Laboratories Europe GmbH - Data-Privacy Notice

Processing of personal data by NLE’s Resource and Account Management System (CADIM) Privacy Notice according to art. 13 / 14 of EU Regulation 2016/679 (GDPR)

Data Controller and DPO

Data Controller is NEC Laboratories Europe GmbH, Kurfürsten-Anlage (NLE) 36, D-69115 Heidelberg, e-mail: privacy@neclab.eu. The Controller appointed a Data Protection officer that can be contacted at this e-mail address: dsb@neclab.eu

Information on Data Processing

The NLE-Resource and Account Management System enables access and usage control for NLE Resources. For this it maintains essential data for user authentication and communication through an internal Directory Server and Database. Additionally, the Resource System serves as a tool for managing resources within NLE. It processes personal data related to resource ownership and access and is logging modifications made.

Categories of Personal Data and its Source Purposes of Processing Legal Basis of Data Processing Data Retention
Contact and Account (Login) Information including:
  • First Name
  • Last Name
  • E-Mail Address
Technical Information:
  • IP-Address
  • access times
  • browser type
  • referring website addresses
  • user action logs / audit logs:
    • access granted and revoked timestamps
    • password change timestamps
 Providing and managing resources (such as local cloud services). For this authenticating and authorizing users is required, and security standards are enforced.
  1. Art6(1)c: The processing is required to perform a contract with the data subject (such as NDA, collaboration contract). If this contract is a workscontract, also BDSG §26 applies.
  2. Art 6(1)f: it is in our Legitimate Interest to perform the Resource-Management in an efficient way and to ensure security, accountability and reliability of our IT system. There are no known overriding interests of data subjects that conflict with this.
Data is deleted after the account has been deleted. This may happen due to multiple occasions:
  1. The Account Holder triggers an account deletion via the Portal Page
  2. An Automatic cleanup happens due to one of the following reasons:
    • the account invitation link has not been accepted and therefore the activation of the account did not happen in time.
    • the account is no longer assigned system internally with any NLE provided resource.
    • after the account has been inactive and disabled for too long.
    • after the account password has been expired for too long.

Processing Procedures

The Controller through its own authorized personnel and data processors carries out the personal data processing. Technical and organisational measures are in place at all involved entities to protect privacy and security of the data.

Disclosure of Personal Data and transfers outside the European Economic Area (“EEA”)

Data is not disclosed or transferred to anybody outside NLE.

Data Subject Rights

Data subjects are granted the following rights:

  • Confirmation of whether personal data concerning him/her are being processed and to obtain access to the data and the following information: purpose of processing; categories of personal data; recipients; storage period; existence of the right to rectification, cancellation and limitation; origin of data not collected from the data subject.
  • Cancellation or rectification of inaccurate personal data concerning him/her and/or the integration of incomplete personal data if he/she so wishes, also by providing a supplementary declaration.
  • Limitation of processing consisting in the blocking of data processing for the period necessary for the required verifications in the hypotheses foreseen by the regulations in force.
  • Portability of the data provided to the Controller including the direct transmission of the data to another data controller, the Controller shall deliver the personal data available on electronic format for common use to allow migration to other media.
  • Opposition at any time to processing based on the legitimate interest of the Controller.
  • Revocation of consent, where the processing is based on such legal basis.

Exercise of data subject's rights and complaints

Data subject may exercise his/her rights at any time by contacting the Controller by sending an email to the Controller without any formality or payment of any additional cost: privacy@neclab.eu. Every request received by the Controller will be taken into consideration after verifying the identity of the person entitled and safeguarding the rights of third parties. Requests will be satisfied as soon as possible and in any case within thirty days, except in the case of objective difficulties which will be communicated in writing within this period. In case of dissatisfaction on the modalities of processing and complaints and for any clarification data subject may write to the Controller, without prejudice to his right to apply to the Authority responsible for the protection of personal data: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg.

25.07.2024
The Controller - NEC Laboratories Europe GmbH

NEC Laboratories Europe GmbH Corporate Information | Impressum Data Privacy Statement | Datenschutzerklärung Terms and Conditions Data-Privacy Notice