Nexia Website
Nexia GmbH
Wirtschaftsprüfungsgesellschaft
Steuerberatungsgesellschaft
Georg-Glock-Straße 4
40474 Düsseldorf
+49 211 171700
kontakt@nexia.de
Print

Privacy notice DRACOON

Information pursuant to Art. 13, 14 of the GDPR about the use of your personal data

 

Responsible entity and contact information

The responsible entity within the meaning of data protection law is

Nexia GmbH
Wirtschaftsprüfungsgesellschaft | Steuerberatungsgesellschaft
Georg-Glock-Str. 4, 40474 Düsseldorf, Germany

You will find further information about our company, details of the persons authorized to represent us and also further contact options in our Legal Notice on our website.
https://www.nexia.de/legal-notice

Contact details of the data protection officer:
datenschutz@nexia.de

 

Purpose and legal bases of the processing

The purpose of the processing is the secure exchange of files for companies. We make files available to our clients in a virtual data room in order to meet legal requirements and to enable customer-oriented and secure processing. We use DRACOON from DRACOON GmbH. The location of the servers used for this purpose is operated by DRACOON exclusively in Germany.

The legal basis for the use of DRACOON is Art. 6 (1)(f) GDPR. Nexia pursues the legitimate interest of exchanging data with its clients securely and in compliance with data protection regulations. Insofar as consent has been given, processing is carried out on the basis of Art. 6 (1)(a) GDPR. This consent can be revoked at any time with effect for the future, whereby processing that has already taken place remains unaffected by this. Insofar as the use of DRACOON is necessary for the performance of a contract between you and us, the processing is carried out on the basis of Art. 6 (1)(b) GDPR. The same applies to the use of DRACOON for the implementation of pre-contractual measures that are carried out at your request.

 

Which data is processed?

Typical files for file exchange are, for example, invoices with special information, contracts or M&A documents.

When using DRACOON, the following usage data and personal data are processed: IP address of the user, time of the user interaction, details of browsers and operating systems used, status of the user action (successful or failed).

Information on the specific interaction of the user: addition or deletion of accesses, users and user authorizations and usable storage space, login to and logout from the system, failed logins and their cause, information on the creation and deletion of directories and the sharing of files and directories, information on the expiry of access authorization, information on the classification of files or directories as public, internal use, confidential or strictly confidential, information on the download of files or directories (including file and directory names), information on changes to the scope of the recording of events.

 

Scope of processing

Various types of data are processed when files are exchanged using virtual data rooms. The scope and content of the data depends on which information is relevant for the file content and which agreements exist with the clients.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

 

Data transfer

Your personal data will not be transferred to third parties. Exceptions to this apply only insofar as this is necessary for the processing of contractual relationships with you. This includes in particular the transfer to service providers commissioned by us (so-called processors) or other third parties whose activities are necessary for the execution of the contract. The data passed on may only be used by the third parties for the stated purposes.

 

Data processing outside the European Union

Data processing outside the European Union (EU) does not take place.

 

Your rights as a data subject

You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Finally, you have a right to object to processing within the scope of legal requirements.

A right to data portability also exists within the framework of data protection law.

 

Deletion of data

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation if we are obliged to store the data for a longer period of time due to tax or commercial law retention obligations.

Deletion will not take place if you have consented to further storage.

 

Right of complaint to a supervisory authority

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.

 

Modification of this privacy notice

We revise this data privacy notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this page.

 

Further information about security and data privacy

https://www.dracoon.com/en/certifications

 

Date Privacy policy: 03/2024