Customer Portal Partner

Privacy Policy

Thank you for visiting our website. Compliance with data protection regulations is of particular importance to us. The aim of this privacy policy is to inform you as a user of the website about the type, scope and purpose of the processing of personal data and your existing rights, insofar as you are a data subject within the meaning of Art. 4 No. 1 of the General Data Protection Regulation.

Click here to see the Nikon SLM Solutions NA Inc. Employee Privacy Notice (California)

1. Responsible Party

This website and the services offered are operated by:

Nikon SLM Solutions AG
Estlandring 4
23560 Luebeck
Germany

E-Mail: info@nikon-slm-solutions.com
Phone: +49 451 4060-3000
Fax: +49 451 4060 -3250

2. Data Protection Officer

We have appointed a data protection officer.

Intersoft consulting services AG

Justus Brandt
Beim Strohhause 17
20097 Hamburg

E-Mail: compliance@nikon-slm-solutions.com

3. General information

We have designed the website to collect as little data as possible from you.

In doing so, we always ensure that your personal data is only processed in accordance with a legal basis

or consent given by you. We comply with the provisions of the General Data Protection Regulation (GDPR) in

force since 25.5.2018 and the applicable national regulations, such as the Federal Data Protection Act, the

Telecommunications Telemedia Data Protection Act or other more specific laws on data protection.

4. Purpose and legal basis of the processing of personal data

We always process your personal data for a specific purpose. In summary, we process your personal data for the following purposes:

  1. To be able to process your request when you contact us (e.g. e-mail address, first name, surname, company name, region),
  2. For the technical realization of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information),
  3. To send a newsletter with information about our range of services and news about our services (e.g. name, e-mail address),
  4. To receive and process an application from you for one of our open job positions,
  5. To enable you to interact with our chat function,
  6. To enable you to download various white papers and case studies
  7. To enable you to participate in webinars.
  8. To enable you to use our partner channels

The following applies with regard to the legal basis for the processing of your personal data:

We process personal data that is required for the establishment, implementation or processing of our range of services (contract processing) on the legal basis of Art. 6 para. 1 lit. b GDPR. Insofar as we obtain your consent for the processing of your personal data, the consent pursuant to Art. 6 para. 1 lit. a GDPR forms the legal basis for data processing. Data processing is also permitted if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data do not predominate. (Art. 6 para. 1 lit. f GDPR) Insofar as we use external service providers as part of commissioned data processing, the processing is carried out on the legal basis of Art. 28 GDPR.

5. Collection of personal data when visiting our website

If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

  • IP-address
  • Date and time of the request
  • Time difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP-Status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers.

We use the following hoster:

Hostingwerft.de

Schlosshof 5a

17509 Ludwigsburg

Data Processing

We have concluded a data processing agreement (DPA) with the aforementioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Further information on this can be found under “Cookies” in this privacy policy and in the consent management tool used.

6. Integration of services from other providers

Our website uses content and services from other providers. These are, for example, services for the statistical analysis of the use of and visits to our website. In order for this data to be accessed and displayed in the user’s browser, it is necessary to transmit the user’s IP address to the third-party providers used.

Despite our efforts to only use third-party providers who only need the IP address to deliver content or even work with anonymized IP addresses, we have no influence on whether the IP address may be stored. Information on the third-party providers used can be found below in this privacy policy. We regularly review the implemented third-party providers to ensure that the data protection notices are always up to date to the best of our ability.

Unpkg CDN

Type and scope of processing

We use Unpkg CDN to properly provide the content of our website. Unpkg CDN is a service of Cloudflare, Inc. which acts as a content delivery network (CDN) on our website.

A CDN helps to make the content of our online services, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Unpkg CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage duration

The specific storage duration of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Unpkg CDN: https://www.cloudflare.com/privacypolicy/.

Adobe Typekit

Type and scope of processing

We use Adobe Typekit from Adobe Inc, San Jose, California, US, as a service to provide fonts for our online services. To obtain these fonts, you establish a connection to Adobe Inc. servers, whereby your IP address is transmitted.

