Menu

Privacy policy

Data Protection

Dear Sir or Madam,

By way of this Data Protection Policy, we are providing you with transparent information about the processing of your personal data when using our website and as part of our business relationships.

1 Controller

The controller responsible for data processing is:

NEWSTON Automated Solutions GmbH

Robert-Bosch-Str. 1/1
D-74632 Neuenstein
Tel.: +49 7941 9100 0
E-mail: info@newston.com 

2 Contact person for data protection

You can contact our data protection officer at the following address:

Mustafa Vural
Hopp + Flaig PartG mbB Beratende Ingenieure
Neue Weinsteige 69/71
D-70180 Stuttgart
E-mail: vural@hopp-flaig.de

3 Data processing on our website (general)

3.1 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically forwards to us. These are:

  • Browser type and browser version
  • Used operating system
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

Processing such data is technically necessary to ensure the correct display and stability of our website. The legal basis for this is our legitimate interest in accordance with Article 6 (1) letter f GDPR (General Data Protection Regulation). Such data is not merged with other data sources. The log files are erased after seven days.

3.2 Cookies and similar technologies

Our website uses cookies and similar technologies (e.g. local storage) to provide you with a user-friendly and secure experience. Cookies are small text files that are stored on your device via your browser.

We use different types of cookies and technologies:

Technically necessary cookies are required to ensure the secure and error-free operation of our website. Without them, certain functions (e.g. login, language settings or security tools) could not be provided. The legal basis for this is Article 6 (1) letter f GDPR in conjunction with Section 25 (2) No. 2 TDDDG (German Telecommunications Digital Services Data Protection Act). Our legitimate interest lies in providing a stable and secure website.

Functional, analytical and marketing technologies are not strictly required to operate the website. They are aimed at improving performance, design and user experience or analysing visitor behaviour. These technologies are only used with your express consent. The legal basis for this is Article 6 (1) letter a GDPR in conjunction with Section 25 (1) TDDDG.

You can control the use of cookies in your browser at any time or erase cookies that have already been stored. Please note that the functionality of our website may be limited if certain cookies are rejected.

You can adjust your current settings at any time via the following link or withdraw your consent: Change cookie settings

4 Integrating additional services and content

We use various external services on our website to provide content, functions and evaluations, and improve the user experience. When using these services, personal data may be processed and, where applicable, forwarded to servers in third countries.

Our consent management tool shall be used to obtain your consent for all services that are not technically necessary.

4.1 Managing consent with Usercentrics

To obtain and manage the legally required consent for the use of cookies and similar technologies, we use the consent management tool Usercentrics of Usercentrics GmbH, Sendlinger Straße 7, D-80331 Munich, Germany.

When you first visit our website, Usercentrics displays a consent banner that allows you to specify whether or not and which categories of cookies and services you wish to permit. Your selection shall be saved so that your preferences are automatically taken into account on future visits and your consent does not need to be obtained again.

Your data is processed to document granted or withdrawn consent and, therefore, to fulfil our legal obligations in accordance with Article 6 (1) letter c GDPR in conjunction with Article 7 (1) GDPR and Section 25 TDDDG.

Usercentrics stores information such as the date and time of the visit, device and browser information, an anonymised IP address and a consent ID on servers within the European Union. The data shall be stored for as long as required for verification purposes, usually for a maximum of three years, and then erased, provided that longer-term statutory storage obligations do not apply.

The cookie table displayed on our website is integrated dynamically via a so-called “Embedding” by Usercentrics. This means that the cookies and services currently in use are automatically provided by Usercentrics without the need for manual updating. No additional personal data shall be processed during this process.

Further information about data processing by Usercentrics can be found at: https://usercentrics.com/de/datenschutzerklaerung/ 

4.2 Google Analytics

This website uses functions of the web analysis service Google Analytics. “Google” is a group of companies consisting of Google Ireland Ltd. (service provider), Gordon House, Barrow Street, Dublin 4, Ireland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and other companies affiliated with Google LLC. We have entered into an order processing contract with Google and fully implement the stringent requirements of the German data protection authorities when using Google Analytics. 

