NEORY GmbH Privacy Policy


We at NEORY GmbH, Brandschachtstrasse 2, 44149 Dortmund, Germany, Tel +49 231/58 69 73 - 0, take the protection of your data very seriously. We therefore only process your personal data in accordance with the provisions set out in this privacy policy, the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).


Data controller

We as the data controller within the meaning of the GDPR are responsible for the processing of your personal data, which we collect in connection with your use of our website or a contact initiated by either yourself or us.


Definitions

This privacy policy uses the definition of terms set forth in the General Data Protection Regulation (GDPR).

"Personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific factors.

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or transfer, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


Visiting our website

When you visit our website www.neory.com, the browser on your device automatically sends information to the server hosting our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted, typically after one week:

  • - IP address of the requesting computer,
  • - Date and time of access,
  • - Name and URL of the accessed file,
  • - Website used to access our website (referrer URL),
  • - User agent of your browser (typically specifies the browser and operating system).

We process this data for the following purposes:

  • - Ensure a smooth connection to the website,
  • - Make our website more user-friendly,
  • - Evaluate the security and stability of the system
  • - Investigate any possible unlawful access to our website (DoS/DDoS attacks, etc.) and
  • - Other administrative purposes.

The legal basis for this data processing is Article 6 (1) (f) GDPR. The purposes listed above constitute legitimate interests as defined by GDPR. We will not typically use the data collected to identify you. However, we reserve the right to do so if this becomes necessary to investigate unlawful access to our website.


Communication

If you have any questions, you can contact us by telephone or by email. If you provide us with personal data through these channels or our website (e.g. by using the contact form), we will store and use this data on the basis of Article 6 (1) (a) GDPR solely to process your query or on the basis of Article 6 (1) (b) GDPR to take steps at your request prior to entering into a contract. You may revoke your consent to the processing of your personal data at any time. All you need to do is send an email to privacy@neory.com. We will erase your data insofar as this does not conflict with statutory retention requirements (for example, if you send us a pre-contractual message using the contact form and we then establish a contractual relationship with you, or if your message refers to an existing contractual relationship).


Newsletter

If you provide us with your email address to receive our newsletter, we will use this email address on the basis of your consent pursuant to Article 6 (1) (a) GDPR for the purpose of sending you the newsletter. The newsletter is sent by the mailing provider Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin. Newsletter2Go GmbH only uses server locations in Germany to send the newsletter. Please refer to the mailing provider's privacy policy and other information, which is available at https://www.newsletter2go.de/informationen-newsletter-empfaenger. There is an unsubscribe link at the bottom of every newsletter, which you can use to unsubscribe from the newsletter at any time. You can also unsubscribe from the newsletter at any time by sending a message to our email address privacy@neory.. If you unsubscribe from our newsletter, the personal data stored for the purpose of sending the newsletter will be erased, provided this does not conflict with statutory retention requirements.


Google Analytics

This website uses Google Analytics, a website analysis service with DoubleClick Campaign Manager and DoubleClick Bid Manager, provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA ("Google"). The resulting data are used to optimise our website and promotional activities. The legal basis for this use is our legitimate interest in accordance with Article 6 (1) (f) GDPR.

Google Analytics uses so-called "cookies", i.e. small text files that are stored on your computer and facilitate analysis of the way you use the website. The information generated by the cookie about your use of this website, including

  • - Browser type/version,
  • - Operating system used,
  • - Referrer URL (previously visited site),
  • - Hostname of the remote computer (IP address),
  • - Time of the server request,

will typically be transmitted to and stored by Google on servers in the US. Google will not associate your IP address collected by Google Analytics with any other data held by Google. On this website, we have also supplemented Google Analytics with "anonymizeIP". This ensures that your IP address is masked, and all data will therefore be collected anonymously. Only in exceptional cases will the full IP address be transmitted to Google servers in the United States and truncated there. To cover those exceptional cases where personal data are transmitted to the US, Google has submitted to the EU-US Privacy Shield.

Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet use. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website.

Furthermore, you can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in provided under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Alternatively, e.g. if you use a smartphone or tablet to visit this website, you can prevent Google Analytics from collecting your data by clicking on the following link. This sets an opt-out cookie which will prevent future collection of your data when visiting this website: Disable Google Analytics .

For more information about how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.


Google Maps

On this website we use the Google Maps API to display an interactive map and a route planner. Google Maps is a mapping service developed by Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

By using Google Maps, information about your use of the website (including your IP address) may be transmitted to and stored by Google on servers in the US. Google may also pass this information collected by Google Maps on to third parties where this is required by law or if third parties process the data on Google's behalf. To cover cases where personal data are transmitted to the US, Google has submitted to the EU-US Privacy Shield.

Google will never associate your IP address with any other data held by Google. Nevertheless, it would be technically possible for Google to, at the very least, identify individual users on the basis of the data collected. It would be possible for personal data and profiles of users of the Google website to be processed for other purposes over which we have no influence. You can disable the Google Maps service to prevent data transfer to Google by disabling JavaScript in your browser. Please note that if you do this, you may not be able to use the map feature of this website.

We use Google Maps to enhance the appeal of our website and to make locations specified on our website easier to find. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

For more information about how Google handles user data, please refer to Google's privacy policy: https://www.google.de/intl/en/policies/privacy/ or the additional terms of use for Google Maps: https://www.google.com/intl/en_en/help/terms_maps.html.


