Data privacy
Protecting your privacy is very important to us. Below we inform you about the handling of your data regarding your visit to our website.
1. Name and contact details of the controller
This privacy policy applies to data processing by:
Jung von Matt NERD GmbH
Glashüttenstraße 79
20357 Hamburg
Phone: +49 40 4321-0
E-mail: nerd@jvm.de
For all matters regarding data protection please contact us at datenschutz-extern@jvm.de.
2. General notes and mandatory information
a) Data protection and information on storage
When you visit our website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what information we collect and how we use it. It also explains how we collect the data and for what purpose.
We would like to point out that data transmission on the internet (e.g. communication by e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.
b) Information on data transfer to the US
We may use services or tools of companies located in the United States (US). If these services or tools are active, your personal data may potentially be transferred to the US, which is considered a non-secure country in regards to GDPR, and may be processed there. We must point out that in those non-secure countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, US enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that US agencies or authorities may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities but will keep approriate technical and organizational measures in place in order to minimize risks as much as possible.
c) SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
D) External hosting of the website
We are hosting our website with Squarespace. The provider is Squarespace Ireland Ltd, Le Pole House, Ship Street Great, Dublin 8, Ireland (hereinafter “Squarespace”).
Squarespace is a tool for creating and hosting websites. When you visit our website, your data is processed on Squarespace’s servers. This may involve the transfer of personal data to Squarespace's parent company, Squarespace Inc, 8 Clarkson St, New York, NY 10014, USA. Squarespace also stores cookies that are necessary for the display of the site and to ensure security (necessary cookies).
The use of Squarespace is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest on the most reliable representation of our website.
Data transfers to the US is based on the standard contractual clauses of the EU Commission. You can find details here: https://support.squarespace.com/hc/de/articles/360000851908-GDPR-und-Squarespace.
We have concluded a data processing agreement (DPA) with Squarespace.
3. Collection and storage of personal data and cookies
a) Visiting our website
When you visit our website the browser used on your end device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
IP address of the requesting computer,
Date and time of access/server inquiry,
Name and URL of the retrieved file,
Website from which the access is made (referrer URL),
the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data will be processed by us for the following purposes:
Ensuring a smooth connection of the website,
Ensuring a comfortable use of our website,
Evaluation of system security and stability, and
for other administrative purposes.
The legal basis for the data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is based on the purposes for data collection listed above. In no case we will use the collected data for the purpose of drawing conclusions about your person.
b) General use of cookies
Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising. Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions desired by you (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. We have a legitimate interest in storing cookies for a technically error-free and optimized provision of our services. Insofar as consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 (1) lit. a GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
If cookies are used by third parties or for analysis purposes, we will inform you separately within the framework of this privacy ploicy and, if necessary, request your consent.
4. Analyzing tools
We use Squarespace Analytics on our website. The provider is Squarespace Ireland Ltd, Le Pole House, Shipstreet Great, Dublin 8, Ireland (hereinafter “Squarespace Analytics”).
Squarespace Analytics allows us to track and analyze the user behavior of our website visitors. In the context of our user analytics, we may analyze your click and scroll behavior, search queries, time of access, geographic location, and Access internal links. For this purpose, Squarespace Analytics collects information about your browser, network, device, and IP address, in particular. Squarespace Analytics uses technologies for the analysis of user behavior, which enable a cross-page recognition of the user (e.g., cookies or device fingerprinting) and forms pseudonymized user profiles on this basis. In the context of the analysis, personal data may also be transferred to Squarespace Analytics’ parent company, Squarespace Inc, 8 Clarkson St, New York, NY 10014, USA.
The use of Squarespace Analytics and its tracking is based on Art. 6 (1) lit. f GDPR and § 25 TTDSG (German Telecommunications Act) and therefore only active if you have given your prior consent. Such consent may be revoked at any time.
Data transfer to the US is based on the standard contractual clauses of the EU Commission. You can find details here: https://support.squarespace.com/hc/de/articles/360000851908-GDPR-und-Squarespace.
We have concluded a data processing agreement (DPA) with Squarespace.
5. Disclosure of personal data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:
You have given your express consent to this in accordance with Art. 6 (1) lit. a GDPR,
It is legally permissible and necessary according to Art. 6 (1) lit. b GDPR for the processing of contractual relationships with you.
In the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) lit. c GDPR, as well as
The disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 (1) lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
6. Social media
a) Instagram Plugin
We have integrated functions of the public media platform Instagram on our website. These functions are being offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If the social media element has been activated, a direct connection between your device and Instagram’s server will be established. As a result, Instagram will receive information on your visit to our website. If you are logged into your Instagram account, you may click the Instagram button to link contents from this website to your Instagram profile. This enables Instagram to allocate your visit to our website to your user account. We have to point out that we as the provider of the website and its pages do not have any knowledge of the content of data transferred and its use by Instagram.
The storage and analysis of the data is based on Art. 6 (1) lit. a GDPR. Your consent is given via Squarespace (or other consent tool) and can be revoked by you at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Instagram. The processing by Instagram that takes place after the onward transfer is not part of the joint responsibility.
The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using Instagram and for the privacy-secure implementation of the tool on our website. Meta is responsible for the data security of Instagram products. You can assert data subject rights (e.g., requests for information) regarding data processed by Instagram directly with Meta. If you assert the data subject rights with us, we are obliged to forward them to Meta.
Data transfers to the US are based on the Standard Contractual Clauses (SCC) of the European Commission.
Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. For more information on this subject, please consult Instagram’s Data Privacy Declaration at: https://instagram.com/about/legal/privacy/.
b) LinkedIn
Our website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Any time you access a page of our website that contains elements of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to our website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn.
The use of the LinkedIn plug-in is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in making our information as comprehensively visible as possible on social media.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy.
7. Data subject rights
You have the right,
to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;
in accordance with Art. 16 GDPR to demand the immediate correction of incorrect or completion of your personal data stored by us;
in accordance with Art. 17 GDPR to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the correctness of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
in accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future; and
to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
8. Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular reason.
If you wish to exercise your right to object, simply send an e-mail to datenschutz-extern@jvm.de.
9. Modification of this privacy policy
This privacy policy is currently valid and is dated September 2022.
Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current data protection declaration can be accessed by you at any time on the website at https://www.nerd-insights.com/privacy.