Privacy Policy
We are pleased with your visit to our website. Below, we wish to inform you about the handling of your data according to Art. 13 of the General Data Protection Regulation (GDPR).
Responsible Entity
The entity responsible for the data processing activities described below is the one named in the imprint.
Usage Data
When you visit our websites, usage data is temporarily evaluated as a log for statistical purposes on our web server to improve the quality of our websites. This data set consists of the name and address of the requested content, the date and time of the query, the amount of data transferred, the access status (content transferred, content not found), the description of the web browser and operating system used, the referral link that indicates from which page you arrived at ours, and the IP address of the requesting computer, which is shortened in such a way that personal identification is no longer possible. The mentioned log data is evaluated only anonymously.
The legal basis for processing usage data is Art. 6 Para. 1 S. 1 lit. f GDPR. Processing is carried out in the legitimate interest of providing website content and ensuring device and browser-optimised presentation.
Data Security
To protect your data from unwanted access as comprehensively as possible, we implement technical and organisational measures. We use an encryption process on our websites. Your data is transmitted from your computer to our server and vice versa over the internet using TLS encryption. This is usually indicated by the lock symbol being closed in the status bar of your browser and the address line beginning with https://.
Required Cookies
We use cookies on our websites that are necessary for the use of our websites. Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use these required cookies for analysis, tracking, or advertising purposes. Some of these cookies only contain information on certain settings and are not personally identifiable. They may also be necessary to enable user navigation, security, and implementation of the page. We use these cookies based on our legitimate interest according to Art. 6 Para. 1 S. 1 lit. f GDPR. You can set your browser to inform you about the placement of cookies. Moreover, cookies can be deleted at any time via the corresponding browser setting, and the setting of new cookies can be prevented. Please note that our websites may not be fully displayed and some functions may no longer be technically available.
Consent Banner
We use a Consent Management Platform (consent or cookie banner) on our websites. The processing associated with the use of the Consent Management Platform and the logging of your settings is based on Art. 6 Para. 1 S. 1 lit. f GDPR, in our legitimate interest to play out our content according to your preferences and to be able to prove your given consent(s). Your settings, the consents granted and parts of your usage data are stored in a cookie. Thus, it remains for subsequent page requests and your consents can continue to be tracked. For more information, please refer to the section "required cookies".
The provider of the Consent Management Platform acts as a strictly bound service provider (processor) for us. A data processing agreement according to Art. 28 GDPR has been agreed upon.
Hotjar Heatmap Analytics
We use the analysis tool "Hotjar Heatmap Analytics" on our websites to make our websites more user-friendly and to optimize them continuously. The tool is used to collect data on user behaviour. Hotjar can also process information provided by you within the scope of surveys and feedback functions integrated into our website. As part of the Google Analytics service, Hotjar Limited assists us as a processor according to Art. 28 GDPR. The data processing is based on your consent if you have given your consent via our banner. You can revoke your consent at any time. Please follow this link and make the appropriate settings via our banner. Further information can be viewed in the provider's privacy notices at the following links: https://www.hotjar.com/legal/policies/privacy https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies
Provider: HotjarMaximum Storage Duration: 365 daysAppropriate Level of Data Protection: Data transfer occurs within the EU/EEARevocation of Consent: If you wish to revoke your consent, please click here and make the appropriate setting via our banner.
Google Analytics
For the needs-based design of our websites, we use the web analytics tool "Google Analytics". Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. This allows us to recognize and count returning visitors. As part of the Google Analytics service, Google Ireland Limited assists us as a processor according to Art. 28 GDPR. Data processing may also take place by Google outside the EU or EEA (especially in the USA). Regarding Google, an appropriate level of data protection is ensured due to the adequacy decision (EU-U.S. Data Privacy Framework). Google also commits to concluding standard contractual clauses with further sub-processors. The data processing is based on your consent if you have given your consent via our banner. You can revoke your consent at any time. Please follow this link and make the appropriate settings via our banner.
Provider: GoogleMaximum Storage Duration: 26 monthsAppropriate Level of Data Protection: For transfers to the USA, an appropriate level of data protection is ensured due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework).Revocation of Consent: If you wish to revoke your consent, please click here and make the appropriate setting via our banner.
Contact Form
You have the opportunity to contact us via our contact form. To use our contact form, we need the data marked as mandatory fields from you. We use these data based on Art. 6 Para. 1 S. 1 lit. f GDPR to answer your inquiry. Your data is only processed to answer your inquiry. We delete your data if it is no longer required and there are no legal storage obligations to the contrary. As a rule, this is the case 365 days after processing the inquiry. Concerning the processing according to Art. 6 Para. 1 S. 1 lit. f GDPR, you have a right to object at any time. Please contact the e-mail address mentioned in the imprint for this purpose.
