Privacy Policy

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

1. Data Protection at a glance

 With this privacy policy, Nobile NIG GmbH (hereinafter referred to as: ″Nobile″, ″we″, ″our″) informs you about the collection, use, and processing of personal data when using our website www.nobile-group.com.
The protection of your personal data is very important to us and we take our processing activities seriously. We process personal data exclusively on the legal basis of the European General Data Protection Regulation (GDPR) and the applicable legal provisions under Austrian law, specifically the Austrian Data Protection Law (DSG) and the Austrian Telecommunication Act (TKG).
 
Additional data protection provisions
Additionally, to this Privacy Policy, the Data Protection provision of nobile:connected is applicable for the web app www.nobile-connected.com and the corresponding mobile app and can be accessed under the following link: https://nobile-connected.com/datenschutz/ 
The specific Data Protection provisions for Nobile Invest are applicable when visiting the website https://invest.nobile.energy/ and can be accessed under the following link: https://invest.nobile.energy/datenschutzbestimmungen/ .
 
General remarks
In this context, personal data refers to any information relating to an identified or identifiable natural person, including but not limited to name, telephone number, address, gender, email address, device identifier, IP address, and other similar information
We process your personal data either in the context of our business relationship, if you are a Nobile customer, or when you visit our services for informational purposes or contact us.
When using our services, additional personal data may be collected, processed, and stored. Further information regarding the processing of such data can be found under the respective categories below.
 
Data owner
The controller responsible for the collection, processing, and use of your personal data in connection with our services is:
 
Nobile
NIG GmbH
Handelskai 388/4/431
1020 Vienna, Austria
E-Mail: datenschutz@nobile-group.com
 
Further information about Nobile NIG GmbH can be found in the legal notice available at: https://nobile-group.com/legal-notice/
If you have any questions about data protection in connection with our services or the use of our website, you can contact our Data Protection Team at any time under the email address provided above. We expressly point out that when using this email address, the content will only be read by our Data Protection Team.
 
Why do we process your personal data?
 
We process your data for:
  1. customer inquiries: We process your data when you have a customer inquiry via e-mail, telephone or fax.
  2. website visit: We collect automatically data when you visit our website. This is primarily technical data, such as internet browser, operating system, time of access. This data is collected automatically as soon as you use our services.
  3. (pre-) contractual relationships: Data is processed in the context of contract initiation and contract conclusion for our services and digital content if you voluntarily provide us with the necessary data.
  4.  
For what purposes and on what legal basis do we process your data?
We process your personal data in accordance with the provisions of the GDPR as well as applicable national laws, including the Austrian Data Protection Act (DSG) and the Telecommunications Act (TKG).
 
We process your data for the following purposes:
  • to process customer inquiries, to process contract initiation and customer contracts;
  • for the provision and error-free delivery of our website;
  • to analyze your user behavior using web analysis tools, provided you have given your consent.
  •  
In accordance with the aforementioned legal provisions, we process your personal data only if at least one of the following legal bases applies to our specific data processing activities:
  • Consent: If you have given us your consent to process your data, the processing is carried out lawfully in accordance with the purposes defined in the consent declaration and to the extent agreed therein (Art. 6 para. 1 lit. a GDPR). Consent may be withdrawn at any time.
  • Contract initiation and fulfillment: We need your data to initiate contracts with our customers and to be able to fulfill our obligations to our customers to their fullest satisfaction (Art. 6 para. 1 lit. b GDPR).
  • Fulfillment of a legal obligation: Data processing may be necessary for the purpose of fulfilling legal obligations under Austrian laws such as the Federal Tax Code (BAO), Trade Code (UGB) or other applicable laws (Art. 6 para. 1 lit. c GDPR).
  • Our legitimate interest: Processing may take place based on our legitimate interest in ensuring the functionality and availability of our website, preventing misuse and criminal prosecution, and promoting the further development and improvement of the user-friendliness of our website (Art. 6 para. 1 lit. f GDPR).
  •  
What rights do you have regarding your data?
 
