privacy policy.

Privacy Notice/Duty of Disclosure Under TMG § 5 and GDPR art. 13/14

Introduction:
At novaxomx GmbH, we believe the protection of personal data involves far more than just complying with legislation. We are therefore happy that you are interested in how we handle personal data. We always process personal data such as a person’s name, address, e-mail address, or phone number in accordance with applicable privacy law. With this privacy notice, we would like to inform everyone about the nature, scope, and purpose of the personal data that we collect, use, and process. Furthermore, we would like to explain to the persons concerned the rights to which they are entitled. novaxomx GmbH has implemented numerous technical and organizational measures to ensure that the personal data processed via this Web site is protected as comprehensively as possible. Despite the care we take, Internet-based data transmission is vulnerable to security flaws and, consequently, absolute protection can never be guaranteed. For this reason, you of course have the option of transmitting your personal data by alternative means, for example, by telephone or post.

Name, Address, and Contact Details of the Entity Responsible
novaxomx GmbH
Chairman of the Managment Board / CEO Dr. Dirk Dembski and Dr. Frank Plöger
Ernst-Wiss-Str. 18
65933 Frankfurt am Main
Germany

Phone: +49 6027 – 40 900 13
E-Mail: info@novaxomx.com
Website: www.novaxomx.com

Privacy Officer Contact Details
The Privacy Officer for the data controller is:
DDI – Deutsches Datenschutz Institut GmbH
www.deutsches-datenschutz-institut.de
You can contact our Privacy Officer by sending a letter to the attention of “Privacy Officer” at the address above or by sending an e-mail to: datenschutz@novaxomx.de

Purposes and Legal Grounds for Processing Data – When Visiting Our Web Site in General
Should you use our Web site purely for informational purposes, not register yourself, or convey information to us in some other way (e.g. by e-mail), we will only collect the data that your browser transfers to our server (“server log files”). This data is processed in accordance with GDPR art. 6(1)(f) on the basis of our legitimate interest in improving the stability and functionality of our Web site. This data is not used in any other way and in no way shared with third parties. However, we do reserve the right to analyze log files at a later date if there are reasons to suspect unlawful usage.

Purposes and Legal Grounds for Processing Data – Contact Form
When you contact us (e.g. using our contact form or by e-mail), we collect personal data. This data is stored and used exclusively for the purposes of answering your inquiry and for the associated technological administration. Our legitimate interest in responding to your inquiry forms the legal grounds for processing this data, in accordance with GDPR art. 6(1)(f). If you contact us for the purpose of entering into a contract, there are additional legal grounds for processing provided in GDPR art. 6(1)(b). Your data will be erased once your inquiry has been conclusively resolved. This is the case if it can be assumed that the relevant matter has been completely resolved and if there are no statutory retention periods barring us from erasing the data.

Purposes and Legal Grounds for Processing Data – Newsletter Function
Upon registering for our e-mail newsletter, we will regularly send you information about our company and our offers. The only information that is required for us to send the newsletter is your e-mail address. You may provide other data voluntarily so that we can address you by name. We use the double opt-in method to send out our newsletter. This means that we will only send you an e-mail newsletter if you have explicitly confirmed that you give your consent to us sending newsletters. We will then send you a confirmation e-mail asking you to confirm your desire to receive future newsletters by clicking on a corresponding a link.
By clicking on the confirmation link, you grant us permission to use your personal data in accordance with GDPR art. 6(1)(a). When you register for our newsletter, we save the IP address assigned by your Internet service provider (ISP) along with the date and time of registration so that we can trace any misuse of your e-mail address at a later point in time. The data that we collect when you register for the newsletter is used exclusively for promotional purposes in the form of our newsletter. You can unsubscribe from the newsletter at any time by using the link provided for this in every newsletter. When you unsubscribe, your e-mail address will be immediately deleted from our newsletter mailing list, provided that you have not given your explicit consent to us continuing to use your data or that we do not reserve the right to use the data beyond the given scope in a manner legally allowed and about which we inform you in this notice.

Recipients or Categories of Recipients
Your data is not forwarded anywhere else.

Transfer to Non-EU/EEA Country
Your data is not transferred to non-EU/EEA countries.

Deletion Dates
The controller processes and stores the data subject’s personal data only for the period of time required to achieve the purpose for which it is stored or only if the controller is required to store data on account of legislation or regulations that are passed by European Union legislators and regulators, or other legislators, and the controller is subject to this legislation or these regulations.
Should there no longer be any reason to store the data or if a retention period prescribed by a European Union directive or regulation or by other relevant law expires, the personal data will be restricted from processing or deleted as a matter of routine and in accordance with statutory regulations.

