Privacy policy
I. General information
NavVis GmbH (referred to as "we") handles personal data according to the rules of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).
Below, we give you a general overview of what personal data we collect, why we collect it, how we use it, and the legal reasons for doing so when you use our website www.navvis.com, our social media channels, or engage with our services.
We, as data controllers, are responsible for making sure that your data is handled safely and providing you with the information on how you can control the processing of your data.
1. Data controller
We, as data controllers, are responsible for deciding how and why your personal data is processed, ensuring that it is handled in accordance with GDPR regulations, and implementing appropriate measures to protect your rights and privacy. You can contact us through the following channels:
| Data Controller | Contact information |
| NavVis GmbH | Blutenburgstraße 18, 80636 Munich, Germany |
| Data protection requests | privacy@navvis.com |
| Data Protection Officer | Dr. Sebastian Kraska, IITR Datenschutz GmbH, Marienplatz 2, 80331 Munich, Germany, email@iitr.de |
2. What kind of data is covered by our data collection and how do we keep your data safe?
We collect different types of personal information, including your IP address, browser details, contact information, cookies, work information, and location data. This helps us operate our website securely, communicate with you, improve your experience, manage contracts, and optimize our services.
Your data may be shared with service providers, such as technical and marketing partners, consultants like legal and tax advisors, and social media platforms where we are active.
We process your data based on your consent, to fulfill contracts, comply with legal obligations, or for our legitimate interests, such as improving and protecting our website.
We only store your data for as long as necessary to fulfill these purposes or meet legal requirements, after which it will be deleted, or anonymized. Most of your data is processed within the EU, but it may be transferred to the U.S. if the company is certified under the EU-U.S. Data Privacy Framework or if we use legal safeguards like standard contractual clauses for non-certified companies.
3. Your rights
The GDPR provides you with the following rights to ensure control over your data:
| Your Right | What it Means |
| Right to Access (Art. 15 GDPR) | You have the right to ask for confirmation of whether we are processing your personal data, to access that data, and to receive information on how we are using it, who we share it with, and how long we plan to keep it. |
| Right to rectification (Art. 16 GDPR) | You can ask us to correct any inaccurate or incomplete personal data we have about you. |
| Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR) | You can ask us to delete your personal data in certain circumstances, like when it is no longer needed or you withdraw your consent. |
| Right to Restriction of Processing (Art. 18 GDPR) | You can ask us to limit how we use your data in certain cases, like when you're questioning its accuracy or legality. |
| Right to data portability (Art. 20 GDPR) | You can get your personal data from us in a readable format and transfer it to another service provider without interference from us. |
| Right to object (Art. 21 GDPR) | You can object to your data being processed based on legitimate interests, public interest, or direct marketing reasons, if you have grounds related to your particular situation. |
| Right to Withdraw Consent (Art. 7(3) GDPR) | If you have given consent for your data to be processed, you can withdraw it at any time, and we will stop processing your data from that point forward. |
| Right to Lodge a Complaint (Art. 77 GDPR) | If you believe your rights under the GDPR have been violated, you can file a complaint with your national data protection authority. |
| Right to Be Informed About Data Transfers (Art. 44-49 GDPR) | You have the right to be informed about whether your data is transferred to a country outside the EU and to know what safeguards are in place to protect your data during the transfer. |
| Right to Not Be Subject to Automated Decision-Making (Art. 22 GDPR) | You have the right not to be subject to decisions made solely by automated processing, including profiling, if it significantly affects you, unless you have given consent or it is necessary for entering into a contract. |
You can exercise your rights listed above by contacting us on the contact details.
