NIMA Privacy Policy

This privacy policy informs you about the processing of your personal data in connection with our NIMA survey application.

1. Name and contact details of the controller

The responsible data controller is auticon GmbH (hereinafter just “auticon” or “we”).

auticon’s contact details are:

Hardenbergstr. 19
10632 Berlin
Germany
Tel.: +49 89 / 2006068-0
Email:info@auticon.com   Website: www.auticon.com  

auticon’s processing of your personal data is regulated by the European Union’s General Data Protection Regulation (“GDPR”).

2. Name and contact details of auticon’s data protection officer

auticon’s data protection officer is:

AVIATICS Cost & Safety Management GmbH & Co. KG
Kieshecker Weg 148
40468 Düsseldorf, Germany
Email: datenschutz@aviatics.de

3. Survey data

Our NIMA application allows you to participate in surveys to assess your organization’s neurodiversity inclusion status.Your participation in such surveys, and any answers you may give to the questions that are part of a survey, are always voluntary. Your provision of personal data is neither a statutory nor a contractual requirement, nor a requirement necessary to enter into a contract. You are not obliged to provide the personal data (i.e., answer the survey questions), but if you do not answer the survey will be less comprehensive and its findings may be less exact.

We will store your answers pseudonymously, i.e., in such way that it is not possible to directly relate the answers you have given to you as a person. We will only use these survey data to prepare anonymous statistics for

  • your organization to assess its current neurodiversity inclusion status, and
  • benchmarking purposes to compare the status of individual organizations over time, and with the average status of other organizations.

The underlying personal data (i.e., the survey answers you have given) will only be used to create these statistics, and not for any other purposes. Your personal data will, in particular, not be disclosed to any third party. 12 months after the survey for your organization has ended, we will permanently anonymize your personal survey data, so that it is not even indirectly possible to relate the answers you have given to you as a person.

The legal basis for this processing of personal data is Article 6(1)(a) in connection with Article 9(2)(a) GDPR and your consent. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

For the processing of data not concerning health we may also rely on Article 6(1)(f) GDPR, i.e., a balancing of interests, based on our and your organization’s legitimate interest to assess your organization’s neurodiversity inclusion status.

4. Technical log files

Every time you access the application, our servers collect and store technical data in log files. These log files comprise the following data:

  • Date and time of the event;
  • information about the browser you use and the browser version;
  • the type and operating system of the device you use;
  • the exact page of our survey application you access;
  • the website address you have accesses immediately before accessing our survey application (the “referrer”), and
  • access error codes, if any.

We use these log file data to ensure the technical stability of our application, i.e., to identify, to analyze, and to remedy potential technical defects, or to counter potential malicious attacks on our application. We will delete or permanently anonymize these log file data latest two weeks after they are created.

The legal basis for this processing of personal data is Article 6(1)(f) GDPR, i.e., a balancing of interests, based on our legitimate interest to ensure the technical stability of our application.

5. Use of service providers, data transfers to third parties

We may use technical service providers (e.g., website hosting providers) as data processors to support us in operating this application. We only use processors that provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that their processing meets the requirements of the GDPR and ensures the protection of your rights.

Other than this, your data will only be disclosed to third parties in exceptional situations if it is necessary for the establishment, exercise or defense of legal claims, or if we are legally obliged to do so.

6. Your right to object

In accordance with Article 21 GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR. We shall then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

7. Your other rights

You have the right to request confirmation from us as to whether personal data concerning you are being processed; if this is the case, you have the right to access the personal data and to receive additional information in accordance with Article1 15 GDPR.

In accordance with Article 16 GDPR you have the right to demand that we rectify any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data.

You have the right to demand that we erase personal data concerning you in accordance with the reasons stated in Article 17 GDPR.

You have the right to demand restriction of processing of your personal data in accordance with the reasons stated in Article 18 GDPR.

You have the right to receive from us the data concerning you which you have provided to us, in a structured, commonly used and machine-readable format. You may transmit those data, or have them transmitted directly, to another controller in accordance with Article 20 GDPR (right to data portability).

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

 

Skip to content