Privacy statement

Scope of the Statement

This privacy statement explains the nature, scope and purpose for the collection and use of personal data by the responsible provider

Data Controller:

nanoSaar AG
Würmstraße 4
D-82319 Starnberg

Data protection supervisor

For further questions regarding data protection please contact the Data Protection Supervisor of our company using the following E-mail address:

Handling of personal data

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and according to the General Data Protection Regulation (GDPR), the respectively applicable national data protection laws and this Privacy Policy.

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Legal basis for processing

When processing your personal data in the context of the purposes set out in this Policy, we may, depending on the circumstances, rely on one or more of the following legal bases:

  • We have previously obtained your explicit consent to processing (this legal basis will be used only in relation to processing that is entirely voluntary - it will not be used for processing that is in any way necessary or compulsory);
  • The processing is necessary in connection with a contract you conclude with us;
  • The processing is required by law;
  • The processing is necessary to protect the vital interests of a person; or
  • We have a legitimate interest in carrying out the processing for the purpose of managing, operating, or promoting our business and this legitimate interest will not be invalidated by your interests, fundamental rights, or freedoms.

Types of processed data

  • User data (e.g. names, addresses).
  • Contact data (e.g. e-mail, phone numbers).
  • Usage data (e.g. visited websites, interest in content, access times).
  • Meta/communication data (e.g. device information, IP addresses, browsing history on website).

Categories of data subjects

Visitors and users of the website (hereinafter, data subjects in general will also be called "Users").

Purpose of processing

  • Provision of the website as well as the respective functions and contents
  • Responding to contact requests and communicating with Users
  • Security measures
  • Reach measurement/marketing

Processing of special personal data

We will not attempt to collect or otherwise process your sensitive personal information except when:

  • the processing is required or permitted by law (e.g. to fulfill our reporting obligations on diversity)
  • the processing is necessary for the detection or prevention of crime (including the prevention of fraud, money laundering, and terrorist financing);
  • the processing is necessary to establish, exercise, or defend rights; or
  • we have previously, in accordance with applicable law, obtained your explicit consent to processing (as mentioned above, this legal basis is used only in relation to processing that is entirely voluntary - it is not used for processing that is in any way necessary or compulsory).

Sources of data collection

We collect data directly from the user of the website, based either on the information actively sent to nanoSaar AG or through the website visit as such or through voluntary self-declarations in an online content form.

Security measures

We have taken appropriate technical and organizational security measures in accordance with Art. 32 GDPR, taking into account the state of technology, implementation costs as well as nature, scope, circumstances and purposes of the processing and the different likelihood and severity of any risks to the rights and freedoms of natural persons, to protect your personal data against unintentional or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and any other unlawful or unauthorized forms of processing under applicable law.

Such measures include in particular, ensuring confidentiality, integrity and availability of data by controlling physical access to the data, as well as the relevant access, input, disclosure, security of availability and its separation. In addition, we have established procedures that ensure the exercise of the rights of data subjects, deletion of data and reaction to data risks. In addition, we take into account the protection of personal data when developing or selecting the hardware, software and procedures in line with the principle of data protection through technology design and data protection-friendly presetting’s (Art. 25 GDPR).

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit data to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission, if you have given consent, if this is required by law or based on our legitimate interests (e.g. when involving third parties to host the servers, deliver e-mail contact forms as well as response to enquiries through the form). 

If we commission third parties with the processing of data based on a so-called "processing contract," this will be done on the basis of Art. 28 GDPR.

Transmission into third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosure or transmission of data to third parties, this will only be done to fulfill our (pre-)contractual obligations, based on your consent (with corresponding precise information and specifying those third countries), if required by law or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ssq. GDPR are fulfilled.  This means that the processing is carried out e.g. on the basis of specific guarantees, such as the officially recognized level of data protection corresponding to that of the EU (e.g. for the US through the 'Privacy Shield') or compliance with officially recognized special contractual obligations (so-called 'standard contractual clauses').

Please note that the level of data protection of such third countries is lower than the level of protection of the European Union.