Purpose and legal basis

The use of Adobe Typekit is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Adobe Inc. Further information can be found in the privacy policy for Adobe Typekit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

CloudFlare

Type and scope of processing

We use Cloudflare CDN to properly deliver the content of our website. Cloudflare CDN is a service of Cloudflare, Inc. which acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our website, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Cloudflare CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Cloudflare CDN: https://www.cloudflare.com/privacypolicy/.

Google Analytics

Type and scope of processing

We use Google Analytics 4 from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical analysis of our online services. This includes, for example, the number of visits to our website, the time spent on the website, subpages visited or the browser used. Google Analytics 4 uses cookies, scripts and pixels to evaluate user behaviour, as well as algorithms based on machine learning, which automatically analyze event data such as scrolling movements. This information is used, among other things, to compile reports on website activity.

Purpose and legal basis

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage duration

The specific storage period of the processed data cannot be influenced by us, but it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

Google Fonts

Type and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online services. To obtain these fonts, you establish a connection to the servers of Google Ireland Limited, whereby your IP address is transmitted.

Purpose and legal basis

The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage duration

The specific storage period of the processed data cannot be influenced by us, but it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

Google ReCaptcha

Type and scope of processing

We have integrated Google reCAPTCHA components on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request comes from a natural person or is automated by means of a program. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the time spent on the website and the user’s mouse movements in order to distinguish automated requests from human requests. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage duration

The specific storage period of the processed data cannot be influenced by us, but it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

Google Tag Manager

Type and scope of processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website. This allows us to flexibly integrate additional services in order to evaluate user access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage duration

The specific storage period of the processed data cannot be influenced by us, but it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

LinkedIn Ads

Type and scope of processing

We use LinkedIn CDN to properly provide the content of our website. LinkedIn CDN is a service of the LinkedIn Corporation, which acts as a content delivery network (CDN) on our website to ensure the functionality of other LinkedIn Corporation services. You will find a separate section in this privacy policy for these services. This section only deals with the use of the CDN.

A CDN helps to provide the content of our online services, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of LinkedIn Corporation, Sunnyvale, California, US, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of LinkedIn CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage duration

The specific storage period of the processed data cannot be influenced by us, but it is determined by LinkedIn Corporation. Further information can be found in the privacy policy for LinkedIn CDN: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

LinkedIn Analytics

Type and scope of processing

We use LinkedIn Insight Tag from LinkedIn Corporation, Sunnyvale, California, US, to create target groups, segment visitor groups of our online offer, determine conversion rates and subsequently optimize them. This happens in particular when you interact with advertisements that we have placed with LinkedIn Corporation. For this purpose, LinkedIn Corporation offers retargeting for website visitors in order to display targeted advertising outside our website.

LinkedIn Insight Tag collects data about visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent) and timestamp. This data is used to provide anonymized reports on website audience and ad performance.

Purpose and legal basis

The use of LinkedIn Insight Tag is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage duration

The specific storage period of the processed data cannot be influenced by us, but it is determined by LinkedIn Corporation. Further information can be found in the privacy policy for LinkedIn Insight-Tag: https://www.linkedin.com/legal/privacy-policy.

Bootstrap Cdn

Type and scope of processing

We use Bootstrap CDN to properly deliver the content of our website. Bootstrap CDN is a service provided by Bootstrap, which acts as a content delivery network (CDN) on our website.

A CDN helps to make the content of our online services, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Bootstrap servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Bootstrap CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but it is determined by Bootstrap. Further information can be found in the privacy policy for Bootstrap CDN: https://www.bootstrapcdn.com/privacy-policy/.

jsDelivr

Type and scope of processing

We use JSDelivr CDN to properly provide the content of our website. JSDelivr CDN is a service of Prospect One, which acts as a content delivery network (CDN) on our website.

