We take data protection seriously
Protecting your personal data is particularly important to us. We therefore process your personal data ("data" for short) exclusively on the basis of the applicable legal provisions.
We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees and service providers working for us are bound to comply with the applicable data protection laws. Whenever we collect and process personal data, it is encrypted before transmission. This means your data cannot be misused by third parties. Our security measures are subject to continuous improvement, and our privacy policies are continuously reviewed and updated.
With this privacy policy, we aim to provide you with comprehensive information—within the meaning of Article 13 of the European General Data Protection Regulation (EU GDPR)—about the processing of your data in our company and about the data protection claims and rights to which you are entitled. In addition, you have the right to restriction of processing (Art. 18 GDPR), the right to object to processing (Art. 21 GDPR), and the right to data portability (Art. 20 GDPR).
We process the data we receive in the course of initiating or performing contracts, based on consents, as part of your registration for events (e.g., alumni), based on photographs taken at events, or as part of your application to us. As a rule, the data comes directly from you—for example, when you provide it to us via forms on our website, via external registration platforms for events, by email, by telephone, or in personal contact.
Personal data includes:
In addition, we also process the following other personal data:
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act 2018 (Bundesdatenschutzgesetz) as amended:
You may object at any time to the use of your personal data for advertising purposes in general or for individual measures, without incurring any costs other than the transmission costs according to the basic tariffs.
Subject to the legal requirements of Section 7(3) of the German Act Against Unfair Competition (UWG), we are entitled to use the email address you provided when concluding the contract for direct advertising of services. You will receive these recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations by email, you can object to the use of your address for this purpose at any time, without incurring any costs other than the transmission costs according to the basic tariffs. Notification in text form is sufficient. Of course, every email also contains an unsubscribe link.
If we use a service provider as a processor, we nevertheless remain responsible for protecting your data. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the services. The processors commissioned by us receive your data insofar as they need it to perform their respective services. These include, for example, IT services that we require for the operation and security of our IT system, as well as advertising and address publishers for our own marketing campaigns.
Your data is processed in our customer database. The customer database supports improving the data quality of existing customer data (duplicate cleansing, moved/deceased flags, address correction) and enables enrichment with data from public sources.
Images recorded by us are published on our website or on social media, e.g., LinkedIn.
This data is made available to the group companies insofar as necessary for contract processing. Customer data is stored on a company-specific and separated basis, with our parent group acting as a service provider for the individual participating companies.
If there is a legal obligation and in the context of legal enforcement, authorities and courts as well as external auditors may be recipients of your data.
In addition, for the purpose of initiating and performing contracts, insurance companies, banks, credit agencies, and service companies may be recipients of your data.
We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (e.g., under the German Commercial Code, the Fiscal Code, or the Home Act (Heimgesetz)); and beyond that, until the conclusion of any legal disputes in which the data is required as evidence.
As a rule, we do not transfer any data to a third country. In individual cases, a transfer takes place only on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate safeguards, or your explicit consent.
You have the right at any time to access, rectification, erasure, or restriction of the processing of your stored data, the right to object to processing, the right to data portability, and the right to lodge a complaint, subject to the requirements of data protection law.
Where technically feasible, you may request that we transmit your data directly to another controller.
Processing your data is necessary for the conclusion and/or performance of the contract you have entered into with us. If you do not provide this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obliged to give consent to data processing with regard to data that is not relevant for the performance of the contract and/or is not legally required.
Please contact us at any time if you would like to know which personal data we store about you and/or if you would like to have it corrected or deleted. In these cases, or if you have any questions, please contact:
Dr. Nagler & Company Holding GmbH
Hauptstraße 9
92253 Schnaittenbach
T +49 9622 71 97 30
office[at]nagler-company.com
We have also appointed an external Data Protection Officer (DPO), whom you can contact if you have questions or concerns regarding procedures relating to personal data. The name and contact details of the DPO are as follows:
Herrn Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
T +49 941 29 86 93 0
anfragen[at]projekt29.de
https://www.projekt29.de
If our Data Protection Officer is unable to resolve your request to your satisfaction, you always retain the right to lodge a complaint with the data protection supervisory authority responsible for your federal state.
Website visitors
You do not have to disclose any personal data in order to visit our website. In some cases, we require your name and address as well as further information in order to provide you with the desired service.
The same applies if, at your request, we supply you with information material or answer your inquiries. In these cases, we will always inform you accordingly. We also store only the data that you transmit to us automatically or voluntarily.
