Data Protection Information for the Next Gen Loop Platform

Data Protection Information

This data protection notice provides information on what data Next Gen Loop collects during your visit to this website (nextgenloop.com) and registration on this platform. Next Gen Loop is a platform that connects supply chains to accelerate the usage of next-generation materials in the textile industry. To protect your privacy, Next Gen Loop observes the legal requirements of the relevant laws, including the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications Digital Services Data Protection Act (TDDDG). Some of the data that we store on our server is data that you have voluntarily provided to us by filling out forms, while other data has been collected automatically.

I. The controller within the meaning of the GDPR is

neosfer GmbH
Eschersheimer Landstraße 6
60322 Frankfurt am Main
Germany
E-mail: info@neosfer.com
Phone: +49(0)69 71913870
Imprint:https://nextgenloop.com/en/imprint

II. Name and address of the person responsible for data protection

Our data protection officer can be reached via
heyData GmbH
Schützenstraße 5
10117 Berlin
www.heydata.eu
datenschutz@heydata.eu
Mail:datenschutz@neosfer.com

III. General information on data processing

1. Scope of the processing of personal data

We collect and use the personal data of our users to the extent necessary to provide a functional platform and our content and services. The collection and use of personal data of our users takes place regularly only on behalf of the user or with the user's consent. An exception applies in cases where prior processing of the data is permitted by law.

2. Purposes and legal bases for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Automatically collected and stored data

Like many other companies, Neosfer tracks the general use of the platform (performance measurement) in order to improve it for our visitors and adapt it to their needs and to provide the website. The legal basis is Art. 6 para. 1 lit f GDPR. During your visit, Neosfer may automatically collect the following data about your computer and your visit and store this data temporarily:

  • IP addresses are only collected for as long as the session exists, but are not stored permanently
  • IP addresses are stored pseudonymised for error analysis of website logs. The data in website protocols (log files) are deleted after 10 days at the latest.
  • Each provider visit by registered users is stored pseudonymised with the time stamp of the call and automatically deleted after 40 days at the latest. This serves the technical purpose of a proper provider ranking.

Cookies

The platform may store certain information on visitors' computers, which are called cookies. Generally speaking, a cookie assigns a visitor a unique number that has no meaning outside the website to which it is assigned. Cookies provide information about how and when and by how many visitors the pages of a website are visited. This technology does not collect any identification data about individual visitors; rather, this information is also available in aggregated form. The purpose of this technology and the information it provides is again to help us improve our websites. Most Internet browsers are set to generally accept cookies. However, you can also set your browser to reject all cookies or to ask you each time whether you agree to the setting of cookies. However, it should be noted that cookies may be required in order to use certain functions of the website (such as the provision of user-specific information). In addition, once cookies have been saved, they can be deleted at any time. Further information on cookies is available athttps://support.microsoft.com/de-de/help/260971/description-of-cookies

We use technically necessary cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

Cookies are stored on the user's computer and transmitted from there to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our platform, it may no longer be possible to use all functions of the website to their full extent.

IV. Forwarding of data

The departments that require your data to fulfil our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also access your data for these purposes, provided that they maintain the confidentiality and integrity of the data in particular. These include, in particular, companies from the areas of IT services, logistics, printing services, telecommunications, debt collection, consulting, sales and marketing.

The platform is hosted by Google Cloud Platform. There is an order processing contract with Google. The data is processed exclusively in the EU.

Third parties, such as PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft, will only receive your personal data if you have given your consent.

The purpose of passing on the data is to enable PwC innovation department to improve the offering, enhance the user experience and further develop the NextGen Loop Platform.

V. Obligation to provide personal data

You are obliged to provide the personal data within the scope of the existing contract with you that is required for the commencement, execution and termination of the contract and for the fulfilment of the associated contractual obligations or that we are legally obliged to collect.

If you do not provide certain personal data, you may suffer disadvantages as a result.

We may not be able to provide our services if you do not provide us with the necessary information.

VI. No transfer of data to third countries or international organisations

We do not transfer personal data to organisations in countries outside the European Union.

VII. Duration of storage of personal data

Your personal data will only be stored or otherwise processed by us for as long as is necessary to fulfil the respective purpose. For the data collected during registration, this is the case when the data is no longer required for the fulfilment of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

If the purpose of the processing no longer applies, the corresponding personal data will be deleted. Deletion may be delayed in the following cases:

  • Fulfilment of statutory retention periods (e.g. German Commercial Code (HGB), German Fiscal Code (AO), German Money Laundering Act (GwG). The retention periods specified there are generally 6 to 10 years.
  • Preservation of evidence within the statutory limitation periods. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years. The regular limitation period is 3 years.

If we or a third party process your data on the basis of the above-mentioned balancing of interests, we will delete your personal data as soon as our legitimate interest no longer exists. The above-mentioned exceptions also apply here.

In the case of consent, the data will be deleted as soon as the consent is revoked for the future, unless one of the above-mentioned exceptions applies.

VIII. Automated decision making

In the course of your use of this website, you will not be subject to a decision based on automated processing in accordance with Article 22 GDPR. If we use such procedures in individual cases, you will be informed about this and about your related rights within the framework of the legal requirements.

IX. Profiling

Your data will not be processed automatically to evaluate certain personal aspects (profiling).

X. Rights of data subjects

a. Right to information

You can request information about your personal data that we process in accordance with Art. 15 GDPR.

b. Right to object

You have the right to object for particular reasons (see point VIII).

c. Right to rectification

If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

d. Right to erasure

You can request the erasure of your personal data in accordance with Art. 17 GDPR.

e. Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.

f. Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 (1) GDPR. This also includes the data protection supervisory authority responsible for the controller: The Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, telephone: 0611- 1408 0, poststelle@datenschutz.hessen.de.

g. Right to data portability

In the event that the requirements of Art. 20 para. 1 GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties.

h. Right to withdraw consent

If the processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Please send your cancellation to:datenschutz@neosfer.com

XI. Right to object pursuant to Art. 21 (1) GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (f) of Article 6(1) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.