A CDN helps to make the content of our online services, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Prospect One, Krolewska 65a, Krakow, Malopolskie 30-081, Poland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of JSDelivr CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but it is determined by Prospect One. Further information can be found in the privacy policy for JSDelivr CDN: https://www.jsdelivr.com/privacy-policy-jsdelivr-net.

Cookiebot

Type and scope of processing

We have integrated Cookiebot on our website. Cookiebot is a consent solution from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, with which consent to the storage of cookies can be obtained and documented. Cookiebot uses cookies or other web technologies to recognize users and store the consent given or revoked. For more information, please visit their privacy policy.

Purpose and legal basis

The use of the service is based on the legally required consent to the use of cookies in accordance with Art. 6 para. 1 lit. c. GDPR.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but it is determined by Moove Agency Ltd. Further information can be found in the privacy policy: https://www.mooveagency.com/privacy-policy/.

7. Cookies

Cookies are small text files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier.

Cookies enable our systems to recognize the user’s device and make any default settings immediately available. As soon as a user accesses the platform, a cookie is transferred to the hard disk of the user’s computer. Cookies help us to improve our website and offer you a better and more personalized service. They enable us to recognize your computer or (mobile) device when you return to our website and thus:

  • To store information about your preferred activities on the website and thus tailor our website to your individual interests.
  • To speed up the processing of your requests.

We work together with third-party services that help us to make the Internet offer and the website more interesting for you. Therefore, cookies from these partner companies (third-party providers) are also stored on your hard disk when you visit the website. These are cookies that are automatically deleted after the specified time.

For more information on the individual third-party providers, please refer to the Cookie Consent Tool and the data protection information contained therein.

If you do not wish to use browser cookies, you can set your browser so that the storage of cookies is not accepted. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can select the “Block third-party cookies” setting in your browser. We assume no responsibility for the use of third-party cookies.

8. Contacting (contact forms, request for quotations)

You can contact us by e-mail or via our contact form (offer form for business customers). In this case, we store the personal data you provide in order to process your request and to contact you to process your request. Where we request information via our contact form, we have marked the mandatory fields required for making contact accordingly (asterisk). The voluntary information is used to specify your request and to improve the processing of your request. The requested data is transmitted to us by you on a purely voluntary basis.

Depending on the type of request, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for requests that you make yourself as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f GDPR if your request is of a different nature. The legitimate interest follows from the purposes mentioned under point 4 a.). If personal data is requested that we do not need for the fulfillment of a contract or to protect legitimate interests, it will be transmitted to us on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

9. Partner Channels

You have the option of accessing various documents and files on our website via our partner channels. To do this, you must register with us with a name, company, e-mail address and password to gain access to the channels. After logging in, you can read and download the various files via the partner channels. We only process the technically necessary data for the provision of the service and the data specified above. The processing of your data is based on our legitimate interest in the secure provision of the files in accordance with Art. 6 para. 1 lit. f of the GDPR. Registration for the portal is voluntary, but cannot be used without providing the above data. Your data will not be passed on to third parties and will only be stored until the purpose of processing no longer applies and no statutory retention periods prevent deletion.

10. Job application procedure

We publish job vacancies on our website that you can apply for by e-mail. If you decide to apply for an open position, we will process the personal data you provide there and transmit to us exclusively for the purpose of carrying out the application process.

In addition, we use the applicant management system “Rexx HR-Jobportal”, which is provided by rexx systems GmbH, Süderstraße 75-79, 20097 Hamburg, to process and manage applications. The software enables us to record and manage applications efficiently and to carry out application processes systematically.

The legal basis for the processing of your personal data as part of the application process is Art. 6 para. 1 lit. f GDPR and Section 26 (1) in conjunction with (2) BDSG. Our legitimate interest lies in the efficient and data protection-compliant implementation of application procedures and organizational support through the use of modern HR software.

