Using this website may involve the processing of personal data. The following information will give you an overview of our company’s data processing policy to provide both transparency and understanding. In order to ensure fair processing, we would also like to inform you of your rights under the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).
Data processing is handled by Nordmann, Rassmann GmbH, located at Kajen 2, 20459 Hamburg (hereinafter referred to as “we” or “us”).
1. General information
a) Contact information
Should you have any questions or concerns about the following information, or if you would like to get in touch with us in order to exercise your rights, please contact us at:
Nordmann, Rassmann GmbH
20459 Hamburg, Germany
Phone: +49 (40) 36 87-0
Fax: +49 (40) 36 87 249
b) General information on data processing
When using this website, personal data may be processed. Under data protection law, the term “personal data” refers to all the information relating to a specific or identifiable person. IP addresses can also be considered personal data, as a specific IP address is assigned to each electronic device when it is connected to the Internet by an Internet provider so that the device may send and receive data. When you use our company website, we collect information that you yourself provide. In addition, certain information about your use of the website is automatically collected during your visit.
We process personal data in compliance with relevant data protection regulations, in particular the GDPR and the BDSG. Data will only be processed by us on the basis of legal permission. When using this website, we only process personal data given with your consent (GDPR Article 6 [1a]), to fulfil a contract to which you are a party or upon your request to carry out pre-contractual measures (GDPR Article 6 [1c]), to fulfil a legal obligation (GDPR Article 6 [1c]) or if the processing is necessary to protect the legitimate interests of either our company or a third party – unless your interests, fundamental rights or freedoms (which require the protection of personal data), prevail (GDPR Article 6 [1f]). If you apply for work in our company, we also process your personal data so that we may consider establishing an employment relationship with you (BDSG §26 ).
c) Duration of storage
Unless otherwise stated in the following information, we store personal data only as long as necessary to achieve the purposes of processing or to fulfil our contractual or statutory obligations. Such statutory retention obligations may arise in particular from commercial or tax regulations.
d) Technical service providers
Unless otherwise stated in the following information, personal data is processed on the servers of technical service providers commissioned by us for this purpose. These service providers process the data only after express instructions are given and are contractually obliged to guarantee adequate technical and organizational measures for data protection.
2. Processing server logs
When using our website solely for informational purposes, general information that your browser transmits to our server will initially be stored automatically (i.e. not via registration). By default, this information includes: browser type/version, operating system used, accessed page, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code.
There is no permanent log on our web server. However, IP addresses are stored on the firewall for 60 days. Processing is carried out to protect our company’s legitimate interests and on the legal basis stated in Article 6 (1)(1f) of the GDPR. This processing serves the technical administration and security of the website.
3. Online contact form and inquiries
Our website features a contact form which you can use to send us messages. When you do, the transfer of your data is encrypted. All of the data fields which are marked as mandatory are required in order to process your contact request. If you do not provide us with this data, we will not be able to process your message. The provision of any further data here is entirely voluntary. Alternatively, you can opt to send us messages via email using the email address given. In this case, we process only the data needed in order to respond to your inquiry.
The legal basis for this is Article 6 (1)(1b) of the GDPR.
4. Applying for jobs online
You have the option of applying for employment via our website on the Jobs page. For this purpose, we need to collect personal data such as your name, address, telephone number and email address in addition to your application documents.
This personal application data will only be collected, stored, processed and used for purposes in connection with your interest in a current or future position of employment with us and in order to process your application. Your online application will only be processed and viewed by the relevant recruiting officers at our company. All employees entrusted with these data processing duties are obliged to maintain the confidentiality of your data.
If we are unable to offer you employment, we will keep the information you provide for up to six months after the application process has been completed in order to answer any questions relating to your application and its refusal. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly agreed to longer storage.
The legal basis for data collection in this respect is BDSG §26 (1)(1). If we keep your application data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with GDPR Article 7 (3). However, this does not affect the legality of any data processing which occurs prior to such revocation and which is based on previous consent.
The only cookies that we use without your consent are necessary for technical purposes. The use of permanent tracking cookies for the analysis of our website only takes place with your express consent. For this purpose, we use a corresponding cookie layer that appears to you on the start page of our website at the beginning of your visit. These cookies are automatically deleted after a specified period, which may vary depending on the type of cookie concerned.
The legal basis for the use of such permanent cookies is GDPR Article 6 (1)(1a). You can delete these cookies in the security settings of your browser at any time and thereby revoke their storage. Further information on this subject is available from the Federal Office for Information Security at: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.
6. Google Analytics
We use the Google Analytics service from Google LLC (or “Google”, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to evaluate visits to our website. The information concerning visitor use of our website is generated by cookies and transferred to a Google server in the USA where it is then stored. Google uses this information on our behalf to evaluate the use of our company’s online offering, to compile reports concerning website activity on our homepage and to provide us with further services that are associated with the use of our website and the Internet. Pseudonymous user profiles can be created using the processed data.
We use Google Analytics only with IP anonymization enabled. This means that Google will abbreviate the IP address of users within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there.
The IP address transmitted by a user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting the settings in their browser software accordingly.
The legal basis for data processing in connection with the Google Analytics service is GDPR Article 6 (1)(1a). For this purpose, we use a cookie layer that only activates Google Analytics’ tracking function and employs the necessary cookies with the user’s consent.
Google is certified under the EU-U.S. Privacy Shield Framework and thus offers a guarantee of compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
7. Integrated services and third party content
We use services and content on our website that is provided by third parties (hereinafter collectively referred to as “content”). For such integration to work, it is necessary to process your IP address so that the content can be sent to your browser. Your IP address will therefore be transmitted to the respective third party provider.
Such data processing is carried out in each case for the protection of our company’s legitimate interests in both the optimization and economic operation of our website and is based on Article 6 (1)(1f) of the GDPR.
We have incorporated content from the following third-party services into our website: Google Maps, provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), in order to display maps on our website. Google is certified under the EU-U.S. Privacy Shield Framework and thus offers a guarantee of compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
8. Your rights
As the person concerned, you have rights concerning data and may exercise them against us. In particular, you have the following rights:
- the right to request information concerning whether and to what extent we process your personal data (GDPR Article 15, BDSG §34)
- the right to ask us to correct your data, in accordance with GDPR Article 16
- the right to request deletion of your personal data, in accordance with GDPR Article 17 and BDSG §35
- the right to have the processing of your personal data restricted in accordance with GDPR Article 18
- the right, in accordance with GDPR Article 20, to receive the personal data concerning you and which you have provided us with in a structured, current and machine-readable format and to transmit this data to another person responsible
9. Right of refusal
In accordance with Article 21 of the GDPR, you have the right to appeal against any data processing that occurs based on Article 6 (1)(1e) or (1f) of the GDPR. If we process personal data about you for the purpose of direct advertising, you may object to this pursuant to GDPR Article 21 (2) and (3).
10. Withdrawal of consent
If you have provided us with a separate declaration of consent for data processing, you can revoke it at any time in accordance with Article 7 (3) of the GDPR. However, such revocation does not affect the legality of data processing which took place prior to its placement and which was based on consent.
11. Data Protection Officer (DPO)
Our DPO may be contacted by email at the following address: firstname.lastname@example.org
12. Official complaints
If you believe that the processing of your personal data violates the provisions stated in the GDPR, you have the right to appeal to a supervisory authority in accordance with Article 77.
Date: May 2018