Privacy statement

Privacy Statement

Concerning data protection

The following information will explain how our company, Nordmann, Rassmann GmbH, processes your data in the interest of responsible administration. To support both transparency and understanding, this declaration will also provide an overview of our company’s data processing policy. Additionally – and in order to ensure fair processing – we would also like to inform you of your rights under the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).

 

Data processing is handled by Nordmann, Rassmann GmbH, located at Kajen 2, 20459 Hamburg (hereinafter referred to as “we” or “us”).

 

1.    General information

 

a)    Contact information

 

Should you have any questions or concerns about the following information, or if you would like to get in touch with us in order to exercise your rights, please contact us at:

 

Nordmann, Rassmann GmbH

Kajen 2

20459 Hamburg

Germany

 

Phone: +49 40 36 87-0

Fax:  +49 40 36 87 249

Email: info-de(at)nordmann.global

 

 

 

b)   Data Protection Officer (DPO)

 

The contact details for our DPO are:

 

Email: dpo-de(at)nordmann.global

 

Rödl & Partner

Rödl GmbH

Rechtsanwaltsgesellschaft

Steuerberatungsgesellschaft

 

Am Lenkwerk 7

33609 Bielefeld

Deutschland/Germany

 

www.roedl.de

 

2.    General information on data processing

 

Under data protection law, the term “personal data” refers to all the information relating to a specific or identifiable person. IP addresses can also be considered personal data, as a specific IP address is assigned to each electronic device when it is connected to the Internet by an internet provider so that the device may send and receive data. When you visit our company website, we collect information that you yourself provide. In addition, certain information about your use of the website is automatically collected during your visit.

 

We process personal data in compliance with relevant data protection regulations, in particular the GDPR and the BDSG. Data will only be processed by us on the basis of legal provisions. When using this website, we only process personal data given with your consent (GDPR Article 6 [1][a]), to fulfil a contract to which you are a party or upon your request to carry out pre-contractual measures (GDPR Article 6 [1][c]), to fulfil a legal obligation (GDPR Article 6 [1][c]) or if the processing is necessary to protect the legitimate interests of either our company or a third party – unless your interests, fundamental rights or freedoms (which require the protection of personal data), take precedent (GDPR Article 6 [1][f]). If you apply for work at our company, we also process your personal data so that we may consider establishing an employment relationship with you (Art. 6 Abs. 1 Buscht. b DSGVO).

 

a)    Duration of storage

 

Unless otherwise stated hereinafter, we store personal data only as long as necessary to achieve the purposes of processing or to fulfill our contractual or statutory obligations. In particular, such statutory retention obligations may arise from commercial or tax regulations.

 

b)   Technical service providers

 

Unless otherwise stated hereinafter, personal data is processed on the servers of technical service providers that we have commissioned for this purpose. These service providers process the data only after express instructions are given and are contractually obliged to guarantee appropriate technical and organizational measures for data protection. Some of the operations that may be carried out by our service providers include, for example, hosting, sending e-mails, IT system maintenance and support, customer and order management, order processing, accounting and billing, marketing tasks and/or destroying files and data carriers.

 

A commissioned processor is an individual or legal entity, authority, institution or other body that processes personal data on behalf of a data controller. Processors do not use the data for their own purposes but carry out data processing exclusively for the data controller and are contractually obligated to ensure the observation of appropriate technical and organizational measures for data protection.

 

We may transfer your personal data to other bodies such as postal and delivery services, our house bank, tax consultancy/auditing company and/or the financial authorities. Additional recipients may result as stated below in Section 2c, “Transfer of data to third countries”.

 

c)    Transfer of data to third countries

 

Our data processing procedures may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not a binding law. Any such transfer is permissible if the European Commission has determined that an adequate level of data protection is required in the country in question. If an adequacy decision such as this has not yet been granted by the European Commission, transfer of personal data to a third country will only occur if appropriate safeguards exist (pursuant to GDPR Article 46) or if one of the conditions of GDPR Article 49 is met.

 

For the transfer of personal data to third countries, we use the EU standard data protection clauses (2021) as suitable guarantees. You have the option of receiving or viewing a copy of the standard data protection clauses. Please contact us at the address given under "Contact".

 

If you consent to the transfer of your personal data to third countries, this will take place on the legal basis provided for by Article 49 (1) of the GDPR.

 

If you give your consent to the transfer of personal data to an insecure third country, we hereby inform you that, among other things, there is a risk that the authorities of the third country may gain access to the personal data and that there are no adequate legal remedies to protect the rights and interests of the data subjects.