In the event of a decline, we will delete your data as soon as a retention period of 6 months, as required by labor law, has expired. This period begins when the rejection is sent. If you have expressly consented to the further use of your data for subsequent contact regarding positions that may be of interest to you, we will continue to store your data in accordance with your consent.

If an employment relationship is established following the application process, the data will initially continue to be stored to the extent necessary and permissible and then transferred to the personnel file.

Data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations or if you have given your consent.

The provision of personal data in the context of application processes is neither legally nor contractually required. You are therefore not obliged to provide the personal data. However, the provision of personal data is necessary for the decision on an application or the conclusion of a contract of employment with us. However, you should only provide such personal data in your application as is necessary for the acceptance and execution of the application. If you do not provide us with any personal data in an application, we cannot make a decision on the establishment of an employment relationship.

Please note that applications that you send to us by e-mail are transmitted unencrypted. In this respect, there is a risk that unauthorized persons may intercept and use this data.

11. Presence in social media

In order to present our company in the best possible way and to communicate with you as a user, customer or interested party and to inform you about the services we offer, we make use of our presence on social networks. When using social networks, data is processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection as exists in the EU cannot be guaranteed in all countries outside the EU. In this context, there may be risks for you as a user if the transferred data is processed in so-called third countries with an inadequate level of data protection.

This makes it more difficult to enforce known user rights. In addition, your data may not be processed in your interest by the provider in the third country.  We only transfer personal data to third countries for which an adequate level of protection has been confirmed or if the transfer of personal data can be ensured by contractual agreements or other suitable guarantees.

In addition to the respective provider of a social network, we also collect and process personal user data on so-called “fan pages”. This notice informs you which data we collect from you on our social media sites, how we use it and how you can object to the use of your data. The respective data processing purposes and data categories can be found in the respective offer listed in more detail below.

The activities in social media operated by us and described in more detail below are carried out on the basis of a balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR.

To achieve this, cookies are used which record user behavior and enable the user to be profiled. A specific list of the purposes for which user data is processed can be found in the data protection notices of the respective providers. By making the appropriate settings in your user account, you can restrict profiling, at least to a certain extent. For the exact procedure, please read the relevant data protection information of the respective provider.

The relevant platforms are:

Platform Responsible Party Data protection information of the platform providers
YouTube Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland
https://policies.google.com/privacy?hl=de
X Twitter International Unlimited Company
Attn: Data Protection Officer
One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 IRELAND
https://x.com/en/privacy
LinkedIN LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland
https://de.linkedin.com/legal/privacy-policy?
Instagram https://privacycenter.instagram.com/

Nikon SLM Solutions AG operates profiles on the listed platforms in order to draw attention to products and services and to interact with customers, interested parties and other users of the platform.

The platform operators also use certain data that they have collected from users of the platform (e.g. whether a photo on a profile has been marked with “Like” or commented on) to create aggregated usage statistics and make them available to the respective operators of the profile (so-called “insights” or “analytics”). We as the profile operator also receive such usage statistics. The information we receive as profile operators does not allow us to draw any conclusions about individual users. The profile operator itself has no access to personal data that the platform operator processes for the creation of usage statistics. Only the respective platform operator determines which data is processed for these purposes and how. As the profile operator, Nikon SLM Solutions AG has no legal or actual influence on the processing by the platform operators.

For processing in connection with the creation of usage statistics, Nikon SLM Solutions AG and the respective platform operator are considered joint controllers within the meaning of Art. 26 GDPR. Where possible, joint controllership agreements are in place with the respective platform operators.

In addition, data processing by Nikon SLM Solutions AG as the profile operator only takes place to a very limited extent:

  • Processing of usernames and comments that are deleted due to a breach of netiquette. These will be retained within the limitation period to provide any necessary evidence in the event of legal disputes.
  • Processing of usernames and individual messages when you contact us via messenger services
  • Recruiting potential applicants on career platforms

For these purposes, we generally only process your name, message content, comment content and the profile information you have provided “publicly”.

