Privacy Policy


Protection of personal data and responsible handling of information are important and special concerns for us. We process personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).

1. Controller and Data Protection Officer

Controller in the meaning of Data Protection Law is Harbort GmbH & Co. KG, Südring 28-30, 29640 Schneverdingen (see also Imprint).

If you would like to exercise the rights mentioned in section 8 or have any questions about data protection with us or about this privacy policy, you can contact us or our data protection officer:

2. Website Visit

When you visit our website, we process personal data to the extent described in section 2.1. In addition, personal data may be processed for other purposes as described under 2.2. et seq.

2.1 Data Processing to Enable the Use of the Website

When you visit our website, we process personal data to enable your use (Usage Data). Usage Data includes your IP address and information on start, end and your use of the website. It also includes technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this website in our legitimate interest (Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please contact us.

2.2 Cookies and Web Tracking

When you visit our website, information in the form of cookies may be stored on your device. A cookie is a small text file that is sent from a web server to your browser and stored on your device. When you revisit our website, cookie data are transmitted to our web server again.

We use the following technically necessary cookies to ensure the functionality of the website:

Cookie: laravel_session
Purpose: Session-Cookie
Retention period: Session

Purpose: Protection against malicious http requests, so-called Cross-Site-Request-Forgery-Requests
Retention period: 1 hour

You can deactivate the storage of cookies in your browser and have the option to delete them from your hard drive at any time. In this case, not all functions of this website may be available to you. The legal basis for the use of these cookies is our legitimate interest in providing our website in accordance with Art. 6(1)(f) GDPR.

2.3 Google Maps

On the page of the contact form there is a plugin which shows a map of Google Maps. Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and make it easier for you to find us.

This is done by connecting your browser to Google's servers as if you were visiting the Google search engine's website. However, this only takes place when you activate the plugin and thus agree to the connection being established. There is no tracking by Google on our website.

If you do not agree to the future transfer of your data to Google in the context of the use of Google Maps, it is also possible to completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and therefore also the map display on this website can then not be used.

For more information about using Google Maps, please see the Google Maps Terms of Use. For further information on data protection at Google, please refer to Google's privacy policy.

The legal basis for this data processing is your consent by clicking on the Accept button (Art. 6(1)(a) GDPR.

2.4 Contact Form

We process your personal data when you use our contact form. If you contact us via the contact form provided, your details will be stored in order to respond to your enquiry. Legal basis is either the performing of a contract obligation or our legitimate interest in providing a contact form (Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

3. Job Applications

Within the application process, regardless of whether the application is made online or by post, we process your personal data. We process your personal data for the purpose of contacting you and assessing whether or not you are the right candidate for the position. All our employees entrusted with data processing are obliged to maintain the confidentiality of your data.

The legal basis for processing your personal Data are Sec. 26(1), (8)(2) BDSG or Sec. 26(2), (8)(2) BDSG.

4. Transfer to Recipients of Personal Data within the EEA

We will transfer personal data to third parties only where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR. In particular, we transferred personal data to the following categories of service providers:

  • accounting, financial institutions, tax and legal advice;
  • IT service and infrastructure, e.g. for the job application process;
  • IT support and maintenance;
  • data destruction and facility services;
  • In other cases, we transfer personal data to other recipients only if a there is a legal justification or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.

    5. Transfer to Recipients of Personal Data in States outside the EEA

    If necessary, for our purposes, we may also transfer your data to recipients outside the EEA.

    We only do this within the framework of the data protection requirements for transfers to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the GDPR and no other interests worthy of protection speak against the transfer of data.

    6. Deletion

    We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for YYY to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.

    Job-related data is retained until a decision is made and then deleted after a maximum of three months or, in the event of a successful application, transferred to your personnel file.

    7. Your Rights

    As a data subject of the data processing, you have the right to confirmation as to whether personal data relating to you are processed by YYY and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).

    In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR). If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

    If you have any questions or complaints about our data protection measures, we recommend that you first contact us (see contact details under section 1).

    8. No automated individual Decision-Making

    We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.

    9. Amendment of the Privacy Policy

    New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can always find the latest version on our website.

    Status: February 2021