If you use one of our services, we generally collect only the data necessary to provide the service. We may ask you for additional information, but this is voluntary. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial objectives.
When you visit our websites, we store certain information for administrative and technical reasons. This includes: type and version of the browser used, date and time of access, and the IP address.
This data is anonymized and used only for statistical purposes and/or to improve our internet and online services.
This anonymized data is stored separately from personal data on secure systems and cannot be assigned to any individual. This means your personal data remains protected at all times.
Cookies
When you visit our websites, we may store information on your computer in the form of cookies. Cookies are small files that are transmitted from an internet server to your browser and stored on your hard drive. Only the internet protocol address is stored—no personal data. This information stored in the cookies allows us to automatically recognize you the next time you visit our website, making it easier for you to use it.
Of course, you can also visit our websites without accepting cookies. If you do not want your computer to be recognized on your next visit, you can reject the use of cookies by changing your browser settings to “Reject cookies”. Please refer to the operating instructions for your browser for the relevant procedure. However, if you reject the use of cookies, this may result in restrictions in the use of some areas of our websites.
Consent Manager
We have integrated the consent management tool “consentmanager” (www.consentmanager.net) from consentmanager AB (Håltgelvågen 1b, 72348 Västerås, Sweden, mail[at]consentmanager.net) into our website in order to obtain consent for data processing and/or the use of cookies or comparable functions. With the help of “consentmanager”, you have the option to give or refuse your consent for certain functionalities of our website, e.g., for the purpose of integrating external elements, integrating streaming content, statistical analysis, reach measurement, and personalized advertising. You can use “consentmanager” to give or refuse your consent for all functions, or to give your consent for individual purposes or individual functions. The settings you make can also be changed by you at a later time. The purpose of integrating “consentmanager” is to leave the decision about the aforementioned matters to the users of our website and, within the context of further use of our website, to provide the possibility of changing settings that have already been made. When using “consentmanager”, personal data as well as information about the devices used (IP address, language, browser, etc.) are processed and transmitted to consentmanager AB. The information about the settings you have chosen is also stored on your device.
The legal basis for the processing is Art. 6(1) sentence 1 lit. c GDPR in conjunction with Art. 7(1) GDPR, insofar as the processing serves to fulfill the legally stipulated obligations to provide evidence of consent. Otherwise, Art. 6(1) sentence 1 lit. f GDPR is the relevant legal basis. Our legitimate interests in the processing lie in storing user settings and preferences with regard to the use of cookies and in evaluating consent rates. At the latest twenty-four months after the user settings are made, consent will be requested again. The user settings made will then be stored again for this period unless you delete the information about your user settings yourself in the designated storage of your device.
You can object to the processing insofar as the processing is based on Art. 6(1) sentence 1 lit. f GDPR. Your right to object applies for reasons arising from your particular situation. To object, please contact mail[at]consentmanager.net by email.
CleverReach
This website uses CleverReach to send newsletters and event information. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that can be used to organize and analyze mailings. The data you enter when subscribing (e.g., email address) is stored on CleverReach servers in Germany and/or Ireland.
Our emails sent with CleverReach enable us to analyze recipient behavior. This can include, among other things, analyzing how many recipients have opened the message and how often which link in the email was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action took place after clicking the link in the email. Further information on data analysis by CleverReach newsletters can be found at: www.cleverreach.com/de/funktionen/reporting-und-tracking.
Data processing is carried out on the basis of your consent (Art. 6(1) lit. a GDPR). You can revoke this consent at any time by unsubscribing. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want analysis by CleverReach, you must cancel the subscription. For this purpose, we provide a corresponding link in every email. In addition, you can also unsubscribe directly on our website. The data stored with us for the purpose of the subscription will be stored by us until you are removed from the distribution list and will be deleted after you unsubscribe, both from our servers and from CleverReach servers. Data that has been stored by us for other purposes (e.g., email addresses for the members’ area) remains unaffected. For details, please refer to CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz.
d.vinci
We use the applicant management software d.vinci on our website. The technical provision is carried out by d.vinci HR-Systems GmbH, headquartered in Hamburg (https://www.dvinci.de/). The software is used by our company primarily for the following purposes: publishing and editing job postings, receiving and managing applications.
The corresponding widget (“Job widget”) is integrated on the Careers page. By clicking on one of the job postings published on our pages, you will be redirected to an external application portal. The application portal and technical infrastructure fall within the responsibility of d.vinci HR-Systems GmbH. All content related to the application (job postings) is provided by our company.