 

d)   Your rights

 

As a data subject, you have rights concerning your data and may exert them at any time. These rights include:

 

the right to request information concerning whether and to what extent we process your personal data (GDPR Article 15, BDSG §34)

the right to ask us to correct your data, in accordance with GDPR Article 16

the right to request deletion of your personal data, in accordance with GDPR Article 17 and BDSG §35

the right to have the processing of your personal data restricted, in accordance with GDPR Article 18

the right, in accordance with GDPR Article 20, to receive the personal data concerning you and which you have provided us with in a structured, current and machine-readable format and to transmit this data to another person responsible

 

Should you choose to exert your rights in accordance with Articles 15 to 22 of the GDPR, this will require us to process the personal data provided for the purpose of implementing these rights and to be able to provide evidence thereof. Stored data will only be processed for the purpose of providing information, for preparing it for this purpose and for data protection control purposes. Otherwise, we will restrict processing in accordance with GDPR Article 18.

 

These processing procedures are legally supported by GDPR Article 6 (1)(c), GDPR Articles 15 to 22 and BDSG §34 (2).

 

e)    Right of refusal

 

In accordance with Article 21 of the GDPR, you have the right to appeal against any data processing that occurs based on Article 6 (1)(e) or (f) of the GDPR. If we process personal data about you for the purpose of direct advertising, you may object to this pursuant to GDPR Article 21 (2) and (3).

 

f)     Withdrawal of consent

 

If you have provided us with a separate declaration of consent for data processing, you can revoke it at any time in accordance with Article 7 (3) of the GDPR. However, such revocation does not affect the legality of data processing which took place prior to this action and which was based on consent

 

g)   Official complaints

 

If you believe that the processing of your personal data violates the provisions stated in the GDPR, you have the right to appeal to a supervisory authority in accordance with Article 77.

 

3.    Processing server logs

 

When using our website solely for informational purposes, general information that your browser transmits to our server will initially be stored automatically (i.e. not via specific registration). By default, this information includes browser type/version, operating system used, accessed page, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code.

 

There is no permanent log on our web server. However, IP addresses are stored on the firewall for 14 days. Processing is carried out to protect our company’s legitimate interests and on the legal basis provided for in Article 6 (1)(f) of the GDPR. This processing serves to support the technical administration and security of the website.

 

4.    Online contact form and inquiries

 

Our website features a contact form which you can use to send us messages. When you do, the transfer of your data is encrypted (indicated by the “https” that appears in the address bar of your browser). All of the data fields which are marked as mandatory are required in order to process your contact request. If you do not provide us with this data, we will not be able to process your message. The provision of any further data here is entirely voluntary. Alternatively, you can opt to send us messages via e-mail using the e-mail address given. In this case, we process only the data needed in order to respond to your inquiry.

 

If your request relates to establishing or fulfilling a contract with us, the legal basis for processing data in this way is provided for by Article 6 (1)(b) of the GDPR. Otherwise, we process data to support our legitimate interest in answering inquiries. The legal basis for this is provided for by Article 6 (1)(f) of the GDPR.

 

5.    Registration

 

In order to use all features of the website to the full extent, it is necessary to register on the website itself. This applies in particular to lab.nordmann.global, whose full scope in terms of downloads of formulations and information from suppliers is only accessible after successful registration. The information required for registration can be seen in the corresponding input screen. Certain information is marked as mandatory, as this information is necessary for the registration to be completed. The data provided will then be processed for the purpose of providing the service. The legal basis for this is Article 6(1)(b) of the GDPR.

 

6.    Applying for jobs through our website

 

You have the option of applying for employment via our website on the Jobs page. For this purpose, it is necessary for us to collect personal data from you such as your name, address, telephone number and e-mail address in addition to your uploaded application documents.

 

The personal data submitted with your application will only be processed for purposes in connection with your interest in a current or future position of employment with us and in order to process your application. Your online application will only be processed and viewed by the pertinent recruiting officers at our company. All employees entrusted with these data processing duties are obliged to maintain the confidentiality of your data.

 

If we are unable to offer you employment, we will keep the information you provide for up to six months after the application process has been completed in order to answer any questions relating to your application and/or its refusal. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence and/or if you have expressly agreed to longer storage.

 

The legal basis for data collection in this regard is Art. 6 Abs. 1 Buchst. b DSGVO. If we keep your application data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with GDPR Article 7 (3). However, this does not affect the legality of any data processing which occurred prior to such revocation and which was based on previous consent.

