PRIVACY STATEMENT
The use of this website may involve the processing of personal data. In order to make these processing operations comprehensible to you, we would like to provide you with an overview of these processing operations with the following information. To ensure fair processing, we would also like to inform you about your rights under the European Data Protection Regulation (GDPR) and applicable data protection regulations.
1. Controller
The controller within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).
The controller of the data processing on this website is:
Georg Nordmann Holding Aktiengesellschaft
Kajen 2
20459 Hamburg
(hereinafter referred to as “we” or “us”).
If you have any questions about data protection, you can contact dataprivacy@nordmann-holding.com.
You can contact our data protection officer via dataprivacy@nordmann-holding.com or by using our postal address by adding “for the attention of the data protection officer”.
2. General information on data processing
Scope of the processing of personal data
When you use this website, your personal data is processed. As a matter of principle, we only process your personal data insofar as this is necessary for the provision of a functioning website as well as our contents and services. The collection and use of your personal data is generally only carried out with your consent. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.
Storage period and data deletion
Your personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after ninety days at the latest. Data is not stored beyond this period. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
3. Collection and storage of personal data
When visiting our website, personal data may be collected in various ways. Data may be collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you enter this website.
a) When you visit the website
Cookies
Our website uses so-called “cookies”. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) in the browser of your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.
Technically necessary cookies are stored on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services. Other cookies are only stored with your consent on the basis of Art. 6 (1) lit. a GDPR. The consent can be withdrawn at any time for the future.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company. Insofar as cookies from third-party companies or for analysis or advertising purposes are used, we will inform you of this separately in advance and, if necessary, request your consent.
Server log files
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser settings
- language and version of the browser software
- Operating system used
- referrer URL
- Host name of the accessing computer
- Time of server request
- Access status/HTTP status code
- IP address of the requesting computer, which is shortened in a way that a personal reference cannot be detected
This data is not merged with other data sources.
The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, it will be deleted after 90 days at the latest. Storage beyond this period is possible.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
b) Inquiry by e-mail or telephone
If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not disclose on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent Art. 6 (1) lit. a GDPR and/or on our legitimate interests Art. 6 (1) lit. f GDPR, as we have a legitimate interest in the effective processing of the requests addressed to us.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. A conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Mandatory legal provisions – in particular retention periods – remain unaffected by this.
You have the option to withdraw your consent to the processing of personal data at any time.
If you contact us by e-mail, you can object to the processing of your personal data at any time. In such a case, the conversation cannot be continued.
You can withdraw your consent and object to the storage of your data by sending an e-mail to dataprivacy@nordmann-holding.com, for example. The personal data processed in the course of contacting you will be deleted in this case.
c) Job applications
You have the opportunity to apply for vacant positions and submit unsolicited applications via our website in the recruiting section. For this purpose, we collect and process the personal data you provide with your application (e.g. name, e-mail address, data resulting from the application documents, in particular date of birth, marital status – hereinafter also referred to collectively as “applicant data”).
Your personal application data will only be processed for purposes related to your interest in current or future employment with us and the processing of your application.
Your online application will only be processed and acknowledged by the relevant contact persons. All employees entrusted with data processing are obliged to maintain the confidentiality of your data.
To fill individual positions, we engage specialized personnel service providers from time to time. As part of the applicant management process, these providers also receive knowledge of your applicant data. If we cooperate with personnel service providers in the context of data processing, we conclude a so-called data processing agreement with the respective service providers in advance in accordance with Art. 28 para. 3 GDPR.
If we cannot offer you a position, we will retain the data you have submitted for up to six (6) months after completion of the application process for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prohibit the deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.
The legal basis for data collection is Art. 6 para. 1 lit. b GDPR. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 para. 3 GDPR. Such revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.
4. Hosting and content delivery networks (CDN)
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers Art. 6 (1) lit. b GDPR and in the interest of a secure, fast and efficient provision of our online offer by a professional provider Art. 6 (1) lit. f GDPR.
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and follow our instructions with regard to this data.