Notice of Right to Object When Consent Is Selected as Legal Grounds
You have the right at any time to withdraw any consent given to the processing of your data. If you withdraw your consent, we will immediately delete the data concerned, provided there are no other legal grounds to support further processing. If you withdraw your consent, it will not affect the legality of the processing operations conducted until the time of the withdrawal.

Right to Complain to Data Protection Supervisory Authority
If you believe that the processing of your personal data violates the GDPR, GDPR art. 77 provides you the option of filing a complaint with the Privacy Officer named above or with a supervisory authority for data protection. The supervisory authority with jurisdiction over us is:
Bavarian Data Protection Authority (BayLDA)
Promenade 27
91522 Ansbach
Germany
Registered at Aschaffenburg Local Court under HRB 4436

Notice About Profiling and Scoring
Profiling and scoring does not take place.

Supervisory Authority for Occupations Requiring Authorization (Auditors, Insurance Brokers, Real Estate Brokers, etc.)
Federal Financial Supervisory Authority (BaFin), IHK Aschaffenburg, Kleinostheim Municipality Trade Licensing Office, City of Frankfurt Trade Licensing Office

Rights of the Data Subject
You can request information about the personal data concerning you that we have stored by writing to the above address. Moreover, in certain situations you can request to have your data rectified or erased.
You may additionally have the right to have the processing of your data restricted as well as the right to obtain the data you have provided in a structured, commonly used, and machine-readable format.
In addition, you have the right to complain to a supervisory authority for data protection. The supervisory authority with jurisdiction over us is:
Bavarian Data Protection Authority (BayLDA)
Promenade 27
91522 Ansbach
Germany

Cookies
The Web site for novaxomx GmbH uses cookies. Cookies are text files that are downloaded and stored on a computer system through a Web browser. There are numerous Web sites and servers that use cookies. Many cookies contain what is called a cookie ID, which acts as a unique identifier for the cookie. The ID consists of a sequence of characters through which Web sites and servers can recognize the specific Web browser in which the cookie was saved. This makes it possible for the visited Web sites and servers to differentiate between the data subject’s individual browser and other browsers that receive other cookies. Specific Web browsers can thus be recognized and identified using the unique cookie ID. By using cookies, novaxomx GmbH can provide Web site users with more user-friendly services that would otherwise not be possible. The use of cookies optimizes the information and offerings on our Web site for the user’s benefit. Cookies enable us to recognize the people using our Web site, as described above. The reason we seek to recognize users is so that we can make it easier for them to use our Web site. A person who uses a Web site that saves cookies, for example, does not have to repeatedly log in every time he/she visits the site, as the Web site and the cookie saved on the user’s computer take care of it for him/her. Another example is the cookie saved for a shopping basket in an online shop. The online shop remembers the items the customer puts in his/her virtual basket by using a cookie.
The data subject can at any time stop cookies being saved by our Web site by activating the corresponding settings in his/her Web browser and, in doing so, permanently object to cookies being saved. Furthermore, cookies that have already been saved can be deleted at any time using the Web browser or other software programs. This is a function available in all common Web browsers. If the data subject deactivates his/her Web browser’s cookie-saving function, it may in some cases no longer be possible to use the complete functionality of our Web site.

Data Protection Provisions for the Use of Facebook
The controller has integrated components from Facebook, Inc. into this Web site. Facebook is a social network.
A social network is a social meeting place and online community run on the Internet that usually enables users to communicate with each other and interact in a virtual setting. A social network can be used as a platform to exchange opinions and experiences or it enables the online community to provide personal or commercial information. Facebook enables the social network’s users to do things such as create private profiles, upload photos, and network with each other through friend requests.
The company operating Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. The entity controlling the processing of data, if the data subject is not resident in the United States or Canada, is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Every time an individual page is visited on this Web site, the latter being operated by the controller and featuring an integrated Facebook component (Facebook plug-in), the relevant Facebook component automatically causes the Web browser on the data subject’s information technology system to download a rendering of the corresponding Facebook component from Facebook. You can see an overview of all Facebook plug-ins at https://developers.facebook.com/docs/plugins/?locale=en_US. This technological process involves Facebook receiving knowledge of the particular sub-site on our Web site that the data subject is visiting.
Every time the data subject visits our Web site and for the entire length of time he or she spends on our Web site, Facebook will identify the specific sub-site on our Web site that the data subject visits if he or she is simultaneously logged in to Facebook. This information is collected by the Facebook component and matched with the data subject’s Facebook account by Facebook. If the data subject clicks on one of the Facebook buttons integrated into our Web site, for example the “Like” button, or if the data subject leaves a comment, Facebook will match this information with the data subject’s personal Facebook account and store this personal data.
The Facebook component always informs Facebook of the data subject visiting our Web site if the data subject is simultaneously logged in to Facebook at the time of visiting our Web site, irrespective of whether the data subject clicks on the Facebook component. If the data subject does not want this information to be transferred to Facebook in the described manner, he or she can prevent it being transferred by logging out of his or her Facebook account before visiting our Web site.
The Data Policy published by Facebook, available at https://facebook.com/about/privacy/, provides information about Facebook’s collection, processing, and usage of personal data. Furthermore, it explains the settings that Facebook offers to protect the privacy of data subjects. Additionally, there are various applications available that make it possible to stop data from being transferred to Facebook. Data subjects can use these applications to prevent data from being transferred to Facebook.