You have the following rights at any time:
You have the following rights at any time:
 
  1. Right to withdraw your consent at any time (Art. 7 para. 3 GDPR), for further details, please refer to section 8 – Data Subject Rights;
  2.  
  3. Right of access (Art. 15 GDPR), meaning that you may request information at any time regarding whether your personal data is being processed by us, as well as details about the specific processing of personal data, along with a copy of the processed information. Under no circumstances does this right to information include access to documents or the provision of copies of such documents;
  4.  
  5. Right to rectification (Art. 16 GDPR), meaning that you may request the correction of your data if it is incomplete or inaccurate;
  6.  
  7. Right to erasure (Art. 17 GDPR), meaning that you may request the deletion of your personal data if it is no longer needed for the purposes for which it was originally collected, or if you know that the data has been used unlawfully. We may refuse your request if the data is necessary for the fulfillment of a legal obligation, for reasons of public interest, or for legal proceedings;
  8.  
  9. Right to restriction of processing (Art. 18 GDPR), meaning that you may request the restriction of the processing of your personal data if this is legally permissible, and in particular, (i) if you dispute the accuracy of your data, (ii) if you request the restriction because you believe the processing is unlawful, or (iii) if the data is no longer necessary for the purposes for which it was collected;
  10.  
  11. Right to data portability (Art. 20 GDPR), meaning that you may request us to provide your personal data in a structured, commonly used, and machine-readable format, and that you can transmit your data to another controller if the data processing is based on consent or a contract, or if it is carried out using automated processes;
  12.  
  13. Right to object (Art. 21 GDPR), for further details, please refer to section 8 – Data Subject Rights;
  14.  
  15. Right to lodge a complaint with the competent data protection authority (Art. 77 GDPR), meaning that you may file a complaint with the competent supervisory authority if you believe that our processing of your personal data violates the GDPR. For Austria, the competent supervisory authority is the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, www.dsb.gv.at.;
 
You have the right to object to direct marketing at any time (Art. 21 para. 2 GDPR).
To enable us to process your request regarding your above-mentioned rights, please send your request directly to us by email to datenschutz@nobile-group.com.
 
How long do we store your data?
We only process your personal data for as long as is necessary to achieve the respective purpose and is permitted under applicable law. In any case, we process your personal data for as long as statutory retention obligations exist or limitation periods for potential legal claims have not yet expired. If processing is based on consent, the data will be stored until consent is withdrawn or the purpose for which it was collected no longer applies.

2. Data processing on our website

Cookies
 
Our website uses cookies. Cookies are small text files that are used by websites to make the user experience more efficient. We use cookies to personalize content and advertisements and to analyze access to our website. We set both session cookies, which are deleted at the end of your visit, and permanent cookies, which remain on your device for longer.
Necessary cookies: These are necessary for the technical operation and provision of our website. In accordance with § 165 para. 3 TKG, we can store these cookies on your device, as they are necessary for the operation of this site. The storage, processing and use of technically necessary cookies is based on the legal grounds of our legitimate interest in the technically functional operation of the website (Art. 6 para. 1 lit. f GDPR).
Analysis and advertising cookies: These help us to understand how you use the website to improve it or to be able to set targeted advertising activities. The storage, processing and use of analysis and advertising cookies takes place exclusively based on your voluntary consent (Art. 6 para. 1 lit. a GDPR).
It is possible to adjust the settings of your browser accordingly so that the use of any cookies is prevented. It is also possible to delete cookies that have already been created in your browser settings. If you do not agree with the processing of these cookies, we would like to point out that not all functions of the website may be fully usable. If cookies are deactivated, the functionality of our website or platform may be restricted.
 
Cookiebot
We use the Cookiebot service (Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark) to manage consents (cookie banner) and the associated logging. This sets technically necessary cookies to save your consent settings.
The storage, processing and use of data by the Cookiebot is based on the legal grounds of our legitimate interest in the legally compliant administration of consents (Art. 6 para. 1 lit. f GDPR).
 
Accessing our website
Each time you use our website, we process connection data that your browser automatically transmits to enable you to visit the website. This connection data comprises so-called HTTP header information, including the user agent and the following information:
  • information about the browser and browser version;
  • operating system used;
  • referrer URL;
  • IP-address;
  • method (e.g. GET, POST), date and time of the request;
  • address of the requested website and path of the requested file;
  • (if applicable) previously accessed website/file (HTTP referrer);
  • version of the HTTP protocol, HTTP status code, size of the delivered file;
  • request information, such as language, content type, content encoding, character sets;
  • cookies stored on the device for the accessed domain.
  •  
The processing of this connection data is necessary to enable you to visit our website, to ensure the long-term functionality and security of our systems and to maintain our website administratively for website administration in general. The connection data is also stored temporarily and in terms of content in internal log files for the purposes described above, to find the cause and act against, for example, repeated or criminal calls that jeopardize the stability and security of our website.
The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO, insofar as the page is accessed while initiating or executing a contract, and otherwise Art. 6 para. 1 lit. f DSGVO based on our legitimate interest in making it possible to access the website and the long-term functionality and security of our systems.
 
