We are very pleased about your interest in our company. Data protection is of particularly high importance for the management of Novem Gold Storage GmbH. The use of the Internet pages of Novem Gold Storage GmbH is generally possible without any indication of personal data. However, if a data subject wants to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Novem Gold Storage GmbH. With this privacy statement, our company would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed by means of this privacy statement about the rights to which they are entitled.

Novem Gold Storage GmbH, as the controller responsible for processing, has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed through this website. However, Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, such as by telephone.

1. Definitions

The privacy statement of Novem Gold Storage GmbH is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy statement should be easy to read and understand both for the public as well as for our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this privacy statement, we use, inter alia, the following terms:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing

Processing is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

h) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

Controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in Member States of the European Union, and other provisions related to data protection is:

Novem Gold Storage GmbH

Bismarckstraße 4, 4020 Linz, Austria

Tel.: +43 732 299 797

E-Mail: storage@novemgold.com

Website: www.novem-gold.com / www.novemgold.com

3. Collection of general data and information

The website of Novem Gold Storage GmbH collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. The data collected may include (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites accessed via an accessing system, (5) the date and time of access, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our IT systems.

4. Contact possibility via the website

The website of Novem Gold Storage GmbH contains information that enables a quick electronic contact to our company, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data voluntarily transmitted by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

5. Routine erasure and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

6. Rights of the data subject

a) Right of confirmation

Each data subject shall have the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.

b) Right of access

Each data subject shall have the right to obtain free information about his or her personal data stored at any time and a copy of this information, as well as details such as:

• the purposes of the processing

• the categories of personal data concerned

• the recipients or categories of recipients to whom the personal data have been or will be disclosed

• the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

• the existence of the right to request rectification, erasure, restriction of processing or objection

• the right to lodge a complaint with a supervisory authority

• if the personal data are not collected from the data subject: any available information as to their source

• the existence of automated decision-making, including profiling, and meaningful information about the logic involved

Furthermore, the data subject has the right to know whether personal data are transferred to a third country or to an international organization.

c) Right to rectification

Each data subject shall have the right to obtain the rectification of inaccurate personal data concerning him or her without undue delay, and the right to have incomplete personal data completed.

d) Right to erasure (Right to be forgotten)

Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

• the data are no longer necessary for the purposes for which they were collected

• the data subject withdraws consent and there is no other legal ground

• the data subject objects to the processing and there are no overriding legitimate grounds

• the personal data have been unlawfully processed

• the personal data have to be erased for compliance with a legal obligation

• the personal data have been collected in relation to the offer of information society services

e) Right to restriction of processing

Each data subject shall have the right to obtain restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by the data subject

• the processing is unlawful and the data subject opposes the erasure and requests restriction instead

• the controller no longer needs the data for processing, but they are required by the data subject for legal claims

• the data subject has objected to processing pending verification of whether the legitimate grounds of the controller override those of the data subject

f) Right to data portability

Each data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller.

g) Right to object

Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, including profiling. If Novem Gold Storage GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time.

h) Automated individual decision-making, including profiling

Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her.

i) Right to withdraw data protection consent

Each data subject shall have the right to withdraw consent to processing of personal data at any time.

Legal basis of processing

Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent. If processing is necessary for the performance of a contract, Art. 6(1)(b) applies. If our company is subject to a legal obligation, processing is based on Art. 6(1)(c). Processing may also be necessary to protect vital interests (Art. 6(1)(d)) or for the purposes of legitimate interests pursued by our company or a third party (Art. 6(1)(f)).

Legitimate interests pursued by the controller or a third party

If processing is based on Art. 6(1)(f) GDPR, our legitimate interest is to carry out our business for the benefit of the well-being of all our employees and shareholders.

Duration for which personal data will be stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data are routinely deleted, provided they are no longer necessary.

Provision of personal data as statutory or contractual requirement

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). It may be necessary for the conclusion of a contract that a data subject provides personal data which must subsequently be processed by us. If the personal data are not provided, the contract with the data subject cannot be concluded.

Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

---

This privacy policy was created using the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as External Data Protection Officer in Leipzig, in cooperation with the data protection lawyer Christian Solmecke.