NOBILIS GROUP privacy statement

Privacy policy

Thank you for visiting our website. Compliance with data protection regulations is of particular importance to us. The aim of this privacy policy is to inform you as a user of the website about the type, scope and purpose of the processing of personal data and the rights that exist for you, insofar as you are a data subject within the meaning of Art. 4 No. 1 of the General Data Protection Regulation.

1. RESPONSIBLE PARTY

This website and the range of services are operated by

NOBILIS GROUP GmbH
Rheingaustraße 32
65201 Wiesbaden

Phone: +49 (611) 94492-0
Fax: +49 (611) 94492-752

E-Mail: info@nobilis-group.com

2. DATA PROTECTION OFFICER

We have appointed a data protection officer.

www.mein-datenschutzbeauftragter.de
Mr. Philipp Herold
Hafenstraße 1a
23568 Lübeck
3. GENERAL

We have designed the website to collect as little data as possible from you. In doing so, we always ensure that your personal data is only processed in accordance with a legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation (GDPR) in force since May 25, 2018 and the applicable national regulations, such as the Federal Data Protection Act, the Telecommunications Telemedia Data Protection Act or other more specific laws on data protection.

4. PURPOSE OF USE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

We always process your personal data for a specific purpose. In summary, we process your personal data for the following purposes:

a) To be able to process your request when you contact us (e.g. e-mail address, first name, surname);

b) For the technical realization of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information)

c) To receive and process an application from you for one of our job vacancies.

With regard to the legal basis for the processing of your personal data, the following applies: We process personal data that is required for the establishment, implementation or processing of our range of services (contract processing) on the legal basis of Art. 6 para. 1 lit. b GDPR. Insofar as we obtain your consent for the processing of your personal data, the consent pursuant to Art. 6 para. 1 lit. a GDPR forms the legal basis for data processing. Data processing is also permitted if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data do not outweigh this. (Art. 6 para. 1 lit. f GDPR) Insofar as we use external service providers as part of commissioned data processing, the processing is carried out on the legal basis of Art. 28 GDPR.

5. COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
amount of data transferred in each case
Website from which the request originates browser
Browser
Operating system and its interface
Language and version of the browser software.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Further information on this can be found under “Cookies” in this privacy policy as well as in the consent management tool used and the cookie policy.

6. INTEGRATION OF SERVICES FROM OTHER PROVIDERS

Our website uses content and services from other providers. These are, for example, services for the statistical evaluation of the use of and visits to our website. In order for this data to be accessed and displayed in the user’s browser, it is necessary to transmit the user’s IP address to the third-party providers used.

Even if we make every effort to only use third-party providers who only need the IP address to deliver content or even work with anonymized IP addresses, we have no influence on whether the IP address may be stored. Information on the third-party providers used can be found below in this privacy policy.

Google Analytics

Type and scope of processing

We use Google Analytics 4 from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, the time spent on the website, sub-pages visited or the browser used. Google Analytics 4 uses cookies, scripts and pixels to evaluate user behavior, as well as algorithms based on machine learning, which automatically evaluate event data such as scrolling movements. This information is used, among other things, to compile reports on website activity.

Purpose and legal basis

The use of Google Analytics 4 is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in Google’s privacy policy: policies.google.com/privacy.

Google Tag Manager

Type and scope of processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.

This allows us to flexibly integrate additional services in order to evaluate user access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Google Maps

Type and scope of processing

We use the map service Google Maps to create directions. Google Maps is a service provided by Google Ireland Limited, which displays a map on our website. When you access this content on our website, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google Maps.

Purpose and legal basis

The use of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage period

Google Fonts

Type and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to servers of Google Ireland Limited, whereby your IP address is transmitted.

Purpose and legal basis

The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage period

Facebook CDN

Type and scope of processing

We use Facebook CDN to properly provide the content of our website. Facebook CDN is a service of Meta Platforms Ireland Limited, which acts as a content delivery network (CDN) on our website to ensure the functionality of other Meta Platforms Ireland Limited services. You will find a separate section in this privacy policy for these services. This section only deals with the use of the CDN.

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Facebook CDN.

Purpose and legal basis

The Content Delivery Network is used on the basis of our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook CDN: www.facebook.com/privacy/explanation.

Facebook Social Plugin

Type and scope of processing

We have integrated Facebook plugin components on our website. Facebook Plugin is a service of Meta Platforms Ireland Limited and offers us the opportunity to aggregate content from the social media platform and display it on our website. When you access this content, you establish a connection to the servers of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Facebook Plugin.

If a user is registered with Meta Platforms Ireland Limited, Facebook Plugin can assign the content viewed to the profile.

Purpose and legal basis

The use of Facebook Plugin is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage period

7. COOKIES

Cookies are small text files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent as well as information about the age of the cookie and an alphanumeric identifier.

