NUM.com is a website of NUM Industry Alliance AG, located at Battenhusstrasse 16 in 9053 Teufen, Switzerland. NUM Industry Alliance AG (hereinafter "NUM") is a company registered in the commercial register of the Canton of Appenzell Ausserrhoden with the register number CHE-113.957.103.
The protection of personal data is a major and important concern for NUM. The following information is intended to inform users of this website about the type of data NUM collects, the purpose for which it is used and to whom it may be made available.
1. General / Subject of the Data Protection Policy / Information on Data Processing and Legal Basis
1.1 This Data Protection Policy informs you about the type, scope and purpose of the processing of personal data within the online services of NUM on its website NUM.com (hereinafter the "website").
1.2 NUM collects data about persons accessing its website. Data is collected, processed and used in accordance with the principles described below and in compliance with the applicable data protection laws.
1.3 Every time a user accesses the website and every time a file is accessed, data on this process is stored in a log file. Depending on the access protocol used, the log data record contains information with the following contents:
- Anonymised IP address of the requesting computer
- date and time of access
- URL and page name of the visited pages
- downloaded file(s)
- origin, language, operating system, device (PC, tablet PC or smartphone), browser and all add-ons used as well as resolution of the requesting computer
- Visitor source (Facebook, search engine or referring website)
- information on visitor behaviour on the website (see also the following explanations regarding Google Analytics)
- the country from which our site was accessed
1.4 We process personal user data only in compliance with the relevant data protection regulations. This means that user data will only be processed if a legal permission has been obtained. I.e., in particular if data processing is necessary for the provision of our contractual services (e.g. processing of orders) as well as online services, or is required by law, if the user has given his consent, and also because of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online services within the meaning of Art. 6 para. 1 f. of the European General Data Privacy Regulation (Regulation EU 2016/679, hereinafter "GDPR"), in particular for range measurement, creation of profiles for advertising and marketing purposes).
1.5 The legal basis for consents within the scope of the GDPR is Art. 6 para. 1 lit. a. and Art. 7 GDPR; the legal basis for processing for the performance of our services and implementation of contractual measures is Art. 6 para. 1 lit. b. GDPR, the legal basis for processing to fulfil our legal obligations Art. 6 para. 1 lit. c. GDPR, and the legal basis for processing to protect our legitimate interests Art. 6 para. 1 lit. f. GDPR.
1.6 By using the website, the user agrees to the collection, processing and use of his data as described in this Data Protection Policy.
1.7 NUM is the service provider in accordance with the relevant legal regulations. Further information can be found in the imprint (https://num.com/service-aside/imprint/).
2. Security Measures
2.1 We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the differences in probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in accordance with Art. 32 GDPR; the measures shall include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and their separation. Furthermore, we have established procedures that guarantee the exercise of rights by affected persons, deletion of data and reaction to data risks. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
2.2 The security measures include, in particular, encrypted transmission of data between your browser and our server.
3. Passing on of Data to third Parties and third Providers
3.1 If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transmit it to them or otherwise grant them access to data, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, pursuant to Art. 6 para. 1 lit. b GDPR is required for contract fulfilment), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
3.2 If we mandate third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.
3.3 If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we have data processed in a third country only if the special requirements of Art. 44 ss. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
4. Performance of Contractual Services
We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit. b GDPR.
5. Establishment of Contact and Consent
a) When contacting us (via contact form or e-mail), the user's details are processed for the processing of the enquiries and their handling in accordance with Art. 6 para. 1 lit. b GDPR.
b) By visiting the website, collecting or modifying data and clicking on the "send message" button, the user consents to the processing, use and forwarding of his data within the scope and to the extent of the purposes described in this Data Protection Policy.
c) The personal data provided by the user to NUM within the scope of the inquiry and/or order will be processed for the purposes of order processing, possible reverse transactions and warranty cases, services and administration. They can also be used for marketing and market research purposes.
d) The user can revoke his consent to the collection, processing, use and disclosure to third parties at any time by written notification to NUM Industry Alliance AG, Battenhusstrasse 16, 9053 Teufen, Switzerland or by e-mail to dataprotection(at)num.com. The revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.
6.2 If you do not want our website to recognize your browser, please adjust your web browser so that all cookies are deleted, blocked in future or you are warned if cookies are stored. However, we would like to point out that certain functions of this website may not (no longer) function without cookies. Below you will find external sources (not managed by NUM) on how you can check and, if necessary, adjust your cookie settings with the most common browsers:
7. Information, Corrections, Revocation, Deletions, Contact
a) The owner of the data collection and responsible for data processing is NUM.
b) The user can request at any time in writing by letter addressed to NUM Industry Alliance AG, Battenhusstrasse 16, 9053 Teufen, Switzerland or by e-mail to dataprotection(at)num.com information about
- the personal data stored on and/or about him, its origin (if available), the recipient or the categories of recipients to whom this data was disclosed, and the purpose for which the data was stored;
- the purpose and, where appropriate, the legal basis for processing the data and the categories of personal data processed and those involved in the storage and collection of the data.
c) If the user has given consent to the use of personal data, he can revoke this consent at any time with effect for the future.
d) NUM can refuse, restrict or postpone the information, as far as a law provides for it.
e) The user may request NUM at any time in writing, addressed to NUM Industry Alliance AG, Battenhusstrasse 16, 9053 Teufen, Switzerland, or by e-mail to dataprotection(at)num.com to delete, correct or complete his personal data. The personal data will then be corrected, completed or deleted immediately, unless the deletion is not yet possible due to the processing of an order or due to statutory retention obligations. In this case, the data will be deleted immediately after the order has been fully processed. In addition, stored personal data will be deleted by NUM when the legal or contractual retention period has expired or if NUM no longer needs the data.
8. Google Analytics
8.2 Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
8.3 Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on the activities within this online services and to provide us with further services connected with the use of this online services and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
8.4 We use Google Analytics to display the advertisements placed by Google and its partners within advertising services only to users who have also shown an interest in our online offer or who have certain features (e.g. interests in certain topics or products that are determined by the web pages visited) that we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences we also want to ensure that our advertisements correspond to the potential interest of the users and are not annoying.
8.5 We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
8.6 The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
8.7 Further information on data use by Google, possible settings and objections can be found on the Google websites: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when using our partners' websites or apps"), https://policies.google.com/technologies/ads ("Data use for advertising purposes"), https://adssettings.google.com/authenticated ("Manage information that Google uses to show you advertising").
9. Integration of Third-party Services and Content
a) Within our online services we use content or service offerings from third parties to incorporate their content and services, such as videos or fonts on the basis of our legitimate interests on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 para. 1 lit. f. GDPR).
b) The following presentation provides an overview of third-party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out):
- On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) (f)). GDPR) Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (white "f" on blue tile, the terms "like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offer. The processed data can be used to create user profiles. We therefore have no influence on the amount of data Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of users' privacy, can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/.
10. Changes to this Data Protection Policy
NUM is entitled to change, supplement or replace this data protection declaration at any time and without prior notice in whole or in part. The data protection declaration published on the website is valid in each case.