Privacy policy
Thank you for visiting our website. Compliance with data protection regulations is of particular importance to us. The aim of this privacy policy is to inform you as a user of the website about the type, scope and purpose of the processing of personal data and the rights that exist for you, insofar as you are a data subject within the meaning of Art. 4 No. 1 of the General Data Protection Regulation.
1. RESPONSIBLE PARTY
This website and the range of services are operated by:
NOBILIS GROUP GmbH
Rheingaustraße 32
65201 Wiesbaden
Phone: +49 (611) 94492-0
Fax: +49 (611) 94492-752
E-Mail: info@nobilis-group.com
2. DATA PROTECTION OFFICER
We have appointed a data protection officer.
www.mein-datenschutzbeauftragter.de
Mr. Philipp Herold
Hafenstraße 1a
23568 Lübeck
3. GENERAL
We have designed the website to collect as little data as possible from you. In doing so, we always ensure that your personal data is only processed in accordance with a legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation (GDPR) in force since May 25, 2018 and the applicable national regulations, such as the Federal Data Protection Act, the Telecommunications Telemedia Data Protection Act or other more specific laws on data protection.
4. PURPOSE OF USE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
We always process your personal data for a specific purpose. In summary, we process your personal data for the following purposes:
a) To be able to process your request when you contact us (e.g. e-mail address, first name, surname);
b) For the technical realization of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information)
c) To receive and process an application from you for one of our job vacancies.
With regard to the legal basis for the processing of your personal data, the following applies: We process personal data that is required for the establishment, implementation or processing of our range of services (contract processing) on the legal basis of Art. 6 para. 1 lit. b GDPR. Insofar as we obtain your consent for the processing of your personal data, the consent pursuant to Art. 6 para. 1 lit. a GDPR forms the legal basis for data processing. Data processing is also permitted if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data do not outweigh this. (Art. 6 para. 1 lit. f GDPR) Insofar as we use external service providers as part of commissioned data processing, the processing is carried out on the legal basis of Art. 28 GDPR.
5. COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE
When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- amount of data transferred in each case
- Website from which the request originates browser
- Browser
- Operating system and its interface
- Language and version of the browser software.
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers.
GoDaddy Deutschland GmbH
Friesenplatz 4 c/o WeWork
50672 Köln
Germany
We have concluded a contract for order processing (DPA) with the aforementioned provider. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Further information on this can be found under “Cookies” in this privacy policy as well as in the consent management tool used and the cookie policy.
6. INTEGRATION OF SERVICES FROM OTHER PROVIDERS
Our website uses content, services and services from other providers. These are, for example, services for the statistical evaluation of the use and visit of our website. In order for this data to be accessed and displayed in the user’s browser, the transmission of the user’s IP address to the third-party providers used is necessary.
Even though we try to use only third-party providers who only need the IP address to be able to deliver content or even work with anonymized IP addresses, we have no influence on whether the IP address may be stored. Information on the third-party providers used can be found in this privacy policy below.
Google Analytics
Type and scope of processing
We use Google Analytics 4 from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of visits to our online offer, the length of time spent on the website, subpages visited or the browser used. Google Analytics 4 uses cookies, scripts and pixels as well as machine learning-based algorithms to evaluate user behavior that automatically evaluate event data such as scrolling movements. This information is used, among other things, to compile reports on the activity of the website.
Purpose and legal basis
Google Analytics 4 is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in Google’s privacy policy: policies.google.com/privacy.
Google Tag Manager
Type and scope of processing
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services in order to evaluate user access to our website.
Purpose and legal basis
The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
Google Maps
Type and scope of processing
We use the map service Google Maps to create directions. Google Maps is a service provided by Google Ireland Limited, which displays a map on our website. When you access this content on our website, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google Maps.
Purpose and legal basis
The use of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Maps: policies.google.com/privacy.
Google Fonts
Type and scope of processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to servers of Google Ireland Limited, whereby your IP address is transmitted.
Purpose and legal basis
The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: policies.google.com/privacy.
Facebook CDN
Type and scope of processing
We use Facebook CDN to properly provide the content of our website. Facebook CDN is a service of Meta Platforms Ireland Limited, which acts as a content delivery network (CDN) on our website to ensure the functionality of other Meta Platforms Ireland Limited services. You will find a separate section in this privacy policy for these services. This section only deals with the use of the CDN.
A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Facebook CDN.
Purpose and legal basis
The Content Delivery Network is used on the basis of our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook CDN: www.facebook.com/privacy/explanation.
Facebook Social Plugin
Type and scope of processing
We have integrated Facebook plugin components on our website. Facebook Plugin is a service of Meta Platforms Ireland Limited and offers us the opportunity to aggregate content from the social media platform and display it on our website. When you access this content, you establish a connection to the servers of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Facebook Plugin.
If a user is registered with Meta Platforms Ireland Limited, Facebook Plugin can assign the content viewed to the profile.
Purpose and legal basis
The use of Facebook Plugin is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook Plugin: www.facebook.com/policy.php.
7. COOKIES
Cookies are small text files that are stored on your data carrier and store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier.