Links to third-party services

The website contains links to social media platforms or other providers operated by third parties. However, a link to such a third-party provider will only be established after you have clicked on the corresponding button (link) on the website. We have no influence over the processing of personal data by these providers. For this reason, we refer you to the privacy policies of the respective operators:


Routine erasure and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of the storage or as provided by the European directives and regulations or other laws or regulations to which we are subject. If the data is no longer required for the purpose for which it was originally stored, or if the storage period prescribed by the European directives and regulations or any other relevant laws expires, the personal data will be routinely erased or blocked in accordance with the statutory requirements.

Any data that we store on the basis of your consent will only be stored until you withdraw your consent. Data which we need for the performance of a contract will be stored only for the duration of our contractual relationship or to comply with statutory retention requirements. We will only store data we use on the basis of our legitimate interests for as long as our interests are not overridden by your interests to have the data erased or anonymised.


Rights of data subjects

You have the right:

  • - to obtain information about your personal data we process in accordance with Article 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, the source of data not collected by us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information about the details involved;
  • - to obtain from us without undue delay the rectification of inaccurate personal data we store on you in accordance with Article 16 GDPR;
  • - to obtain from us the erasure of personal data we store on you without undue delay in accordance with Article 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • - to obtain from us a restriction on processing in accordance with Article 18 GDPR if you contest the accuracy of the personal data, the processing is unlawful and you oppose the erasure of the personal data and we no longer need the personal data, but you require the data for establishment, exercise or defence of legal claims or if you have objected to processing pursuant to Article 21 GDPR;
  • - to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller in accordance with Article 20 GDPR and

  • - to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a general rule, you can contact the supervisory authority of your habitual residence or place of work or our company's registered office.

Data of visitors to our customers' websites

When you visit the websites of our customers who are using the NEORY Marketing Cloud, our technology will be used to process your data. As part of providing and maintaining the service (support) for our customers, we may gain insight into or access personal data that is entered by users of the service or which is recorded by the system when using the services (e.g. IP address of the requesting computer, date and time of access, browser used and, if applicable, your computer's operating system and the name of your access provider). In this respect, we process the data on behalf of our customer, who is responsible to you for processing your data in compliance with data protection laws and regulations. Please refer to the respective privacy policies of our customers, which also apply to the use of the technology, for details regarding the processing of your data.

In order to be able to provide our services to our customers, we use third companies that provide services we are obliged to provide on our behalf or support us in the provision of services and who we may engage to process your personal data in this context (processors). In particular, we make use of providers of infrastructure and platform services to provide our services. Processors who process data on our behalf use only servers located in Germany.

As a provider of the NEORY Marketing Cloud, we attach great importance to protecting the data that is processed using our technology. Our measures in this regard are based on the respective data processing agreements, which we have concluded with our customers. We provide you with further information about the use of our technology in the Annex to this privacy policy.


Data protection officer

You can contact our data protection officer Mr Georg Hesse by email at privacy@neory.com.


Contact details

You can use the following details to contact us:

NEORY GmbH
Brandschachtstrasse 2
44149 Dortmund
Germany
privacy@neory.com
We will answer your questions regarding data protection promptly in German or English.

Last updated: 24/07/2018



Annex to the privacy policy - Data processing in the NEORY Marketing Cloud


Our services

The NEORY Marketing Cloud (technology) is used to deliver digital advertising, manage digital advertising campaigns, conduct effective market research/analysis, collect statistical data for campaign tracking as well as to make our website more user friendly. In addition, the technology enables our customers to collect and store data about internet users (devices) and to use this data for analysis and marketing purposes. In this respect, we process the data on behalf of the respective customer, who is responsible for data processing in accordance with the terms of the contract. Please refer to the respective privacy policies of our customers for more information about their use of this technology.

The NEORY Marketing Cloud can be reached under the standard domain ad-srv.net. However, it can also be operated for its customers under individual domains:

  • - The Reach Group GmbH (Domain: redintelligence.net)


Data processing in the European Union

We process data only in the Member States of the European Union (EU). In particular, the internet servers we use for data processing are located within the territory of the member states of the EU. As a principle, we do not transfer data to third countries or international organisations.


Usage-based online advertising / OBA

We have voluntarily submitted to the principles of the EDAA OBA Framework. For more information, please visit:

http://www.edaa.eu/

In addition, we voluntarily comply with the self-regulation of the German Data Protection Council for Online Advertising (DDOW). Please click on the following link for the latest version of self-regulation codex and further information:

http://meine-cookies.org/DDOW/die_kodizies/index.html

On the following page, you have the option of disabling usage-based advertising with the help of the preference manager:

For more information on behavioural advertising from the European Interactive Digital Advertising Alliance, please visit:

http://www.youronlinechoices.com/

Data protection measures

Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with statutory requirements. Those measures shall be implemented taking into account the state of the art and include, in particular, encryption. The equipment and systems used to process data are protected against unauthorised access, both physically and digitally. In particular, our servers and the servers of our contractors are password-protected and encrypted. Only employees have access to personal data to the extent necessary to perform their duties. Our employees receive data processing training before commencing work and are obliged to maintain confidentiality. Regular backups protect the data from loss and can be restored at any time. The default system settings ensure that only personal data needed for the respective processing purpose is processed. In this way, we apply data protection principles such as data minimisation. In addition, we use technical and organisational measures to ensure the confidentiality, integrity, availability and resilience of the systems. Compliance with data protection regulations is routinely monitored and the measures are updated as and when necessary.