Contacting nobile via email, telephone or telefax
There is the possibility to get in touch with us via the “contact us” button on our website. If you click at the “contact us” button our email address office@nobile-group.com will be visible for you. There is also the possibility to contact us via phone or telefax. When you contact us, the following personal data can be processed to respond to your enquiry:
  • first and last name;
  • contact information (e-mail, telephone, inquiry content);
  • company (optional);
  • address (optional);
  • customer number (optional);
 
We only process the personal data that you provide to us. This data is processed exclusively for the purpose of communicating with you and for the purpose of providing you with the requested information.  The data we collect when you contact us will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations.
The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO, insofar as your information is required to answer your request or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in answering your request.
We only make promotional telephone calls if you have given your consent to do so. If you are not an existing customer, we will only send you promotional emails based on your consent. In these cases, the legal basis is Art. 6 para. 1 lit. a DSGVO in conjunction with § 174 TKG.
 
Offers and invoices
If you are interested in our services and request an offer, we may process the following personal data:
  • master data (title, first and last name, company, address, telephone number, customer number);
  • contact details (e-mail, phone number)
  • order data (order number, order date, order quantity, order amount, delivery address, billing address, payment method, delivery method, order history, delivery status);
  • contract data (contract period, contract number, contract partner);
We only process the personal data that you provide to us. We require this data to prepare a suitable offer. If you accept our offer and a contract is concluded between us, your personal data is also necessary for the invoicing.  
The legal basis for processing your data regarding the preparation of offers and invoices is Art. 6 para. 1 lit. b DSGVO. We store your personal data for as long as it is necessary for the (pre-)contractual relationship and therefore legal regulations establish an obligation to store it. In the present case, the storage period for offers and invoices is 7 years.
 
Nobile:Connected
We use the application nobile:connected for operation and billing details. The software nobile:connected collects additional data necessary for the operation and invoices of the respective energy hub. The Privacy Policy of nobile:connected is applicable and can be accessed at: https://nobile-connected.com/datenschutz/  
 
Job applications
You can apply for open positions on our integrated job portal provided by Personio SE & Co KG. The purpose of data collection is to select applicants for the possible establishment of an employment relationship.
We use Personio as a service to receive and process your application. The provider of the service is Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany (hereinafter: Personio). We have concluded a Data Processing Agreement with Personio according to Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that Personio processes the personal data of our users and website visitors only in accordance with our instructions and in compliance with the GDPR.
 
As part of the application process, all data that we receive from you within your application is processed.
This includes the following personal data (hereinafter “application data”):
 
  • first and last name;
  • date of birth (if voluntarily provided by you);
  • gender (if voluntarily provided by you);
  • titles (if voluntarily provided by you);
  • e-mail, telephone number;
  • provided application documents (e.g. curriculum vitae, letter of motivation, certificates);
  • earliest possible starting date;
  • salary expectation (if voluntarily provided by you);
  • current place of residence (if voluntarily provided by you);
  • current employer (if voluntarily provided by you);
  • professional experience in years (if voluntarily provided by you).
  •  
We only process the personal data that you provide to us. The legal basis for processing your application data is Art. 6 para. 1 lit. b and Art. 88 para. 1 GDPR. As a German provider, Personio is subject to the GDPR. We save your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we will store your application data as long as it is necessary for the employment relationship and insofar as legal regulations establish an obligation to store it.
If we reject your application, we will store your application data for a maximum of six months after the rejection of your application, unless you give us your consent to store it for a longer period. If you give us your separate consent in accordance with Article 6 para. 1 lit. a GDPR, we will store the data you provided as part of the application process in our pool of applicants for a further twelve months after completion of the application process to identify any other position of interest to you and, if necessary, contact you again. After the deadline, the data will be deleted. You can withdraw this consent at any time with immediate effect for the future.