Cookies enable our systems to recognize the user’s device and make any presets immediately available. As soon as a user accesses the platform, a cookie is transferred to the hard drive of the user’s computer. Cookies help us to improve our website and provide you with a better and more tailored service. They enable us to use your computer or Recognise your (mobile) device when you return to our website and thus:
- Store information about your preferred activities on the website in order to tailor our website to your individual interests.
- To speed up the speed of processing your requests.
We work with third-party services that help us to make the Internet offer and the website more interesting for you. Therefore, when you visit the website, cookies from these partner companies (third-party providers) are also stored on your hard drive. These are cookies that are automatically deleted after the specified time.
For more information on the individual third-party providers, please refer to the Cookie Consent Tool and the privacy policy stored therein. On our website, we use the consent tool of Papoo Software & Media GmbH, Auguststraße 4, 53229 Bonn, Germany. More information can be found under https://www.ccm19.de/datenschutzerklaerung.html.
If you do not wish browser cookies to be used, you can set your browser so that it does not accept the storage of cookies. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can select the “Block third-party cookies” setting in your browser. We are not responsible for the use of third-party cookies.
8. CONTACTING US
You can contact us by e-mail or via our contact form. In this case, we store the personal data you provide in order to process your request and to contact you to process your request. If we request information via our contact form, we have marked the mandatory fields required for contacting us accordingly (asterisk). The voluntary information is used to specify your request and to improve the processing of your request. The requested data is transmitted to us by you on a purely voluntary basis.
Depending on the type of request, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for requests that you make yourself as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f GDPR if your request is of a different nature. The legitimate interest follows from the purposes mentioned under point 4 a.). If personal data is requested that we do not need for the fulfillment of a contract or to protect legitimate interests, it will be transmitted to us on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
9. APPLICATION PROCEDURE
We publish job offers on our website, for which you can apply by e-mail. If you decide to apply for a vacancy, we will process the personal data you provide there and transmit to us exclusively for the purpose of carrying out the application process.
The legal basis for the processing of your personal data in the context of the application process is § 26 para. 1 in conjunction with para. 2 BDSG.
In the event of a cancellation, we will delete your data as soon as a retention period of 6 months required by employment law has expired. The period begins with the dispatch of the rejection. If you have expressly consented to the further use of your data for a later approach regarding positions that may be of interest to you, we will continue to store your data in accordance with the consent.
If an employment relationship is established following the application process, the data will initially continue to be stored to the extent necessary and permissible and then transferred to the personnel file.
Otherwise, data will only be passed on to recipients outside the company if legal provisions allow or require it, if the disclosure is necessary for the fulfilment of legal obligations or if you have consented. A transfer to a third country is not intended.
The provision of personal data in the context of application processes is neither legally nor contractually required. You are therefore not obliged to provide the personal data. However, the provision of personal data is necessary for the decision on an application or a contract for an employment relationship with us. However, you should only provide such personal data as is necessary for the admission and implementation of the application as part of your application. If you do not provide us with personal data when applying, we cannot make a decision about the establishment of an employment relationship.
Please note that applications that you send to us by e-mail will be transmitted unencrypted. In this respect, there is a risk that unauthorized persons can intercept and use this data.
10. SOCIAL PLUGINS WITH SHARIFF SOLUTION
Social plugins (“plugins”) from the following social networks are used on our website:
Platform | Responsible body | Data protection information of the platform operator |
Meta Platforms Ireland Ltd 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland |
privacycenter.instagram.com/policy/ | |
X | X Inc formerly Twitter 1355 Market Street, Suite 900, San Francisco, CA 94103, USA |
twitter.com/de/privacy |
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland |
de.linkedin.com/legal/privacy-policy? |
To improve the protection of your data when you visit our website, these buttons are not fully integrated as plugins, but in the form of HTML links. This type of integration ensures that no connection is established with the servers of the social networks when a page of our website on which such buttons are available is accessed. When you click on such a button, the page of the corresponding social network opens in a new browser window. You can interact with the plugins there (if necessary after logging in). The purpose and scope of the data collection, the further processing and use of the data by the social networks as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information of the providers in the table.
11. PRESENCE IN SOCIAL MEDIA
In order to present our company in the best possible way and to communicate with you as a user, customer or interested party and to inform you about the services we offer, we make use of our presence in social networks. When using social networks, data is processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection as exists in the EU cannot be guaranteed in all countries outside the EU. In this context, there may be risks for you as a user if the transferred data is processed in so-called third countries with an inadequate level of data protection.
This makes it more difficult to enforce known user rights. In addition, your data may not be processed in your interest by the provider in the third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. It is possible that government agencies may access personal data without us or you being aware of this. Enforcement of your rights is probably not possible in the USA.
In addition to the respective social network provider, we also collect and process personal user data on so-called “fan pages”. With this notice we inform you about what data we collect from you on our social media sites, how we use it and how you can object to the use of data. Please refer to the respective offer listed in more detail below for the respective data processing purposes and data categories.