12. Whitepaper-Download

You have the option of asking to receive various white papers on our website. For this purpose, we generally collect your e-mail address and company name. You are also free to provide further information, such as your telephone number. The whitepapers are provided on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You have the option to withdraw your consent at any time. The lawfulness of the processing of your data remains unaffected until the time of revocation. Your data will no longer be processed for the stated purpose after you withdraw your consent.

13. Newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration your information will be blocked and cannot be used for any other purpose. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to compliance@nikon-slm-solutions.com or by sending a message to the contact details given in the imprint.

14. Rights of the data subject

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, conclusive information about its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller (data portability);
  • in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future and
  • to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
  • Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to compliance@nikon-slm-solutions.com.

15. Forwarding your personal data

Your personal data will be passed on as described below.

Data will also be passed on if we are entitled or obliged to pass on data due to legal provisions and/or official or court orders. In particular, this may involve providing information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.

If your data is passed on to service providers to the extent necessary, they will only have access to your personal data to the extent necessary to fulfill their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR. Insofar as your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR, we ensure that the processing of personal data is carried out in accordance with the GDPR.

We place great importance on processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company may be subject.

16. Data Security

We use technical and organizational measures to secure our website against loss, destruction, access, modification or dissemination of your data by unauthorized persons.

In particular, your personal data is transmitted to us in encrypted form. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) coding system. Our security measures are continuously improved in line with technological developments.

17. Storage duration for the personal data

With regard to the storage period, we delete personal data as soon as its storage is no longer necessary for the fulfillment of the original purpose and there are no longer any statutory retention periods. The statutory retention periods form the criterion for the final duration of the storage of personal data. After the period has expired, the corresponding data is routinely deleted. If there are retention periods, processing is restricted by blocking the data.

18. References and links

When accessing Internet pages to which reference is made on our website, you may again be asked for information such as your name, address, e-mail address, browser properties, etc. This privacy policy does not regulate the collection, disclosure or handling of personal data by third parties.

Third-party service providers may have different and separate provisions regarding the collection, processing and use of personal data. It is therefore advisable to inform yourself on the websites of third parties about their practices regarding the handling of personal data before entering personal data.

Status: June 2025

Nikon SLM Solutions NA Inc. Employee Privacy Notice (California)

In this Nikon SLM Solutions NA Inc. Employee Privacy Notice (California) (hereinafter, the “Notice”), we, Nikon SLM Solutions NA Inc. (hereinafter “we” or “us”), address disclosure requirements towards you, our employees residing in California (“you”), under the California Consumer Privacy Act of 2018 and its regulations, as amended (“CCPA“).These disclosures do not reflect our personal information handling practices with respect to California residents’ personal information where an exception or exemption applies under the CCPA.

1. What Categories of Personal Information Do We Collect?

NO PRIVACY: You have no expectation of privacy when you work on our premises, use any computer systems we own or connect to any networks we operate. Your actions and communications are observed, monitored, recorded, tracked, filtered, deleted, and otherwise processed for the purposes described in this notice.

To carry out the purposes outlined below, the Company may collect or has collected in the preceding 12 months the following categories of personal information from our employees (in the following bullets, a “consumer” means an employee of ours residing in California).

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
  • Personal Information described in subdivision (e) of CA Civ Code Section 1798.80 that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.
  • Characteristics of protected classifications under California or federal law.
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, intranet activity, email communications, social media postings, stored documents and emails, usernames and passwords, all activity on communications systems, including phone calls, call logs, voice mails, text messages, chat logs, app use, mobile browsing and search history, mobile email communications, and other information regarding an employee’s use of Company -issued devices.
  • Geolocation data.
  • Audio, electronic, visual, thermal, olfactory, or similar information, including without limitation data relating to your activities on our or our affiliates’ premises; CCTV footage, voicemails.
  • Professional or employment-related information. This category includes, without limitation:
    • data submitted with an employment application and retained by the Company including employment history, recommendations,
    • background check and criminal history; security check
    • work authorization
    • professional licenses, certifications, educational degrees
    • performance and disciplinary records
    • fitness for duty data and reports
    • benefit plan enrollment, participation, and claims information
    • leave of absence information including religious and family obligations and physical and mental health data concerning employees and their family members
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
  • Inferences drawn from any personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
  • Sensitive Personal Information
    • A consumer’s social security, driver’s license, state identification card, or passport number.
    • A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
    • A consumer’s precise geolocation.
    • A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
    • The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
    • Personal information collected and analyzed concerning a consumer’s health.

