Privacy Policy
Preface
We (hereinafter referred to as "the company", "we", or "us") take the protection of your personal data
seriously and would like to inform you about data protection within our company.
As part of our data protection responsibility, we have been assigned additional obligations by the
implementation of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter
"GDPR") to ensure the protection of personal data of individuals whose data is processed (hereinafter
also referred to as "customer", "user", "you", or "data subject").
If we determine the purposes and means of processing either alone or jointly with others, this primarily
includes the obligation to inform you transparently about the nature, scope, purpose, duration, and
legal basis of the processing (cf. Art. 13 and 14 GDPR). With this declaration (hereinafter "Privacy Notice"),
we inform you about how your personal data is processed by us.
Our Privacy Notice is modular in structure. It consists of a general section applicable to all processing of
personal data and processing situations that occur each time a website is accessed (Part A. General)
and a specific section, which refers only to the particular processing situation for the respective service
or product offered, in particular for visits to websites (Part B. Visiting websites). Part B is relevant when
you use our German online services, including our social media profiles.
A. General
(1) Definitions
Following the example of Article 4 GDPR, the following definitions apply to this Privacy Notice:
"Personal data" (Art. 4 No. 1 GDPR) refers to any information relating to an identified or identifiable
natural person ("data subject"). A person is identifiable if they can be identified directly or indirectly,
especially by reference to an identifier such as a name, ID number, online identifier, location data, or
with information regarding their physical, physiological, genetic, mental, economic, cultural, or social
identity. Identifiability can also result from linking such information or from additional knowledge. The
form or embodiment of the information is irrelevant (e.g., photos, video, or audio recordings may contain
personal data).
"Processing" (Art. 4 No. 2 GDPR) means any operation performed on personal data, whether by
automated means or not. This includes, in particular, collection, recording, organization, structuring,
storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination,
or otherwise making available, alignment, combination, restriction, erasure, or destruction.
"Controller" (Art. 4 No. 7 GDPR) means the natural or legal person, authority, agency, or other body that
determines the purposes and means of the processing of personal data.
"Third party" (Art. 4 No. 10 GDPR) means any natural or legal person, authority, agency, or other body
other than the data subject, controller, processor, and persons who, under the direct authority of the
controller or processor, are authorized to process personal data.
"Processor" (Art. 4 No. 8 GDPR) means a natural or legal person, authority, agency, or other body which
processes personal data on behalf of the controller (e.g., IT service providers). A processor is not
considered a third party in the data protection sense.
"Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed, and
unambiguous indication of the data subject's wishes by which he or she, by a statement or a clear
affirmative action, signifies agreement to the processing of personal data relating to him or her.
(2) Name and Address of the Controller
The controller responsible for the processing of your personal data within the meaning of Art. 4 No. 7
GDPR is:
Jennifer Carola Jones
Alte Leipziger Str. 18
63571 Gelnhausen
Germany
Contact:
Phone: +49 170 5508555
Email: info@nextfair.de
Further company details can be found in our legal notice (Impressum) on our website.
(3) Legal Basis for Data Processing
As a matter of principle, any processing of personal data is prohibited by law and only permitted if it
falls under one of the following legal justifications:
Art. 6(1)(a) GDPR ("Consent"): if the data subject has given consent to the processing of their personal
data for one or more specific purposes;
Art. 6(1)(b) GDPR: if the processing is necessary for the performance of a contract with the data subject
or to take steps at the request of the data subject prior to entering into a contract;
Art. 6(1)(c) GDPR: if processing is necessary for compliance with a legal obligation to which the
controller is subject;
Art. 6(1)(d) GDPR: if processing is necessary to protect the vital interests of the data subject or another
person;
Art. 6(1)(e) GDPR: if processing is necessary for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the controller;
Art. 6(1)(f) GDPR ("Legitimate Interests"): if processing is necessary for the purposes of the legitimate
interests pursued by the controller or a third party, unless overridden by the interests or fundamental
rights and freedoms of the data subject.
