Data protection

Welcome to www.NAMBAYA.com, the website of NAMBAYA GmbH. Your privacy and your rights in connection with your personal data in the context of the use of our offer is of particular concern to us. With this data protection declaration we would like to explain to you how we process personal data on our website, ie for what purposes it is used, with whom it is shared and what rights you may be entitled to. We will only process your personal data in accordance with the applicable data protection law, as stated here.

Responsible and contact

NAMBAYA GmbH is responsible for this website. You can reach us at our postal address in Lena-Christ-Strasse 44, 82152 Martinsried-Planegg or by email at info@nambaya.com. If you have any questions about your booking, please email us at info@nambaya.com.

You can contact our data protection officer at:

PROLIANCE GmbH
www.datenschutzxperte.de
Leopoldstrasse 21
80802 Munich
datenschutzbeauftragter@datenschmerungxperte.de

Definitions

Our privacy policy should be simple and understandable for everyone. The data protection declaration usually uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

Data processing by visiting our website

When you visit our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

  • Visited domain
  • Date and time of the request
    Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • IP address of the requesting computer
  • Amount of data transferred

We collect this data in order to ensure a smooth connection to the website and to enable users to conveniently use our website. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 Para. 1 lit.f GDPR.
For reasons of technical security, in particular to ward off attempted attacks on our web server, we may save this data for a short time. It is not possible to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. There is no evaluation of this data except for statistical purposes in an anonymous form. This data is not combined with data from other data sources.

Contact form and contact by email

If you send us inquiries via the contact form or e-mail, your details from the inquiry form or your e-mail, including the contact details you provided there, will be stored by us in order to process the request and in the event of follow-up questions. We will not pass on this data under any circumstances without your consent. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 Paragraph 1 lit. f GDPR and, if applicable, Art. 6 Paragraph 1 lit. b GDPR, if your request is aimed at concluding a contract. Your data will be deleted after your request has been processed, provided that there are no statutory retention requirements to the contrary. In the case of Article 6 (1) (f) GDPR, you can object to the processing of your personal data at any time with effect for the future.

Newsletter

  • Personal information
    To send the newsletter, it is usually sufficient to provide an email address and, if applicable, your title and name. Please do not enter any mandatory fields that are not absolutely necessary for sending the newsletter or mark them as voluntary information. The purposes of collecting the name and salutation should also be listed separately. The collection of personal salutation in the newsletter (optional) and the identification of the newsletter subscriber in the event of the assertion of their rights as a data subject are usually permissible purposes.
  • Double opt-in procedure
    To send the newsletter, you always need the active consent of the website visitor. The consent is given using the so-called double opt-in procedure. This initially consists of the so-called opt-in procedure. The visitor's consent is obtained for the first time using a web form by pressing the button to subscribe to the newsletter - or, if the data is collected in a different context (e.g. registration), the newsletter order is sent separately Confirmation (usually placing a tick in a checkbox). In a second step, the consent is secured by sending the visitor a confirmation e-mail to the e-mail address provided, in which he must confirm again by clicking on a link that he wishes to receive the newsletter. The confirmation email may not contain any advertising content.
  • Logging and proof of consent
    Document when (date, time) a subscriber gave which consent (consent text) (both when registering and when confirming). It is controversial whether the storage of the IP address makes sense for reasons of evidence and is permissible under data protection law. Please check which logging functions your newsletter software offers. If the IP address is saved as part of the logging, this must be included in the description.
  • Unsubscribe
    The website visitor must always have the option to unsubscribe from the newsletter. To do this, add a link or a corresponding e-mail address to each newsletter that enables you to unsubscribe.

Social media links

Social networks (e.g. Facebook, Twitter and Xing) are only integrated on our website in the form of a link to the corresponding services. After clicking on the integrated text / image link, you will be redirected to the website of the respective provider. User information is only transmitted to the respective provider after it has been forwarded. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the providers you use.

Your rights

Below you will find a list of the rights of the data subjects to which the data subject is entitled vis-à-vis the controller with regard to the processing of your personal data:

  • The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details.
  • The right, in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us.
  • The right, in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or Defense of legal claims is necessary.
  • The right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you dispute the correctness of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you do Need to assert, exercise or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR
  • The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.
  • The right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our above-mentioned registered office or, if applicable, that of your usual place of residence or work.
  • Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR. You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.

Right to object

If your personal data are processed by us on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided this is for reasons that arise from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct mail, you have a general right of objection without the requirement to state a particular situation.

If you would like to make use of your right of revocation or objection, an email to is sufficient info@nambaya.com.

Changes to our privacy policy

We reserve the right to update this data protection declaration if necessary, taking into account the applicable data protection regulations. In this way, we can adapt them to current legal requirements and take changes to our services into account, e.g. B. when introducing new services. The most recent version applies to your visit.

Status of this data protection declaration: November 16, 2020

en_GB