Data Security

Dear visitors of our internet portal,

we welcome you to our website. Since the protection of your privacy has a high priority for us, it is important to us that you feel safe and comfortable when visiting our website. Therefore, we would like to inform you below about our handling of personal data with regards to collection, usage and disclosure in accordance with Art. 13 of the General Data Protection Regulation (GPDR).

Person Responsible

Responsible for the following data collection and processing is the place named in the imprint.

Storage of the IP Address

We store the IP address provided by your web browser strictly earmarked for a period of seven days, in the interest of detecting, limiting and eliminating attacks on our websites. After this period, we delete or rather anonymize the IP address.

Legal basis is Art. 6 para. 1 lit. f GDPR.

Usage Data

In order to improve the quality of our website, we store data concerning each access on our website for statistical purposes. This data record consists of:

  • the page from which the file was requested,
  • the name of the data file,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (file transmitted, file not found),
  • the description of the type of browser used,
  • the IP address of the requesting computer that is shortened so that a personal identification is not possible.

The mentioned log data are stored in pseudonymized manner only. The creation of personal user profiles is thus excluded.

Data Security

In order to protect your data against unwanted access as comprehensively as possible, we take technical and organizational measures. We use an encryption method on our sites. Your information will be transferred from your computer to our server and vice versa via the internet by TLS encryption. You will recognize this by the fact that the address bar starts with https: // and the lock symbol is closed in the status bar of your browser.


On our website we use cookies. Cookies are small text files that can be stored and read on your device. One differentiates between session cookies, which are deleted again as soon as you close your browser and permanent cookies, which are stored beyond the individual session. Cookies may contain data that makes it possible to recognize the device used. In other cases, cookies only contain information about certain settings that are not personally identifiable.

We use session cookies on our websites, which are deleted after each session. Processing is based on Art. 6 para. 1 p. 1 lit. f GDPR and in the interest to optimize the user guidance and to adapt the presentation of our website.

You can set your browser to inform you about the placement of cookies. So, the use of cookies becomes transparent for you. You can also delete cookies at any time using the appropriate browser setting and prevent the setting of new cookies. Please note that our website may not be displayed optimally, and some functions are no longer technically available.

New Relic

Our website uses the web analyzation tool “New Relic” by New Relic Inc. (188 Spear Street, Suite 1200 San Francisco, CA 94105, USA).

New Relic facilitates the control and monitoring of applications and infrastructure as well as error debugging. For that purpose, New Relic collects the following data for all users:

  • IP address (which is deleted immediately after localization),
  • the browser used as well as its version,
  • pages loading times,
  • error messages and error data (also in regards to cookies)

The data is processed in accordance with Art. 6 para. 1 p. 1 lit. f GDPR towards the purpose of improving the websites performance, as well as monitoring the infrastructure and debugging errors.

New Relic Inc. serves as our (sub-)processor in accordance with Art.28 GDPR. The data may be processed outside of the EU and/or the EEA. A reasonable level of data protection with regards to New Relic Inc. may be assumed based on the participation in the Privacy Shield Framework as well as Art. 45 para. 2 lit. c GDPR under application of EU standard contract clauses.

For more information about the processing and usage of data by New Relic as well as settings for user data protection, see New Relic’s privacy terms and conditions:

You may object to the collection and storage of data at any time, effective for future visits, by disabling cookies in your browser’s settings.

Contact Form

You have an opportunity to contact us via a web form. To use our contact form, we need your company name and your e-mail address. You may or may not provide further information.

Information that you provide to us when making contact is used based on Art. 6 para. 1 lit. b GDPR if the final purpose of the contact is the establishment of a contract as an end client, or Art. 6 para. 1 lit. f. GDPR in the interest of your request towards an uncomplicated, fast and customer-friendly answer. Information that is provided voluntarily is used in accordance with Art. 6 para. 1 lit. a GDPR.

Your data is only used to answer your request and will be deleted after 7 days, except if otherwise required by legal obligation to retain data or juridical claims. Disclosure to third parties within the meaning of Art. 4 No. 10 GDPR does not take place.

If your data is used according to Art. 6 para. 1 lit. f GDPR, you may object to the processing at any time. You may also revoke your agreement to the processing at any time. In that case, please contact the e-mail address stated in the imprint.