We use the following hoster:
1&1 IONOS SE
Elgendorfer Str. 57
56410 Montabaur
Germany
Details can be found in the data protection declaration of 1&1 IONOS SE at: https://www.ionos.de/terms-gtc/terms-privacy/.
In order to ensure data protection-compliant processing, we have concluded an data processing agreement (DPA) with our hoster.
This is a contract required by data protection law, which ensures that the hoster only processes the personal data of our website visitors in accordance with our instructions and in compliance with the Data Protection Regulation (GDPR).
5. Social Media
We are represented on the social media platform “LinkedIn” with a company page. Hereby, we would like to offer further opportunities to seek information about our company and for interaction.
If you visit our company page or interact with it on social media platforms, your personal data may be processed. Also information associated with a social media profile is usually considered as personal data. This also includes messages and statements made by using the profile. In addition, certain information is often automatically collected during your visit to a social media profile, which may also constitute personal data.
a) Visting our company page at LinkedIn
In principle, LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is solely responsible for the processing of personal data when you visit our LinkedIn page. Further information on the processing of personal data by LinkedIn can be obtained from LinkedIn at: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data to provide us with statistics and insights in anonymised form. This gives us insights into the types of actions that people take on our site (so-called page insights). In particular, LinkedIn processes data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarised page insights. It is also not possible for us to draw conclusions about individual members from the information in the page insights. This processing of personal data in the context of page insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in analysing the types of actions taken on our LinkedIn company page and improving our company page based on these findings. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.
We have concluded an agreement with LinkedIn on processing as joint controllers, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.
The following applies:
– LinkedIn is responsible to provide you with the opportunity to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the privacy policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us by using the contact details provided to exercise your rights in connection with the processing of personal data in the context of page insights. In such case, we will forward your enquiry to LinkedIn.
– The Irish Data Protection Commission is the lead supervisory authority overseeing the processing for page insights. You have the right to file a complaint with the Irish Data Protection Commission (www.dataprotection.ie) or any other competent supervisory authority.
Please note that in accordance with the LinkedIn privacy policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which the European Commission has adopted an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR. If data is transferred to third countries, we hereby inform you that there is e.g. a risk that the authorities of the respective third country may gain access to the personal data and that there may not be sufficient legal means to protect the rights and interests of the data subjects.
b) Comments and direct messages
We also process information that you have provided to us via our company page on the social media platforms. Such information may include the username used, contact details or a message to us. This processing is carried out by us as the sole-controller. We process this data on the basis of our legitimate interest in contacting enquiring persons. If you send us messages via the message function of a social media platform that are related to the fulfilment of a contract or pre-contractual measures, the processing is carried out for the purpose of fulfilling a contract to which you are a party or for the implementation of pre-contractual measures that are carried out at your request in accordance with Art. 6 para. 1 lit. b GDPR. Otherwise, the legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Additional data processing may take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if this is necessary to fulfil a legal obligation (Art. 6 para. 1 lit. c GDPR).
6. Your rights
You have the right
- of access to personal data processed by us and information in accordance with Art. 15 GDPR. In particular, you can access information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to demand the immediate rectification of inaccurate or incomplete personal data stored by us;
- pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the establishment, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
- to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
- object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. You have the option of informally communicating the objection by telephone, e-mail, fax or to our postal address listed at the beginning of this data protection declaration.
If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
- Lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
The competent data protection supervisory authority in Hamburg is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig – Erhard – Str. 22, 7. OG
20459 Hamburg
E-Mail: mailbox@datenschutz.hamburg.de
Before you make use of your right to complain to a data protection supervisory authority, we would like to ask you to contact us again first (for example, via dataprivacy@nordmann-holding.com).
7. Data security
The provider of this website takes technical and organisational measures in accordance with the requirements of Art. 32 GDPR to protect the user’s personal data. All employees of the provider who are involved in the processing of personal data are bound to data secrecy. To ensure data security, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
8. Modification of the data protection declaration
It may become necessary for the provider to adapt and change the content of this data protection declaration. The provider therefore reserves the right to amend this data protection declaration and will make the amended data protection declaration available on the website and inform the data subjects of the amended data protection declaration in advance if the provider intends to further process the personal data for a different purpose.
Status: 04/2024