The social media activities we operate and which are detailed below are carried out on the basis of a balancing of interests in accordance with Article 6 Paragraph 1 Letter f) GDPR.
To achieve this, cookies are used which record user behavior and enable the user to be profiled. You can find a specific list of the processing purposes for user data in the data protection information of the respective provider. By making the appropriate settings in your user account, you can restrict your profile creation, at least to a limited extent. For the exact procedure, please read the relevant data protection information of the respective provider.
The relevant platforms are:
Platform | Responsible body | Data protection information of the platform operator |
Meta Platforms Ireland Ltd 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland |
privacycenter.instagram.com/policy/ | |
Meta Platforms Ireland Ltd 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland |
privacycenter.instagram.com/policy/ | |
YouTube | Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Irland |
policies.google.com/privacy |
X | X Inc formerly Twitter 1355 Market Street, Suite 900, San Francisco, CA 94103, USA |
twitter.com/de/privacy |
New Work SE Am Strandkai 1, 20457 Hamburg, Deutschland |
privacy.xing.com/de/datenschutzerklaerung | |
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland |
de.linkedin.com/legal/privacy-policy? | |
TikTok | TikTok Technology Limited 10 Earlsfort Terrace, Dublin, D02 T380, Irland |
www.tiktok.com/legal/page/eea/privacy-policy/de-DE |
NOBILIS GROUP GmbH operates profiles on the platforms listed to draw attention to products and service offerings and to interact with customers, interested parties and other users of the platform.
In this context, the platform operators also use certain data that they have collected from users of the platform (e.g. whether a photo on a profile was “liked” or commented on) to create aggregated usage statistics and the respective operators of the profile (so-called “insights” or “analytics”). As profile operators, we also receive such usage statistics. The information that we receive as profile operators does not allow any conclusions to be drawn about individual users. The profile operator does not have access to personal data that the platform operator processes to create usage statistics. Only the respective platform operator determines which data is processed for these purposes and in what way. As a profile operator, NOBILIS Group GmbH cannot legally or actually influence the processing by the platform operators.
For processing in connection with the creation of usage statistics, NOBILIS GROUP GmbH and the respective platform operator are considered joint controllers within the meaning of Art. 26 GDPR.
If possible, there are agreements on shared responsibility with the respective platform operators.
In addition, data processing by NOBILIS GROUP GmbH as a profile operator only takes place to a very limited extent:
- Processing of usernames and comments that are deleted due to a violation of netiquette. These will be kept within the statute of limitations for any necessary proof in the event of legal disputes.
- Processing of user names and individual messages when you contact us via messenger services
- Recruiting potential applicants on career platforms
For these purposes, we usually only process your name, message content, comment content and the profile information you have provided “publicly”.
12. RIGHTS OF THE DATA SUBJECT
You have the right:
- in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details;
- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or complete personal data stored by us;
- in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse its deletion and we no longer need the data but you use it to assert or exercise your rights or need to defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request its transmission to another person responsible (data portability);
- In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. This means that we are no longer allowed to continue the data processing that was based on this consent in the future
- to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.
- Right to object: If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 Sentence 1 Letter f of the GDPR, you have the right to object to the processing of your personal data in accordance with Art exist that arise from your particular situation or that the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a special situation.
If you would like to exercise your right of withdrawal or objection, simply send an email to info@nobilis-group.com.
13. DISCLOSURE OF YOUR PERSONAL DATA
Your personal data will be shared as described below.
Disclosure also takes place if we are entitled or obliged to pass on data on the basis of legal provisions and/or official or court orders. In particular, this may involve the provision of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
Insofar as your data is passed on to service providers to the extent necessary, they will only have access to your personal data to the extent necessary for the performance of their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR. Insofar as your personal data is processed on our behalf on the basis of order processing agreements in accordance with Art. 28 GDPR, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation.
We attach great importance to processing your data within the EU/EEA. However, it may happen that we use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before the transfer of your personal data. This can be achieved, for example, through EU standard contracts or binding corporate rules or special agreements to which the company can submit.
14. DATA SECURITY
We use technical and organisational measures to protect our website against loss, destruction, access, modification or dissemination of your data by unauthorised persons.
In particular, your personal data will be transmitted by us in encrypted form. We use the SSL/TLS (Secure Sockets Layer/ Transport Layer Security) coding system. Our security measures are continuously improved in line with technological developments.
15. STORAGE PERIOD OF PERSONAL DATA
With regard to the storage period, we delete personal data as soon as their storage is no longer necessary to fulfill the original purpose and there are no longer any statutory retention periods. The statutory retention periods form the criterion for the final duration of storage of personal data. After the deadline has expired, the relevant data will be routinely deleted. If there are retention periods, processing is restricted in the form of blocking the data.
16. REFERENCES AND LINKS
When you access websites that are referred to on our website, you may be asked again for information such as name, address, email address, browser properties, etc. This data protection declaration does not regulate the collection, transfer or handling of personal data by third parties.
Third party service providers may have different and their own regulations regarding the collection, processing and use of personal data. It is therefore advisable to find out about their practices for handling personal data on third-party websites before entering personal data.
As of: April 2024