4. Legal Remedies
If you think that we are not processing your data rightfully, you can also turn to the competent data protection authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Postfach 1349
91504 Ansbach
Germany
5. Use of cookies and trackers
We use cookies or other trackers on our website. Detailed information on these trackers can be found in the Cookie Policy
II. Data Processing in Detail
In this section, we list all data-collecting processes that happen specifically on the website, the legal authorisation (called legal basis) based on which the data collection is allowed, as well as the explanation for using this legal basis. Furthermore, you will understand who are partners are and how we ensure that your data is protected when transferring it outside of the EU.
| Data Collection | Description of Data Collection | Legal Basis | Justification of Legal Basis | Processed Data | Additional Information | Provider Address | Is Data Transferred to the USA? | Is the Company Certified under the EU-USA Privacy Framework? |
| Newsletter | If the user gives their consent, we process the name, e-mail address, and company name of the user in order to send our newsletter to the user and inform them about our services. | Art. 6(1)(a) GDPR | User's consent | Name, e-mail address, company name | The user can revoke their consent at any time for the future via a link in the newsletter or by sending an email. | NavVis GmbH, Blutenburgstraße 18, 80636, Munich, Germany | No | N/A |
| Consent Management and Hosting (Hubspot) | We use a consent management tool from the provider HubSpot Ireland Limited to manage the user's consent to the storage of or access to the user's information in their end device and to implement the user's usage preferences accordingly. | Art. 6(1)(c) GDPR, § 25 TDDG | Legal obligation | Usage data, tracker data, user settings, time and type of consent, language of the banner. | HubSpot hosts the website for us. Further information on processing and data protection at Hubspot can be found on the Hubspot website at https://legal.hubspot.com/privacy-policy. | Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland | Yes | Yes |
| Vimeo | We have integrated the video platform Vimeo for the display and visualization of video content on our website. Instead of linking to a video, we can display the video directly to users. Vimeo uses cookies and trackers for this purpose, which can also be used to analyze user behavior for market research and marketing purposes. | Art. 6(1)(a) GDPR | User's consent | Usage data, tracker data, traffic data, information about active website and web activities, session duration, and bounce rate. | Further information on processing and data protection at Vimeo can be found on the Vimeo website at https://vimeo.com/privacy. | 330 West 34th Street, 10th Floor, New York, 10001, USA | Yes | Yes |
| We use the following services of the provider Google Ireland Limited on our website: Google Tag Manager, Google Ads, Google Maps, Firebase, YouTube. Google uses cookies and trackers for this purpose. | Art. 6(1)(a) GDPR | User's consent | Usage data, tracker data, traffic data, information about active website and web activities, session duration, bounce rate, and geographical position. | Further information on processing and data protection at Google can be found on the Google website at https://policies.google.com/privacy?hl=de&gl=de. | Gordon House, Barrow Street, Dublin 4, Ireland | Yes | Yes | |
| We use the advertising service of LinkedIn Ireland Unlimited Company to manage, optimize and implement our advertisements, sometimes in conjunction with external advertising networks. We use the service to analyze user behavior or for market research and to display interest- and behavior-based personalized advertisements to users. | Art. 6(1)(a) GDPR | User's consent | Usage data, tracker data, traffic data, information about active website and web activities, session duration, and bounce rate. | Further information on processing and data protection at LinkedIn can be found on the LinkedIn website at https://de.linkedin.com/legal/privacy-policy. | Wilton Place, Dublin 2, Ireland | Yes | Yes | |
| ShareThis | We use the service of ShareThis, Inc. to manage, optimize and implement our advertisements, sometimes in conjunction with external advertising networks. The service displays a widget that enables interaction with social networks and external platforms. ShareThis uses cookies and trackers for this purpose. | Art. 6(1)(a) GDPR, Art. 49(1)(a) GDPR | User's consent | Usage data, tracker data, traffic data, information about active website and web activities, session duration, and bounce rate. | Further information on processing and data protection at ShareThis can be found on the ShareThis website at https://sharethis.com/privacy/#ccpa. | 3000 El Camino Real, Building 4, Suite 200, Palo Alto, CA 94306, USA | Yes | Yes |