Social Plugins
We enable you to use social plugins. For privacy reasons, however, we only integrate the social plugins used by us in a deactivated form. Therefore, when you visit our websites, no data is transmitted to social media services. However, you have the option to activate and use the social plugins integrated on our websites. We use a solution that leads to all data and functions required to display the social plugin being provided by our web server in a first step. Only when you decide to activate the respective social plugin and click on the corresponding preview image or icon, in a second step, your browser establishes a connection to the servers of the operator of the respective social media service. When you activate a plugin, the social media service, in particular, receives your IP address and information about your visit to our websites (usage data). This occurs regardless of whether you have an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile. Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. It is likely that the social media service creates usage profiles from your data and uses these for the purpose of personalised advertising. In addition, your data is used to inform other users of the social media service about your activities on our websites. Embedding is based on your consent if you have given your consent by clicking on the preview image. If the data is processed outside the EU or EEA (especially in the USA) in this context, we provide information on the level of data protection in the table below. If you no longer wish the processing of your personal data by the activated social plugins, you can prevent future processing by not clicking on the preview image or icon of the respective social plugin again.
Application via Online Portal
You have the opportunity to apply for the positions we have advertised through our online application portal. During the application process, we require the information marked as mandatory fields in our application form. The legal basis for processing these data is Section 26(1), Sentence 1 of the BDSG (Federal Data Protection Act), as the data is necessary for the decision on establishing an employment relationship. The data will not be processed for any other purposes.
Additionally, you may decide whether to provide us with further information, which is marked as non-obligatory in the application portal. The provision of these data is voluntary and not essential for the application. Should you voluntarily provide us with personal data, we process these data on the basis of your consent, which can be revoked at any time, according to Article 6(1), Sentence 1, lit. a of the GDPR in conjunction with Section 26(2) of the BDSG. Your consent can be revoked at any time with effect for the future. Please contact the office mentioned in the imprint for this purpose. Your information will be treated confidentially within our organisation.
We use the strictly instruction-bound service provider HeavenHR as a processor for applicant management, with whom an agreement according to Article 28 of the GDPR has been concluded. Besides, your data will not be disclosed to third parties. If an employment contract is concluded after the application process, we store the data from your application that is necessary for the execution of your employment relationship. The legal basis for this processing is Section 26(1), Sentence 1 of the BDSG. In the event of an unsuccessful application, your documents will be deleted after four months. The legal basis for this processing is Article 6(1), Sentence 1, lit. f of the GDPR. The processing until deletion takes place in our legitimate interest to defend ourselves against any claims related to the application.
We only process the personal data that you provide to us during the application process. This does not apply if you expressly consent to a longer storage of your data (Talent Pool). Based on your consent, your data will then be further processed for a period of two years in order to consider your application for other or future job advertisements. The legal basis for storing the application documents and contacting you in the case of a suitable position is Article 6(1) lit. a of the GDPR in conjunction with Section 26(2) of the BDSG. You can revoke your consent at any time with effect for the future. Please contact the office mentioned in the imprint for this purpose.
Integration of Other Technical Third-Party Content and Functions
We use the technical functions and contents from third-party providers listed below to display our web pages. Accessing our pages results in the loading of contents from third-party providers who provide these functions and contents. This way, the third-party provider receives information that you have visited our page and the technically necessary usage data. We have no influence on the further data processing by the third-party provider. The data processing is based on your consent, provided you have previously given your consent via our banner solution. Please note that the use of third-party content and functions may result in your data being processed outside the EU or the EEA (especially in the USA). For transfers to the USA, an adequate level of data protection is ensured due to the adequacy decision (EU-U.S. Data Privacy Framework).
Providers: Google
Technical Function or Content: JQuery (Java Script Library)
Possible maximum storage duration: 2 years
Adequate Level of Data Protection: For transfers to the USA, an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).
Withdrawal of Consent: If you wish to revoke your consent, please click here and make the appropriate settings via our banner.
Provider: Amazon Web Services
Technical Function or Content: Cloudfront (Content Delivery Network)
Possible maximum storage duration: 1 year
Adequate Level of Data Protection: For transfers to the USA, an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).
Withdrawal of Consent: If you wish to revoke your consent, please click here and make the appropriate settings via our banner.
Storage Duration
Unless we have already informed you about the storage duration in detail, we delete personal data when it is no longer required for the aforementioned processing purposes and there are no legitimate interests or other (legal) reasons for storage that contradict deletion.