3. Use of tools on the webpage

Matomo
This website or our platform uses the open-source web analysis service Matomo to analyze website usage. The service is provided by matomo.org. Matomo is an open-source project developed by the members of the Matomo team and many other contributors around the world. The service uses cookies. The processing of these cookies is based exclusively on your explicit consent.
By using Matomo, various information about website usage and the website visitor is transmitted to the Matomo Cloud servers. When transmitting information, your IP address is anonymized, so that no direct personal identification is possible. To provide you with the best possible experience on our websites, we need to collect and process certain information. Depending on your use of the services, this may include the following:
  • Contacting us: For example, if you ask us for support, send us questions or comments by e-mail or report a problem, we will process your name, e-mail address, message, etc. We only use this data in connection with answering the questions we have asked.
  • Usage data: When you visit our website, we store the website from which you visit us, the parts of our website you visit, the date and duration of your visit, your anonymized IP address, information from the device (device type, operating system, screen resolution, language, country you are in and type of web browser) you used during your visit. We process this usage data in Matomo for statistical purposes in order to improve our site and to detect and prevent abuse.
  • Cookies: We use cookies for recording purposes and to improve the functionality of our website. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time.
  • Create an account: When you sign up for our forum and create an account, we may ask you to provide us with information such as your name, email address and details about your organization. As described elsewhere in this Privacy Policy, we will only process this information to provide you with the service you have signed up for.
The service provider is used based on:
  • Legal basis: We have a legitimate interest in the use of Matomo for analysis and optimization purposes of our website (Art. 6 para. 1 lit. f GDPR) for analysis and advertising cookies, processing only takes place with your voluntary consent, if you have given this consent in the cookie banner (Art. 6 para. 1 lit. a GDPR).
  • IP anonymization: Your IP address is stored in abbreviated form so that no direct personal reference is possible, thus no personal data is processed by Matamo.
  • Hosting: We host Matomo ourselves (at Hetzner). Data is not passed on to third parties.
HubSpot
We use HubSpot for:
  • customer Support Management;
  • customer Relationship Management (CRM) and
  • marketing purposes (e.g. for sending newsletters, email campaigns and lead management)
HubSpot may process data such as your first and last name, your email address or your usage behavior in our emails. HubSpot’s privacy policy applies, available under the following link: HubSpot Privacy Policy
  • Legal basis: The use of HubSpot and processing of your data for marketing purposes (newsletter subscriptions) is only carried out based on your voluntary consent (Art. 6 para. 1 lit. a GDPR). Furthermore, HubSpot is used for CRM purposes based on contract fulfillment, as we want to enable efficient customer management for you (Art. 6 para. 1 lit. b GDPR).
  • Data processing agreement: We have concluded a data processing agreement (DPA) with HubSpot. This is a data protection contract under which HubSpot processes our customers’ personal data only on our behalf and in accordance with our instructions.
  • Hosting: Hosting is provided by HubSpot. Data processing takes place exclusively in the EU or the EEA.
 
New Relic
We use New Relic from the service provider New Relic Inc. for uptime monitoring services for our websites www.nobile-group.com and www.nobile-connected.com. The service provider does not process any personal data of our customers.
The service provider is used based on:
  • Legal basis: We have a legitimate interest in the use of New Relic for monitoring and uptime purposes of our platform (Art. 6 para. 1 lit. f GDPR).
  • No processing of personal data: No personal data is processed or passed on to New Relic.

4. Hosting

Hetzner
We host the content of our website www.nobile-group.com and our server within the European Union with the following provider:
Hetzner Online GmbH,
Industriestr. 25,
91710 Gunzenhausen (hereinafter referred to as “Hetzner”).
Details can be found in Hetzner’s privacy policy: https://www.hetzner.com/de/legal/privacy-policy/
The use of Hetzner is based on our legitimate interest in the most reliable and secure presentation of our website and platform (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively based on this consent (Art. 6 para. 1 lit. a GDPR), insofar as the consent includes the storage of cookies or access to information on the user’s terminal device. Consent can be revoked at any time.
We have concluded a Data Processing Agreement (DPA) with Hetzner. This is a contract prescribed by data protection law, which ensures that Hetzner processes the personal data of our users and website visitors only in accordance with our instructions and in compliance with the GDPR.

