Data privacy statement

NOW GmbH websites

In the individual sections, you will find the respective URL, the operator, and information on the hosting of the website named.

1. Responsible body

1.1

The provider of the websites mentioned and the body responsible under data protection law for the processing of your personal data within the meaning of the European General Data Protection Regulation (EU-GDPR) or the Federal Data Protection Act (BDSG) is NOW GmbH, represented by the Managing Director Ms. Dagmar Fehler, who can be contacted at:

NOW GmbH
Fasanenstr. 5
10623 Berlin
Telephone: +49 30 3116116100

E-mail: kontakt@now-gmbh.de

1.2

For further contact options, please refer to the respective contact addresses in the imprint.

1.3

A contact option to the external data protection officer of NOW GmbH exists under:

TÜV SÜD AG
datenschutzbeauftragter@now-gmbh.de

1.4

The term “user” includes all customers and visitors to our online offer. The terms used, such as “user”, are to be understood as gender-neutral.

2. Basic information on data processing

2.1

We process personal data of users only in compliance with the relevant data protection regulations. The data of users will only be processed if there is a legal permission. This means, in particular, if the data processing is necessary for the provision of our contractual services and online services or is required by law, if the users have given their consent, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimization and user-friendly operation of our online offer), in particular in the measurement of reach, collection of access data and use of services of third-party providers.

2.2

With regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR) valid from May 25, 2018, we would like to point out that the legal basis for consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR.

2.3

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the regulations of data protection laws are complied with and that the data processed by us are protected against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

3. Contact form

4. Processing of personal data

The personal data such as address and communication data are processed, in addition to the processing expressly mentioned in this data protection declaration, for the fulfillment of our contractual obligations and for the implementation of pre-contractual measures as well as for the fulfillment of legal obligations. These services include the provision, execution, maintenance, optimization and security of our services, service and user services.

5. Collection of access data

5.1

On the basis of our legitimate interests, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

5.2

We use the log data neither for the assignment to the person of the user nor for the creation of other profiles. A use takes place in accordance with the legal regulations exclusively for statistical evaluations for the purpose of the operation, the security and the optimization of our online offer. However, we reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on concrete indications.

6. Web analysis

6. 1 Use of cookies

Accepting cookies is not a prerequisite for visiting our websites.
Cookies are small text files that are stored on your computer system. Our website uses so-called “cookies”, which serve to make our Internet presence as a whole more user-friendly, effective and secure – for example, when it comes to accelerating navigation on our platform. We use cookies that are transferred from our server to your computer system, which are predominantly so-called “session cookies”. “Session cookies” are characterized by the fact that they are automatically deleted from your hard drive after the end of the browser session.

6.2 What is stored in cookies?

No personal data is stored in the cookies used by NOW-GmbH. The cookies used by us are therefore not assignable to a specific person or a user. If cookies are active, they are assigned an identification number. An assignment of your personal data to this identification number is not possible at any time and is also not carried out.

6.3 Matomo Analytics

We use Matomo (formerly Piwik) for web analysis, a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”) by means of log files. The protection of your data is important to us, therefore we have additionally configured Matomo in such a way that your IP address is recorded exclusively in abbreviated form. We therefore process your personal usage data anonymously. It is not possible for us to draw conclusions about your person. Further information on the terms of use of Matomo and the data protection regulations can be found at: matomo.org/privacy

Your visit to this website is currently recorded by the Matomo web analysis tool.

6.4 LinkedIn Insight-Tag

Our websites use the LinkedIn Insight Tag from LinkedIn Ireland Unlimited Company. The tag places a cookie in your web browser that enables the collection of the following data: URL, referrer URL, IP address, device and browser properties (user agent), timestamp. This data is anonymized within seven days and deleted within 90 days. LinkedIn does not transmit any personal data, but only reports on the website target group and the success of advertisements placed on LinkedIn. Further information can be found in the LinkedIn Privacy Policy.

7. Integration of services and third-party content

7.1

Within our online offer, we use content or service offers from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and user-friendly operation of our online offer) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party provider of this content perceives the IP address of the user, as they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content.
We endeavor to only use content whose respective providers use the IP address only for the delivery of the content. Furthermore, third-party providers can use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring websites, visiting time and other information on the use of our online offer, as well as being linked to such information from other sources.

