The protection of your personal data is important to us. We have taken all technical and organizational measures to ensure that the regulations on data protection in accordance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other legal regulations are observed by us and by service providers.
The following information on data protection is intended to inform you about our handling of the collection, use, processing and disclosure of your personal data.
- Name and address of the person responsible and scope
- Contact details of the data protection officer
- Use of the Nova App websites
- Web analysis by Matomo (formerly PIWIK)
- Use of the contact form on the Nova App websites
- Use of the Nova app
- data security
- Technical and Organizational Measures (“TOM”)
- Hosting and Subcontractors
- Transfer of data to third parties or to a third country
- Your rights / rights of data subjects
1. Name and address of the person responsible and scope
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
RLE Nova GmbH (hereinafter “RLE”)
Telephone +49 (0) 221 | 8886-0
Fax +49 (0) 221 | 88 86-502
This data protection declaration applies to the Internet offering that can be called up under the domain www.nova-app.de and the various subdomains and associated domains (hereinafter referred to as ” Nova App websites ” or “this website”).
Furthermore, this data protection declaration applies to the offered app including the system behind it:
a. RLE as responsible
Users can register with the Nova App for its use, for which it is necessary to provide registration and contact data. Users can also upload COVID-19 vaccination and testing certificates to the Nova app. RLE is responsible for the registration and this data.
b. RLE as processor
In addition, operators of facilities and organizers of events (e.g. sports facilities, theaters, concert halls, sporting events, congresses, trade fairs) can use the Nova App to manage user access to their facilities and user participation in their event and monitor (collectively, the “Operators”). The Nova App can also be used to track the temporary stay of a user in a specific facility or participation in a specific event, to provide this information to the authority responsible for health protection (e.g. the health department) in the case of an infected person to identify potential Provide contact persons and thus enable contact tracing for the purpose of health protection. As part of this use of the Nova App, RLE acts as a processor for the respective operator, who is responsible for the processing of this data.
2. Contact details of the data protection officer
If you have further questions about the collection, processing and use of your personal data, please contact our data protection officer:
RLE Nova GmbH
Data Protection Officer
The data protection declaration of the RLE is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this data protection declaration:
- a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.
- b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
- c) Processing
Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as collecting, recording, organizing, organizing, storing, adapting or changing, reading out, querying, using, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.
- d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
- e) Profiling
Profiling is any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict that natural person’s preferences, interests, reliability, behavior, whereabouts or relocation.
- f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data not assigned to an identified or identifiable natural person.
- g) Controller or data controller
The person responsible or responsible for processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.
- h) Processors
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
- i) Recipient
Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.
- j) Tthird party
Third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.
- k) Consent
Consent is any expression of will voluntarily given by the data subject in an informed manner and unequivocally for the specific case in the form of a declaration or other clear confirmatory action with which the data subject indicates that they consent to the processing of their personal data is.
4. Use of the Nova App websites
a. Scope of processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected here:
(1) Information about the browser type and version used
(2) The IP address of the user ( only anonymous )
(3) Date and time of access
(4) Request method, called URL and version of the HTTP protocol
(5) Result value of the request (HTTP status code) and the size of the call
(6) Websites from which the user’s system accesses our website
(7) Websites accessed by the user’s system via our website
The data is also stored in the log files of our system. This does not affect the IP addresses of the user or other data that enable the data to be assigned to a user. A storage of this data together with other personal data of the user does not take place or only anonymously .
b. Legal basis
The legal basis for the temporary storage of the data is the legitimate interest (Art. 6 Para. 1 lit. f GDPR).
c. Purpose of processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
i.e. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended .
If the data is stored in log files, this is the case after 60 days at the latest . Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.
e. Possibility of objection and elimination
The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
5. Web analysis by Matomo (formerly PIWIK)
a. Scope of processing
We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software sets a cookie on the user’s computer (see above for cookies). If individual pages of our website are called up, the following data is stored:
- Two bytes of the IP address of the user’s calling system
- The accessed website
- The website from which the user accessed the accessed website (referrer)
- The sub-pages that are accessed from the accessed website
- The length of stay on the website
- The frequency of visits to the website
The software runs exclusively on the servers of RLE or on the servers of commissioned service providers. A storage of the personal data of the users only takes place there. The data will not be passed on to third parties.
The software is set in such a way that the IP addresses are not saved completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.
b. Legal basis
The legal basis for processing the data is the legitimate interest (Art. 6 Para. 1 lit. f GDPR) for the general use of the tool and the explicit consent (Art. 6 Para. 1 lit. a GDPR) of the user (based on the Cookie settings) for the collection of user-related statistical evaluations.
c. Purpose of data processing
The processing of users’ personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. Our legitimate interest in the processing of the data according to Art. 6 para. 1 lit. f GDPR. By making the IP address anonymous, the user’s interest in the protection of their personal data is sufficiently taken into account.
i.e. Duration of storage
The data will be deleted as soon as they are no longer required for our recording purposes.
Exact time of automated deletion: 13 months after admission.
e. Possibility of objection and elimination
f. More information
The person concerned can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Matomo can be deleted at any time via an Internet browser or other software programs.
Furthermore, the person concerned has the option of objecting to and preventing the collection of data generated by Matomo and related to the use of this website. To do this, the person concerned must set “ Do Not Track ” in their browser.
With the setting of the opt-out cookie, however, there is the possibility that the Internet pages of the person responsible for processing can no longer be used in full for the person concerned.
Further information and Matomo’s applicable data protection regulations can be found at https://matomo.org/privacy .
a. Scope of processing
The following screenshots show the tool on the start screen when the website is called up for the first time and in the data protection settings with detailed information on all cookies.