| ZoomInfo | We use the services of ZoomInfo Technologies LLC on our website for managing user databases with integrated tools for sales, marketing, and recruitment. ZoomInfo also uses cookies or trackers for this purpose. | Art. 6(1)(a) GDPR | User's consent | Usage data, tracker data, traffic data, name, contact details, address, geographical location, company name. | Further information on processing and data protection at ZoomInfo can be found on the ZoomInfo website at https://www.zoominfo.com/legal/privacy-policy. | 805 Broadway Suite 900, Vancouver, WA, USA | Yes | Yes |
| Yahoo | We use the services of Yahoo EMEA Limited to manage, optimize and execute our advertisements, sometimes in conjunction with external advertising networks. We use the service to analyze user behavior or for market research and to display interest- and behavior-based personalized advertisements to users. | Art. 6(1)(a) GDPR, Art. 49(1)(a) GDPR | User's consent | Usage data, tracker data, traffic data, information about active website and web activities, session duration, and bounce rate. | Further information on processing and data protection at Yahoo can be found on the Yahoo website at https://legal.yahoo.com/ie/en/yahoo/privacy/index.html. | Floor 5-7, Point Square, North Wall Quay, Dublin 1, Ireland | Yes | No |
| Hubspot | We use the services of HubSpot Ireland Limited to manage and respond to support and contact requests, to manage customer data, and to make our website user-friendly and deliver it in an optimized manner. The service may also enable the sending of scheduled messages to the user. | Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR | Contractual obligations and legitimate interests | Usage data, tracker data, traffic data, information about active website and web activities, session duration and bounce rate, name, contact details (such as e-mail address and telephone number), industry, employer/company information, professional position, job title, professional career, educational background and professional skills. | Further information on processing and data protection at Hubspot can be found on the Hubspot website at https://legal.hubspot.com/privacy-policy. | Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland | Yes | Yes |
| Matomo | We use the Matomo service for statistical analysis of user behavior and for optimization and marketing purposes in order to make our website secure and user-friendly. Matomo uses cookies and trackers for this purpose. | Art. 6(1)(f) GDPR | Legitimate interest in optimizing our website and ensuring its security. | Usage data, tracker data, traffic data, information about active website and web activities, session duration and bounce rate, name, contact details (such as e-mail address and telephone number). | Further information on processing and data protection at Matomo can be found on the Matomo website at https://matomo.org/matomo-cloud-privacy-policy/. | 7 Waterloo Quay, PO625 6140, Wellington, New Zealand | No | N/A |
| Hotjar | We use the services of Hotjar Ltd to analyze user behavior in order to optimize our offer and make our website more user-friendly. Hotjar allows us to record mouse movements, scrolling movements, clicks and time spent on certain areas of the site. | Art. 6(1)(a) GDPR | User's consent | Usage data, tracker data, traffic data, information about active website and web activities, website usage (such as mouse movements, scrolling movements, clicks, session duration and bounce rate). | Further information on processing and data protection at Hotjar can be found on the Hotjar website at https://help.hotjar.com/hc/en-us/categories/360003405813-Compliance-Data-Privacy-Legal-Security. | Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville, St Julian's, STJ 3141, Malta | No | N/A |
| Keylight | We use the services of keylight GmbH to manage contracts with users and to process contact and prospect data. Keylight offers a platform that enables users to manage their contracts. Keylight uses cookies or trackers for this purpose. | Art. 6(1)(b) GDPR | Contractual obligations | Usage data, tracker data, traffic data, name, contact details (such as e-mail address and telephone number), address, industry, employer/company information, professional position and job title. | Further information on processing and data protection at Keylight can be found on the Keylight website at https://www.keylight.com/privacy-policy. | Kantstrasse 24, 10623 Berlin, Germany | No | N/A |
| Impartner | We use the services of Impartner, Inc. to manage contracts with users and to process contact and prospect data. We use the service to distribute our products, manage resellers and intermediaries, and make marketing content available for download. Impartner uses cookies or trackers for this purpose. | Art. 6(1)(b) GDPR | Contractual obligations | Usage data, tracker data, traffic data, name, contact details (such as e-mail address and telephone number), address, industry, employer/company information, professional position and job title. | Further information on processing and data protection at Impartner can be found on the Impartner website at https://impartner.com/privacy-policy/. | 10897 S River Front Parkway, Suite #500, South Jordan, UT 84095, USA | Yes | Yes |
