Privacy Policy
1. Privacy policy
Thank you for visiting our website. In the following, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
2. Body responsible
The entity named in the legal notice is responsible for the data processing described below.
3. Usage Data
When you visit our websites, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our websites. This data record consists of
- the name and address of the requested content,
- the date and time of the query,
- the amount of data transferred,
- the access status (content transferred, content not found),
- the description of the web browser and operating system used,
- the referral link, which indicates from which page you came to ours,
- the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.
The aforementioned log data is only analyzed anonymously.
The legal basis for the processing of usage data is Art. 6 para. 1 sentence 1 lit. f GDPR. The processing is carried out in the legitimate interest of providing the content of the website and ensuring a device- and browser-optimized display.
4. Data security
We take technical and organizational measures to protect your data from unauthorized access as comprehensively as possible. We use an encryption process on our websites. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.
5. Required Cookies
We use cookies on our websites that are necessary for the use of our websites.
Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
We do not use these necessary cookies for analysis, tracking or advertising purposes.
Some of these cookies only contain information on certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site.
We use these cookies on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
You can set your browser so that it informs you about the placement of cookies. You can also delete them at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our web pages may then not be displayed in full and some functions may no longer be technically available.
Name | Provider | Purpose | Storage duration | Adequate level protection |
cookiefirst-consent | Cookie First | Consent Management | 90 day | EU |
cookiefirst-id | Cookie First | Consent Management | unlimited | EU |
jobsFiltered | Softgarden | Storage filter setting | 24 hours | EU |
6. Consent Banner
When you enter our website, we inform you about the types of cookies we use and give you the option of accepting or rejecting individual types of cookies. We only load non-essential cookies once you have consented to their use.
We use a consent management platform (consent or cookie banner) for this purpose. The processing in connection with the use of the consent management platform and the logging of the settings you have made is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, in our legitimate interest to play our content according to your preferences and to be able to prove the consent(s) you have given. The settings you have made, the consent you have given and parts of your usage data are stored in a cookie. This means that it is retained for subsequent page requests and your consent can still be tracked. You can find further information on this under the heading “Required cookies”.
The provider of our consent management platform “Cookie First”, Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018DH Amsterdam, acts for us as a strictly instruction-bound service provider (processor). An order processing contract in accordance with Art. 28 GDPR has been agreed..
7. Google Analytics
We use the web analysis tool “Google Analytics” for the needs-based design of our websites. Google Analytics creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognize returning visitors and count them as such.
As part of the Google Analytics service, Google Ireland Limited supports us as a processor in accordance with Art. 28 GDPR. Data processing may also be carried out by Google outside the EU or the EEA (in particular in the USA). With regard to Google, an adequate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Google also undertakes to conclude standard contractual clauses with other sub-processors.
Data processing is based on your consent, provided that you have given your consent via our banner. You can withdraw your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.
Provider | Maximum storage duration | Adequate level of data protection | Revocation of consent |
14 months | For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework). | If you wish to withdraw your consent, please click here and make the appropriate setting via our banner. |
8. Google Tag Manager
Google Tag Manager is a solution from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which we use to manage and implement tracking codes and tags on our website. The tool is cookie-free. The tool triggers other tags, which in turn may set cookies and collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
9. Embedded Videos
We embed videos on our websites that are not stored on our servers. To ensure that accessing our websites with embedded videos does not automatically result in the third-party provider’s content being loaded, we only display locally stored preview images of the videos in a first step. This means that the third-party provider does not receive any information.
Only after you click on the preview image will the third-party provider’s content be loaded. This provides the third-party provider with the information that you have accessed our site and the usage data technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider.
Embedding takes place on the basis of your consent, provided you have given your consent by clicking on the preview image. If the data is processed in this context outside the EU or the EEA (in particular in the USA), we provide information on the level of data protection in the following table
Provider | Maximum storage duration | Adequate level of data protection | Revocation of consent |
Vimeo | 2 Jahre |
For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework.
|
If you have clicked on a preview image, the content of the third-party provider will be loaded immediately. If you do not want such a reload on other pages, please do not click on the preview images. |
10. Map services
We embed the Smartmaps map service on our websites, which is not stored on our servers. When you access our pages with embedded map services, Smartmaps content is loaded. As a result, Smartmaps receives the information that you have accessed our site and the usage data technically required in this context.
The provider of our map service “Smartmaps”, YellowMap AG, CAS-Weg 1-5, 76131 Karlsruhe, acts for us as a service provider (processor) strictly bound by instructions. An order processing contract in accordance with Art. 28 GDPR has been agreed. Your data will not be passed on to third parties
11. Captcha
To protect our web forms from automated requests, automated crawling and spam, we use a so-called captcha. As part of the captcha function, you may be asked to complete tasks or click on checkboxes. The user entries made in this context and, if applicable, the mouse movements are used to assess whether the entries originate from a human or an automated program.
