Privacy policy

In the following we inform you, the user, about the processing of your personal data (in particular collection and storage) when using the website and subordinated websites of this website, as well as when using the further processing operations mentioned below.

1. Processing of your personal data when using our website

When visiting the website personal data are processed in compliance with the applicable data protection regulations of the Federal Republic of Germany, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (“Bundesdatenschutzgesetz” BDSG) and the Telemedia Act (“Telemediengesetz” TMG).

If you use this website exclusively for information purposes, only personal data that your browser transmits to our server will be processed (such as IP address, information about your browser and your operating system). It may be necessary for the operation of the website to set so-called “essential cookies”, e.g. for retrieving a language selection that you have made (§§ 12 ff. Telemedia Act (TMG), see also the chapter “Use of cookies” shown below). These data are required to enable the website to be viewed and to ensure its stability (see Article 6 para. 1 lit. f of the GDPR).

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited for the purpose of monitoring success and improving the content of the individual pages. By using Google Analytics, it is possible to analyse the activities of a user across technical devices. To do so, the consent of the user is required (§§ 12 ff. of the Telemedia Act, see also below the chapter “Use of cookies”).

The data collected, such as session data and interactions of a user, are usually transmitted to a Google server in the US and stored there. The processing of the data collected by Google Analytics is usually anonymous and can therefore, except in the case of a lack of anonymisation, no longer be assigned to a specific person by Google. The IP anonymisation activated on this website will shorten the IP address transmitted by your browser before sending it to Google. For the cases in which personal data is transferred to the US without IP anonymisation, there has been a transfer of data to a so-called “unsafe” third country since 16th of July 2020  (see also next chapter). Information about data protection regarding Google Analytics can also be obtained directly from Google.

Transfer of data to the US as an unsafe third country

Until the 16th of July 2020, the transfer of personal data to the US, to which the GDPR does not apply, was based on an agreement between the EU and the US, the so-called EU-US Data Protection Shield.

However, the Court of Justice of the European Union (CJEU) invalidated the decision on the adequacy of the protection provided by the EU-US Data Protection Shield with its judgment from  July 16th 2020.

This makes the US a so-called “unsafe third country” in terms of data protection. According to the judgement of CJEU the US do not ensure an adequate level of data protection any longer. In the absence of an adequacy decision, a transfer or a set of transfers of personal data to the US shall take place only if you – the data subject – have consented to such data transfer (see Article 49 para. 1 lit. a GDPR).

When calling up the website, by confirming the use of “additional cookies” on the use of statistics (such as Google Analytics; see also chapter “Use of cookies”) you give us your consent to transfer your data to the US.

Specifically, your consent is made when calling up the website, by using the “Cookie banner” displayed on the website, by confirming the button “Accept all” or by selecting “Statistics” in the individual privacy settings.

The transfer of your personal data to the US essentially entails the risk that according to law and practices in the US, US public authorities will be able to access easily any data transferred to the US.

Use of cookies

In addition to “essential cookies” we sometimes also use so-called “additional cookies” (see also the chapter “Google Analytics” above). Cookies are small text files that are stored on your technical device and transmit corresponding information to us. Insofar as this information is necessary to be able to provide you with our services, it does not require your consent (storage of so-called “essential cookies”). If these are “additional cookies”, when calling up the website, by using the “Cookie banner” displayed on the website, you, the user, give your consent to the use of the data collected via the respective cookies. As long as “additional cookies” approved by you are not deleted from the memory of your technical device, the selection of “additional cookies” on the “Cookie banner” for our website will not be displayed again.

2. Information and contact on

If you contact us via the contact form for example, the requested data or the data provided by you will be used exclusively to answer your inquiry. These data will not be disclosed to third parties.

Any further use of personal data transmitted to the operator of this website shall only take place if the further processing of these personal data is consistent with purpose of the original data collection, such as to initiate a contractual relationship (see also Article 6 para. 1 lit. b and Article 6 para. 4 of the GDPR).

3. Collection of personal data for contract execution

We process all relevant personal data that are necessary for the initiation, performance or termination of contractual relationships pursuant to Article 6 para. 1 lit. b of the GDPR.

