Privacy Policy for nmedia GmbH, Düsseldorf under the General Data Protection Regulation (GDPR)

I. Name and address of the controller

Controller within the meaning of the GDPR and other national data protection laws applicable in member states as well as other provisions having the character of data protection legislation is:

nmedia GmbH
Kirchfeldstrasse 69a
40217 Düsseldorf
Germany
Phone: (++49) (0)211-54 23 24 25
E-Mail: privacy(at)nextrade.market
Online: www.nextrade.market

II. Name and address of the data protection officer

Our data protection officer can be contacted:

By mail:

nmedia GmbH
"Der Datenschutzbeauftragte"
Kirchfeldstrasse 69a
40217 Düsseldorf
Germany

By phone:

(++49) (0)211 6009575

by email:

privacy(at)nextrade.market

III.General information on data processing

1. Amount of personal data being processed

We essentially collect personal data about our users only to the extent required for provisioning a running web site, our content and services. We gather and use personal data of our users only after their given consent. A derogation from that procedure may occur if a consent request cannot be made for factual reasons and processing of personal data is permitted by law. /p>

2. Legal basis for processing personal data

Where we obtain the authorization from our users (data subjects) to process personal data, we do so on the legal basis of Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR).

Processing personal data necessary to fulfil a contract where the user is the contractual partner is done on the legal basis of Art. 6(1)(b) GDPR. This applies also to pre-contractual measures.

Where it is necessary to process personal data in order to fulfil a legal obligation that our company is subject to, the legal basis for this is Art. 6(1)(c) GDPR.

If there are interests essential for the life of the data subject or that of another natural person that require the processing of personal data, the legal basis for this is Art. 6(1)(d) GDPR.

Where the processing is necessary for the purposes of compelling the legitimate interests pursued by the controller or by a third party, and does not override the interests, rights and freedoms of the data subject, the legal basis for this is Art. 6(1)(f) GDPR.

3. Erasure and duration of storage

As soon as the purpose of collecting personal data no longer applies, the personal data of the data subject is erased or made unavailable. Provisions should be made for the possibility for further data processing in certain circumstances where necessary for an important ground of public interest recognized in Union or Member State law to which the controller is subject.

The data will be erased or made unavailable also after expiration of a specified storage period stated in the regulations, unless storage is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person.

IV. Provisioning of web site, preparation of log files

1. Description and extent of data processing

Each time our web page is called up, our system automatically records data and information from the computer system doing the call.

The following data are collected during a call:

(1) user's IP address
(2) time and date of access
(3) information about the browser type and version in use
(4) web sites from which the user's system has reached our website

The data are also stored in log files in our system. These data are not processed together with other personal data.

2. Legal basis of data processing

The data and log files are stored temporarily on the legal basis of Art. 6(1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by our server is necessary to deliver web pages to the user's computer. This requires to store the user's IP address for the duration of the session.

The data are stored in log files in order to maintain the functionality of the web pages. The data also help us to optimize our web site and ensure the safety of our IT systems. The data are not evaluated for marketing purposes.

The purposes stated constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

4. Duration of storage

The data are erased as soon as they no longer are necessary to achieve the purpose for which they are collected. In the context of storing data for the operation of web pages, this applies on termination of the respective session.

n the context of storing data in log files, this is the case at the latest after seven days. Provision should be made for the possibility of further storage. In this case, the IP addresses are erased or distorted so that they cannot be associated with the calling client.

5. Opportunity to object and for removal

The recording of data for provisioning of web pages and storage of the data in log files is fundamentally necessary for the operation of the website. There is consequentially no opportunity for the user to object.

The use of Matomo

This website collects and stores data by way of the Matomo web analysis software (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, based on our legitimate interest as per GDPR Art. 6(1)(f) in the statistical analysis of user behaviour for optimization and marketing purposes. Pseudonymized user profiles can be created from these data and evaluated for the same purpose. This can involve the use of cookies. Cookies are small text files that are locally stored in the cache of the page visitor's internet browser. Amongst other aspects, cookies enable the internet browser to be recognized again. The data collected with the Matomo technology (including your pseudonymized IP address) are processed on our servers.

