Data Privacy

Data protection information of NMS New Mobility Solutions Hamburg GmbH

We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of the NMS New Mobility Solutions Hamburg GmbH. The use of the Internet pages of the NMS New Mobility Solutions Hamburg GmbH is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the applicable provisions of data protection law. By means of this data protection declaration, our enterprise would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.
As the controller, the NMS New Mobility Solutions Hamburg GmbH has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

A. Who is responsible for data processing and whom can I contact?
The responsible body for data processing is:
NMS New Mobility Solutions Hamburg GmbH
c/o Hamburger Hochbahn AG
Steinstrasse 20
20095 Hamburg
Germany
Tel.: +4940882157037
Email: contact@new-mobility-solutions.de

B. What data do we process and for what purpose?

Below we describe for what purposes and how we process your data. We provide information here about:

1. Use of our Internet offer new-mobility-solutions.de
2. Communication with NMS New Mobility Solutions Hamburg GmbH

1. use of our internet offer new-mobility-solutions.de

Since personal data is processed when you use our website (new-mobility-solutions.de), we would like to inform you below about how your data is handled.

1.1 Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Insofar as a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 of Act to Regulate Data Protection and Privacy in Telecommunications and Telemedia (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

We use the following hoster:
Pixel X e.K.
Cow Street 26-27
38100 Brunswick
Germany

Job processing
We have concluded a contract on order processing (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

1.2 SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator.
You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

1.3 Cookies
1.3.1 General notes
Our internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the display of videos). Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.

1.3.2 Consent with Cookiebot
Our website uses consent technology from Cookiebot to obtain your consent to the storage of certain cookies on your end device or for the use of certain technologies and to document this in a data protectioncompliant manner. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).
When you enter our website, a connection is established with the Cookiebot servers to obtain your consent and provide you with other explanations regarding the use of cookies. Cookiebot will then store a cookie in your browser to identify the consent you have given or its revocation. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie itself or the purpose for which the data is stored no longer applies. Mandatory legal storage obligations remain unaffected. Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR.
1.4 Collection of general data and information
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• browser types and versions used, the operating system used by the accessing system,
• the website from which an accessing system arrives at our website (so-called referrer),
• the sub-websites that are accessed via an accessing system on our website,
• the date and time of access to the website,
• an internet protocol (IP) address,
• the Internet service provider of the accessing system and
• other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, the NMS New Mobility Solutions Hamburg GmbH does not draw any conclusions about the data subject. This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest to:
• to deliver the contents of our website correctly,
• optimise the content of our website and the advertising for it,
• to ensure the permanent functionality of our information technology systems and the technology of our website, and
• to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

Therefore, the NMS New Mobility Solutions Hamburg GmbH analyzes anonymously collected data and information on one hand for statistical purposes and on the other hand for the purpose of increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

1.5 Newsletter
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. For the handling of the newsletter we use newsletter service providers, which are described below.

Sendinblue
This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue’s servers in Germany.

Data analysis by Sendinblue
With the help of Sendinblue, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often.
We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter.
Sendinblue also enables us to subdivide (“cluster”) the newsletter recipients according to various categories. For example, newsletter recipients can be subdivided according to age, gender or place of residence. In this way, the newsletters can be better adapted to the respective target groups.
target groups.
If you do not want Sendinblue to analyse your newsletter, you must unsubscribe. For this purpose, we provide a corresponding link in every newsletter message.
Detailed information on the Sendinblue functions can be found at the following link: https://www.sendinblue.com/newsletter-software/.

Legal basis
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
For more details, please refer to the data protection provisions of Sendinblue at:
https://de.sendinblue.com/datenschutz-uebersicht/.

2. Communication with the Hamburg-based NMS New Mobility Solutions Hamburg GmbH

2.1 Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time. The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.

2.1 Request by e-mail, fax or telephone
If you contact us by e-mail or telephone, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

3. Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.
Data are stored and analyzed on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

C. What data protection rights do I have?
Upon request, we will gladly inform you whether and which personal data we have stored about you (right to information). In addition, you can correct incorrect data (right to rectification) or have such data deleted whose storage is inadmissible or no longer necessary (right to deletion). Under certain circumstances, you can also request us to restrict the processing of your personal data (right to restriction of processing) as well as object to the processing of your data if such processing is based on

• the legal basis of the overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) or the performance of a task in the public interest (Art. 6 para. 1 lit. e GDPR) or
• is based on consent (Art. 6 para. 1 lit. a GDPR) (right of revocation).
• In particular, you can object at any time to the use of your personal data for the purposes of advertising and/or market and opinion research (right to object to advertising).

Furthermore, you can in principle demand that we provide you with the personal data concerning you in a structured, common and machine-readable format in order to transfer this data to another person responsible without hindrance from us (right to data portability).
The aforementioned rights are granted to you by Articles 15 – 21 of the GDPR. They are only presented here in a very abbreviated form.
If you have any questions about the exact scope of the rights in question and how to exercise them, you can contact the responsible body mentioned in point A. and/or the Hamburg Commissioner for Data Protection and Freedom of Information (see point D.).

D. Which supervisory authority can I complain to?
If you consider that the processing of personal data concerning you infringes the GDPR, you may – without prejudice to any other administrative or judicial remedy – lodge a complaint with the competent supervisory authority. The competent supervisory authority is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
E-Mail: mailbox@datenschutz.hamburg.de
Internet: datenschutz.hamburg.de

Status: August 2022