Privacy Policy

Thank you for visiting our website. In the privacy policy, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

The controller for the data processing described below is named in the imprint.

When you visit our websites, our web server temporarily evaluates so-called usage data for statistical purposes in order to improve the quality of our website. This data consists of the following data categories:

  • the name and address of the requested content,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (content transferred, content not found),
  • the description of the used web browser and operating system,
  • the referral link, which indicates from which page you reached ours,
  • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.

The aforementioned log data will be evaluated anonymously.

The legal basis for the processing of usage data is Art. 6 (1) (f) GDPR. The processing is based on the legitimate interest of providing the contents of the website and ensuring a device- and browser-optimised display.

In addition, we store the complete IP address transmitted by your web browser with strict purpose limitation for a period of seven days in the legitimate interest of being able to detect, limit and eliminate attacks on our websites. We delete or anonymize the IP address when this period has expired.The legal basis for the processing is Art. 6 (1) (f) GDPR.

In order to protect your data as comprehensively as possible from unwanted access, we implement technical and organisational measures. These measures include encryption procedures on our websites. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

We use cookies on our websites, which are necessary for using our websites.

Cookies are small text files that can be stored on and extracted from your device. There is a difference between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored for more than the duration of the session.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

In some cases, these cookies only contain information on certain settings and are not linked to a person. They may also be necessary to enable user guidance, security and operating of the site.

The legal basis for using these cookies is our legitimate interest according to Art. 6 (1) (f) GDPR.

You can set your browser to inform you about the use of cookies. You can also delete cookies or prevent the setting of new cookies at any time by using the appropriate browser settings. Please note that if you delete certain cookies, our websites may not be displayed correctly and some functions may no longer be available.

Open all
  • HfK Bremen

We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR to provide you with our content according to your preferences and to be able to prove your consent(s). The settings you have made, the consents you have given and parts of your usage data are stored in a cookie. This ensures that it is kept for further website visits and that your consents continue to be traceable. You can find more information about this under the section "Necessary cookies".

The provider of the consent management platform acts on our behalf and is strictly bound by our instructions (processor). A data processing agreement in accordance with Art. 28 GDPR has been concluded.The service provider is "MIR MEDIA," Händelstraße 41, 50674 Cologne, Germany; Website:; Privacy Policy:

We use the Google Tag Manager service on our websites (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

This service allows the management of website tags through an interface. The Google Tag Manager only implements tags, does not set cookies, and does not collect personal data. The Google Tag Manager triggers other tags that may collect personal data, but the Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it remains in effect for all tracking tags implemented with the Google Tag Manager. The Google Tag Manager only receives pseudonymized user data, meaning all personal identifiers that could be used to identify a specific user are removed. We use a proxy server located in the EU to cleanse the data.

The Tag Manager is used to manage the tools and external services we employ on our website and allows the use of so-called tags. A tag is a code element embedded in the website's source code to control the activation and loading sequence of page or service elements and tools. The tool triggers other tags, which may, in turn, collect data explained further in this privacy policy.

Some of the data may be processed on a Google server in the USA. More information on this can be found in Google's information on the Tag Manager. To prevent the direct transmission of your data to Google, we use the stape website management tool. Regarding its functionality and the processing of your data, refer to the stape entry in this privacy policy.

The use of the Google Tag Manager is based on your consent under Art. 6 Art. (1) (a) GDPR, provided you have given your consent via our banner. You can revoke your consent at any time. Please open the cookie settings in the footer of our websites and make the appropriate settings via our banner.

We use the tool (8 The Green, Suite # 12892, Dover, DE 19901, USA) on our websites. This is a cloud platform for managing website settings. Website content, including Google scripts and other third-party tools, is stored on Stape cloud servers and served to users through these servers. No content is directly loaded from third parties, preventing them from obtaining information about website visitors. Thus, there is only data exchange between users and Stape servers, enhancing the security of user data.

Stape logs data about events occurring in our network.

Some of this log data includes information about visitors and/or authorized users of domains, networks, websites, or application interfaces ("APIs"). These metadata contain extremely limited personal data, mostly in the form of IP addresses. Stape processes this data as instructed in the main data centers in the USA and Europe for a limited period. The processing is based on Art. 6 (1) (f) in our legitimate interest.

Our legitimate interest is to enhance the quality of our content through functional website management and prevent the sharing of your data with third parties.

We use the web analysis tool "Google Analytics" to design our websites in accordance with the needs of our visitors. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and accessed by us. This allows us to recognise returning visitors and count them as such.

We are supported by Google Ireland Limited as a processor in accordance with Art. 28 GDPR when using the Google Analytics service. The data processing by Google may also take place outside the EU or the EEA (especially in the USA). With regard to Google, an adequate level of data protection is ensured due to the adequacy decision (EU-U.S. Data Privacy Framework). Google is also obliged to conclude standard contractual clauses with further sub-processors.

The legal basis for this data processing is your consent if you have given your consent via our consent banner. You can withdraw your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.

