Privacy Policy

Last updated on January 2023

1. Scope

Next47 GmbH, Leopoldstr. 156, 80804 München (“Next47”) respects your privacy in handling personal data relating to the use of our website, our services and our business relations in general. This Privacy Policy covers how Next47 collects, stores, uses, discloses and transfers (“processes”) your personal data and describes your related rights. The personal data that we collect about you depends on the context of your interactions with us, the services and features that you use, your location, and applicable mandatory law.

2. Categories of personal data processed and purpose of processing for Online Offerings

When visiting our websites or using our applications, or online services (each an “Online Offering”) we process information which you have actively and voluntarily provided about yourself, or which has been generated by us in connection with your use of the Online Offerings. This information includes the following categories of personal data:

• Your contact information, including name, e-mail address, telephone number;
• Further personal data that you provide by filling in forms in our Online Offerings;
• Information submitted as part of a support request, survey or comment or forum post; and
• Information on your interaction with the Online Offering, including your device and user identifier, information on your operating system, device type, browser type, referring site, sites and services accessed during your visit, the date and time of each visitor request.

We process that personal data for the following purposes:

• To provide the Online Offerings which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings;
• To verify your identity;
• To answer and fulfill your requests or instructions;
• To contact you with information and offers concerning our products and services, to send you further marketing information or to contact you in the context of customer satisfaction surveys; and
• As reasonably necessary to enforce the Online Offering’s terms and conditions, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems.

Our Online Offerings may be provided to you for your use by the organization to which you belong. If your organization provides you with access to an Online Offering, our processing of personal data provided by or collected from you or your organization in connection with the Online Offering’s content is performed under the direction of your organization and is subject to a data processing agreement between your organization and us. In such instance, your organization is responsible for any personal data contained in such content and you should direct any questions about how personal data contained in such content is used to your organization.

3. Categories of personal data processed and purpose of processing for Business Relations

In the context of a business relation with us, we may process the following categories of personal data of consumers and contact persons at (prospective) customers, suppliers, vendors and partners (“Business Relation”):

• Contact information, such as full name, job position, work address, work telephone number, work mobile phone number, work fax number and work email address;
• Payment data, such as data necessary for processing payments and fraud prevention, including bank account information, credit/debit card numbers, security code numbers and other related billing information;
• Further information necessarily processed in a Business Relation or voluntarily provided by you, such as personal data relating to orders placed, payments made, requests, and project milestones;
• Personal data collected from publicly available resources, integrity data bases and credit agencies; and
• If legally required for business partner compliance screenings: date of birth, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against business partners.

We may process the personal data for the following purposes:

• Communicating with business partners about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about our services and projects;
• Planning, performing and managing the Business Relation; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries and providing support services;
• Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events;
• Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys;
• Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
• Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, business partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
• Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.

4. Surveys and Direct Marketing

In accordance with applicable law, we may process your contact information for direct marketing purposes (e.g. invitations, newsletters with further information and offers concerning our products and services) and to carry out surveys, in each case also by e-mail. You may object to the processing of your contact data for these purposes at any time by writing to dataprotection@next47.com or by using the opt-out mechanism provided in the respective communication you received.

5. Links to Other Websites and Social Media Platforms

This Privacy Policy does not apply to websites or applications offered and operated by third parties. We may provide links to other websites or applications which may be of interest to you. We are not responsible for the privacy practices or the content of external websites or applications.

We display content from other media platforms, such as YouTube, Medium etc. (each a “Media Platform”) on our Web Site. When browsing on our website no personal data is transferred to the operators of such Media Platforms unless you click on the respective Media Platforms’ content linked on our website. If you click on the content, you will be re-directed to the respective Media Platform. The respective operator of the Media Platform is solely responsible for the privacy practices of the respective Media Platform. To learn about the respective privacy practices applicable please refer to the privacy policy of the respective Media Platform.

6. YouTube-videos

YouTube-videos embedded on the web site are provided by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”). These videos are embedded on our Web Site in the “privacy-enhanced mode”. In the privacy-enhanced mode YouTube will not collect information about you unless you activate a YouTube video. In such case your browser will connect to the YouTube server and display the respective video. For this purpose, YouTube may process your browser information and information on the websites from which you access the respective content. You may obtain further information on YouTube’s privacy practices here.

7. Analytics

We use a 3rd party analytical software to gather statistical information about our website visitors. The services we use include: Google Analytics (Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland)

8. Transfer and disclosure of Personal Data

We may transfer or disclose your personal data to the following recipients:

Other affiliated companies or third parties – e.g. sales partners or suppliers – in connection with your use of the Online Offerings or our Business Relation with you;
Third parties which provide IT services to us and which process such data only for the purpose of such services (e.g., hosting or IT maintenance and support services); and
Third parties in connection with complying with legal obligations or establishing, exercising or defending rights or claims (e.g., for court and arbitration proceedings, to law enforcement authorities and regulators, to attorneys and consultants).