2. For What Purposes Do We Collect and Use Personal Information?

We use personal information about our employees:

  • To comply with applicable work-related laws and requirements and administration of those requirements;
  • To manage your work relationship with us (including onboarding processes, timekeeping, payroll, and expense report administration, worker benefits administration, worker training and development requirements, providing accomodations, the creation, maintenance, and security of your online worker accounts, reaching your emergency contacts when needed, such as when you are not reachable or are injured or ill, workers’ compensation claims management, worker job performance, including goals and performance reviews, promotions, discipline, and termination, maintaining occupational health programs and physician records, maintaining personnel records and complying with record retention requirements, and other human resources purposes);
  • To facilitate, monitor and manage security and access control regarding our and our affiliates’ offices and premises, equipment, data, assets, and network and systems, including security activities;
  • To ensure the physical safety of natural persons;
  • To conduct internal audits and workplace investigations, and investigate and enforce compliance with any potential breaches of our policies and procedures;
  • To engage in corporate transactions requiring review of worker records, such as for evaluating potential mergers and acquisitions of us;
  • To process and report on employee expenses;
  • To contact and search for you in an emergency;
  • To maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance;
  • To perform workforce analytics, data analytics, and benchmarking
  • To administer and maintain our operations, including for safety purposes;
  • To market to existing or future clients; and
  • To support any claim or defense that we or our affiliates could face before any jurisdictional and/or administrative authority, arbitration, or mediation panel, and cooperating with – or informing – law enforcement or regulatory authorities to the extent required by law.

We do not use or disclose your sensitive personal information for purposes that, with limited exceptions, are not necessary for the employment/post-employment relationship, or as reasonably expected by an average individual in this context, for other permitted purposes under the CCPA, or as authorized by regulation.

We do not “sell”, as that term is defined under the CCPA, or share for cross-context behavioral advertising any of the categories of personal information that we collect about California employeees.

3. Sources of Personal Informaiton

We may collect personal information directly from you or through your use our facilities or systems during or after your employment. We may also combine personal information collected from other sources with the personal information you provide to us.  For example, we may collect information from:

  • Related entities and affiliates.
  • Pre-employment screening services.
  • Credentialing and licensing organizations.
  • Third parties as necessary for providing you with benefits and ancillary services.
  • Customers and colleagues.
  • Other sources as directed by you.

4. To Whom Do We Disclose Personal information?

To carry out the purposes outlined in Section 2, above, we may disclose your personal information to the following categories of parties:

  • Government Agencies, Regulators, Law Enforcement, and Professional Advisors: We may need to transfer your personal information to government agencies and regulators (g., tax authorities, courts, and government authorities); to law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local laws; to external advisors in conncetion with the provisions of progessional services (e.g., lawyers, accountants, and auditors); to third parties as necessary to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities, to investigate allegations, or to establish, exercise or defend legal claims; as necessary to comply with legal obligations; and to fulfil the other purposes outlined in Section 2 above.
  • Corporate Restructuring: In the event of a change of control (e.g., a merger, reorganization, dissolution or similar corporate event), or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, will be transferred to the surviving entity in a merger or the acquiring entity. Such information will be transferred in accordance with applicable law.