The information generated in the pseudonymous user profile by the cookie will not be used to personally identify the visitor of this website and not be linked with personal data about the user of the pseudonym.

If you disagree with the storage and evaluation of these data from your visit, you can object to their storage and use at any time by a mouse click. In this case a so-called opt-out cookie will be stored in your browser with the result that Matomo will no longer collect session data. Please note that complete deletion of your cookies will also delete the opt-out cookie, which you may need to reactivate again.

V. Usage of Cookies

1. Description and extent of data processing

Our web pages use cookies. Cookies are data stored by the web browser on the user's computer. When a user calls up a web site, a cookie may be stored on the user's operating system. This cookie contains a characteristic character sequence which allows to recognize the calling browser upon later visits of our web site.

We use cookies in order to make our web site more user-friendly. Parts of our web site require to identify the calling browser even after having visited third-party pages.

In cookies, we store and transfer the following information:

(1) Session ID

The user data collected are pseudonymized by appropriate technical measures. The data cannot thus be associated with the calling user. The data are not stored together with other personal data of our users.

2. Legal basis of data processing

The legal basis for storage of personal data by usage of cookies is Art. 6(1)(f) GDPR.

The legal basis for storage of personal data by usage of cookies for analytic purposes after the user's given respective consent is Art. 6(1)(a) GDPR.

3. Purpose of data processing

The purpose of using technically mandatory cookies is to simplify the access to our web pages for users. Parts of our web site cannot be provisioned without the usage of cookies. These parts require to recognize the calling browser upon later visits of our web site.

We need cookies for the following applications:

(1) Session ID

User data collected through technically mandatory cookies are not used for the creation of user profiles.

4. Duration of storage, opportunity to object and for removal

Cookies are stored on the data subject's computer and are transmitted from there to our web server. The data subject has thus full control over the usage of cookies. He or she can prohibit or restrict the transmission of cookies by changing the settings in the web browser. Previously saved cookies can be deleted at any time. This may also occur automatically. After prohibiting the usage of cookies for our web site, the user may not be able to use all functions of these web pages to the full extent.

VI. Newsletter / email notifications

1. Description and extent of data processing

Our email newsletter or email notifications are sent to a user on the basis of the user's registration on our website. Our website offers users to apply for a free newsletter or email notifications. During this application, the data entered in the respective input mask are transferred to us.The following data are collected:

(1) the user's email address

(2) the user's name

(3) the user's phone number

At the time of registration, there are also collected:

(1) the IP address of the user's computer

(2) date and time of registration

As part of the registration process, the user is requested his or her consent to process these data while she or he is made aware of this privacy policy.

The data collected during application for our newsletter or email notifications are not forwarded to third parties. The data are used solely for sending the newsletter or email notifications.

2. Legal basis of data processing

The legal basis of processing the data provided by the user during application for the newsletter or email notifications and after the user's consent is Art. 6(1)(a) GDPR.

3. Purpose of data processing

Storage of the data subject's email address serves the purpose to deliver the newsletter or email notifications. We may collect other personal data during the registration process in order to precent misuse of our services or of the email addresses involved.

4. Duration of storage

The data are erased as soon as they no longer are necessary to achieve the purpose for which they are collected. According to that, the data subject's email address is stored for the duration of the newsletter / email notification subscription.

Other personal data collected within the registration process are usually erased seven days after registration.

5. Opportunity to object and for removal

The data subject can unsubscribe from the newsletter / email notifications at any time. For this purpose, each newsletter / email notification contains a respective link.

The data subject may also withdraw his or her consent to store personal data collected during registration for the newsletter.

