Privacy Policy and Information Security Policy
Privacy Policy
On this page, you will find information on how we process your personal data when you access this website.
1. Name and address of the data controller
This website is operated by NEXPLORE (hereinafter also referred to as “NEXPLORE” or “we”), which is also solely responsible for any data processing procedures associated with the website access, unless otherwise stated herein below.
You may contact us as follows:
NEXPLORE Technology Holding GmbH & Co.KG
Alfredstr. 236
45133 Essen
Commercial Register: HRA 10906
Registration court: Essen
Commercial Register: HRB 29508
Phone: +49 201 8240
E-mail: [email protected]
2. Website access
Every access of our website inevitably involves the collection of specific, predominantly certain technical information, which may, however, be classified as personal data by the courts. This includes IP address, device identification, browser features, operating system details, language settings, referring URLs, duration of website access, and pages displayed.
When using this information, we do not collect any identifiable information about you. This information is required, however, to correctly deliver the contents of our website and to provide law enforcement authorities with the information required for criminal prosecution in the event of a cyber-attack.
Additional statistical analyses of these data may only take place after any personal reference has been removed.
Our authorization for the aforementioned data processing arises on the one hand from our legitimate interests in operating an Internet presence (Art. 6(1) (f)) General Data Protection Regulation). With regard to the use of data to provide information to law enforcement authorities, our authorization is based on our obligation to provide information to law enforcement authorities in the event of a cyber-attack (Art. 6(1) (c) General Data Protection Regulation).
Data transfer to other recipients will only occur to our hosting service provider, which hosts the website on our behalf.
We intend to retain the aforementioned personal data for a period of 7 days and to erase them afterwards.
A transfer to third countries outside the European Economic Area is not intended.
3. Cookies
This website uses cookies. Cookies are text files that are stored on a computer system via a web browser.
Numerous websites and servers use cookies. Many cookies contain a “cookie ID.” A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific web browser in which the cookie was stored. This enables the accessed websites and servers to distinguish your individual browser from other web browsers that contain other cookies. A particular web browser can be recognized and identified by its unique cookie ID.
The use of cookies serves our legitimate interests in ensuring the functionality of the website and to keep the visit consistent, i.e., to receive information during a session and to carry out statistical analyses (Art. 6(1) (f) General Data Protection Regulation).
Recipients of the data are the web administrator, the hosting service provider that we use, as well as external programmers, who each work on our behalf. Personal data from the cookies will not be transmitted to other recipients.
You can prevent the setting of cookies by our website at any time by means of an appropriate setting of your web browser and thus permanently object to the setting of cookies. In addition, cookies that have already been set may be deleted at any time via a web browser or other software programs. This feature is available in all common web browsers. If you deactivate the setting of cookies in your web browser, however, not all functions of our website may be fully usable under certain circumstances.
We intend to erase the aforementioned data after the end of the respective browser session.
A transfer to third countries outside the European Economic Area is not intended.
4. Online job application portal
We are using an online job application portal operated on our behalf by Lumesse Ltd., UK (hereinafter referred to as “Lumesse”). In the context of the online application portal, we collect personal data of applicants (last name, first name, address data, telephone number, e-mail address) and the qualifications of the applicants.
We use the data for the purposes of deciding on the conclusion of employment contracts (Section 26(1) sentence 1 Federal Data Protection Act and Art. 6(1) (b) General Data Protection Regulation). By processing your data, we are also pursuing the legitimate interests in processing and responding to your application (Art. 6(1) (f) General Data Protection Regulation). In addition, we are obligated to retain data in accordance under commercial and tax law provisions (Art. 6(1) (c) General Data Protection Regulation).
The data are processed by employees of our HR department and by Lumesse on our behalf. Dissemination to other recipients or a transfer to third countries outside the European Economic Area is not intended.
We regularly erase the data within 6 months after rejection or completion of the application process.
The use of the online application portal is voluntary. You may also apply by other means (e.g., by postal mail).
5. etracker
We are using the services of etracker GmbH, Hamburg (hereinafter referred to as “etracker”) to analyze usage data (device identification, browser features, operating system details, language settings, referring URLs, duration of visits, pages displayed). In this process, cookies are used that enable a statistical analysis of the use of this website by its visitors as well as the display of use-related content or advertising. Cookies are explained in more detail in item 6. etracker cookies do not contain any personally identifiable information.
The data generated with etracker are processed and stored by etracker on behalf of NEXPLORE exclusively in Germany and are thus subject to the strict German and European data protection laws and standards. etracker has been independently audited, certified, and awarded the Privacy Seal.