Each processing activity we carry out is based on at least one of the above legal grounds.
(4) Data Erasure and Storage Duration
We specify how long personal data is stored and when it is deleted or blocked for each processing
operation. Where no specific retention period is mentioned, data is deleted or blocked once the
purpose or legal basis no longer applies.
Data may be stored beyond this period in cases of pending legal disputes or if required by law (e.g.,
Section 257 HGB, Section 147 AO). Once the statutory retention periods expire, the data is deleted
unless further storage is necessary.
(5) Data Security
We implement appropriate technical and organizational security measures to protect your data against
accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by
third parties (e.g., TLS encryption for our website). Security measures are continuously improved based
on technological developments.
6) Use of Processors
We may use external service providers (e.g., IT, logistics, telecommunications, marketing) to process
data on our behalf. They act only on our instructions and are contractually bound to data protection
obligations under Art. 28 GDPR.
(7) Transfer of Personal Data to Third Countries
Personal data may be transferred to countries outside the European Economic Area (EEA). Such
transfers occur only to fulfill contractual or business obligations. Some countries have an adequate
level of data protection as recognized by the EU Commission. In other cases, we ensure an adequate
level of protection through contractual measures such as standard contractual clauses.
(8) No Automated Decision-Making or Profiling
We do not use your personal data for automated decision-making processes, including profiling.
(9) No Obligation to Provide Personal Data
There is generally no legal or contractual obligation for you to provide us with personal data. However,
some features or services may be unavailable if you do not provide necessary data.
(10) Legal Obligation to Disclose Data
We may be legally required to provide personal data to public authorities or government agencies (Art.
6(1)(c) GDPR).
(11) Your Rights
You have the following rights regarding your personal data:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw consent (Art. 7(3) GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
(12) Changes to this Privacy Notice
We regularly review and update our Privacy Notice to comply with changes in data protection laws and
technical developments.
B. Visiting Websites
(1) Function Description
You can find information about our company and services at https://www.nextfair.de/, including
subpages. When visiting our websites, personal data may be processed.
(2) Processed Personal Data
During purely informational use, we collect, store, and process the following categories of data:
Log data: including the referring page (referrer URL), page accessed, date/time, browser
type/version/language, truncated IP address (non-identifiable), data volume, OS, access status, and
GMT time zone difference.
Contact form data: data submitted via contact forms (e.g., name, company, email, date/time).
Newsletter data: email address, IP address (truncated), registration and confirmation time, usage
behavior (through tracking pixels/web beacons).
Data is pseudonymized and not directly linked to your identity.
(3) Purpose and Legal Basis
Log data is used for statistics and improving website quality (Art. 6(1)(f) GDPR).
Contact form data is processed to handle inquiries (Art. 6(1)(b) or (f) GDPR).
Newsletter data is processed based on your consent (Art. 6(1)(a) GDPR). Consent can be withdrawn at
any time via link provided in every newsletter mail or info@nextfair.de.
(4) Duration of Processing
Data is processed only as long as necessary. See also A.(5) and the cookie settings for details.
(5) Data Disclosure to Third Parties
We may disclose your data to:
Website and IT service providers (Art. 6(1)(b) or (f) GDPR)
Government authorities (Art. 6(1)(c) GDPR)
Business partners (e.g., auditors, banks, legal advisors) (Art. 6(1)(b) or (f) GDPR)
Only with your explicit consent (Art. 6(1)(a) GDPR)
(6) Use of Cookies, Plugins, and Other Services
a) Cookies
Cookies are small text files that improve user experience.
We use:
Technical cookies: necessary for functionality and security.
Performance cookies: collect anonymous usage statistics.
Advertising/Targeting cookies: for personalized ads (max. storage: 13 months).
Sharing cookies: enhance interaction with third-party platforms (max. 13 months).
Non-essential cookies require your explicit consent under Art. 6(1)(a) GDPR.
b) Cookie Settings
For more details and to manage your preferences, see our cookie settings on the website.