 

7.    Cookies

 

We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. These identify the browser used and can be recognized by our web server. You can delete the cookies through the security settings of your browser at any time. You can also fundamentally block the use of cookies by adjusting your browser settings.

 

The use of cookies is a technical necessity in part for the operation of our website and thus is permissible without the consent of the user. In addition, we may use cookies to deliver special features and content and/or for analytics and marketing purposes, which may also include cookies from third-party providers (so-called “third-party cookies”). We only use cookies such as these with your consent pursuant to Section 25 (1) of the BDSG and, if applicable, Article 6 (1)(a) of the GDPR. You can find information on the purposes, providers, technologies used, stored data and storage duration of individual cookies in the cookie settings of our Consent Management Tool. Click on the question mark next to the on/off button to access the settings manager.

 

8.    Consent Management Tool

 

The Nordmann website uses the Consent Management Tool CCM19 from Papoo Software & Media GmbH (Germany/EU) to control cookies and the processing of personal data.

 

The consent banner displayed on our website enables users to consent to certain data processing procedures or to revoke consent they have given. By clicking the “I accept” button or by saving individual cookie settings, you consent to the use of the associated cookies. The legal basis for this under data protection law is the consent you give within the scope of Art. 6 (1)(a) of the GDPR.

 

In addition, the banner helps us to provide evidence of the declaration of consent. For this purpose, we process information concerning the declaration of consent and other log data relating to it. Cookies are also used to collect this data. The processing of such data is necessary in order for us to prove that consent has been given. This is based on our legal obligation to document your consent, as provided for by Article 6 (1)(c) and Article 7 (1) of the GDPR.

 

To adjust cookie settings, please click on the cookie icon in the bottom left corner of the screen.

 

9.    Integrated services and third-party content

 

We use services and content on our website that is provided by third parties (hereinafter collectively referred to as “content”). For this integration to work, processing your IP address is necessary for the content to be sent to your browser. Your IP address will therefore be transmitted to the respective third-party provider.

 

Such data processing is carried out in each case – unless otherwise stated below – to protect our company’s legitimate interests in both the optimization and economic operation of our website as per Article 6 (1)(f) of the GDPR.

 

The programming language JavaScript is used regularly to integrate content. You can therefore object to the data processing by deactivating the execution of JavaScript in your browser or by installing a JavaScript blocker. Please note that this may result in functional restrictions on the website.

 

We have incorporated content from the following third-party services on our website:

 

a)     Google Maps

 

We use Google Maps services (provided by Google Ireland Limited [Ireland/EU)) for displaying maps and supporting virtual tours. Processing your IP address is a technical necessity for the content to be sent to your browser and viewed. Your IP address is therefore transmitted to Google and Google may set its own cookies. The processing of your data in this way is based on your consent according to Article 6 (1)(a) of the GDPR.

 

When using the service, transfer of your data to the USA cannot be ruled out (please see Section 2c “Transfer of data to third countries”). For more information on data protection at Google, please refer to Google’s privacy policy at: https://www.google.com/policies/privacy.

 

b)   YouTube

 

We use services from YouTube (provided by Google Ireland Limited [Ireland/EU]) to integrate videos. Processing your IP address is a technical necessity for the content to be sent to your browser and viewed. Your IP address is therefore transmitted to Google and Google may set its own cookies. We use YouTube in extended data protection mode so that no cookies are set by YouTube to analyze user behavior. The processing of your data in this way is based on your consent according to Article 6 (1)(a) of the GDPR.

 

When using the service, transfer of your data to the USA cannot be ruled out (please see Section 2c “Transfer of data to third countries”). For more information on data protection at Google, please refer to Google’s privacy policy at: https://www.google.com/policies/privacy.

 

c)    Vimeo

 

We use services from Vimeo Inc. (USA) on our website to integrate videos. Processing your IP address is a technical necessity for the content to be sent to your browser and viewed. Your IP address is therefore transmitted to Vimeo and Vimeo may set its own cookies. The processing of your data in this way is based on your consent according to Article 6 (1)(a) of the GDPR.

