Skip to main content

Privacy

Privacy Policy

The protection of personal data is very important to us. We would therefore like to list all the information about the processing and storage of your data when you visit our website.

ABOUT US

Nexrail Manco BV
Weena 690
3012 CN Rotterdam

Contact: https://nexrail.lease/contact

Further information can be found in the Legal Notice.

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

To protect your data as comprehensively as possible from unwanted access, we take so-called technical and organisational measures and use an encryption process on our website. Your data is transmitted over the Internet from your computer to our computer and vice versa using so-called TLS encryption. TLS stands for "Transport Layer Security" and is an encryption protocol for data transmission on the internet. You can usually recognise "TLS" by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

1. COLLECTION OF ACCESS AND LOG DATA

This website automatically collects and stores server log file information that your browser transmits to us.

These are:

  • IP address of the user
  • Date and time of access
  • Type of enquiry
  • Customer information such as type and version
  • Operating system of the user (device, OS version of the device),
  • Referrer information (i.e. the source of the access)

The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of unlawful use of our website (e.g. defence against hacker attacks) and to ensure a smooth connection setup.

We have concluded a data processing agreement with the provider of this website, Uniserver Internet B.V., based in The Netherlands, in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that Uniserver Internet B.V. processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

The data collected is stored in server log files, which your browser automatically transmits to us in encrypted form, for seven days. We only store the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR and serves only to preserve evidence.

2. ENQUIRIES VIA THE CONTACT FORM, E-MAIL AND TELEPHONE

Any personal data that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your enquiry. The legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to enquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfilment of a contract in accordance with Art. 6 para. 1 lit. b) GDPR.

All personal data that you send to us with your enquiry will be deleted or anonymised by us no later than 2 years after the final response to you, unless a contract is concluded. The retention period of 2 years is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. In our experience, we have found that after 2 years there are no more queries in response to our replies.

Google reCAPTCHA

We use ‘Google reCAPTCHA’ (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website to ensure that entries in web forms (e.g. contact forms) are made by a natural person and not by automated programs (bots).

To do this, reCAPTCHA automatically analyses the behavior of users when they visit the website based on various characteristics (e.g. IP address, mouse movements, length of stay). The use of reCAPTCHA is only with your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with future effect. Insofar as personal data is transferred to the USA, these data transfers are subject to the adequacy decision (Data Privacy Framework), as Google has valid certification.

Further information can be found in Google's privacy policy:

https://www.google.com/policies/privacy/
https://www.google.com/recaptcha/intro/android.html

3. USE OF WEB ANALYSIS TOOLS AND COOKIES 

We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that can be stored on your computer or smartphone (end device) via the browser when you visit a website. Cookies can also provide us with information about how you use our website so that we can continuously improve the design of the website.

The data processed by necessary cookies are necessary for the purposes listed below to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Any use of cookies that is not technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can use our "Cookie Consent Tool" to set which cookie categories you wish to consent to when you visit our website. You can also revoke or change your consent at any time by clicking on the widget (bottom left of the website).

Once cookies have been saved, you can also delete them at any time via the settings of your web browser. You can also adjust the settings of your web browser so that no cookies are stored. In this case, not all functions of our website may be available.

We may use specialized service providers from the online marketing sector in the context of data processing (with the help of cookies and similar techniques for processing usage data). These process your data on our behalf as processors and are carefully selected and contractually bound in accordance with Article 28 GDPR. All of the above providers work for us as processors.

Consent management via "COOKIEBOT"

To obtain consent under data protection law, we use the cookie consent technology of "Cookiebot" from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

It is used to obtain the legally required consent for the use of cookies and other data processing requiring consent. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR and the fulfilment of legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR. The legitimate interest is based on the legally compliant documentation and verifiability of consents to fulfil accountability obligations. No personal data is stored.

Use of Google Analytics

This website uses Google Analytics if you give your consent within the meaning of Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) GDPR. This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) ("Google").

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable the use of the website by the user to be analyzed. The information obtained by the cookies about your usage behavior of this website is usually transferred to a Google server in the USA and stored there. There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view Google's certification here.

We have made the setting that your IP address will be anonymized. IP address anonymization is carried out by Google, but within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

On behalf of the operator of this website, Google will use this information to analyze your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The anonymized IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as your search history, personal accounts, usage data from other devices and all other data that Google has about you.

You can view the cookies that are set in connection with Google Analytics in the list above.

You can revoke your consent at any time by making the appropriate settings directly via the cookie banner. The user and event data will be deleted after 14 months. The "Reset user data on new activity" function is activated. This means that if you visit the site again before the retention period expires, your data will not be deleted.

Integration of YouTube videos

We embed videos on our websites that are not stored on our servers. To ensure that accessing our websites with embedded videos does not automatically result in the third-party provider's content being loaded, we only display locally stored preview images of the maps in a first step. This means that the third-party provider does not receive any information.

Only after you click on the preview image or give your consent via the cookie consent banner will content from the third-party provider be reloaded. As a result, the third-party provider receives the information that you have accessed our site, as well as the usage data technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR, provided that you have previously given your consent by clicking on the preview image. There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view the certification of Google (YouTube) here.

Provider of the video service:

Google Ireland Limited/Google LLC (USA) ("YouTube")

Revocation of consent

If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the preview images or revoke your consent for reloading via the cookie consent banner.