5. Transfer of data

Legal basis for data transfer to third parties
As part of our business operations, we collaborate with various external parties. In some cases, the transfer of personal data to these recipients is necessary. We only disclose data on the basis of a data processing agreement (Art. 28 GDPR) or in cases of joint or sole responsibility (Art. 26 GDPR). We transmit your personal data to these recipients to the extent necessary only if:
  • you have given your express consent to this (Art. 6 para. 1 lit a GDPR);
  • this is permitted by law and is required to process contractual relationships with you or to carry out pre-contractual measures that are carried out at your request (Article 6 para. 1 lit. b GDPR);
  • the transfer is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not sharing your data (Art. 6 para. 1 lit f GDPR);
  • we are legally obliged to disclose data, in particular if this is necessary for legal prosecution or enforcement due to official inquiries, court orders and legal proceedings (Article 6 para. 1 lit. c GDPR).
Recipients
For the purposes mentioned above, we will transfer your personal data to the following recipients in particular:
  • external service providers;
  • IT-Service-Providers used by us as processors;
  • contractual partners (if necessary for contractual relationship);
  • tax consultants, advisors and auditors;
  • legal representatives;
  • courts and competent administrative authorities;
  • debt collection agencies;
  • insurance companies;
If we share data with our service providers, they may only use the data to perform their tasks. Our service providers are carefully selected and commissioned by us. They are contractually bound by our instructions, have taken appropriate technical and organizational measures to protect the rights of data subjects.

6. Data transfer to third countries

No data is currently transferred to third countries. We do not transfer personal data to countries outside the European Union (EU) or outside the European Economic Area (EEA).
A potential transfer of personal data to third countries outside the EEA would only take place for countries for which there is an adequacy decision by the European Commission or we have provided suitable guarantees for the protection of personal data by concluding a legally binding document or you have explicitly given your consent for individual cases within the meaning of Art 49 para 1 lit a GDPR.

7. Storage period

In principle, we only store personal data for as long as necessary to fulfill the purposes for which we collected the data. We will then delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidentiary purposes for civil claims, due to legal storage obligations or, in a specific individual case, there is another legal basis under data protection law or national Austrian law for the continued processing of your data.
Storage period of personal data for contract initiation and contract processing: We only store your personal data for as long as it is necessary to fulfill our obligations to you. The data necessary for the fulfillment of accounting obligations (§§ 190, 212 UGB) and tax law requirements (§ 132 BAO) are stored for seven years in any case. In addition, in individual cases, data will be stored for a longer period until the end of the business relationship or a legal dispute or until the expiry of the warranty and guarantee periods as well as the limitation periods in the event of the assertion of claims for damages or insofar as this is necessary for the assertion of copyright claims.
Storage period of personal data in connection with the use of the website: We store the data from your inquiries for a period of 3 (three) years to be able to respond to any queries.
For deletion periods of the third-party providers used, the respective valid data protection regulations of the third-party provider apply.

8. Data subject rights

Your rights
You are entitled to the data subject rights set out in Art. 7 para. 3, Art. 15, Art.  21, Art. 77 GDPR at any time, if the respective legal requirements are met.
You have the following rights as data subject:
  • – right to withdraw your consent (Article 7 para. 3 GDPR);
  • – right to object to the processing of your personal data (Article 21 GDPR);
  • – right to information about your personal data processed by us (Article 15 GDPR);
  • – right to correct your personal data stored by us incorrectly (Art. 16 GDPR);
  • – right to delete your personal data (Article 17 GDPR);
  • – right to restrict the processing of your personal data (Article 18 GDPR);
  • – right to data portability of your personal data (Article 20 GDPR);
  • – right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Details about the right to withdraw consent and the right object to processing
Where personal data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their situation to justify the objection.
You have the right to withdraw your consent to the processing of your personal data at any time with effect for the future (Art. 7 para. 3 GDPR). If you withdraw your consent, your personal data will no longer be processed, unless another legal basis (other than consent) can be applied for further processing; the lawfulness of the processing that occurred prior to the withdrawal remains unaffected. If we process your data based on legitimate interest (Art. 6 para. 1 lit. f GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation. The lawfulness of the data processing carried out prior to your objection remains unaffected.
If your personal data is processed for the purpose of direct marketing, you have the right to object to this processing at any time. The lawfulness of data processing carried out prior to your objection remains unaffected. If you would like to exercise your right of withdrawal or objection, simply send an informal message to the contact details above.
 
 
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users’ request, the Owner will inform them about those recipients.

9. Data security

The personal data collected by us in accordance with this privacy policy is protected by us to the best of our ability against unauthorized access, unauthorized use or publication by third parties.

10. Changes to this privacy policy

We reserve the right to amend this privacy policy if necessary and to update it at regular intervals. A change or update may be necessary when new functions are introduced or due to legal adjustments. We will inform you of any changes by e-mail. Please always refer to the latest version of our privacy policy.

11. Closing words

The protection of your data is our top priority. We take all the necessary technical and organizational measures to protect your personal data in the best possible way and to offer you full transparency regarding its processing. If you have any questions or concerns, please contact our data protection team at any time.