 

When using the service, transfer of your data to the USA cannot be ruled out (please see Section 2c “Transfer of data to third countries”). For more information on data protection at Vimeo, please refer to Vimeo’s privacy policy at: https://vimeo.com/privacy

 

 

d)   Friendly Captcha

 

The Nordmann website uses the Friendly Captcha tool provided by Friendly Captcha GmbH (Germany/EU). To protect the website from spam and abuse, this tool is used is used for all our contact forms. For the tool to work, processing your IP address is a technical necessity so that a connection to Friendly Captcha’s servers can be established and content sent to your browser. Your IP address is therefore processed by Friendly Captcha on our behalf and replaced by a hash value immediately following collection. We use the Friendly Captcha service for security reasons to check whether form entries are made by an actual person. In this way, automated access attempts and attacks can be detected and blocked.

 

We are required by law to take certain technical and commercially reasonable measures to ensure the security of our website. You can prevent this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is the Matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website. The legal basis for processing is consent in accordance with Section 25 (1) TTDSG i.V.m. Art. 6 para. 1 letter a GDPR.

 

For more information about Friendly Captcha’s data protection practices, please see Friendly Captcha’s Privacy Policy: https://friendlycaptcha.com/privacy/

 

e)    Google Analytics

 

We use the Google Analytics service provided by Google Ireland Limited (Ireland/EU) to evaluate visitor use of our website. Google Analytics is a web analytics service that allows us to collect and analyze data about the user behavior of visitors to our website. This analysis is made possible through Google’s use of cookies. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about the interaction with our homepage are all processed within the analysis.

 

Some of this data is information that is stored in the device you are using. Additional information is also stored on your device via the cookies used. This type of information storage, or access to information that is already stored on your device by Google Analytics, only takes place with your consent.

 

Google Ireland uses this information on our behalf to evaluate the use of our company’s online offering, to compile reports concerning website activity on our homepage and to provide us with further services that are associated with the use of our website and the Internet. Pseudonymous user profiles can be created using the processed data.

 

The setting of cookies and further processing of the personal data described here is done with your consent, and the legal basis for data processing in connection with Google Analytics service is GDPR Article 6 (1)(1a). You may revoke consent of future processing at any time using our Consent Management Tool.

 

The personal data processed on our behalf to enable Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. Please refer to Section 2c “Transfer of data to third countries”.

 

We use Google Analytics only with IP anonymization enabled. This means that Google will abbreviate the IP address of users within member states of the European Union or in other states party to the Agreement on the European Economic Area.  The IP address transmitted by a user’s browser will not be merged with other Google data. For more information on the use of data for advertising purposes, please see Google’s privacy policy at: www.google.com/policies/technologies/ads/

 

We use Google Analytics 4 to process data, which allows us to track interaction data from different devices and from different sessions. In turn, this enables us to put individual user actions into context and to analyze long-term use of the website.

 

Data concerning user activity is stored for a period of 14 months and then automatically deleted. All other event data is stored for two months and then automatically deleted. The deletion process takes place once a month for all data whose storage period has expired.

 

10 Hosting and Content Delivery Networks (CDN)

 

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers in accordance with Art. 6 para. 1 letter b GDPR and in the interest of a secure, fast and efficient provision of our online offer by a professional provider in accordance with Art. 6 para. 1 letter f GDPR.

Our hoster will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions with regard to this data.

We use the following hoster:

Punkt.de GmbH

Sophienstrasse 187

76185 Karlsruhe, Germany

 

 

For details, please refer to the privacy policy of Punkt.de at https://punkt.de/de/f/datenschutzerklaerung.html

In order to ensure data protection-compliant processing, we have concluded an order processing contract (AVV) with our hoster. This is a contract prescribed by data protection law, which ensures that the host processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

 

11.  Nordmann News publication

 

On our website, we offer you the possibility of subscribing to our newsletter, Nordmann News. By receiving a digital copy of our Nordmann News publication, you can ensure that you stay up to date and receive important product and market information regularly in a brief and compact way. After you register, we will not only keep you updated on the latest product highlights from our portfolio, but also provide you with expert knowledge on industries and trends, share our company insights and make sure you stay informed about important events. You only need a valid e-mail address to register for the newsletter; to verify the address, you will receive an e-mail that asks you to click a confirmation link (double opt-in).

 

If you subscribe to the newsletter through our website, please note that we process personal data such as your e-mail address and name based on the consent you provide us. The legal basis for this is found in Article 6 (1) of the GDPR. You can revoke this consent at any time, e.g. by clicking “unsubscribe” in the newsletter or by contacting us through one of the channels mentioned above. However, the legality of the data processing operations carried out prior to the withdrawal of consent shall remain unaffected.