Personal data published by you on Online Offerings (such as chat rooms or forums) may be globally accessible to other registered user of the respective Online Offering.

9. Retention Periods

Unless indicated otherwise at the time of the collection of personal data (e.g. within a form you completed), we erase personal data if the retention of the personal data is no longer necessary for (i) the purposes for which they were collected or (ii) to comply with our legal obligations (such as retention obligations under applicable tax or commercial law).

10. Your Rights

The privacy or data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data. If provided under applicable law, you might be entitled to:

• Obtain information from us if and to what extent your personal data is being processed and, if applicable, get access to your personal data; Request us to correct your personal data to the extent it is inaccurate;
• Request us to erase your personal data;
• Request us to restrict the processing of your personal data;
• Request data portability for your personal data that you had actively provided; and;
• Object, on grounds relating to your particular situation, to further process your personal data.

11. Security

To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.

12. Contact

Our data privacy organization provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. Our data privacy organization may be contacted at: dataprotection@next47.com.

The data privacy organization will use commercially reasonable efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the data privacy organization, you always have the right to approach the competent data protection authority with your request or complaint.

13. Processing under GDPR: controller, legal basis for the processing and international transfers

This section provides you with further information if your personal data is processed by one of our companies located in the European Economic Area.

Data Controller

Next47 GmbH is the data controller in the meaning of the EU’s General Data Protection Regulation (“GDPR”) for the processing activities described in this Privacy Policy.

As part of our Business Relations with you, we may share contact information with affiliated companies. We and these companies are jointly responsible for the proper protection of your personal data (Art. 26 GDPR). To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these companies granting you the right to centrally exercise your data subject rights under section 9 of this Privacy Policy against Siemens Aktiengesellschaft, Germany. To exercise your rights, you may reach out to: dataprotection@next47.com.

Legal basis of the processing

We are processing personal data to the extent necessary for the purposes of:

• Exercising our rights and performing our obligations under any contract we make with you (Article 6 (1) (b) GDPR) (“Contract Performance”);
• Compliance with our legal obligations (Article 6 (1) (c) GDPR) (“Compliance with Legal Obligations”); and/or
• Legitimate interests pursued by us (Article 6 (1) (f) GDPR) (“Legitimate Interest”). Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Online Offerings, and/or (ii) our Business Relations with you. To the extent the below table states that we are relying on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, including our Binding Corporate Rules on the Protection of Personal Data, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact our data privacy organization at: dataprotection@next47.com.

In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) GDPR) (“Consent”).

Processing of personal data in the context of Online Offerings – Purpose and Legal Basis To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings:

• Contract Performance (Article 6 (1) (b) General Data Protection Regulation)
• Legitimate Interest (Article 6 (1) (f) GDPR)

To bill your use of the Online Offering

• Contract Performance (Article 6 (1) (b) General Data Protection Regulation)
• Legitimate Interest (Article 6 (1) (f) GDPR

To verify your identity

• Contract Performance (Article 6 (1) (b) GDPR)
• Legitimate Interest (Article 6 (1) (f) GDPR)

To answer and fulfill your requests or instructions

• Contract Performance (Article 6 (1) (b) GDPR)
• Legitimate Interest (Article 6 (1) (f) GDPR)

To process your order or to provide you with access to specific information or offers

• Contract Performance (Article 6 (1) (b) GDPR)
• Legitimate Interest (Article 6 (1) (f) GDPR)

To send you marketing information or to contact you in the context of surveys

• Consent, if voluntarily provided (Article 6 (1) (a) GDPR)
• Legitimate Interest (Article 6 (1) (f) GDPR)

As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems

• Compliance with Legal Obligations (Article 6 (1) (c) GDPR
• Legitimate Interest (Article 6 (1) (f) GDPR)

Processing of personal data related to your Business Relations with us – Purpose and Legal Basis

Communicating with business partners about our products, services and projects, e.g. by responding to inquiries or requests or providing you with technical information about purchased products

• Contract Performance (Article 6 (1) (b) GDPR) • Legitimate Interest (Article 6 (1) (f) GDPR)

Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services

• Contract Performance (Article 6 (1) (b) GDPR)
• Compliance with Legal Obligations (Article 6 (1) (c) GDPR)

Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events

• Consent, if voluntarily provided (Article 6 (1) (a) GDPR)
• Legitimate Interest (Article 6 (1) (f) GDPR)

Conducting direct marketing activities and surveys

• Consent, if voluntarily provided (Article 6 (1) (a) GDPR)
• Legitimate Interest (Article 6 (1) (f) GDPR)

Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities

• Legitimate Interest (Article 6 (1) (f) GDPR)

Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards

• Compliance with Legal Obligations (Article 6 (1) (c) GDPR)
• Legitimate Interest (Article 6 (1) (f) GDPR)

Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims

• Compliance with Legal Obligations (Article 6 (1) (c) GDPR
• Legitimate Interest (Article 6 (1) (f) GDPR)

International data transfers

If we transfer your personal data outside the European Economic Area, we ensure that your data is protected in a manner which is consistent with the GDPR. To the extent required by applicable mandatory law, we take the following measures:

• We share your personal data with affiliated companies outside the European Economic Area only if they have implemented our Binding Corporate Rules for the Protection of Personal Data.
• We transfer personal data to external recipients outside the European Economic Area only if the recipient has (i) entered into EU Standard Contractual Clauses with us or (ii) implemented Binding Corporate Rules in its organization. You may request further information about the safeguards implemented in relation to specific transfers by contacting dataprotection@next47.com.