Further Processors
We pass on your data within the scope of order processing according to Art. 28 GDPR to service providers who support us in the operation of our websites and the associated processes. These include, for example, hosting service providers. Our service providers are strictly bound by instructions and are contractually obligated to us. Below, we list the processors with whom we cooperate, in case we have not already done so in the preceding text of the privacy policy. If data is processed outside the EU or EEA in this context, we will inform you in the following list.
Processors: Celonis, Inc. / Make.com
Purpose: Form data processing
Appropriate Level of Data Protection: Processing exclusively within the EU/EEA.
Processors: Telekom Deutschland GmbH
Zweck: Webhosting
Appropriate Level of Data Protection: Processing exclusively within the EU/EEA.
DoubleClick
On our websites, we use Google DoubleClick, a service of Google Inc. ("Google"), for managing and displaying advertisements. This service stores "cookies" (text files) on your computer and uses "web beacons" (invisible graphics) to analyse your user behaviour on our pages. The information generated by cookies and web beacons, including your IP address, is transferred to Google servers in the USA and stored there. Google may also share this information with contractual partners. However, your IP address will not be merged with other personal data. You can block the installation of cookies in your browser settings, thereby preventing the data processing described above. However, this may mean that you will not be able to fully use all the features of this website. The use of DoubleClick only occurs if you have consented to its use according to Art. 6 Para. 1 S. 1 lit. a GDPR. If you wish to learn more about DoubleClick, you can do so here: https://www.google.de/doubleclick. For general privacy information at Google, visit: https://www.google.de/intl/de/policies/privacy.
Appropriate Data Protection Level: For transfers to the USA, an appropriate level of data protection is guaranteed by the provider's certification under the EU-U.S. Data Privacy Framework.
Revocation of Consent: If you wish to revoke your consent, please click here and make the appropriate setting via our banner.
LinkedIn Analytics and LinkedIn Ads
We use the conversion tracking technology and the retargeting function of LinkedIn Corporation on our websites. This technology allows visitors to this website to be shown personalized advertising on LinkedIn. Additionally, it provides the possibility to create anonymous reports on the performance of the advertisements and information on website interaction. For this purpose, the LinkedIn Insight Tag is integrated on this website, establishing a connection to the LinkedIn server if you visit this website while logged into your LinkedIn account. If you wish to learn more about DoubleClick, you can do so here: https://www.linkedin.com/legal/privacy-policyIf you are logged into LinkedIn, you can deactivate data collection at any time under the following link: https://www.linkedin.com/psettings/enhanced-advertising.
The use of LinkedIn Analytics only occurs if you have consented to its use according to Art. 6 Para. 1 S. 1 lit. a or Art. 49 Para. 1 lit. a GDPR.
Revocation of Consent: If you wish to revoke your consent, please click here and make the appropriate setting via our banner.
Your Rights as a Data Subject
In the processing of your personal data, the GDPR grants you certain rights as a data subject:
- Right of Access (Article 15 GDPR): You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about these personal data and to the information listed in detail in Article 15 of the GDPR.
- Right to Rectification (Article 16 GDPR): You have the right to demand immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.
- Right to Erasure (Article 17 GDPR): You have the right to demand the deletion of personal data concerning you immediately if one of the reasons detailed in Article 17 of the GDPR applies.
- Right to Restriction of Processing (Article 18 GDPR): You have the right to demand the restriction of processing if one of the conditions listed in Article 18 of the GDPR applies, e.g., if you have objected to the processing, for the duration of the review by the controller.
- Right to Data Portability (Article 20 GDPR): In certain cases, detailed in Article 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, common, and machine-readable format or to request the transfer of these data to a third party.
- Right of Revocation (Article 7 GDPR): If the processing of data is based on your consent, you are entitled according to Article 7 (3) GDPR to revoke your consent to the use of your personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
- Right to Object (Article 21 GDPR): If data is collected based on Article 6 (1) S. 1 lit. f GDPR (data processing to safeguard legitimate interests) or based on Article 6 (1) S. 1 lit. e GDPR (data processing for the public interest or in the exercise of official authority), you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise or defend legal claims.
- Right to Lodge a Complaint with a Supervisory Authority (Article 77 GDPR): According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. In particular, the complaint can be lodged with a supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.
Assertion of Your Rights
Unless otherwise described above, please contact the office mentioned in the imprint to assert your rights as a data subject.
Contact Details of the Data Protection Officer
Our external data protection officer is available for information on data protection at the following contact details:
- Company: datenschutz nord GmbH
- Address: Konsul-Smidt-Straße 88, 28217 Bremen
- Website: https://www.dsn-group.de/
- Email: office@datenschutz-nord.de
When contacting our data protection officer, please also indicate the responsible body mentioned in the imprint.