Novustat guarantees the security of your data. Below you will find the privacy policy of Novustat for the use of our application form:
This privacy policy of Novustat GmbH, Roosstr.43, 8832 Wollerau, Switzerland (hereinafter “we” or “Responsible”), applies in the context of applications and subsequent business transactions. Further information about our company can be found in our imprint.
§ 1 General Information
As a Swiss company, we are subject to the applicable data protection regulations and laws of Switzerland. To work with business partners from the European Union (EU) and legally provide our services in the EU, we adhere to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”).
In the context of applications and the execution of legal transactions, we act as the controller within the meaning of the GDPR and process personal data based on legal permission norms or your voluntarily given consent for data collection.
When you fill out our online application form, various personal data are provided by you voluntarily. Personal data includes all data that can identify you as a natural person.
We strive to limit the processing of your personal data as much as possible, using modern technical solutions and understandable and secure organizational mechanisms.
The following statement gives you an overview of how data protection is ensured at our company, what type of data is collected for which purpose, and to whom this data is transferred and for what purpose. This statement also fulfills our information obligations under the GDPR.
§ 2 Collection and Processing of Your Data
To apply to us as a statistician, processor, consultant, or coach and to participate in our business processes, you can send us a non-binding application at any time. This is done through our online form, where we require a valid email address to process and respond to your application.
The data collected from you in this context is only collected for specific, clear, and legitimate purposes. Data is only collected and used to the extent technically and contractually necessary to offer you an optimal application opportunity, determine your suitability and qualifications, and establish and process business relationships with you.
Your application will be treated with strict confidentiality.
(1) Categories of Data and Provision of Data
In the context of the application, various information about you (name, email address, phone number) as well as other details and documents to personalize the application (qualifications, field of expertise, resume, certificates, etc.) will be requested.
We process the following categories of data: master data, communication data and history, application data, education information, data about our offer, possibly contract data, and payment information.
We do not process special categories of data (i.e., sensitive data that requires special protection) or data from children. There is no profiling within the meaning of the law.
The required data is provided voluntarily and directly by you. Their provision is necessary for the processing and evaluation of your application. If data is missing, your assignment may be canceled.
(2) Purposes of Processing and Legal Basis
The processing of your data is generally based on Art. 6(1)(b) GDPR for the purpose of carrying out pre-contractual measures resulting from your application. If a contract is concluded with you, your data will be used for subsequent contract processing or legal enforcement.
Additionally, data processing may be necessary according to Art. 6(1)(c) GDPR to fulfill our legal retention obligations and other legal obligations.
We are also entitled to process your data to protect our legitimate interests in ensuring a secure and professional service provision, optimizing business processes, particularly the application process, and asserting, exercising, or defending legal claims. This data processing is based on Art. 6(1)(f) GDPR.
(3) Data Transfer and Recipients
If your data is forwarded to our contractual and business partners involved in the business process, this is done only in compliance with the legal data protection regulations, this privacy policy, possibly within the framework of a data processing agreement, and exclusively for the legitimate purposes specified in § 2 (3). Our partners are based in the EU and Switzerland, ensuring an adequate level of data protection.
In individual cases, data may be transferred to administrative and investigative authorities, legal institutions, or lawyers due to overriding legal provisions or permission clauses.
§ 3 Data Security
In accordance with the GDPR and the Swiss Federal Data Protection Act, we have implemented various technical and organizational measures to protect your data from loss, destruction, access, alteration, and dissemination by unauthorized persons. These measures are suitable for ensuring effective legal-compliant data protection in the area of general and automated processing of personal data and the use of network and telecommunications channels. The measures we have taken reflect the latest technology, are regularly updated and adapted to changes in our system, and are periodically reviewed.
All data processing is centralized on our own servers at a secure location in Switzerland, ensuring compliance with the EU level of data protection.
§ 4 Duration of Data Storage
We store personal data in a form that allows the identification of the data subjects only as long as necessary for the purposes for which they are processed. We limit the retention period for personal data to the absolute minimum necessary. Due to our international activities, we have various legal retention obligations to comply with depending on the individual case and the applicable national law. These criteria determine the retention period.
After three years from the termination of our contractual relationship with you, we will generally check whether we still need your data and whether legal retention obligations prevent deletion.
Data collected during an application that did not result in a contract may be used beyond the application processing period to ensure a secure and professional service provision, optimize business processes, and assert, exercise, or defend legal claims, and for security reasons to clarify or prevent possible cases of abuse and crimes. After three years from the end of the application process, it will generally be checked whether our legitimate interest in retaining the data still exists and whether legal retention obligations prevent deletion.
§ 5 Information Obligations and Rights of the Data Subjects
When personal data is collected directly from you as an applicant, we are obliged to inform you about the processing of your data by us according to the requirements of Art. 13 GDPR. This privacy policy serves to fulfill our information obligations.
You have the right, according to Art. 15 GDPR, to obtain free information about the data processed about you.
You also have the right to correct inaccurate data according to Art. 16 GDPR, the right to the deletion of your personal data (right to be forgotten) according to Art. 17 GDPR, and the right to restrict processing according to Art. 18 GDPR. If applicable, you can also exercise your right to data portability according to Art. 20 GDPR.
The right to be forgotten can generally be exercised when the storage of your data is no longer necessary for the purposes for which they were collected or otherwise processed, or if there are no legal retention periods opposing the deletion.
If you believe that your data is being processed unlawfully, you can file a complaint with the competent supervisory authority according to Art. 77 GDPR.
You can address your concerns to us free of charge in writing by email to the email address provided below in § 7 or by postal mail to our business address. Please note that we need to sufficiently verify your identity based on your request. In case of doubt, we may request further information for identity confirmation. We will respond to your request promptly, no later than within one month of its receipt. In exceptional cases, a reasonable fee may be charged, or the request may be rejected for legal reasons.
§ 6 Right to Object
If your personal data is processed based on legitimate interests according to Art. 6(1)(f) GDPR, you have the right to object to the processing according to Art. 21 GDPR, provided there are reasons arising from your particular situation, or if the objection is directed against direct marketing. In the case of a legitimate objection, we will no longer process the relevant personal data unless there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the data is used for the assertion, exercise, or defense of legal claims.
§ 7 Contact Person for Data Protection
The person responsible for data protection within Novustat GmbH is Gabriel Krause, Ul. Płk F. Nullo 38/92, 31-543 Kraków, Poland. You can reach him at any time via the following email address: info@novustat.com. We place great importance on strictly adhering to our legal information obligations, providing timely information to you as the data subject, and carrying out notifications, deletions, etc., in accordance with the law.
This translation aims to reflect the privacy policy’s content accurately. For any specific legal interpretation, always refer to the original text.