VII. Registration

1. Description and extent of data processing

On our web site, users have the opportunity to register themselves by stating their personal data. Data are entered via a web form, transmitted to us and stored afterwards. The data collected are not forwarded to external third parties. During registration, the following data are collected:

(1) user's first name

(2) user's surname

(3) user's email address

(4) enterprise name

(5) street

(6) postal code

(7) city

(8) country

(9) enterprise email address

(10) enterprise fax number

(11) enterprise web page address

(12) enterprise type

(13) number of employees

(14) total revenue

(15) currency

if enterprise type = "retailer/reseller" oder "supplier:"

(16) value added tax identification number

(17) companies register number

(18) GLN (global loation number)

if enterprise type = "retailer/reseller"

(19) branch of economy

(20) interesting productgroups

if enterprise type = "supplier"

(21) range of products

if enterprise type = "interested party"

(22) field of activity

(23) interested in which information

At the time of registration, there are also collected: /p>

(1) the user's IP address

(2) time and date of registration

As part of the registration process, the user is requested his or her consent to process these data; the user is also made aware of this privacy policy.

2. Legal basis of data processing

The legal basis for processing this data after the user's consent is Art. 6(1)(a) GDPR.

Where the registration serves the performance of a contract to which the data subject is party or serves to take steps at the request of the data subject prior to entering into a contract, the legal basis for processing this data is Art. 6(1)(b) GDPR.

3. Purpose of data processing

Registration of the data subject is necessary for provisioning specific contents and services on our web site. These are: Opportunity to upload or download individual article catalogues and image data, to create or edit orders and subsequent documents, e.g., order responses, despatch advice, invoice, etc.

Since these information are confidential, an unambiguous identification of the user is mandatory.

4. Duration of storage

The data are erased as soon as they no longer are necessary to achieve the purpose for which they are collected.

This applies to data collected during registration if the registration is cancelled or changed.

5. Opportunity to object and for removal

The data subject can cancel his or her registration at any time. The data subject can also demand to change his or her data

Please use our contact form or send an email to datenschutz(at)nextrade.market and include what to erase or change.

If the data are necessary for fulfillment of a contract or to carry out pre-contractual measures, early erasure is only possible insofar as no contractual or legal obligations oppose erasure.

VIII. Contact form, email contact

1. Description and extent of data processing

On our web site, there is a contact form which allows to contact us at any time. When entering data into this form, these data are transmitted to us and stored on our server. These data are:

(1) first name

(2) surname

(3) enterprise name

(4) industry branch

(5) phone number

(6) email address

(7) email message text

At the time of sending the message, there are also collected:

(1) the user's IP address

(2) time and date of the data transfer

Before sending a message through our contact form, the data subject is requested for consent to process his or her personal data. In that context, he or she is pointed to this privacy policy.

Alternatively, you can contact us via the email address we provided you. In that case, the personal data transmitted in the email are stored.

The data collected during this process are not forwarded to external third parties. The data are used exclusively for handling the conversation.

2. Legal basis of data processing

The legal basis for processing this data after the user's consent is Art. 6(1)(a) GDPR.

The legal basis for processing data transmitted with an email is Art. 6(1)(f) GDPR. Where the email contact aims at entering into a contract, the legal basis for processing data is Art. 6(1)(b) GDPR.

Zielt der E-Mail-Kontakt auf den Abschluss eines Vertrages ab, so ist zusätzliche Rechtsgrundlage für die Verarbeitung Art. 6 Abs. 1 lit. b DSGVO.

3. Purpose of data processing

The personal data collected from our contact form are processed exclusively in order to establish the contact. In the case of email contact, we store the personal data in our legitimate interest to establish the contact.

Any other personal data collected from our web site during the sending process serve the purpose to prevent abuse of our contact form and to ensure the security of the processing.

4. Duration of storage

The data are erased as soon as they no longer are necessary to achieve the purpose for which they are collected.

his applies to the personal data collected from our contact form or sent to us by email, as soon as the conversation with the user has ended. A conversation is considered as ended if the circumstances indicate that the issue of the conversation has been clarified.

The other personal data collected during processing the contact form or email are erased at the latest after seven days.