Cookies enable our systems to recognize the user’s device and make any default settings immediately available. As soon as a user accesses the platform, a cookie is transferred to the hard disk of the user’s computer. Cookies help us to improve our website and offer you a better and more personalized service. They enable us to recognize your computer or (mobile) device when you return to our website and thereby:

Store information about your preferred activities on the website and thus tailor our website to your individual interests.
Speed up the processing of your requests.

We work together with third-party services that help us to make the Internet offer and the website more interesting for you. Therefore, cookies from these partner companies (third-party providers) are also stored on your hard disk when you visit the website. These are cookies that are automatically deleted after the specified time.

For more information on the individual third-party providers, please refer to the Cookie Consent Tool and the data protection information contained therein. We use the consent tool of the provider Complianz BV, CoC 717814475, Kalmarweg 14-5, 9723 JG, Groningen (NL) on our website. Further information can be found at complianz.io/legal/privacy-statement/.

If you do not wish to use browser cookies, you can set your browser so that the storage of cookies is not accepted. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can select the “Block third-party cookies” setting in your browser. We accept no responsibility for the use of third-party cookies.

8. CONTACTING US

You can contact us by e-mail or via our contact form. In this case, we store the personal data you provide in order to process your request and to contact you to process your request. If we request information via our contact form, we have marked the mandatory fields required for contacting us accordingly (asterisk). The voluntary information is used to specify your request and to improve the processing of your request. The requested data is transmitted to us by you on a purely voluntary basis.

Depending on the type of request, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for requests that you make yourself as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f GDPR if your request is of a different nature. The legitimate interest follows from the purposes mentioned under point 4 a.). If personal data is requested that we do not need for the fulfillment of a contract or to protect legitimate interests, it will be transmitted to us on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

9. APPLICATION PROCEDURE

We publish job vacancies on our website for which you can apply by e-mail. If you decide to apply for an open position, we will process the personal data you provide there and transmit to us exclusively for the purpose of carrying out the application process.

The legal basis for processing your personal data as part of the application process is Section 26 (1) in conjunction with (2) BDSG.

In the event of a rejection, we will delete your data as soon as a retention period of 6 months required by labor law has expired. The period begins when the rejection is sent. If you have expressly consented to the further use of your data for subsequent contact regarding positions that may be of interest to you, we will continue to store your data in accordance with your consent.

If an employment relationship is established following the application process, the data will initially continue to be stored to the extent necessary and permissible and then transferred to the personnel file.

Otherwise, data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations or if you have given your consent. A transfer to a third country is not intended.

The provision of personal data as part of the application process is not required by law or contract. You are therefore not obliged to provide the personal data. However, the provision of personal data is necessary for the decision on an application or the conclusion of a contract of employment with us. However, you should only provide the personal data that is necessary for the acceptance and execution of your application. If you do not provide us with any personal data in an application, we cannot make a decision on the establishment of an employment relationship.

Please note that applications that you send to us by e-mail are transmitted unencrypted. In this respect, there is a risk that unauthorized persons may intercept and use this data.

10. SOCIAL PLUGINS WITH SHARIFF SOLUTION

Social plugins (“plugins”) from the following social networks are used on our website:

Platform	Responsible body	Data protection information of the platform operator
Facebook	Meta Platforms Ireland Ltd 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland	privacycenter.instagram.com/policy/
Twitter	Twitter Inc 1355 Market Street, Suite 900, San Francisco, CA 94103, USA	twitter.com/de/privacy
LinkedIN	LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland	de.linkedin.com/legal/privacy-policy?

To improve the protection of your data when you visit our website, these buttons are not fully integrated as plugins, but in the form of HTML links. This type of integration ensures that no connection is established with the servers of the social networks when a page of our website on which such buttons are available is accessed. When you click on such a button, the page of the corresponding social network opens in a new browser window. You can interact with the plugins there (if necessary after logging in). The purpose and scope of the data collection, the further processing and use of the data by the social networks as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information of the providers in the table.

11. PRESENCE IN SOCIAL MEDIA

In order to present our company in the best possible way and to communicate with you as a user, customer or interested party and to inform you about the services we offer, we make use of our presence in social networks. When using social networks, data is processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection as exists in the EU cannot be guaranteed in all countries outside the EU. In this context, there may be risks for you as a user if the transferred data is processed in so-called third countries with an inadequate level of data protection.

This makes it more difficult to enforce known user rights. In addition, your data may not be processed in your interest by the provider in the third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. It is possible that government agencies may access personal data without us or you being aware of this. Enforcement of your rights is probably not possible in the USA.

In addition to the respective social network provider, we also collect and process personal user data on so-called “fan pages”. With this notice we inform you about what data we collect from you on our social media sites, how we use it and how you can object to the use of data. Please refer to the respective offer listed in more detail below for the respective data processing purposes and data categories.

The social media activities we operate and which are detailed below are carried out on the basis of a balancing of interests in accordance with Article 6 Paragraph 1 Letter f) GDPR.