Your competent data protection authority

In case of data privacy related concerns and requests, we encourage you to contact our data privacy organization at dataprotection@next47.com. Besides contacting us you have the right to approach the competent data protection authority with your request or complaint.

14. US Residents

Do Not Track

At this time our Online Offerings do not recognize or respond to “Do Not Track” browser signals. For more information on “Do Not Track”, please visit your browser’s support page.

Usage by Children

Our Online Offering is not directed to children under the age of thirteen. We will not knowingly collect personal data from children under the age of thirteen without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.

California residents

The purpose of this notice is to provide information to California residents and to notify them of their rights under California law. This section is not applicable to and may not be relied upon by anyone else besides California residents.

California’s “Shine The Light” law:

California’s “Shine The Light” law permits those of our customers who are California residents to annually request a list of their personal data (if any) that we have disclosed to third parties for direct marketing purposes in the preceding calendar year, and the names and addresses of those third parties. At this time, we currently do not share any personal data with third parties for their direct marketing purposes.

Notices:

We may, through a variety of online and offline sources, collect the following categories of personal information:

• Personal identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, telephone number, passport number, state identification card number, insurance policy number, bank account number, credit card number, debit card number, financial information, medical information, or health insurance information.
• Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement
• Geolocation data.
• Biometric and physical characteristics such as audio, electronic, visual, thermal, olfactory, or similar information.
• Professional or employment-related information.
• Education information
• The sources from which the personal information may be collected may include:
  • Our and our affiliates’ internet sites that you visit,
  • Our and our affiliates’ mobile applications that you use;
  • You or your employer, such as via telephone, mail, email, or at events, or in connection with potential employment or business opportunities;
  • Our customers, vendors, and suppliers
    • Third parties from whom we purchase contact data, such as Linked-In.

Such collected information may be used for the purposes described elsewhere within our

Privacy Policy.

Rights:

(a) California residents have the right to request that we delete the personal data that we have collected about that resident. Please note that there are circumstances under which such a right of deletion does not apply, such as where it is reasonable for us to maintain the personal information to:

• Complete the transaction for which the personal information was collected, provide a good or service requested or reasonably anticipated, or otherwise perform a contract with the resident.
• Detect security incidents; protect against malicious, deceptive, fraudulent or illegal activity; or prosecute those responsible for that activity.
• Debug to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another resident to exercise his or her right of free speech, or exercise another right provided for by law, or comply with a legal obligation.
• Comply with the California Electronic Communications Privacy Act.
• Engage in public or peer-reviewed scientific, historical or statistical research in the public interest (when deletion of the information is likely to render impossible or seriously impair the achievement of such research) if the resident has provided informed consent.
• To enable solely internal uses that are reasonably aligned with the resident’s expectations based on the relationship with us.
• To otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which the resident provided the information.

(b) California residents have the right to request that we disclose, with respect to that resident,

• The categories of personal information we have collected.
• The categories of sources from which we collected the personal information.
• The purpose for collecting or selling personal information.
• The categories of third parties with whom we share personal information.
• The specific pieces of personal information we have collected.

Please note that, in general, the categories of personal information we collect include those identified above and in our Privacy Policy.

(c) California residents have the right to not be discriminated against by us for any exercise of these rights.

Sale and Disclosure

We disclose personal information for business purposes. The categories of personal information that we have disclosed for a business purposes within the preceding 12 months include:

• Personal identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, telephone number, passport number, state identification card number, insurance policy number, bank account number, credit card number, debit card number, financial information, medical information, or health insurance information.
• Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
• Geolocation data.
• Biometric and physical characteristics such as audio, electronic, visual, thermal, olfactory, or similar information.
• Professional or employment-related information.
• Education information

In order to exercise any rights to deletion or disclosure, please contact us under dataprotection@next47.com.

Please note that any requests may be subject to verification of the identification of the requestor. The method we would use to verify your identity will be different depending on the manner and context in which your data was collected, and may require the provision by you of such personal information as may be necessary to match you to our records of you (if any). You may be entitled to use an authorized agent to exercise your rights on your behalf and, if you choose to do so, such an agent may contact us in the same manner as described above, and will also be required to verify their own identity and their authority to act on your behalf.