7.2 Chatbase

We use a chatbot to communicate with you. Chatbots are able to respond to your questions and other input without human assistance. We use Chatbase, a service of Chatbase.co Inc., 4700 Keele Street, 215 Bergeron Centre, Toronto, ON, Canada, M3J 1P3. The service, which is based on ChatGPT technology, enables us to conduct automated conversations with users in order to answer their inquiries efficiently.

When using the chatbot, data such as the questions entered and the answers received are processed. Please ensure, in your own interest, that you do not provide any personal information if possible. Furthermore, your IP address, log files, location information and other metadata can be collected via the chatbot. Registration is not required for use.

The data you enter as part of the communication remains with us or the chatbot operator until you request us to delete it, revoke your consent to processing, or the purpose for data storage no longer applies (e.g. after your request has been processed). The legal basis for the use of chatbots is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Further information about Chatbase can be found at: https://www.chatbase.co/legal/privacy

7.3 Note on data transfer to the USA

Our website includes tools from companies based in the USA (Microsoft Power BI, YouTube). The use of these tools is based on your consent in accordance with Art. 6 para. (1) lit. a. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies may be required to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this.

It cannot therefore be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Corresponding EU standard contractual clauses have been concluded with all companies involved.

8. E-mail contact

8.1
Mail address, your name, your telephone number if applicable) are stored by us in order to answer your questions. We delete the data accruing in this context after storage is no longer necessary, or restrict processing if there are statutory retention periods.

In this context, the data will not be passed on to third parties. The data will only be used for processing the communication.

8.2
The legal basis for data processing is Art. 6 para. 1 lit a GDPR if the user has given their consent, otherwise Art. 6 para. 1 lit f GDPR. The required legitimate interest in data processing lies in the fact that you have contacted us with a request. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit b GDPR.

9. Newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current offers. The advertised goods and services are named in the declaration of consent.

(1) We use the so-called double opt-in procedure to register for our newsletter. This means that after you register, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses used and the time of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify possible misuse of your personal data.

(2) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

(3) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail: https://now-gmbh.de/de/service/infoservice/unsubscribe, by e-mail to Newsletter@now-gmbh.de or by sending a message to the contact details given in the imprint.

(4) We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files that are stored on our service provider CleverReach. For the evaluations, we link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID. This is only possible in HTML e-mails. The data is collected exclusively in pseudonymized form, i.e. the IDs are not linked to your other personal data, and direct personal reference is excluded.

You can prevent tracking at any time by unsubscribing from the newsletter (see above). After unsubscribing, we store the data purely statistically anonymously.

Such tracking is also not possible if you have deactivated the display of images by default in your e-mail program. In this case, the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the tracking mentioned above will take place.

(5) NOW GmbH uses the Clever Reach service to send information. In the reports, data of the opening and clicking recipients are displayed anonymously, there is a prevention of the collection and processing of complete IP addresses. All data of recipients who have unsubscribed from the newsletter service will be completely deleted automatically after one week. All data of recipients who have started but not completed the double opt-in procedure as part of the registration process and who only have a registration date will be deleted after 1 month. Data will not be passed on to third parties at any time.

10. Events

This section provides information about the processing of personal data that we process in connection with participation in our events (hereinafter: event). The processing of personal data takes place in compliance with the applicable data protection regulations.

10.1 Processing of personal data and purposes of processing

a) Event registration (presence, general)

When registering for an event, we collect the following mandatory information: name, first name, organization (company) and your e-mail address. Mandatory information is marked as such.

The mandatory information is processed in order to be able to identify the participants of the event, to check the entered data for plausibility, to reserve the place of participation and to establish or implement the contract for participation.

We also need the personal data to create name tags and lists of participants for the participants and to provide the participants with information about the event during and after the event. This is done to enable optimal participation and to enable us to plan and ensure a smooth process.

In addition, further information can be provided voluntarily. Providing the voluntary data enables us to plan and carry out the event in line with interests. If consent is given, we will make your contact details available to the other event participants in order to facilitate mutual contact.

The data processing takes place at the request of the participants and is required in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the aforementioned purposes for the fulfillment of the participant contract and for the implementation of pre-contractual measures. Alternatively, the processing of your data in accordance with Art. 6 para. 1 sentence 1 lit. e GDPR is necessary for the fulfillment of our public mandate.