4. General information and contact in case of non-existing business relationship

Even if you are in no business relationship with us, the personal information we collect shall be used for information purposes and/or contact based on a legitimate interest. In this way we would like, for example, to provide you with important information about our company (see Article 6 para. 1 lit. f of the GDPR). However, you always have the possibility of objecting to this use (see Article 21 of the GDPR).

5. Collection of personal data for a newsletter

If you wish to receive a newsletter from us, we shall obtain your consent to the processing of your personal data (see Article 6 para. 1 lit. a of the GDPR). You have the possibility of withdrawing your consent at any time (“Opt-Out”).

6. Collection of personal data with applications

If you send us your application for an advertised position, then your application documents shall be processed on the basis of Article 88 of the GDPR in connection with § 26 para. 1 S. 1 of the Federal Data Protection Act (BDSG). If you send us a photo with your application, you do so voluntarily and thus give your consent to the collection and storage of your application photos (see Article 6 para. 1 lit. a of the GDPR).

We are greatly interested in completing and concluding a proper application process. This also includes the invalidation of possible allegations of discrimination in connection with the completion of the application process, which is why the deletion of your application documents is carried out 6 months after rejection. A longer storage of your application documents shall take place only with your express consent.

For unsolicited applications, deletion shall take place within a maximum of 12 months after receipt of your application documents.

7. Transfer of personal data for order processing

Insofar as we entrust a processor with the processing of personal data, we shall use specialised service providers. Our service providers are carefully selected and regularly monitored by us. They process personal data only on our behalf and on the basis of corresponding contracts for order processing (see Article 28 of the GDPR).

8. Transfer of personal data to third countries

If, in exceptional cases, we transfer personal data to countries outside the EU that do not offer an equivalent level of data protection, we rely on an adequacy decision of the EU Commission (Article 45 of the GDPR) or on appropriate safeguards (Article 46 of the GDPR) or pursuant to Article 49 of the GDPR on the derogations for specific situations for a transfer to third countries.

9. Data security and data integrity

In order to protect your personal data, we take reasonable technical and/or organisational measures to prevent the unintentional or unlawful destruction, loss, alteration or disclosure of your personal data. The personal data we process are relevant for the intended uses and we take reasonable steps to maintain the personal data complete and “up to date” for their intended use.

To support us, we kindly ask you to notify us of any changes to your data in order to ensure the accuracy and completeness of your data.

We point out that data transmission on the Internet (e.g. in communication by email) can have security gaps, so that a complete protection of the data from access by third parties is not always possible.

10. Storage of personal data

Unless otherwise specified in this privacy policy, personal data shall only be stored for as long as necessary for the purpose of the processing. If legal requirements provide for this or personal data are no longer necessary, they shall be deleted. No deletion shall occur, insofar as you have given us your consent for further storage or an anonymisation, which is equivalent to a deletion, has occurred.

11. Purpose of processing and recipient of personal data

The processing and use of your personal data shall take place exclusively for the purposes stated in this privacy policy and to the extent necessary to achieve the respective purpose.

Personal data shall neither be published nor passed on to third parties by us without authorisation. The disclosure of personal data to governmental entities shall only be within the bounds of mandatory legislation or if the disclosure is necessary and legitimate for legal or criminal prosecution in the case of attacks on the infrastructure of our company.

12. Rights of data subjects

You have the right to information, correction, deletion, restriction and portability of your personal data. You may object to automated decision-making (including “profiling”) and withdraw a consent given at any time with future effect, subject to any restrictions under applicable law. For the processing operations described in this privacy policy, which are based on the legal basis pursuant to Article 6 para. 1 lit. f of the GDPR, or in the case of advertising you have the right to objection at any time. The points of contact show below will accept your requests.

13. Contact information

Bei If you have questions about this privacy policy, please contact us at You also have the right to complain to the supervisory authority. The controller within the meaning of the GDPR is:

Companylinks GmbH
Trostbrücke 1
D-20457 Hamburg

14. Changes to this privacy policy

In order to comply with technical and legal adjustments, changes to this privacy policy are possible.