Data Protection Provisions for the Use of LinkedIn
The controller has integrated components from LinkedIn Corporation into this Web site. LinkedIn is an online social network that enables users to connect with existing business contacts as well as new ones. LinkedIn has over 400 million registered users in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited Web sites in the world.
The company operating LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States. Privacy issues outside of the United States are handled by LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Our Web site features a LinkedIn component (LinkedIn plug-in), which causes the browser used by the data subject to download a corresponding rendering of the component from LinkedIn every time our Web site is visited. You can find more information about the LinkedIn plug-ins at https://developer.linkedin.com/plugins. This technological process involves LinkedIn receiving knowledge of the particular sub-site on our Web site that the data subject is visiting.
Every time the data subject visits our Web site and for the entire length of time he or she spends on our Web site, LinkedIn will identify the specific sub-site on our Web site that the data subject is visiting if he or she is simultaneously logged in to LinkedIn. This information is collected by the LinkedIn component and matched with the data subject’s LinkedIn account by LinkedIn. If the data subject clicks on one of the LinkedIn buttons integrated into our Web site, LinkedIn will match this information with the data subject’s personal LinkedIn account and store this personal data.
The LinkedIn component always informs LinkedIn of the data subject visiting our Web site if the data subject is simultaneously logged in to LinkedIn at the time of visiting our Web site, irrespective of whether the data subject clicks on the LinkedIn component. If the data subject does not want this information to be transferred to LinkedIn in the described manner, he or she can prevent it being transferred by logging out of his or her LinkedIn account before visiting our Web site.
On the Web site https://www.linkedin.com/psettings/guest-controls, LinkedIn offers users the opportunity to unsubscribe from e-mail messages, SMS messages, and targeted advertising and to manage advertising settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, who may store cookies. Users can reject these cookies at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s applicable terms and conditions for privacy can be read at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

Data Protection Provisions for the Use of YouTube
The controller has integrated components of YouTube into this Web site. YouTube is an online video portal that enables video publishers to upload video clips free of charge and enables other users to watch, rate, and comment on them, also free of charge. YouTube allows any type of video to be published, for which reason full film and television broadcasts as well as music videos, trailers, and user-made videos are available over the online portal.
The company operating Youtube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
Every time an individual page is visited on this Web site, the latter being operated by the controller and featuring an integrated YouTube component (YouTube video), the relevant YouTube component automatically causes the Web browser on the data subject’s information technology system to download a rendering of the corresponding YouTube component from YouTube. More information about YouTube is available at https://www.youtube.com/yt/about/. This technological process involves YouTube and Google receiving knowledge of the particular sub-site on our Web site that the data subject is visiting.
If the data subject is simultaneously logged in to YouTube, YouTube will identify the specific sub-site on our Web site that the data subject is visiting if he or she visits a sub-site containing a YouTube video. This information is collected and matched with the data subject’s YouTube account by YouTube and Google.
The YouTube component always informs YouTube and Google of the data subject visiting our Web site if the data subject is simultaneously logged in to YouTube at the time of visiting our Web site, irrespective of whether the data subject clicks on a YouTube video. If the data subject does not want this information to be transferred to YouTube and Google in the described manner, he or she can prevent it being transferred by logging out of his or her YouTube account before visiting our Web site.
The Privacy Policy published by YouTube, available at https://www.google.de/intl/en/policies/privacy/, provides information about the collection, processing, and usage of personal data by YouTube and Google.