We regularly review and update our data transfer mechanisms to ensure ongoing compliance.

 5. Contact and Communication

5.1 Contact Form

When you contact us via our contact form, we collect:

– Name and email address
– Phone number (optional)
– Message content
– Technical data (IP address, timestamp)

Purpose: Responding to your inquiry and related technical administration
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest) or Art. 6 para. 1 lit. b GDPR (contract initiation)
Storage duration: Until your inquiry is resolved and statutory retention periods expire

5.2 Email Communication

Direct email communication data is processed for:

– Responding to inquiries
– Contract fulfillment
– Business communication
– Technical support

Retention:Emails are retained according to business necessity and legal requirements, typically 3-7 years for business correspondence.

 5.3 Newsletter and Marketing Communications

If you subscribe to our newsletter:
Data collected: Email address, name (optional), preferences
Purpose: Sending marketing information about our services
Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
Withdrawal: You can unsubscribe at any time via the unsubscribe link in emails or by contacting us directly

6. Business Services and Client Data Processing

 6.1 EU Project Management Services

For our EU project management and consulting services, we process:

– Client contact information
– Project-related documentation
– Communication records
– Performance data and reports

Legal basis:Art. 6 para. 1 lit. b GDPR (contract performance)
Data retention: As required by EU project regulations and German commercial law (typically 10 years)

6.2 Digital Marketing Services

When providing digital marketing services:

– Campaign performance data
– Target audience analytics
– Conversion tracking data
– ROI and effectiveness metrics

We ensure all client data processing complies with applicable data protection laws and maintain strict confidentiality.

 6.3 Client Data Security

We implement appropriate technical and organizational measures including:

– Encryption of data in transit and at rest
– Access controls and authentication
– Regular security assessments
– Staff training on data protection
– Incident response procedures

7. Data Subject Rights Under GDPR

7.1 Your Rights

You have the following rights regarding your personal data:

Right to Information (Art. 15 GDPR): Request information about processed data
Right to Rectification (Art. 16 GDPR): Correct inaccurate personal data
Right to Erasure (Art. 17 GDPR): Request deletion of personal data
Right to Restriction (Art. 18 GDPR): Limit processing under certain conditions
Right to Data Portability (Art. 20 GDPR): Receive data in structured format
Right to Object (Art. 21 GDPR):Object to processing based on legitimate interests
Right to Withdraw Consent (Art. 7 para. 3 GDPR): Withdraw consent at any time

7.2 How to Exercise Your Rights

To exercise any of these rights:

– Email: sales@nexuswelt.com
– Phone: +49 162 986 4264
– Mail: Nexuswelt UG, Holzstraße 15, 82256 Fürstenfeldbruck, Germany

We will respond to your request within one month and may request identity verification.

7.3 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Phone: +49 981 180093-0
Email: poststelle@lda.bayern.de

8. Data Retention and Deletion

8.1 General Retention Principles

Personal data is retained only as long as necessary for:

– The purposes for which it was collected
– Legal compliance requirements
– Legitimate business interests

8.2 Specific Retention Periods

Website data 30 days (server logs)
Contact inquiries: 3 years after resolution
Business correspondence: 6-10 years (commercial and tax law requirements)
Marketing data: Until consent withdrawal or 3 years of inactivity
EU project data: As required by funding regulations (typically 5-10 years)

8.3 Automated Deletion

We have implemented automated deletion processes to ensure data is removed when retention periods expire, unless legal obligations require longer storage.

9. Data Security Measures

 9.1 Technical Measures

– Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
– Access Controls: Multi-factor authentication and role-based access
– Network Security: Firewalls, intrusion detection, and monitoring
– Backup Systems: Encrypted, geographically distributed backups

9.2 Organizational Measures

– Regular staff training on data protection
– Data protection impact assessments
– Incident response procedures
– Regular security audits and penetration testing
– Vendor management and due diligence

9.3 Data Breach Procedures

In case of a data breach, we will:

– Contain the breach within 24 hours
– Notify supervisory authorities within 72 hours if required
– Inform affected individuals if high risk to rights and freedoms
– Document and analyze the incident for prevention

10. Automated Decision-Making and Profiling

 10.1 No Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or significantly affects individuals without human intervention.

10.2 Analytics and Insights

Any automated analysis is used solely for:

– Website optimization
– Service improvement
– Aggregate statistical analysis
– General business insights

No individual decisions affecting your rights are made automatically.

11. Children’s Privacy

 11.1 Age Restrictions

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent.

11.2 Parental Rights

If you believe we have collected data from a child under 16, please contact us immediately for removal.

12. Updates to This Privacy Policy

12.1 Policy Changes

We may update this privacy policy to reflect:

– Changes in our data processing practices
– Legal or regulatory requirements
– New services or features
– Enhanced privacy protections

12.2 Notification of Changes

Significant changes will be communicated through:

– Email notification to registered users
– Prominent website notice
– Updated effective date

You are encouraged to review this policy regularly.

13. Compliance with German Law

13.1 TTDSG Compliance

We comply with the German Telecommunications-Telemedia Data Protection Act (TTDSG), particularly regarding:

– Cookie consent requirements (§ 25 TTDSG)
– Terminal equipment privacy
– Technical and organizational measures

13.2 German Commercial Law

We maintain records in accordance with German commercial and tax law requirements (HGB, AO).

13.3 Industry Standards

We adhere to relevant industry standards and best practices for data protection in:

– Digital marketing
– EU project management
– Technology services
– International business operations

 14. Contact Information

14.1 General Inquiries

Nexuswelt UG (haftungsbeschränkt)
Holzstraße 15
82256 Fürstenfeldbruck, Germany
Email: sales@nexuswelt.com
Phone: +49 162 986 4264

14.2 Data Protection Officer

For specific data protection matters:
Email: sales@nexuswelt.com
Subject Line: Data Protection Inquiry