| Adobe | We use the services of Adobe Systems Ireland Limited for the creation and management of our contracts and documents, marketing materials and other information relating to users who are our customers or potential customers. | Art. 6(1)(f) GDPR | Legitimate interest in optimizing our offer and business operations. | First name, last name, company name, contact details (such as telephone number, email address, address), gender, date of birth, educational and professional data. | Further information on processing and data protection at Adobe can be found on the Adobe website at https://www.adobe.com/de/privacy/policy.html. | 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland | Yes | Yes |
| GoToMeeting | We use the services of GoTo Technologies Ireland Unlimited Company to conduct online meetings and video calls with users who are our customers or potential customers. GoToMeeting uses cookies or trackers for this purpose. | Art. 6(1)(f) GDPR | Legitimate interest in business operations and user-friendly interactions. | User data, tracker data, traffic data, first name, last name, company name, contact data (such as telephone number, e-mail address, address), gender, date of birth, data on education and profession, video content. | Further information on processing and data protection at GoToMeeting can be found on the GoToMeeting website at https://www.goto.de/company/rechtliches/datenschutz/international. | 77 Sir John Rogerson's Quay, Block C, Suite 207, Grand Canal Docklands, Dublin 2, D02 VK60, Ireland | Yes | Yes |
| Social Networks | We operate social media channels to inform users about our services and to communicate via the platforms if they are interested. We process data via our social media profiles when comments or messages are sent to us on the platforms. | Art. 6(1)(f) GDPR | Legitimate interest in responding to user inquiries. | Data via social media profiles, user comments or messages. | Further information on data processing can be found in the terms and conditions and privacy policies of the respective platforms: YouTube: https://www.youtube.com/privacy X: https://twitter.com/privacy Xing: https://privacy.xing.com/de/datenschutzerklaerung LinkedIn: https://www.linkedin.com/legal/privacy-policy Meta: https://www.facebook.com/privacy/policy Instagram: https://privacycenter.instagram.com/policy/ | Depends on platform | Yes | Depends on platform |
III. Legal Definitions:
This privacy policy is a legal document, therefore we need to keep things precise. Throughout this document, we understand the following things when we mention
1. “European Union (or EU)” means all current member states of the European Union and the European Economic Area.
2. “EU-US Privacy Framework” means means the legal mechanism adopted by the European Commission on July 10, 2023, that enables the transfer of personal data from the European Union to certified companies in the United States, ensuring an adequate level of protection in line with the General Data Protection Regulation (GDPR). U.S. companies participating in the framework must self-certify their adherence to data protection principles concerning data security, transparency, and individual rights, and are subject to enforcement by the U.S. Federal Trade Commission (FTC) and other oversight mechanisms provided by the framework.
3. “User”, “user” or “you” is the person who visits and/or uses our website and/or makes use of our services and who is identical to the data subject.
4. “Usage Data” is information collected automatically when you visit our website, including: IP address, domain name, URI (Uniform Resource Identifier) address, requesting provider, browser and operating system characteristics and IT environment, system logs, country of origin and geographical details, time and date and method of request, various time details per visit, size and status (numerical code) of the file received in response from the server (e.g. successful outcome, error), amount of data transferred, path details of the path followed within the application, referrer URL (previously visited page).
5. “Tracker” means any technology, such as cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting, that enables the tracking of users by accessing or storing information on the user's device. Trackers can set Universally Unique Identifiers (UUID) to recognize information or the end device (e.g. unique device identifiers, device identifiers for advertising such as Google Advertiser ID or IDFA) and store or access data ( "tracker data" ) and process usage data or other personal data.
Otherwise, the definitions of Art. 4 GDPR apply.
IV. Changes and adjustments
We will update this Privacy Policy based on the actual data processing on and in connection with our website and our activities. If there are changes to the processing activities for which the user has given consent, we will obtain consent again if necessary.