 

When an individual registers for the newsletter, we store the associated IP address as well as the date and time of registration. Processing this data is necessary in order to prove that consent has been given. The legal basis for this is found in Article 6 (1)(c) and Article 7 (1) of the GDPR.

 

Newsletter analytics

We analyze reading-related data and the opening rates of our newsletter as well as data generated during the delivery and retrieval of our e-mails (delivery rates, opening rates, click rates, unsubscribe rates, bounce rates, visits, completions) in an aggregated and anonymized form in order to measure the use and success of our newsletter e-mails. The legal basis for this is found in Article 6 (1)(f) of the GDPR, and the processing of this data serves the legitimate interest that our company has in optimizing the Nordmann News publication. You can object to this at any time through any of the above-mentioned contact channels.

 

Personalized analytics

We also evaluate the data generated when you retrieve and use our newsletter e-mails (time of opening, hyperlinks clicked, documents downloaded) as well as data on downstream websites in combination with your e-mail address in order to send you individualized content in the future, taking your interests and needs into account in the best possible way. We use both the anonymous and personal data collected to provide you with personalized content in our promotional e-mails. The legal basis for such data processing in the context of e-mails is found in Article 6 (1) of the GDPR.

 

You can withdraw your consent at any time, e.g. by clicking “unsubscribe” in the newsletter or by contacting us through one of the channels mentioned above.

 

To manage subscriptions, dispatch our newsletter and handle analysis, we employ the services of Sendinblue GmbH (Germany/EU). For these purposes, your e-mail address will be transmitted by us to the service provider. Should you not wish your data to be processed by Sendinblue, do not subscribe to the newsletter. Alternatively, if you already have a subscription to Nordmann News, unsubscribe. For more information about how Sendinblue processes your data, please visit: https://de.sendinblue.com/legal/privacypolicy/  

 

12.  Customer satisfaction surveys

 

You can participate in surveys on various topics on our website and through our newsletters. In each case, participation is voluntary.

 

Processing personal data in these instances is carried out on the basis of your consent pursuant to GDPR Article 6 (1)(a). You can revoke your consent at any time with effect for the future. Please note that this type of data processing may relate to our company's legitimate interest in improving the operations of our website and in learning your interests. The legal basis for this is Article 6 (1)(f) of the GDPR.

 

We use the Easy Feedback service provided by easyfeedback GmbH (Germany/EU) to conduct our surveys. For more information on easyfeedback GmbH’s data processing practices, please visit: https://easy-feedback.de/privacy/datenschutz/

 

13.  Customer data and data from potential customers

 

If you contact our company as a customer or prospective customer, we process your data to the extent that is necessary to establish or implement a contractual relationship. This regularly includes the processing of master, contract and payment data provided to us as well as contact and communication data from the contacts we have through commercial customers and business partners. The legal basis for these operations is GDPR Article 6 (1)(b).

 

We also process customer and prospective customer data for evaluation and marketing purposes. These processing operations are carried out on the legal basis of GDPR Article 6 (1)(f) and serve our interest in further developing our commercial offerings and specifically informing you about them.

 

14.  Offline orders

 

If you submit a purchase order or place an order for our products by telephone, we are obliged to process your personal data exclusively for the purpose of performing our contractual duties and to be able to provide you with the product you ordered. In doing so, we only process the data that you yourself have provided. In order for us to provide you with the products you order, we must also transmit the data required for delivery to one of our delivery service providers (as stated in the order). The legal basis for this can be found in GDPR Article 6 (1)(b). All data fields marked as mandatory on our form are required for your order to be processed. Failure to provide this information means that we will be unable to process your order. Providing any other additional data is voluntary.

 

15.  E-mail

 

If you send a message to the e-mail address provided here or on our website, we will process the data transmitted so that we may respond. We process this data based on our company’s legitimate interest in responding to inquiries. The legal basis for this type of data processing is GDPR Article 6 (1)(f).

 

16. Data processing on our social media sites

 

We maintain active profiles on several social media platforms in order to provide representation and information about our company, as well as to create opportunities for exchange. These platforms include:

 

Facebook

Instagram

X

XING

YouTube

LinkedIn

 

Should you visit or interact with one our company’s profiles on a social media platform, personal data about you may be processed. This often involves data/information associated with the social media profile that you used when accessing our profile, and it covers messages and statements made while using the profile. In addition, when you visit one of our social media profiles, certain information is often automatically collected about the visit which may also constitute personal data.