Google Analytics uses so-called “Cookies.” These are text files that are stored on your computer and facilitate an analysis of your use of the website. The information created by the cookie about how you use this website is normally forwarded to a Google server in the USA and stored there.

The storage of Google Analytics cookies and use of this analysis tool are based on Article 6 (1) letter f GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both its website and advertising. If corresponding consent has been requested (e.g. consent to the storage of cookies), data is processed based on Article 6 (1) letter a GDPR. Consent may be withdrawn at any time.

4.3 Google Tag Manager

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows website tags (small sections of code) to be managed via a single interface. It serves to trigger other tags, which in turn may collect data. Google Tag Manager itself does not set any cookies and does not collect any personal data.

4.4 Google Fonts (local hosting)

This site uses Google Fonts, which are provided by Google, to ensure consistent font display. Google Fonts are installed locally. No connection to Google servers is established during this process.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s Data Protection Policy: https://policies.google.com/privacy?hl=de.

5 Contact by e-mail, form or post

If you contact us via the contact form, e-mail or post, we shall store your details to process your enquiry.

The data processed in this process includes your name, e-mail address, telephone number, the content of your message and, if relevant, your postal address. The legal basis for such processing depends on the purpose of your enquiry: for enquiries geared towards entering into a contract, such as service or booking enquiries, we process your data in accordance with Article 6 (1) letter b GDPR for initiating contracts. For general information requests, the legal basis is Article 6 (1) letter f GDPR because we have a legitimate interest in processing your request and communicating with customers and interested parties.

The data shall be erased as soon as your request has been fully processed and legal storage obligations no longer apply. In the case of initiating contracts, the storage periods are based on the requirements that apply to contract data. Providing your contact details is necessary for processing your enquiry. Without them, we may not be able to respond to you. The provision of further data is voluntary.

6 Processing of applicant data

As part of your application, we process your personal data to assess your suitability for the position and perform the application process.

6.1 Collecting and processing your application data 

You can send us your application documents in various ways. You can apply via our careers page, which is operated by Personio. Alternatively, you can send us your application directly by e-mail to info@newston.com or apply via the LinkedIn platform.

When you apply to us, we process the data you make available. This includes your name, contact details (address, e-mail and telephone number), date of birth, CV (professional background, qualifications, knowledge and skills), references, cover letter and any other information that you make available to us voluntarily. Additional data from your profile may be forwarded to us when applying via LinkedIn.

Such data is processed to perform the application process, assess your suitability for the advertised position, communicate with you during the selection process and potentially initiate an employment relationship. The legal basis for such processing is generally Section 26 (1) Sentence 1 BDSG in conjunction with Article 6 (1) letter b GDPR because the processing is required to establish an employment relationship. If you make special categories of personal data available to us voluntarily (such as health data or religious affiliation), the legal basis for this is your consent in accordance with Article 9 (2) letter a GDPR. The provision of your application data is necessary for the procedure. Without it, we cannot consider your application.

6.2 Storage period for applicant data

If you are accepted and appointed, your application documents shall become part of your personnel file and shall be stored in accordance with the statutory storage periods for employee data.

In the event of rejection, your application data shall be erased or anonymised six months after completing the application process. This applies to fulfil our documentation obligations in accordance with the German General Equal Treatment Act (AGG).

6.3 Recipients of applicant data

At our company, only those persons who are responsible for the application process, such as the human resources department or the manager of the relevant specialist department, have access to your application data.

We use the applicant management system of Personio SE & Co. KG, a company based in Germany, to manage our applications. In this context, Personio acts as our processor in accordance with Article 28 GDPR. We have entered into a corresponding order processing agreement with Personio, which ensures the protection of your data.

