Legal
Privacy Policy
Privacy Policy
Project Nexus Germany GmbH ("Project Nexus", "we") operates the website www.projectnexus.app ("website") with information for visitors ("users", "you") about the "Project NEXUS" offer.
With the following information, we would like to inform users about how we implement the requirements of the EU General DataProtection Regulation ("GDPR") and the German Federal Data Protection Act ("BDSG") on our website, how we protect your privacy and how your personal data is processed when you visit the website.
1. Name and contact details of the controller:
Project Nexus Germany GmbHBahnhofstraße 32 (c/o Werkbank 32)09648 Mittweida, GermanyE-Mail: dataprivacy@projectnexus.app
2. Data processing when visiting our website
2.1. Description and scope of data processing
Each time you access the website, our system automatically collects data and information from the computer system from which you access the content.
The following data is collected (hereinafter "log data"):
- information about the browser type and version used
- the operating system of your computer system
- the IP address of your computer system
- data volume transferred
- date, time, and duration of access
- language settings
Except for the IP address, none of the log data allows us to identify you personally.Personal identification can only be made by associating or linking the log data with an IP address, which we are generally unable to do.
2.2. Purpose of data processing
The collection and processing of log data on the website, in particular the IP address, is carried out for the purpose of providing the content and functions of the website. This requires a temporary storage of the IP address. This is necessary to address the data traffic between your computer system and the website.
Any additional processing and storage of IP addresses in log files is done to ensure the functionality of our website and the security of our information technology systems.
2.3. Legal basis
The legal basis for the collection and processing of log data, insofar as it concerns personal data, is Art. 6 para. 1 sentence 1 lit. b GDPR (performance of contract, initiation of contract).
The legal basis for the storage of log data (insofar as they are personal data) beyond the communication process, i.e. for the functionality and further development of our website and to ensure the security of our information technology systems as a legitimate interest, is Art. 6 para. 1 sentence 1 lit. f GDPR (protection of legitimate interests).
2.4. Data deletion and storage period
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case at the end of the relevant session. In addition, log data, including IP addresses for system security purposes, are stored for a maximum of 30 days following the end of access to the website.
2.5. Right to object
The collection of log data for the provision of the website, including its storage in log files within the limits set out above, is essential for the operation of the website. To the extent that the user wishes to use the website, he or she cannot therefore object to the processing of the data.
2.6. Disclosure to third parties
We will only share your personal data with third parties if
- you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR;
- this is necessary according to Art. 6 para. 1 lit. b GDPR for the fulfilment of a contractual relationship with you or for the implementation of pre-contractual measures;
- there is a legal obligation to transfer pursuant to Art. 6 para. 1 lit. c GDPR;
- we are required by law to transmit data to state authorities, such as law enforcement agencies;
- the disclosure is necessary pursuant to Art. 6 para. 1 lit. f GDPR to protect our legitimate interests and to establish, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
- we make use of external service providers, so-called processors, in accordance with Art. 28 GDPR, who are obligated to handle your data with care.
We pass on the data mentioned in clause 2.1. to the following service providers,
who are our processors:
- Service providers we use to ensure the security of our information technology systems;
- our hosting provider;
- cloud providers.
3. Use of cookies on the website
In addition to the log data referred to in clause 2, cookies are stored on your mobile device and/or your computer when you use our website. Cookies are small text files that are stored in the device memory of your mobile device and/or your computer. They are used, among other things, to make the use of the website more user-friendly and more effective overall.
3.1. Technically necessary cookies
When you visit our website, cookies are set which are essential for the operation of the website. The technically necessary cookies including their purpose and storage period or deletion period, are explained to you in our cookie banner.
The legal basis for the processing of personal data using technically necessary cookies is section 25 para. 2 no. 2 TTDSG resp. our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our overriding legitimate interest is the operation of our website.
3.2. Non-essential cookies
We may also use non-essential cookies, for example, to collect additional information about the interests of visitors of our websiteor their usage patterns, in order to analyse and optimise our website and our customer interactions in general. Non-essential cookies, including their purpose and storage period or deletion period, are also explained to you in our cookie banner.
Non-essential cookies will only be set if you have expressly consented.
The legal basis for the processing of personal data using such non-essential cookies is your express consent pursuant to Section 25 para. 1 sentence 2 TTDSG resp. Art. 6 para. 1 lit. a GDPR.
4. Hotjar web analytics service
4.1. Description and scope of data processing
We use the web analytics service Hotjar from Hotjar Limited in Malta ("Hotjar"). Hotjar enables the analysis of the use of the website by collecting and processing data about the use of the website and the behaviour of users and on the end devices used via cookies. This includes a device's IP address (which is processed during your session and stored in anonymous form), device screen size, device type (unique device identifier), browser information, geographic location (country only), and the preferred language in which to view our website. This information is not used by Hotjar or us to identify individual users, is not combined with other information about individual users, and is not shared with third parties. Further details of Hotjar’s data processing practices can be found at www.hotjar.com/privacy/ .
4.2. Purpose of the data processing
Personal data is collected and processed to analyse the use of our website. Cookies from the web analytics service Hotjar will only be used if you have expressly consented.
4.3. Legal basis
The legal basis for the processing of personal data is your express consent in accordance with section 25 para. 1 sentence 2 TTDSG resp. Art. 6 para. 1 lit. a GDPR.
4.4. Data deletion and storage period
Please refer to our cookie banner for information regarding the storage period.