To achieve this, cookies are used which record user behavior and enable the user to be profiled. You can find a specific list of the processing purposes for user data in the data protection information of the respective provider. By making the appropriate settings in your user account, you can restrict your profile creation, at least to a limited extent. For the exact procedure, please read the relevant data protection information of the respective provider.

The relevant platforms are:

Platform	Responsible body	Data protection information of the platform operator
Facebook	Meta Platforms Ireland Ltd 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland	privacycenter.instagram.com/policy/
Instagram	Meta Platforms Ireland Ltd 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland	privacycenter.instagram.com/policy/
YouTube	Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Irland	policies.google.com/privacy
Twitter	Twitter Inc 1355 Market Street, Suite 900, San Francisco, CA 94103, USA	twitter.com/de/privacy
XING	New Work SE Am Strandkai 1, 20457 Hamburg, Deutschland	privacy.xing.com/de/datenschutzerklaerung
LinkedIN	LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland	de.linkedin.com/legal/privacy-policy?
TikTok	TikTok Technology Limited 10 Earlsfort Terrace, Dublin, D02 T380, Irland	www.tiktok.com/legal/page/eea/privacy-policy/de-DE

NOBILIS Group GmbH operates profiles on the platforms listed to draw attention to products and service offerings and to interact with customers, interested parties and other users of the platform.

In this context, the platform operators also use certain data that they have collected from users of the platform (e.g. whether a photo on a profile was “liked” or commented on) to create aggregated usage statistics and the respective operators of the profile (so-called “insights” or “analytics”). As profile operators, we also receive such usage statistics. The information that we receive as profile operators does not allow any conclusions to be drawn about individual users. The profile operator does not have access to personal data that the platform operator processes to create usage statistics. Only the respective platform operator determines which data is processed for these purposes and in what way. As a profile operator, NOBILIS Group GmbH cannot legally or actually influence the processing by the platform operators.

For processing in connection with the creation of usage statistics, NOBILIS Group GmbH and the respective platform operator are considered joint controllers within the meaning of Art. 26 GDPR.

If possible, there are agreements on shared responsibility with the respective platform operators.

In addition, data processing by NOBILIS Group GmbH as a profile operator only takes place to a very limited extent:

Processing of usernames and comments that are deleted due to a violation of netiquette. These will be kept within the statute of limitations for any necessary proof in the event of legal disputes.
Processing of user names and individual messages when you contact us via messenger services
Recruiting potential applicants on career platforms

For these purposes, we usually only process your name, message content, comment content and the profile information you have provided “publicly”.

12. RIGHTS OF THE DATA SUBJECT

You have the right:

in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details;
in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or complete personal data stored by us;
in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse its deletion and we no longer need the data but you use it to assert or exercise your rights or need to defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request its transmission to another person responsible (data portability);
In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. This means that we are no longer allowed to continue the data processing that was based on this consent in the future
to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.
Right to object: If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 Sentence 1 Letter f of the GDPR, you have the right to object to the processing of your personal data in accordance with Art exist that arise from your particular situation or that the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a special situation.

If you would like to exercise your right of withdrawal or objection, simply send an email to info@nobilis-group.com.

13. SHARING OF YOUR PERSONAL DATA

Your personal data will be passed on as described below.

Data will also be passed on if we are entitled or obliged to pass on data due to legal regulations and/or official or court orders. This may in particular involve providing information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.

If your data is passed on to service providers to the extent necessary, they will only have access to your personal data to the extent necessary to fulfill their tasks. These service providers are obliged to treat your personal data in accordance with applicable data protection laws, in particular the GDPR. To the extent that your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR, we ensure that the processing of personal data takes place in accordance with the General Data Protection Regulation.

We believe it is important to process your data within the EU/EEA. However, it may happen that we use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to standards within the EU is established at the recipient before the transfer of your personal data. This can be achieved, for example, via EU standard contracts or binding corporate rules or special agreements to whose regulations the company can submit.

14. DATA SECURITY

We secure our website through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.

In particular, your personal data is transmitted to us in encrypted form. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) coding system. Our security measures are continuously improved in line with technological developments.

15. STORAGE PERIOD OF PERSONAL DATA

With regard to the storage period, we delete personal data as soon as their storage is no longer necessary to fulfill the original purpose and there are no longer any statutory retention periods. The statutory retention periods form the criterion for the final duration of storage of personal data. After the deadline has expired, the relevant data will be routinely deleted. If there are retention periods, processing is restricted in the form of blocking the data.

16. REFERENCES AND LINKS

When you access websites that are referred to on our website, you may be asked again for information such as name, address, email address, browser properties, etc. This data protection declaration does not regulate the collection, transfer or handling of personal data by third parties.

Third party service providers may have different and their own regulations regarding the collection, processing and use of personal data. It is therefore advisable to find out about their practices for handling personal data on third-party websites before entering personal data.

As of: July 2023