The processing of all data pursuant to Art. 4(2) GDPR that is transmitted to us as part of an application is carried out exclusively in direct connection with the procedure and is in accordance with Section 26 of the German Federal Data Protection Act (BDSG). All data is accessible only to those responsible within our company who are directly involved in the application process and is treated as strictly confidential. The following types of data are particularly affected by these provisions: contact data, cover letters/CVs, certificates/employment references, applicant profiles, other applicant data/application documents (e.g., photographs), information in optional form fields.
Within the scope of our activities in the area of applicant management, d.vinci HR-Systems GmbH acts as a processor pursuant to Art. 28 GDPR. The basis for processing this data is a data processing agreement between us and d.vinci HR-Systems GmbH. Your personal data is stored exclusively in direct connection with your application. Data is not processed for purposes outside of the application procedure. After completion of the application procedure, your data will be stored for 6 months. It will then be automatically deleted or anonymized for statistical purposes so that no conclusions can be drawn about your person. This applies in the event that the application does not result in an employment relationship. If you have consented to further storage of your data, it will be stored in our internal applicant pool. In this case, the data will be deleted after two years. If legitimate interests pursuant to Art. 6(1) lit. f GDPR (e.g., legal disputes) or other legal obligations prevent deletion, deletion will be delayed until the respective matter has been clarified.
All data that you transmit to us as part of the application procedure is transmitted via an encrypted connection and stored for the duration of the procedure in a data center within Germany and/or within the EU. The data center is within the responsibility of our processor d.vinci HR-Systems GmbH. Further information on how d.vinci HR-Systems GmbH ensures the protection of data and information can be found at the following link: https://www.dvinci.de/datenschutz-informationssicherheit/
Google Analytics with anonymization function
On our website, we use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website.
The information generated by these cookies, e.g., time, location and frequency of your website visits including your IP address, is transmitted to Google in the USA and stored there.
We use Google Analytics on our website with the add-on “_gat._anonymizeIp”. In this case, your IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area and thus anonymized.
Google will use this information to evaluate your use of our website, to compile reports on website activity for us, and to provide other services related to website and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the data on Google’s behalf.
According to its own statements, Google will in no case associate your IP address with other Google data. You can prevent the installation of cookies by adjusting the settings of your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
In addition, Google offers a deactivation add-on for the most common browsers, which gives you more control over which data is collected by Google regarding the websites you visit. The add-on informs the JavaScript (ga.js) of Google Analytics that no information about the website visit should be transmitted to Google Analytics. However, the Google Analytics deactivation add-on does not prevent information from being transmitted to us or to other web analytics services we may use. Further information on installing the browser add-on can be found at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
If you visit our website using a mobile device (smartphone or tablet), you must instead use the following link to disable tracking by Google Analytics within this website in the future:
This is also possible as an alternative to the browser add-on above. By clicking the link, an opt-out cookie is set in your browser, which is only valid for this browser and this domain. If you delete cookies in this browser, the opt-out cookie will also be deleted, meaning you will have to click the link again. If you have consented to your web and app browsing history being linked to your Google account and information from your Google account being used to personalize ads, Google uses your data together with Google Analytics data to create audience lists for cross-device remarketing. For this purpose, Google Analytics first records your Google-authenticated ID on our website, which is linked to your Google account (i.e., personal data). Google Analytics then temporarily links your ID with your Google Analytics data in order to optimize our audiences. If you do not agree with this, you can disable this via the corresponding settings in the “My Account” area of your Google account.
PipeDrive
This website uses PipeDrive for a text-based dialog system (chatbot). The provider is Pipedrive GmbH, Julie-Wolfthorn-Straße 1, 10115 Berlin, Germany. The data you enter (name, email address, company) is not monitored or forwarded by PipeDrive. Only Nagler & Company is authorized to access your data. Nagler & Company uses the data you provide only for the purpose of contacting you as requested.
Data processing is carried out on the basis of your consent. You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation. Further information can be found at: https://www.pipedrive.com/de/features/privacy-security and https://support.pipedrive.com/de/article/pipedrive-and-gdpr.
Changes to this Privacy Policy
We reserve the right to change our privacy policies if this becomes necessary due to new technologies. Please ensure that you have the current version. If fundamental changes are made to this privacy policy, we will announce them on our website.