Open all
  • Google Analytics

To comprehensively display fonts on our websites, we use the services of Monotype GmbH. The necessary web fonts are hosted locally on our server and loaded into your browser cache, allowing the display of texts and fonts. We utilize Monotype in the interest of an appealing and consistent presentation of our online offerings. The legal basis for processing is your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR.

For further information on Monotype's privacy practices, please refer to their privacy policy.

You have the opportunity to apply for the positions we offer or to submit a speculative application via our application portal. As part of the application process, we require the information from you that is marked as mandatory in our application form. The legal basis for processing this data is § 26 (1) sentence 1 BDSG (German Federal Data Protection Act, „Bundesdatenschutzgesetz“), as the data is required for the decision on the establishment of an employment relationship. Data processing for other purposes does not take place.

In addition, you can decide for yourself whether you would like to provide us with further information that is marked as non-mandatory in the application form. The provision of this data is voluntary and not mandatory for the application. If you voluntarily provide us with personal data, we process this data on the basis of your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 26 (2) BDSG. You can withdraw your consent at any time with effect for the future. To do so, please contact the controller for the data processing named in the imprint.

We will handle your data confidentially. We use the strictly instruction-bound processor BITE GmbH as a data processor for the applicant management. We have conclouded an agreement in accordance with Art. 28 GDPR with the processor. Besides that your data will not be passed on. If an employment contract is concluded after the application process, we store the data from your application that is required for your employment relationship. The legal basis for this processing is Art. 88 para. 1 Art. 88 (1) GDPR conjunction with § 12 BremDSGVOAG or § 26 (1) sentence 1 BDSG. If your application is not successful, your data will be deleted afterx months. The processing until deletion takes place in our legitimate interest to be able to defend us against any claims relating to the application.We only process the personal data that you provide to us as part of the application process.

On our websites, we embed videos that are not stored on our servers. However, for reasons of data protection, no content from third-party proivders is reloaded yet and the third-party provider will not receive any informtaion, when you call up our web pages.

Only when you give your consent via our consent banner the content of the third-party provider will be reloaded. The third-party provider is therefore able to obtain the information that you have accessed our site as well as the usage data that is technically required in this context. Additionally, the third-party provider is able to implement tracking technologies. We have no influence on the further data processing by the third-party provider. Your consent includes that contents of the third party provider are reloaded.

The embedding is based on your consent, provided you have given your consent via our consent banner. If data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information about the level of data protection in the following table.

Open all
  • Google (Youtube)
  • Vimeo
Open all
  • Youtube
  • Vimeo

You can order a newsletter on our websites. Please note that we require certain data (at least your e-mail address) for suscribing to our newsletter.

The newsletter will only be sent to you, if you have given us your explicit consent. Once you have ordered our newsletter, you will receive a confirmation e-mail to the e-mail address you provided (so-called double opt-in). You can withdraw your consent at any time. You can easily withdraw your consent, for example, by clicking on the unsubscribe link in every newsletter.

As part of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary for us to be able to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of the order or the confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is based on Art. 6 (1) (f) GDPR and in the legitimate interest of being able to account for the lawfulness of the newsletter delivery.

Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion.

We share your data with service providers that support us in the operation of our websites and the associated processes as part of data processing on behalf of the controller pursuant to Art. 28 GDPR. These are, for example, hosting service providers. Our service providers are strictly bounded by our instructions and are contractually obligated accordingly.

In the following, we will name the processors with whom we work, if we have not already done so in the above text of the data protection declaration. If data may be processed outside the EU or the EEA in this context, we inform you about this in the following table.

Data Processor:

MIR Media
Oliver Priester
Händelstraße 41
50674 Cologne

Web Development and Marketing
Appropriate Data Protection Level:
Processing only within EU/EEA

Data Processor:

Sendinblue GmbH
Köpenicker Straße 126
10179 Berlin

Newsletter Distribution
Appropriate Data Protection Level:
Processing only within EU/EEA

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data of you is being processed; if this is the case, you have the right to obtain information about the processed personal data and to receive the information listed in detail in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to request the rectification of any inaccurate personal data relating to you and, where applicable, the completion of any incomplete data, without delay.

Right to erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing, for the duration of the assessment by the controller, if one of the requirements listed in Art. 18 GDPR is met, e.g. if you have objected to the processing.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to request the transfer of this data to a third party.

Right to withdraw consent (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal of the consent only effective for the future. Processing that took place before the withdrawal is not affected.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 (1) (f) GDPR (data processing for the protection of legitimate interests) or on the basis of Art. 6 (1) (e) GDPR (data processing for the protection of public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. The right to lodge a complaint can be asserted in particular witha supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.

Asserting your rights

Unless otherwise described above, please contact the controller of the data processing named in the imprint to assert your rights as a data subject.

Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz nord GmbH 
Konsul-Smidt-Straße 88 
28217 Bremen 

If you contact our data protection officer, please also state the controller for the data processing named in the imprint.