5. What Criteria Do We Consider When Retaining Personal Information?

We retain each of the categories of personal information described in this Notice for as long as necessary to achieve the purpose for which it was collected and in accordance with the Company’s data retention schedule. We may also retain your personal information for any duration necessary for compliance with laws, or to satisfy our legitimate business needs (e.g. as long as necessary for the exercise or defense of legal rights and archiving, back-up and deletion processes).

To determine the appropriate retention period for your personal information, we consider various factors such as the amount, nature, and sensitivity of your information; the potential risk of unauthorized access, use or disclosure; the purposes for which we collect or process your personal information; and, any applicable legal requirements. Personal information does not include certain categories of information, such as publicly available information from government records, and deidentified or aggregated consumer information.

6. CCPA Rights

Employees who are residents of the State of California have the following rights, subject to certain limitations.

Right To Know About Personal Information Collected or Disclosed. You have the right to request information beyond what we have disclosed above regarding the following, to the extent applicable:

  • the categories of personal information the Company collected about you
  • the categories of sources from which that personal information was collected
  • the business or commercial purposes for collecting, selling, or sharing
  • the categories of third parties to whom the information was disclosed
  • the specific pieces of personal information collected

Right To Request Deletion of Your Personal Information. You have the right to request that we delete the personal information we collected or maintain about you. Once we receive your request, we will let you know what, if any, personal information we can delete from our records. There may be circumstances where we cannot delete your personal information. Such instances include, without limitation, when the information at issue is maintained: (a) to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the Company and compatible with the context in which you provided the information, or (b) to comply with a legal obligation.

Right to Request Correction. You have the right to request that the Company correct any inaccurate personal information we maintain about you, taking into account the nature of that information and purpose for processing it.

Right to Withdraw Consent. If we obtain your consent to process your personal information, you may withdraw that consent at any time.

We will not retaliate against you for exercising any of the rights described above.

Submitting CCPA Rights Requests. To submit a CCPA Rights request, please contact HR or emailing us at compliance@nikon-slm-solutions.com.

We reserve the right to only respond to verifiable Requests to Know, Delete, or Correct or Access and Appeal ADMT that are submitted as instructed. A verifiable consumer request is one made by any individual who is:

  • the individual who is the subject of the request,
  • an individual on behalf of the individual’s minor child, or
  • the authorized agent of the individual.

What to submit. If we request, you must provide us with sufficient information to verify your identity and/or authority to act on behalf of the individual. In general, we may ask you to provide identifying information that we already maintain about you or we may use a third-party verification service. In either event, we will try to avoid asking you for sensitive personal information to verify your identity. We may not be able to respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. However, making a verifiable request does not require you to create an account with us.

Additionally, you will need to describe your request with sufficient detail to allow us to review, understand, assess, and respond.  We will not use the personal information we collect from an individual to determine a verifiable request for any other purpose, except as required or permitted by law.

Our response. We reserve the right to charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will attempt to notify you as to why we made that decision and provide a cost estimate before completing your request. We will endeavor to respond to a verifiable request within forty-five (45) calendar days of receipt, but we may require an extension of up to forty-five (45) additional calendar days to respond and we will notify you of the need for the extension.

Authorized Agent. You may authorize a natural person or a business (the Agent) to act on your behalf. When you submit a Request to Know, Correct, or Delete the Agent must provide proof that you gave the Agent signed permission to submit the request, and you either must (i) verify you own identity with the business or (ii) directly confirm with us that you provide permission to the Agent. However, these steps are not required when you have provided the authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465. We reserve the right to deny requests from persons or businesses claiming to be authorized agents that do not submit sufficient proof of their authorization.

7. Your Use of Our Premises and Computer Systems

Monitoring: The Company has significant business interests for restricting personal usage of the Information Systems and monitoring Employees’ business and personal communications on the Information Systems, including but not limited to protecting the Company’s assets, promoting workplace productivity, protecting Employees and customers, and ensuring compliance with applicable laws and Company policies.