Operation of social media presences

We maintain the following social media presences: 

LinkedIn: https://www.linkedin.com/company/12587362/
https://www.linkedin.com/company/nexrail/

Data processing by us:

a. Maintaining the above-mentioned social media pages and placing ads ("adverts")

The personal data entered on social media pages such as comments, videos, images, likes, public messages etc. are published by the respective social media platform. We reserve the right to delete content if necessary. We may share content on our site and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place adverts via our social media pages. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.

b. Direct marketing

We process personal data such as your name, company and email address in order to inform you by email about our offers. To do this, we use data that we have researched from publicly accessible sources such as social networks (e.g. LinkedIn) by using third-party software. The legal basis for the processing is our legitimate interest in accordance with Art. 6 (1) point f GDPR. Our legitimate interest lies in direct advertising.

Specifically, we use the tool Amplemarket from the company Tagis Inc. based in San Francisco, USA. Tagis Inc. is certified according to the Data Privacy Framework. Further information on data protection can be found at www.amplemarket.com/privacy.

You can object to the processing of your data for the purpose of direct marketing at any time. You will find the contact details of the data protection officer above. We store your data for the duration of the contract initiation or, in the event of your objection, up to this point in time.

c. Page Insights

The social media platforms provide anonymized statistics and insights that help us gain knowledge about the types of actions people take on our site (so-called "page insights"). These Page Insights are created based on certain information about people who have visited our site.

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors to our website.

This processing of personal data is carried out by the social media platform and us as so-called joint controllers in accordance with Art. 26 GDPR. In the case of joint responsibility, a separate agreement must be concluded.

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

If you wish to object to certain data processing over which we have an influence (e.g. deletion of comments), please contact us using the contact details given above.

Note: The provision of your data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate with us via our social media pages, interact with us or take part in the competition. To contact us, please use the above e-mail address.

Data processing by the operator of the social media platform:

In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, this is also regarded as another controller that carries out its own data processing. This means that the operator is also a separate controller under the GDPR. However, we only have limited influence on data processing by the operator. Where we can exert influence (e.g. through parameterisation), we work within the scope of our possibilities to ensure that the operator of the social media platform handles data in compliance with data protection regulations. In many places, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own privacy policy:

LinkedIn: https://de.linkedin.com/legal/privacy-policy

When using the platform, your personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries are certified by the European Commission with a so-called adequacy decision. This means that the legal situation for the protection of privacy in these countries is comparable to that in the EU or the EEA. You can find more information on the current countries with an adequacy decision here. Certifications in accordance with the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc (Facebook, Instagram) and Google (YouTube). In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.  

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we unfortunately have little influence on the web tracking methods of the social media platform. For example, we cannot switch it off. Please be aware of this: It cannot be ruled out that the provider of the social media platform may use your profile and behavioural data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.

Communication via the Microsoft Teams video conferencing system

We use the "Microsoft Teams" tool to organize telephone conferences, online meetings and video conferences. You will receive access to the agreed appointments via a link provided by e-mail. You can enter the video room by clicking on the link. Before joining, you can decide for yourself whether you want to activate the video or not. You are muted by default and, if you wish, you must manually enable your microphone. If you switch on your camera and/or microphone, the data from your microphone and video camera will be processed during the meeting.

If you take part in an online meeting as an external participant, you will receive an access link by email from the meeting host. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address.

The following additional data may also be processed depending on the type and scope of the specific use:

  • Personal details (e.g. first and last name, e-mail address, profile picture)
  • Meeting metadata (e.g. date, time and duration of the communication, name of the meeting, participant IP address)
  • Device/hardware data (e.g. IP addresses, MAC addresses, Clint version)
  • Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)
  • Connection data (e.g. phone numbers, country names, start and end times, IP addresses)

Furthermore, your personal data may be processed. This also depends specifically on your use, such as the use of the chat and the whiteboard.

We would like to explicitly draw your attention to the fact that any information you provide during the meeting will be processed at least for the duration of the meeting.

Legal basis

The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contact persons at external organizations the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the organization of virtual communication and the web conference.

Microsoft Teams is a service of the Microsoft Corporation. Further information on the processing of your data when using "Teams" can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer. We cannot rule out the possibility that data may also be routed via Internet servers located outside the EU or the EEA. The adequacy decision for the USA applies to data transfers to Microsoft in the USA. You can view Microsoft's certification here.

The provider Microsoft necessarily receives knowledge of the above-mentioned data insofar as this is contractually regulated within the framework of our order processing contract in accordance with Art. 28 GDPR. There are no other recipients.

In principle, you are not obliged to communicate with us via Microsoft Teams. Alternatively, meetings can also be held by telephone.

We generally delete personal data when there is no need for further storage.

Rights of data subjects

In accordance with Art. 15 para. 1 GDPR, you have the right to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in future unless the controller can demonstrate compelling legitimate grounds for further processing which override the interests of the data subject in objecting.

If the data processing is based on consent in accordance with Art. 6 para. 1 lit. a), Art. 9 para. 2 lit. a) or Art. 49 para. 1 lit. a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.

You also have the right to lodge a complaint with a data protection supervisory authority. In particular, the complaint may be lodged with a supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

Contact details of the competent data protection authority:

Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ DEN HAAG

Telefon: + 31-70-88 88 500

E-Mail: internationaal@autoriteitpersoonsgegevens.nl

Homepage: https://autoriteitpersoonsgegevens.nl

No automated decision-making.

We do not carry out automated decision-making or profiling.

Provision

Unless otherwise stated in the previous sections, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract.  Failure to provide your personal data may mean that we are unable to respond to your enquiries, for example.

This data protection information was created in cooperation with the consulting firm SCALELINE Datenschutz. The legal texts are subject to copyright.