4.5. Right to object
You may revoke your consent in whole or in part at any time with effect for the future. This shall not affect the lawfulness of anyprocessing that has been carried out on the basis of the consent until the revocation.
5 Hosting via Webflow
5.1. Description and scope of data processing
Our website is hosted by Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA ("Webflow"). Webflow is a tool for creating and hosting websites. When you visit our website, Webflow collects various log files on our behalf, including your IP address. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. We have entered into a data processing agreement (DPA) with Webflow. For further details, please refer to Webflow's privacy policy at https://webflow.com/legal/eu-privacy-policy .
5.2. Purpose of data processing
Webflow stores cookies or other recognition technologies that are necessary for the presentation of the page, to provide certain website functions and to ensure security.
5.3. Legal basis
The use of Webflow is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website.
5.4. Data deletion and storage period
Your personal data will be kept by Webflow for as long as necessary for the purposes described.
5.5. Right to object
You have the right to object to the processing of your personal data by Webflow pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation.
6. Cloudflare
6.1. Description and scope of data processing
Our website uses a content delivery network (CDN) from Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA ("Cloudflare"). A content delivery network is an online service that is used to deliver in particular large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected over the internet. For more information, please see Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/
6.2. Purpose of data processing
The use of Cloudflare's Content Delivery Network helps to optimise the loading speed of this website.
6.3. Legal basis
The use of Cloudfare is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website.
6.4. Data deletion and storage
Your personal data will be stored by Cloudflare for as long as necessary for the purposes described.
6.5. Right to object
You have the right to object to the processing of your personal data by Cloudfare pursuant to Art. 21 GDPR, if there are grounds for doing so that arise from your particular situation.
7. jsdelivr.net-CDN
7.1. Description and scope of data processing
Our website uses a content delivery network (CDN) from Prospect One, Poland ("Prospect One"). A content delivery network is an online service that is used to deliver in particular large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the internet. For more information, please see Prospect One's privacy policy at https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
7.2. Purpose of data processing
The use of Prospect One's Content Delivery Network helps to optimise the loading speed of this website.
7.3. Legal basis
The use of jsdelivr.net-CDN is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website.
7.4. Data deletion and storage period
Your personal data will be stored for as long as necessary for the purposes described.
7.5. Right to object
You have the right to object to the processing of your personal data by Prospect One in accordance with Art. 21 GDPR, if there are grounds for doing so which arise from your particular situation.
8. Amazon CloudFront
8.1. Description and scope of data processing
Our website uses a Content Delivery Network (CDN) provided by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210 ("AWS"). A content delivery network is an online service that is used primarily to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected over the Internet.
For more information, see the AWS Privacy Policy at https://aws.amazon.com/privacy/?nc1=h_ls
8.2. Purpose of data processing
The use of the AWS content delivery network helps to optimise the loading speed of this website.
8.3. Legal basis
The use of Amazon CloudFront is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website.
8.4. Data deletion and storage period
Your personal data will be stored for as long as necessary for the purposes described.
8.5. Right to object
You have the right to object to the processing of your personal data by AWS pursuant to Art. 21 GDPR, if there are grounds for doing so that arise from your particular situation.
9. unpkg
9.1. Description and scope of data processing
Our website uses the content delivery network (CDN) unpkg ("unpkg"). A Content Delivery Network is an online service that is used to deliver in particular large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected over the internet.
For more information, visit www.unpkg.com .
9.2. Purpose of data processing
The use of the unpkg content delivery network helps to optimise the loading speed of this website.
9.3. Legal basis
The use of unpkg is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website.
9.4. Data deletion and storage period
Your personal data will be stored for as long as necessary for the purposes described.
9.5. Right to object
You have the right to object to the processing of your personal data by unpkg pursuant to Art. 21 GDPR, if there are grounds for doing so that arise from your particular situation.
10. Newsletter
10.1. Description and scope of data processing
A newsletter can also be subscribed via the website. This is a separate, free information service that can be used independently of an existing customer relationship with us.
10.2. Purpose of data processing
Your data will be processed solely for the purpose of sending you the newsletter you have requested.
10.3. Legal basis
The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR (consent), which you have given us by ordering the newsletter.
10.4. Data deletion and storage period
The data will be stored for as long as we need it to send you the newsletter, subject to your request for deletion. The data will bedeleted when you unsubscribe from the newsletter or when we generally stop sending the newsletter you have subscribed to.
10.5. Right to object
You may withdraw your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can unsubscribe, for example, by clicking on the link at the bottom of each newsletter email or by email to dataprivacy@projectnexus.app.
11. Your rights as data subject
You have the right
- to request information in accordance with Art. 15 GDPR about your personal data that we process;
- in accordance with Art. 16 GDPR to demand the correction of inaccuracies or the completion of your personal data stored by us without delay;
- pursuant to Art. 17 GDPR to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise, or defence of legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, if the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer need the data, but you need it for theestablishment, exercise or defence of legal claims or you have objected to the processing in accordance with aArt. 21 GDPR;
- pursuant to Art. 20 GDPR to receive the personal data that you have provided to us in a structured, ordinary and machine-readable format or to request its transfer to another controller.
12. Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation. If you wish to exercise your right to object, simply send an e-mail to dataprivacy@projectnexus.app
13. Right to complain
You have the right to file a complaint with a supervisory authority if you believe that the processing of personal data relating to you is in breach of the GDPR. The supervisory authority responsible for our company is the Sächsische Datenschutz- und Transparenzbeauftragte, Postfach 11 01 32, 01330 Dresden, Germany, www.datenschutz.sachsen.de