At events, we delete the personal data collected by us no later than six months after the event has taken place. Storage beyond the period specified in each case only takes place if:

• we are obliged to store it for a longer period in accordance with Article 6 para. 1 sentence 1 lit. c GDPR due to statutory retention and documentation obligations (especially § 147 AO). In this case, the data will only be stored to the extent required by the retention obligation.
• you have consented to storage beyond this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
• we use the e-mail address to inform the participants about similar events from us in the future. We would like to point out that this use can be objected to at any time without giving reasons. This processing is based on Art. 6 para. 1 sentence 1 lit. e GDPR. The processing is necessary for the performance of a task carried out in the public interest.

Online registration

If participants register via an online form on our website, please also note our other data protection information, which explains which data is already collected and processed when you visit our website.

b) Participation in an online event

If the event is one in which you do not participate in person on site, but online (e.g. via video and/or audio conference), the following additional information applies.

For the implementation of the online event, we use a technical service provider by way of order processing, who processes the data according to our instructions. The following data may be collected as part of participation in the online event:

• Access data: e.g. an individualized link via which you dial into the online event
• Content data: content of your contributions, e.g. in chats or in votes or files released by you. A recording of images or sound recordings of you will only take place if and to the extent that you have given your prior separate consent (Art. 6 para. 1 sentence 1 lit. a GDPR). The intended purpose and the consent to the recording will be documented within the recording.
• Profile data: data that you have voluntarily released about yourself in connection with the online event. Examples of this are your name or, if applicable, your profile picture. Profile data is used for a personal address, alignment of the content to the interests of the audience and a more personal communication.
• Dial-in data: This includes, for example, the date and time you dial into the conference and the time you leave.
• Support/feedback data: Information in connection with any troubleshooting tickets or feedback.
• Telemetry data: This includes diagnostic data in connection with the use of the service, including the transmission quality. This data is used for troubleshooting, securing and updating the technical service and monitoring it. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interests are the provision of a secure and error-free service for online events.

Unless otherwise stated, the processing takes place for the technical and content-related implementation of the online event, i.e. for the execution of the contract (Art. 6 para. 1 sentence 1 lit b GDPR) and we delete the data after 12 months at the latest. The following information is also visible to other participants who are not organizers during the conference: your name, profile photo (if used) and your chat/speech contributions. We do not collect screen activities (e.g. whether you have activated windows other than that of the online event during the event).

If the online event takes place using the “Microsoft Teams” service, the following also applies: The technical service provider is Microsoft Ireland Operations Ltd. in Dublin/Ireland (Microsoft), which acts as a processor for us. The data is stored in the Microsoft Cloud, in data centers in the geography of Europe. It is not intended to transfer personal data from Microsoft Teams to a third country for operational reasons. If you dial in from a third country, the processing initiated by us will also take place via European data centers in this case. Microsoft collects certain diagnostic and service data when providing the service and uses it independently for its own purposes. Insofar as Microsoft processes personal data in connection with its own legitimate business transactions, Microsoft is an independent controller within the meaning of the GDPR for these processing operations. Details on processing by Microsoft can be found at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy

You can participate in an online event based on Microsoft Teams even without your own Microsoft user account. If you use your own Microsoft user account to participate, additional data may be processed in accordance with the provisions of your Microsoft user account.

c) Photo and video recordings

Photos and videos are taken to document the event visually. It cannot be ruled out that you can be directly or indirectly identified in the recordings, so that this is personal data.

The recordings will be used for news directly related to the event and for internal reporting within our company.

In addition, the recordings will be published for post-event reporting on our media platforms, such as LinkedIn or our website. This processing is particularly necessary to document and promote our events.

Data processing is based on Art. 6 para. 1 sentence 1 lit. e GDPR. The processing is necessary for the performance of a task carried out in the public interest.

10.2 Disclosure of data to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.

a) For contract processing or to fulfill our public mandate

To the extent permitted by law and required under Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you, or under Art. 6 para. 1 sentence 1 lit. e GDPR for the fulfillment of our public mandate, your personal data will be disclosed to third parties. This includes, in particular, the disclosure to event partners such as the BMDV or commissioned companies of NOW’s clients for the purpose of planning and implementing the event. The data disclosed may be used by the third party exclusively for the stated purposes.

b) For other purposes

In addition, we will only disclose your personal data to third parties if:

• You have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or
• in the event that there is a legal obligation to disclose the data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR.