The initial data collection and processing are performed by the respective providers in respect of applications via external platforms such as LinkedIn. We have also entered into corresponding agreements with these providers. The respective privacy policies of the platforms apply to the processing of your data there. LinkedIn: https://www.linkedin.com/legal/privacy-policy 

Please note that a third-country transfer shall apply if the respective platforms operate their servers in third countries. We draw attention to the fact that data transmission via the internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. It is not possible to completely protect your data from third party access.

7 Processing data from trade fair visitors

We shall process your personal data if you visit our exhibition stand and make your contact details available to us via a form or by exchanging business cards.

7.1 Purpose and data processing

We process your data to stay in touch with you, send you information about our products and services, and initiate our business relationship. This includes storing your data for future communication and creating personalised offers.

7.2 Legal basis

Processing of your data is based on Article 6 (1) letter f GDPR. We have a legitimate interest in establishing contact and maintaining business relationships that were initiated during a trade fair. Making your data available is voluntary.

7.3 Data recipients

Your data shall only be made available internally to the relevant employees (e.g. sales or marketing team) who are responsible for following up on trade fair contacts. Data shall not be forwarded to external third parties unless this is necessary to process your enquiry or is required by law. In such a case, the data shall only be forwarded to service providers who support us in customer communications and with whom we have entered into order processing agreements.

8 Data protection information for business partners

Further to the general information made available in this Data Protection Policy, we would like to inform you below about the processing of personal data in the context of our business relationships with suppliers, service providers and other business partners.

8.1 Customers and interested parties

8.1.1 Purpose and data processing

We process your personal data to initiate, conduct and process our business relationship. This includes preparing individual quotations, entering into contracts and processing orders, complaints and invoices. We only collect the minimum amount of data required to perform our tasks.

8.1.2 Legal basis

Processing your data is based on different legal grounds depending on the stage of the business relationship. When entering into a contract or implementing pre-contractual measures at your request, we base our actions on Article 6 (1) letter b GDPR. For pre-contractual measures adopted at our request, the legal basis is Article 6 (1) letter f GDPR.

8.1.3 Data recipients

Your personal data shall only be made available internally to persons who are authorised to fulfil contractual obligations and tasks. Under certain circumstances, disclosure to external recipients may occur. This includes cooperation partners and subcontractors whom we commission to fulfil our contractual obligations. External service providers such as IT service providers, financial service providers or tax advisers may also have access to your data as part of their support services. Where necessary, data processing agreements are in place with these partners. Furthermore, we may disclose your data to authorities such as tax offices or courts due to legal obligations.

8.2 Suppliers and service providers

Purpose and data processing

We process your personal data to establish and conduct our business relationships with you. This includes preparing quotations, entering into contracts, providing and invoicing the agreed services, and safeguarding against potential payment defaults. We observe the principle of data minimisation at all times and only collect data that is required to perform our tasks.

Legal bases

The processing of your data is based on Article 6 (1) letter b GDPR because it is required to execute the contract or perform pre-contractual measures. To safeguard against payment defaults, our actions are based on our legitimate interest in accordance with Article 6 (1) letter f GDPR.

Data recipients

Your personal data shall only be shared internally to fulfil contractual obligations. Externally, data may be forwarded to subcontractors whom we commission to fulfil our contractual obligations. External service providers for support services such as IT, finance or tax may also process your data if necessary. Where necessary, we have entered into data processing agreements with these service providers. Furthermore, we may forward your data to authorities due to legal obligations. For credit checks, we may also obtain information from credit agencies based on our legitimate interest in protecting ourselves against payment defaults.

9 Processing visitor data (access control)

When you enter our company premises, we collect personal data such as your name, company, time of visit and, if applicable, vehicle registration number at reception.

The processing is performed for access control purposes, to ensure the security of the company and fulfil statutory verification and documentation obligations, e.g. for fire protection and evacuation lists.

The legal basis is our legitimate interest in accordance with Article 6 (1) letter f GDPR.