The data are processed on the basis of our legitimate interests in optimizing our online offering and our website (Art. 6(1) (f) General Data Protection Regulation). Since the privacy of our visitors is particularly important to us, the IP address at etracker is anonymized as early as possible, and login or device IDs at etracker are converted into a unique key that is not assigned to a person. The data are processed exclusively by our web administration and etracker. There will be no other use, combination with other data, or dissemination to third parties.
You may object to the aforementioned data processing at any time by clicking here, as far as the processing of personal data is concerned. Your objection has no detrimental consequences for you. Additional information on data privacy at etracker is available here.
6. Your rights
In accordance with the provisions of Articles 15-20 General Data Protection Regulation, you are entitled to request information from us about the personal data stored about you. In addition, you are entitled to request rectification, erasure, or restriction of the processing of the personal data stored about you.
With respect to the processing of your personal data on the basis of our legitimate interests, you are entitled to object to the processing of your personal data at any time on grounds relating to your particular situation (Art. 21 General Data Protection Regulation).
In addition, you are entitled to file a complaint with the supervisory authority if you believe that the processing of your personal data violates applicable data protection law.
Information Security Policy
1. Introduction
This policy establishes the commitment of top management to information and cybersecurity to minimize the impact of security incidents and threats.
2. Purpose
The Information Security Policy aims to establish a management framework to initiate and control the implementation of information security within the Nexplore.
3. Key Outcomes
The main outcomes of implementing this policy are:
Better adherence to standards and regulations.
Protection of the confidentiality, integrity, and availability of the Nexplore’s information assets.
Reduction of cybersecurity risks.
4. Scope
This policy applies to the Nexplore, its affiliated partners, or subsidiaries, including data processing and process control systems, that are in possession of or using information and/or facilities owned by the Nexplore. It applies to all staff/users directly or indirectly employed by the Nexplore, subsidiaries, or any entity conducting work on behalf of the Nexplore that involves the use of Nexplore-owned information assets.
5. Policy Enforcement and Compliance
Compliance with the provisions of this policy is mandatory. Non-compliance may result in disciplinary actions, including dismissal.
6. Waiver Criteria
Waivers must be formally submitted to Risk Management, including justification and benefits. The maximum waiver period is one year, and it must be reassessed and re-approved, if necessary, for a maximum of three consecutive terms.
7. Related Documents
Policies
Workstation Security Policy
VPN Access and Communications Policy
Endpoint Protection Policy
Supplier Security Policy
Infrastructure and Application Security Policy
Backup and Recovery Policy
Vulnerability and Threat Management Policy
Information Security Awareness Policy
Cybersecurity Incident Management Policy
Network Architecture Policy
Information Classification Policy
Physical and Environmental Security Policy
Access Control Policy
Acceptable Use of Assets Policy
Cloud Use Policy
Teleworking Policy
Password Policy
Cryptographic Controls Policy
Procedures
Development Secure Code Procedure
Secure Communications
Use of Assets
Change Management Procedure
Cybersecurity Roles and Contacts
Termination Changes of Employment Relation
Incident Response Plan and Data Breaches Procedure
Good Practice in Secure Development
8. Document Owner
IT Security Department.
9. Policy Management
This policy will be periodically updated to reflect technological advances and business requirements. Deficiencies must be immediately communicated to the Information Security Manager. Policy changes require approval from Management Review Meetings.
10. Policy Statements
Cybersecurity shall align with the Nexplore’s strategic direction and business objectives. A dedicated Risk Management and Information Security Department, independent from IT and operations, shall be established.
The department will be directed by the CISO, responsible for approving cybersecurity policies and projects. The Nexplore will comply with regulatory, legislative, and contractual requirements. The Nexplore will adopt the ISO 27001 Information Security Management System (ISMS) standard. The Nexplore will implement controls to protect and monitor the confidentiality, integrity, and availability (CIA) of information assets.
Cybersecurity risks will be managed based on the Nexplore’s Risk Management Methodology. Protection measures will be cost-effective and minimize inconvenience to authorized users. The Nexplore is committed to protecting the privacy of personal identifiable information. Continuous improvement of ISMS and cybersecurity is a commitment. Cybersecurity training and awareness will be provided to staff. The Nexplore will invest in resources to protect against cyber-attacks and risks.
A Cybersecurity Steering Committee (CSC) will ensure support and implementation of cybersecurity programs, reporting to the Risk Management Department. This policy is available to employees and relevant interested parties.
All managers are responsible for implementing and ensuring adherence to Information and Cyber Security Policies by their staff.
Compliance with this Policy and all supporting policies, standards, and procedures is mandatory for all managers, staff, and third parties. Violations will result in corrective actions consistent with the severity of the violation as determined by an investigation and deemed appropriate by management.