At all times, the Company has the right, but not the obligation, to monitor, collect, observe, record, track, filter, delete, and otherwise process information about your actions and communications on our premises and on Computer Systems for the purposes described in Section 2 above, including when you use a personal device to connect to our Computer Systems or for work. “Computer Systems” means computers, software, networks, communications devices, and other similar systems that: (i) we or our affiliates lease, own or make available to you; or (ii) you connect to or use for the purposes of providing services to us or our affiliates. Such systems may include, but are not limited to, computer desktops/laptops, tablets, portable storage devices, instant messaging programs (e.g., Zoom, Skype for Business, etc.), web mail and pages viewed through our devices or networks, SLM email accounts, telephones, facsimile, and smart phones, printers, network devices and equipment. Although limited personal use that does not violate any Company policy or otherwise interfere with job duties is not prohibited in all cases, Employees should not expect that such use entitles them to any expectation of privacy in anything that they access, view, create, store, transmit or receive on or through the Computer  Systems, including any personal messages. This includes personal messages sent or received from personal email or similar accounts, such as Google web-based email accounts which may remain, be accessed, or be viewed on the Computer Systems and may be retrieved and monitored by the Company. Use of passwords to gain access to the Computer Systems does not mean that Employees should have any expectation of privacy in the material that they access, view, create, transmit, store or receive via or on the Computer Systems. The Company has the ability to permit IT personnel and other personnel access to all activity on the Computer Systems, including without limitation all information and materials accessed, viewed, created, stored on or transmitted through its Computer Systems regardless of whether the information or material has been encoded with a Employee’s password. Further, data may be electronically recalled or recreated regardless of whether it may have been ”deleted” or ”erased” by an Employee. Because the Company periodically backs-up all files and messages, and because of the way in which computers re-use file storage space, files and messages may exist that are thought to have been deleted or erased. The Company assumes no liability for loss, damage, destruction, alteration, disclosure or misuse of any personal data or communications transmitted over or stored on the Computer Systems.  The Company accepts no responsibility or liability for the loss or non-delivery of any personal electronic mail or voicemail communications or any personal data stored on the Computer Systems.  The Company strongly discourages employees from storing any personal data on the Computer Systems.

Tracking, Wiping and Blocking Computer Systems: We may track and locate your Computer Systems, including, but not limited to, in the event devices with Company information are lost or stolen. To ensure the confidentiality of business information and preserve its interests, we may remotely delete any Company data which may be stored on a Computer Systems. This may include, but is not limited to, deleting Monitored Data at the end of your employment with us, and deleting Monitored Data at the end of your employment with us, and deleting Monitored Data of a Computer System that is lost, stolen or retired. We may delete any and all data, including but not limited to any professional information and personal information you may have stored on the Computer Systems. You should therefore copy any personal information (files, documents, emails) that may be contained on your Computer Systems on a separate medium. This may affect devices you own and use for work purposes, as well as private information that you have stored on devices; you should regularly back-up data on devices in compliance with applicable company policies. We reserve the right – but do not assume any obligation – to monitor, access, retrieve, review, intercept, block, and delete, to the greatest extent permitted by applicable law, any and all activities, including, but not limited to, phone calls, e-mails, IM messages, files or documents created, sent, received, accessed or stored while using Computer Systems. Only to the extent required by mandatory laws will we take preliminary steps (such as collection of aggregate data to pinpoint irregularities, issuing collective warnings) before engaging in these actions.

Inform others of limited privacy: Always make sure that everybody who you may be communicating with on Computer Systems – including co-workers, customers, suppliers, advisors, your friends, family, etc. – are also aware that if they are communicating with you through Computer Systems, their written and oral communications may be monitored, recorded, tracked, filtered and otherwise processed.

8. Additional Information

This notice is not intended to qualify any other notices or consents of us or our affiliates in any way. For more information please contact HR department of Nikon SLM Solutions NA Inc. If you have a visual disability, please contact your HR department for accommodations.

Last updated: February 2026

YOUR SOLUTIONS PARTNER
YOUR SOLUTIONS PARTNER