Online Application

You have an opportunity to apply via our website for the vacancies we have advertised. We collect and process data that is necessary for the application process, including:

  • name and e-mail address
  • time of availability
  • salary expectation
  • application documents, including CV, letter of motivation, salary expectation, certificates and reports of education

The application portal marks the respective fields as mandatory.

The data that you disclose to us in the context of your online application, we process exclusively for the purpose of the selection of applicants and in accordance with the applicable data protection provisions based on § 26 no. 1 BDSG.

You may decide to disclose additional data about yourself, e.g. hobbies, birthday, phone number, photo etc. This information is not required for the application process and is provided by you voluntarily. We process this data based on your revocable agreement according to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 26 no. 2 BDSG.

Excluding legal obligations of data retention, the data is deleted when the retention is no longer necessary and there is no longer a legitimate interest in the data. If the application does not result in an employment, this happens at the latest 3 months after completing the application process or rather after receiving the rejection. Furthermore, the data is deleted if you revoke your agreement to the processing of your data.

If your application should be considered for other or future vacancies, please confirm to us in written form that you agree to us processing your data for other or future vacancies. We then retain your data based on your revocable agreement according to Art. 6 para. 1 no. 1 lit. a, Art. 7 GDPR in conjunction with § 26 no. 2 BDSG for a duration of 2 years.

In specific cases, a longer duration of data retention may be possible (e.g. travel expense reports). In such cases, the duration of retention complies to the legal requirements, e.g. the general tax code (6 years) or the commercial code (10 years). Further extensions are valid if the additional data processing is necessary for assertion, enforcement or defence of legal claims.

Your data is handled confidentially and not transmitted to third parties. Should the situation arise we appoint service provides strictly bound by instruction that support us in the areas computing or archiving and deletion of documents and that we conclude a contract for data processing with.

The application documents and data you send to us electronically via the application portal on our website is transmitted via TLS encryption. The processing of data in the context of the online application process is supported by personio GmbH as an external service provider and data processor. Personio GmbH processes your data strictly bound by instruction and based on a contract of data processing.

Data transmission to third parties or third countries

We do not transfer your personal data to third parties or third countries.

Other data receivers

We transfer your data as part of an order processing in accordance with Art. 28 GDPR to service providers who support us in the operation of our websites (hosting) and related processes. Our service providers are strictly bound to our instructions and contractually obliged.

Your rights as a user

When processing your personal data, the GDPR grants you certain rights as a website user:                                             

Right to information (Art. 15 GDPR):

You have the right to ask for confirmation of the processing of your personal data. If this is the case, you have the right to information about these personal data and to the information listed in Art. 15 GDPR.

Right to rectification and deletion (Art. 16 and 17 GDPR):

You have the right to immediately request the correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data.

You also have the right to demand that personal data relating to you be deleted immediately if one of the reasons listed in detail in Art. 17 GDPR is applicable, e.g. if the data is no longer needed for the purposes pursued.

Right to restriction of processing (Art. 18 GDPR):

You have the right to demand the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to processing for the duration of any examination.

Right to data portability (Art. 20 GDPR):

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transmission of this data to a third party.

Right of objection (Art. 21 GDPR):

If data is collected based on Art. 6 para. 1 lit. f (data processing for the protection of legitimate interests), you have the right to object to the processing at any time for reasons arising from your specific situation. We then no longer process the personal data unless there are evidently compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the affected person, or the processing is for the purpose of asserting, exercising or defending legal claims.

Right of withdrawal (Art. 7 para. 3 GDRP):

If data is processed based on your agreement, according to Art. 7 para. 3 GDPR, you have the right to revoke your agreement to the processing of your personal data at any time. Please note this only affects future processing of data and past processing is not influenced retroactively. Also note that specific data is subject to legal restrictions and obligations and possible must be retained for a specific defined duration.

Please refer to the following e-mail address for questions regarding data privacy and execution of your privacy-related rights :

Right of appeal to a supervisory authority:

You have according to Art. 77 GDPR the right to complain to a supervisory authority if you consider that the processing of your data violates data protection regulations. In particular, the right of appeal may be invoked by a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement.

Contact details of the data protection officer

We have an appointed data security officer that supports us to comply with our obligations in data security. When contacting the data security officer, please state the applicable company. The contact details of the data security officer are:

datenschutz nord GmbH
Konsul-Smidt-Str. 88, 28217 Bremen