Rights of data subjects

You have the right to request confirmation as to whether relevant data are being processed and to request information about such data as well as further information and a copy of the data pursuant to Art. 15 GDPR.

Pursuant to Art. 16 GDPR you have the right to request completion of the data concerning you or correction of any incorrect data concerning you.
Pursuant to Art. 17 GDPR, you have the right to request that the relevant data will be deleted immediately or, alternatively, pursuant to Art. 18 GDPR, to request a restriction of the processing of data.
You have the right to request provision of the data concerning you that you have provided to us pursuant to Art. 20 GDPR and to request their transfer to other controllers.
You also have the right to file a complaint with the competent supervisory authority pursuant to Art. 77 GDPR.

Contact – Bavarian Data Protection Authority

Bavarian Data Protection Authority (BayLDA)

Promenade 27

91522 Ansbach, Germany

Phone: +49 (0) 981 53 1300

Fax: +49 (0) 981 53 98 1300



Right to withdraw

If certain data processing is based on your consent, you have the right to withdraw your consent at any time pursuant to Art. 7 (3) GDPR with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object

You may object to the future processing of your data at any time pursuant to Art. 21 GDPR. Such objection may be made in particular against processing for direct marketing purposes (see also below).

Direct marketing

We use your information to communicate with you and to keep you informed about our activities and events and those of third parties in which you may be interested, and to make suggestions and recommendations to you and other users of our website and app about products or services that may interest you or them (direct marketing). We provide this information to you by email (subject to your prior consent, if required by law), push notifications on our app, targeted ads on our app and third-party platforms, text, social media or telephone.

Cookies and right to object in case of direct marketing

'Cookies' are small files that are stored on the users' computers. Different types of information can be stored by such cookies. A cookie is primarily used to store the information about a user (or the device where the cookie is stored) during or after his/her visit to a website. Temporary cookies, or 'session cookies' or 'transient cookies' are cookies that are deleted after a user has left a website and closes his/her browser. Such a cookie may store e.g. the contents of a shopping cart in an online store or a login jam. Cookies are 'permanent' or 'persistent' if they remain stored even after the browser has been closed. For example, the login status can be saved if users visit again after several days. Similarly, such a cookie can also store the users' interests, which are used for range measurement or marketing purposes. 'Third-party cookie' refers to cookies that are offered by providers other than the person responsible for operating the website (otherwise, if only their cookies are used, they are called 'first-party cookies').

We hereby explain in this Privacy Policy that we may use temporary and permanent cookies.

If users do not want cookies stored on their computer, they are asked to disable the relevant option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. However, the exclusion of cookies can lead to functional restrictions of this website.

A general objection to the use of cookies used for online marketing purposes is possible for a variety of services, especially in the case of tracking, via the US website or the EU site Furthermore, the storage of cookies can be achieved by switching them off in the browser's settings. Please note that in this case it may not be possible to use all features of this website.

Deletion of data

The data processed by us will be deleted pursuant to Art. 17 and 18 GDPR or their processing will be restricted. Unless explicitly stated in this Privacy Policy, the data stored by us will be deleted once they are no longer required for their intended purpose and unless the deletion conflicts with any legal storage requirements. If the data are not deleted because they are required for other and legitimate purposes, their processing will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies for example to data that must be kept for commercial or tax reasons.

Acess Data / Server Log files

The use of our website is generally possible without providing personal data.

We (or our Webspace-Provider) raise data for every access to the offer (so called server log files). The access data include: Name of the accessed webpage, file, date and time of the access, volume of transmitted data, notification of successful access, type and version of browser, user`s operating system, referrer URL (the last visited webpage), IP address and the requesting provider.

We only use the log information for statistical analysis for the purpose of the operation, security and optimization of the offer. If on the basis of specific indicators it is suspected that our webpages are being used illegally, we reserve the right to review the log files afterwards.

Google Maps

This website uses the map service Google Maps via API. This service is provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. To use the functions of Google Maps storage of your IP address is required. This information will usually be transferred to, and stored on, a server in the USA. The provider of this website has no influence on this data transmission.

The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of Google at