The data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR and in the legitimate interest of protecting us from spam and misuse and ensuring the security of our systems.
If you do not wish this data processing to take place, please refrain from using our web forms.
We use the “hCaptcha” service, which is provided by Intuition Machines, Inc., a Delaware US Corporation (“IMI”), for the provision and evaluation. An order processing agreement has been concluded. Further information about hCaptcha and IMI’s privacy policy and terms of use can be found at the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms .
For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework).
12. Application via Application Portal
You have the opportunity to apply for the positions we have advertised or to send us an unsolicited application via our application portal. As part of the application process, we require the information from you that is marked as mandatory fields in our application form. The legal basis for the processing of this data is Section 26 (1) sentence 1 BDSG, as the data is required for the decision on the establishment of an employment relationship. Data processing for other purposes does not take place.
In addition, you can decide for yourself whether to provide us with further information that is not marked as mandatory in the application portal. The provision of this data is voluntary and is not mandatory for the application. If you provide us with your personal data voluntarily, we will process this data on the basis of your consent, which can be revoked at any time, in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § 26 para. 2 BDSG. You can withdraw your consent at any time with effect for the future. To do so, please contact the office named in the legal notice.
Your data will be treated confidentially in our company. We use the strictly instruction-bound service provider softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin as a processor for applicant management, with whom an agreement pursuant to Art. 28 GDPR has been concluded. Your data will not be passed on beyond this. If an employment contract is concluded after the application process, we will store the data from your application that is required for the implementation of your employment relationship. The legal basis for this processing is § 26 para. 1 sentence 1 BDSG. If your application is unsuccessful, your documents will be deleted after six months at the latest. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The processing until the deletion takes place in our legitimate interest to be able to defend ourselves against any complaints concerning the application. We only process the personal data that you provide to us as part of the application process.
This does not apply if you expressly consent to your data being stored for longer (talent pool). In this case, you will be asked again by e-mail every three months whether you consent to your data being stored in the talent pool. If you do not respond within 14 days, your data will be deleted automatically. If you object to the storage of your data, it will be deleted immediately. The legal basis for storing the application documents and contacting you in the event of a suitable position is Art. 6 para. 1 lit. a GDPR in conjunction with § 26 para. 2 BDSG. You can withdraw yourconsent at any time with effect for the future. To do so, please contact the office named in the legal notice.
13. Newsletter Registration and Mailing
You can subscribe to a newsletter on our website. Please note that we require certain data (title, name, email address) to subscribe to the newsletter. The other information is voluntary and is provided on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The newsletter will only be sent if you have given us your express consent. After you have placed your order, you will receive a confirmation e-mail to the e-mail address you have provided (so-called double opt-in). You can revoke your consent at any time. An uncomplicated way to withdraw your consent is, for example, via the unsubscribe link provided in every newsletter.
As part of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary so that we can prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of the order or confirmation of the newsletter, as well as a copy of the confirmation e-mail sent by us. The corresponding data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR and in the legitimate interest of being able to account for the legality of the newsletter dispatch.
We use the services of Brevo, which are provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, to register for and send the newsletter. An order processing agreement has been concluded. Further information on Brevo and the privacy policy can be found at https://de.sendinblue.com/legal/privacypolicy. We have concluded an order processing contract with SendinBlue in accordance with the provisions of Art. 28 GDPR, in which we oblige SendinBlue to protect our customers’ data and not to pass it on to third parties.
14. Storage Period
Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion.
15. Other Processors
We pass on your data to service providers who support us in the operation of our websites and the associated processes as part of order processing in accordance with Art. 28 GDPR. These are, for example, hosting service providers. Our service providers are strictly bound by our instructions and contractually obligated accordingly.
Below we list the processors with whom we work if we have not already done so in the above text of the privacy policy. If data may be processed outside the EU or the EEA in this context, we will inform you of this in the following table.
Processor | Purpose | Adequate level of data protection |
Zech Management GmbH Hansator 20 28217 Bremen (Germany) |
Webhosting and Support |
Processing only within the EU/EEA |
16. Your rights as an affected person
When processing your personal data, the GDPR grants you certain rights as a data subject:
Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.
Right to deletion (Art. 17 GDPR)
You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection to the processing, for the duration of the examination by the controller.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.
Right of withdrawal (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
Right of objection (Art. 21 GDPR)
If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to protect legitimate interests) or on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
Right of appeal to a supervisory authority (Art. 77 GDPR)
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
Enforcement of your rights
Unless otherwise described above, please contact the office named in the legal notice to assert your rights as a data subject.
Contact details of the data privacy officer
Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de
If you contact our data protection officer, please also indicate the responsible office in the imprint.