5. Opportunity to object and for removal

The user can demand to cancel his or her consent to store his or her personal data at any time. If the user has established the contact via email, he or she may object to the storage at any time. In that case, the conversation cannot be continued.

Please use our contact form or send us an email to datenschutz(at)nextrade.market and state which information shall be erased.

Any personal data collected while establishing the contact will then be erased.

XI. Rights of users / data subjects

Where your personal data are processed, you are a data subject pursuant to the GDPR, with these rights against the controller:

1. Right of access by the data subject

The user can demand confirmation from the controller regarding if personal data concerning him or her are being processed by the data controller.

If such processing takes place, the data subject can demand the following information:

(1) the purposes for which the personal data are being processed;

(2) the categories of personal data being processed;

(3) the recipients (or categories of recipients) to whom personal data were disclosed in the past or will be disclosed;

(4) the intended duration of storage of personal data concerning the data subject or, if an explicit duration cannot be stated, criteria to define the duration of storage;

(5) confirmation of an existing right to correct or erase the personal data concerning the data subject, of a right to restrict data processing by the controller, or a right to object against this data processing;

(6) the existence of a right to complain to a supervisory authority;

(7) all available information about the origin of the data where the personal data were not collected from the data subject;

(8) the existence of an automated decision-making process, including profiling pursuant to Art. 22(1) and (4) GDPR, and—at least in these cases—meaningful information about the logic involved as well as scope and intended consequences of such a process on the data subject.

IYou have the right to information whether the personal data concerning you are being sent to a third country or an international organization. In this context, you can demand to be informed about appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification

You have a right to rectification and/or completion against the controller, if the personal data concerning you are untrue or incomplete. The controller has to correct the data without undue delay.

3. Restriction of processing of personal data

You can demand to restrict processing of the personal data concerning you under these circumstances:

(1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;

(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;

(4) if you object processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override yours.

Where processing of data concerning you has been restricted, these data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to preceding conditions, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Duty of erasure

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:

(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

2) you withdraw your consent on which the processing is based according to Art. 6(1)(a) GDPR, or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing;

(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;

(4) the personal data have been unlawfully processed;

(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties

Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary:

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

5. Right of data subjects to be informed

Where you have asserted the claim to rectification, erasure or restriction of processing against the controller, the controller will be obliged to notify all recipients (to whom the personal data concerning you were disclosed) of this rectification or erasure of data or restriction of processing, unless this proves impossible or causes disproportionate expense.

You have the right against the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1) the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR;

(2) the processing is carried out by automated means.

In exercising this right you further have the right to have your personal data transmitted directly from the controller to another controller, where technically feasible. This shall not affect the freedom and rights of other persons.

The right to data portability does not apply for the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

The user has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on Art. 6 (1)(e) or (f) GDPR. This applies also to profiling pursuant to these regulations.

The controller will cease to process the personal data concerning the data subject unless the data subject can demonstrate compelling legal grounds for the processing which override the controller's interests, rights and freedoms or where processing serves the establishment, exercise or defense of legal claims.

Where personal data concerning the user are processed for direct marketing purposes, the user has the right to object at any time to processing of his or her personal data for such marketing purposes.

Where the user objects to processing for direct marketing purposes, the personal data concerning the user will no longer be processed for these purposes.

In the context of the rules on information society services, notwithstanding Directive 2002/58/EC, the user may exercise his or her right to object, also by automated means which may make use of technical specifications.

8. Right to withdrawal of consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and the data controller;

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

However, these decisions may not depend on special categories of personal data pursuant to Art. 9 GDPR, unless Art. 9(2)(a) or (g) GDPR are in effect and specific measures to safeguard the fundamental rights and interests of the data subject were taken.

In cases (1) and (3) the controller takes appropriate measures to protect the fundamental rights and freedoms as well as the legitimate interests of the data subject. These measures comprise at least the right to obtain an intervention through a person on part of the controller, to declare his or her position and to challenge the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.