The data shall only be stored for as long as necessary for the stated purposes and shall then be erased, provided that legal storage obligations do not apply.

10 Whistleblower Protection Act (whistleblower system)

We enable individuals who have become aware of violations in conjunction with their professional activities to report these to us freely and under protection as an internal reporting section in accordance with the German Whistleblower Protection Act (HinSchG).

10.1 Purpose and data processing

The provision and use of our whistleblower system are aimed at fulfilling our legal obligation to provide a secure reporting option in accordance with the HinSchG. The reporting section is authorised to process personal data insofar as this is necessary for the tasks defined in Section 13 HinSchG. The type of data processed depends on the specific violation and the information contained in the report. This may include, for example, your name, contact details, information about your professional activities, information about the reported violation or the names of persons involved. This data is processed for the purpose of handling reports, conducting internal investigations and fulfilling our legal obligations in accordance with HinSchG.

10.2 Legal bases

Processing your personal data is based on the following legal grounds: Article 6 (1) letter c GDPR in conjunction with Section 10 HinSchG because the processing is required to comply with a legal obligation. If special categories of personal data are processed, the legal basis is Article 9 (2) letter g GDPR in conjunction with Section 10 HinSchG because the processing is performed for reasons of substantial public interest in employment and social law.

10.3 Whistleblower data recipients

Your data shall only be shared as part of the defined purposes and in accordance with the principles of data minimisation. As the operator of the whistleblower hotline, Hopp + Flaig is responsible for the initial review and examination of incoming reports. One of our consultants shall review the report and forward it to an internal processing centre. Further disclosure may be made to internal investigation departments within our company, other external advisers such as solicitors or authorities such as supervisory or law enforcement agencies, if this is necessary to deal with the reported violation. Information may also be forwarded to other bodies at your express request.

11 Profiling and automated decision-making

We do not use automated decision-making. Furthermore, we do not use profiling that has legal effects on you or could significantly affect you in a similar way.

12 Your rights as a data subject

You have the right to obtain information at any time about your stored personal data. In addition, you have the following rights if the legal requirements are met:

  • Right to access (Article 15 GDPR): you have the right to request information about whether or not and which personal data we process about you.
  • Right to rectification (Article 16 GDPR): you may request the rectification of inaccurate personal data or completion of incomplete personal data.
  • Right to erasure (Article 17 GDPR, “Right to be forgotten”): you may request the erasure of your personal data if, for example, the purpose of storage no longer applies or the data has been processed unlawfully.
  • Right to restriction of processing (Article 18 GDPR): you may request the restriction of the processing of your data if, for example, the accuracy of the data is disputed.
  • Right to data portability (Article 20 GDPR): you have the right to receive the data, which you have made available to us, in a structured, commonly used and machine-readable format and forward it to another controller.
  • Right to object (Article 21 GDPR): you may object at any time to the processing of your personal data on grounds relating to your particular situation, which is performed based on Article 6 (1) letter f GDPR (legitimate interest). This also applies to profiling based on these provisions. You also have an unrestricted right to object to the processing of your data for direct marketing purposes.
  • Right to withdraw consent (Article 7(3) GDPR): if processing your data is based on your consent, you have the right to withdraw such consent at any time with effect for the future. The withdrawal does not affect the lawfulness of the processing performed based on the consent up until the withdrawal.

To exercise your rights, you can contact us or our data protection officer at any time (see above for contact details). We shall process your enquiries promptly. We reserve the right to request prior identification of your person for processing purposes to ensure that the information is made available to the correct person.

13 Right to loge an appeal with the supervisory authority

If you believe that the processing of your data violates applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority.

The address of the competent supervisory authority in Baden-Wuerttemberg is:

The State Commissioner for Data Protection and Freedom of Information
Lautenschlagerstraße 20
D-70173 Stuttgart

14 Amendments to this privacy policy

We reserve the right to amend this Data Protection Policy as required to comply with current legal requirements or changes to our services.

As of 14.10.2025