ngena GmbH attaches great importance to protecting personal data. This privacy notice provides information about the processing of your personal data by ngena if you or your company have entered into a contractual relationship for the provision of services for ngena and received a user account in ngena’s systems, in accordance with the requirements of the General Data Protection Regulation (“GDPR”).
What data is collected and how is it used?
To set up your user account in ngena’s systems, ngena will collect your first name, last name, email address and country of residence. If you are involved in the provision of services to ngena via your company, ngena will also know that you work at that company (if you have a direct contract with ngena, the legal basis for data processing is Art. 6 (1) (b) GDPR; and if you are involved in the provision of services to ngena via your company, the legal basis for data processing is Art. 6 (1) (f) GDPR).
ngena will set up the applicable user accounts for you (e.g. in JIRA, Outlook, One Drive). Depending on your function, ngena may hand over to you a ngena’s device (notebook) or, with your prior consent, install monitoring tools on your device used for the provision of the services. Log files created by applicable monitoring tools will be used for security purposes and automatically saved by ngena in ngena’s IT systems in accordance with the requirements of each system (the legal basis for data processing is Art. 6 (1) (f) GDPR).
Your activities using the user accounts and respective devices (if applicable) and will be saved in ngena’s IT systems in accordance with the requirements of each system. The log files created by ngena’s IT systems are used for the security purposes. Most log files are deleted after 90 days and log files showing the location of the internet nodes used by the devices are deleted after 30 days. The content of your activity (for example, a file which you saved or an email which you sent) will be stored for one year after the termination of your involvement in the services for ngena, if not deleted by you proactively during the involvement. In case your action has a significant effect on ngena as a company, it may be stored also for a longer period (for example, if you placed an order with a third party in the name of ngena).
The private use of the ngena’s email system is not allowed.
Will my data be passed on to third parties?
ngena may involve third-party providers for supporting its IT systems (e.g. hosting providers and providers of software enabling certain features of ngena’s systems) and your data may be processed by such providers.
Such providers ngena are only involved on the basis of a data processing agreement with ngena which ensures the security and confidentiality of your data. These providers may also be based outside of the EU; non-EU based providers are only involved after the extensive check whether the provider offers the same level of data protection as required by the EU laws, and on the basis of a specific data processing agreement which ensures the same level of data protection as required by the EU laws.
If required for the provision of the services, your data may be passed on to business partners of ngena so that they can contact you in relation to projects in which you are involved for ngena.
In certain cases ngena may be legally obliged to pass on your data to third parties such as tax authorities or auditors, which are bound by confidentiality obligations regarding your data, or to a state body.
ngena does not pass on your data to third parties for any other purpose.
What rights do I have?
You may request, free of charge, information about your data stored by ngena.
You may request the correction of your data in case the data stored by ngena is incorrect.
You may also request the deletion or restriction of processing of your data, as well as the provision of your data to you or to another controller in a structured machine-readable format.
In addition, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for ngena is „Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen” (www.ldi.nrw.de).
Data Protection Officer
For specific questions regarding data privacy please contact ngena’s Data Protection Officer, Mr. Denis Isakov, Hahnstr. 40, 60528 Frankfurt, Germany, gdpr(at)ngena.net.
The official contact details of ngena as a data controller are: ngena GmbH, Hahnstr. 40, 60528 Frankfurt, Germany, or by email: info(at)ngena.net.
Last revised: June 2022