 

a)    Visiting our social media sites

 

Facebook and Instagram

When you visit our Facebook and/or Instagram pages where we present news concerning our company and/or specific products from our portfolio, certain information about you will be processed. The sole controller in charge of processing this data is Meta Platforms Ireland Limited (Ireland/EU). For more information about how Meta processes personal data, please visit: https://www.facebook.com/privacy/explanation

 

With Meta, you may object to certain types of data processing. Information and opt-out options in this respect can be found at: https://www.facebook.com/settings?tab=ads

 

Meta provides us with anonymized statistics and information regarding our Facebook and Instagram sites (known as “page insights”) that help us understand how visitors engage with these pages. These page insights are generated on the basis of certain information about site visitors. Processing personal data in this way is carried out by Meta and Nordmann together as joint controllers and serves our legitimate interest in evaluating the types of actions taken on our site so that we may improve it. The legal basis for this practice is provided by GDPR Article 6 (1)(f).

 

We cannot link the information that we obtain through page insights to any individual user profiles of those who interact with our Facebook or Instagram pages. This is part of the joint controller agreement that we have entered into with Meta, which specifies how data protection obligations are distributed between our two companies. For details about this agreement and how personal data is processed to create page insights, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data

 

Where these data processing operations are concerned, you may also exert your data subject rights (see Section 2d, “Your rights”) against Meta. For further information on this, please refer to Meta's privacy policy at: https://www.facebook.com/privacy/explanation

 

Please note that, as per the Meta Privacy Policy, user data is also processed in the USA or other third countries. Meta transfers user data only to countries for which adequacy decisions have been issued by the European Commission in accordance with GDPR Article 45, or based on appropriate guarantees in accordance with GDPR Article 46.

 

LinkedIn

For those who visit our LinkedIn page, the sole party responsible for processing personal data is LinkedIn Ireland Unlimited Company. For more information about how Meta processes personal data, please visit:  https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

 

When you visit, follow or otherwise engage with our company’s LinkedIn page, LinkedIn processes personal data to provide us with statistics and other information in an anonymized form (known as “page insights”). These page insights provide us with a better understanding of how visitors interact with our site. To generate these insights, LinkedIn primarily processes data that you have already provided to the platform through your profile, e.g. your job title, location, industry, seniority, company size and employment status. In addition, LinkedIn processes information about how you interact with our LinkedIn company page, e.g. whether or not you are a follower. When delivering page insights, LinkedIn does not provide us with any personal data about you specifically; we only have access to the aggregated information. It is also not possible for us to draw conclusions about individual members ourselves using the information contained in the page insights.

 

Processing personal data in this way is carried out by LinkedIn and Nordmann together as joint controllers and serves our legitimate interest in evaluating the types of actions taken on our LinkedIn site so that we may improve it. The legal basis for this practice is GDPR Article 6 (1)(f).

 

We have entered into a joint controller agreement with LinkedIn which specifies how data protection obligations are distributed between our two companies. This agreement can be accessed at: https://legal.linkedin.com/pages-joint-controller-addendum

 

The following apply:

 

LinkedIn and Nordmann have agreed that LinkedIn is responsible for enabling you to exert your rights in accordance with the GDPR. You can contact LinkedIn to do so online at: https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de

 

or by using the contact details given in their privacy policy.

 

The Data Protection Officer at LinkedIn Ireland can be reached at: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

 

You may also contact us using any of the contact details provided to discuss how your rights may be exerted with regard to the processing of personal data and in relation to page insights. Should you do so, we will forward your request to LinkedIn.

 

LinkedIn and Nordmann have agreed that the Irish Data Protection Commission will be the lead supervisory authority for overseeing the processing of page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

 

Please note that, as per LinkedIn’s Privacy Policy, user data is also processed in the USA or other third countries. LinkedIn transfers user data only to countries for which adequacy decisions have been issued by the European Commission in accordance with GDPR Article 45, or based on appropriate guarantees in accordance with GDPR Article 46.

 

b)   Comments and direct messages

 

We also process information that you have made available to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data on the basis of our legitimate interest in contacting people who make inquiries. If you send us messages via the message function of a social media platform that are related to the fulfillment of a contract or pre-contractual measures, the processing is carried out for the purpose of fulfilling a contract to which you are a party or for the implementation of pre-contractual measures that are carried out at your request in accordance with Art. 6 Para. 1 letter b GDPR. Otherwise, the legal basis for data processing is Art. 6 para. 1 letter f GDPR. Further data processing may take place if you have given your consent (Art. 6 para. 1 letter a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR).

 

 

Date: February 2024