10.3 Voluntariness of provision

You are neither legally nor contractually obliged to provide your personal data. However, participation in our events or use of our services can only take place if we can process your personal data. If you do not wish to do so, you may not be able to participate, or not fully.

10.4 Automatic decision-making

Automated decision-making does not take place.

11. LinkedIn, YouTube

On our website, we link to the services of LinkedIn and YouTube. With a mere link, no data flows take place before an action of the user, i.e. before clicking.

12. Disclaimer for links and references

We assume no liability whatsoever for content and for compliance with copyright and labeling obligations of websites outside our area of responsibility.

14. Rights of users and deletion of data

14.1.

Users can revoke their consent at any time without giving reasons and without suffering any disadvantages, in principle with effect for the future. You can send your revocation by e-mail or letter to the following contact details:

NOW GmbH
Fasanenstr. 5
10623 Berlin
Tel.: +49-(0)30-311 61 16-100
E-mail: datenschutzbeauftragter@now-gmbh.de

14.2

The data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal storage obligations to the contrary.

15. SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.

16. Use of EventMobi at conferences

For the implementation of some events, we work together with EventMobi GmbH, Berlin. It provides us with corresponding software and server infrastructure.

If you want to participate in one of these conferences, you can register online for the event via a link on our website with your first and last name, your organization (if applicable) and your e-mail address. For registration, we use the so-called double opt-in procedure, i.e. your registration is only complete when you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein.

The stored data (first and last name, organization and e-mail address) will be forwarded to EventMobi for the purpose of processing in the context of the event and to enable the use of the conference platform. After registration, you will receive the dial-in link to the platform directly from EventMobi GmbH. On this platform, you can log in with the e-mail address provided in the registration form after assigning a personal password. Logging in is done directly via the browser. Via your account, you can follow the conference, but also exchange information with other participants via a chat or participate in surveys.

If you have given your consent, we will include you on the list of participants with your first and last name and the organization you have indicated. We make the list of participants accessible to all participants so that they can network with each other, and we also use it to invite you to a similar event again. You can revoke your consent at any time with effect for the future.

All other participant data will be automatically deleted immediately after the end of the plenary session, but no later than after 90 days. We will not pass on your personal data to third parties unless we are exceptionally obliged to do so under German or European law.

The servers of EventMobi are managed by Amazon Webservices (AWS), USA. Thus, the encrypted data are subject to strict security precautions, but processed in a third country with a currently insufficient level of data protection.

The legal basis for the organization of the conference is Art. 6 para. 1 lit e) GDPR, because we have been entrusted with the public task of coordinating and networking the industry in the field of sustainable mobility. We base the entry in the list of participants on your consent in accordance with Art. 6 para. 1 lit a) GDPR. The legal basis for international data traffic to an insecure third country for the one-time holding of a conference is also your express consent pursuant to Art. 49 para. 1 a) GDPR, until an adequacy decision or other suitable guarantee is available again.

You can revoke your consent to insecure international data traffic at any time. However, you will then unfortunately no longer be able to participate in the conference.

17. Online surveys

17.1.

In the context of accompanying research or for the evaluation of measures, such as funding programs, online surveys are carried out by us. Voluntary surveys are based on Art. 6 para. 1 lit a GDPR. The processing of personal data in the context of mandatory surveys takes place in accordance with Art. 6 para. 1 lit b GDPR.

17.2

Online surveys are usually carried out with the help of software solutions from external providers, such as LimeSurvey or SurveyMonkey. The providers used work in compliance with the GDPR, data is always stored and processed in Germany. Corresponding order processing contracts have been concluded. The principle of data minimization is very important to us. Therefore, we only collect personal data if this is actually relevant for the subject of the investigation. We always strive to collect or anonymize the collected data.

18. Further information and contact

If you have further questions on the subject of data protection, please contact us. If you have questions regarding the collection, processing or use of your personal data, for information, correction or deletion of data as well as revocation of granted consents, please contact: datenschutzbeauftragter@now-gmbh.de.

Data protection declaration as of May 14, 2025