Data Privacy

Whenever you visit our website, we collect and process personal data from you. We will inform you below about the type, scope and purpose of the collection and use of your personal data when using our website. You will also receive information about the rights to which you are entitled. "Personal data" is all information that relates to an identified or identifiable natural person (e.g. name, address, email address, etc.).

Technical and organizational measures have been taken to ensure that the data protection regulations are observed by both us and our service providers.

Responsible person, data protection officer

The responsible person within the meaning of Art. 4 No. 7 of the European General Data Protection Regulation (GDPR) is:

NEST Hamburg GmbH

Managing directors: Frank Beckedorf, Johann Evers, Jan Ehrhorn

Werner-Siemens-Straße 29, 22113 Hamburg

Tel.:+4940713777-0

E-Mail:  info@nest-hamburg.de

Hosting

We host the contents of our website with the following provider:

Framer B.V.

Rozengracht 207B

1016 LZ Amsterdam

Netherlands (hereinafter Framer).

When you visit our website, Framer records various log files including your IP addresses. Framer is a tool for creating and hosting websites. Framer stores cookies or other recognition technologies that are required to display the page, to provide certain website functions and to ensure security (necessary cookies). Details can be found in Framer's privacy policy: https://www.framer.com/legal/privacy-statement/. Framer is used on the basis of Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in our website being presented as reliably as possible. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the Netherlands is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.framer.com/legal/privacy-statement/.

Collection of general data and information

If you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security. The legal basis is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR:

• IP address

• Date and time of the request

• Content of the request (specific page)

• Access status/HTTP status code

• Amount of data transferred in each case

• Referrer URL (the previously visited website)

• Browser

• Operating system and its interface

• Language and version of the browser software.

When using this general data and information, we do not draw any conclusions about the person concerned. Rather, this information is required in order to

(1) correctly deliver the content of our website,

(2) optimize the content of our website and the advertising for it,

(3) ensure the long-term functionality of our information technology systems and the technology of our website and

(4) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.

Use of Google Analytics

1. Scope of processing of personal data.

We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States ("Google"), on our website. Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that if you do this, you may not be able to use all of the functions of our website to their full extent.

2. Legal basis for the processing of personal data

The legal basis for the processing is Art.6 Paragraph 1 Clause 1 Letter f of GDPR.

3. Purpose of data processing

The purpose of processing personal data is to specifically address a target group that has already expressed initial interest by visiting the site.

4. Duration of storage

Advertising data in server logs is anonymized by Google deleting parts of the IP address and cookie information after 9 or 18 months, respectively.

5. Possibility of objection and removal

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You can find more information at https://www.google.com/intl/de/policies/privacy/.

External links

Our website also contains references to third-party websites. These are usually identified by specifying the internet address. We have no influence on the content and design of these websites of other providers and therefore cannot extend the content of this data protection declaration to such third-party websites.

E-mail contact

If you give us your e-mail address, we will also communicate with you by e-mail. We will save your e-mail address and your other details and use them on the basis of Art. 6 Para. 1 Clause 1 Letter b GDPR or Art. 6 Para. 1 Clause 1 Letter f GDPR in the interest of being able to answer your inquiry as simply, quickly and appropriately as possible. Your data will only be processed to answer your inquiry and will then be deleted immediately unless we have a legal obligation to retain data. It will not be passed on to third parties.

We would like to point out that communication via unencrypted e-mail is unsafe and the confidentiality of the information transmitted cannot be guaranteed. We recommend that you only send us confidential information via encrypted e-mail or by post.

Contact form

If you send us inquiries via the contact form, your details, including the contact details you provided there, will be saved for the purpose of processing your inquiry and for follow-up questions. This data will not be passed on without your consent.

The legal basis for the processing of personal data entered in the contact form is Art. 6 Paragraph 1 Clause 1 Letter a of GDPR.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions such as retention periods remain unaffected.

Social Icons

So-called social icons (e.g. from Facebook, Twitter, YouTube, Google Plus, LinkedIn, XING, Instagram) are integrated into our website. These are only integrated into our website as a link to the corresponding services. After clicking on the integrated graphic, you will be redirected to the website of the respective provider, i.e. only then will personal data be transferred to the respective provider.

This privacy policy applies accordingly to our appearances on social networks.

Our profiles there are publicly accessible. If you visit one of our appearances, we and the operator of the platform are jointly responsible for the data processing operations triggered during this visit. You can therefore generally assert your rights both against us and against the operator of the platform. Nevertheless, we do not have full influence on the data processing operations of the platform and cannot understand all the processing operations that take place there. Please refer to the terms of use and data protection regulations of the respective platform for details.

Transfer of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

• you have given your express consent to do so in accordance with Art. 6 Para. 1 Clause 1 Letter a of GDPR,

• the transfer in accordance with Art. 6 Para. 1 Clause 1 Letter f of GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

• there is a legal obligation to transfer in accordance with Art. 6 Para. 1 Clause 1 Letter c of GDPR,

and

• this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 Para. 1 Clause 1 Letter b of GDPR.

When using processors, we only pass on your personal data on the basis of a valid contract for order processing. This is a contract required by data protection law to ensure that the processor only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.

Transfer to a third country does not generally take place unless it is expressly mentioned in this data protection declaration.

Data security

In order to protect your data as comprehensively as possible from unwanted access, we take technical and organizational measures. We use an encryption process on our websites. Your information is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Your rights

You have the following rights with regard to the personal data concerning you:

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;

• to request the immediate rectification of incorrect or completion of your personal data stored by us in accordance with Art. 16 GDPR;

• pursuant to Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

• pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;

• pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another responsible party;

• pursuant to Art. 7 Para. 3 GDPR, to revoke your consent to us at any time. This means that we are no longer permitted to continue the data processing based on this consent in the future.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data (see Art. 77 GDPR).

Change to the data protection declaration

This data protection declaration is currently valid and is dated ... 2024.

As the Internet and thus our website continue to develop, it is necessary to continually adapt this data protection declaration to changing circumstances. The current data protection declaration can be accessed at any time on our website.