Privacy Notice

At Nord­ic Ham­burg Pro­jects and Fin­ance GmbH, we re­spect your pri­vacy. The pro­tec­tion of your per­son­al data, i.e., your name, email ad­dress or tele­phone num­ber) is there­fore of par­tic­u­lar im­port­ance to us. Our data pro­tec­tion prac­tice com­plies with the pro­vi­sions of the Gen­er­al Data Pro­tec­tion Regu­la­tions (GDPR) of the European Union, the Ger­man Data Pro­tec­tion Act as well as with ad­di­tion­al legal re­quire­ments.

1. Name and Ad­dress of the Con­trol­ler
The “con­trol­ler” with­in the mean­ing of the Gen­er­al Data Pro­tec­tion Regu­la­tions (GDPR) and of other na­tion­al data pro­tec­tion and pri­vacy laws of the EU Mem­ber States as well as other data pro­tec­tion pro­vi­sions is

Nord­ic Ham­burg Pro­jects & Fin­ance GmbH
Cre­mon 32
20457 Ham­burg
Web­site: www.nor­d­ic-ham­burg.de

2. Contact De­tails of the Data Pro­tec­tion Of­ficer
We value your trust. Should you have any ques­tions re­gard­ing the col­lect­ing, pro­cessing or use of your per­son­al data, in the case of re­voc­a­tion of con­sent, in­form­a­tion, cor­rec­tion, block­ing or de­le­tion of data, please con­tact our Data Pro­tec­tion Of­ficer:

data­pro­tec­tion@nor­d­ic-ham­burg.com
or
Postal Ad­dress:
Nord­ic Ham­burg Pro­jects & Fin­ance GmbH
Data Pro­tec­tion Of­ficer
Cre­mon 32
20457 Ham­burg

3. Gen­er­al In­form­a­tion on Data Pro­cessing

a. Scope of the pro­cessing of per­son­al data
As a mat­ter of prin­ciple, we only col­lect and use the per­son­al data of our users as much as is ne­ces­sary to provide a func­tion­al web­site as well as our con­tents and ser­vices. The col­lect­ing and use of the per­son­al data of our users reg­u­larly takes place only on a legal basis. An ex­cep­tion ap­plies in such cases in which a legal basis is not ap­par­ent and the pro­cessing of the data can only be au­thor­ized via a con­sent.

b. Legal basis for the pro­cessing of per­son­al data
In­so­far as we ob­tain the con­sent of the data sub­ject to pro­cess his or her per­son­al data, Art. 6 para. 1 lit. a of the GDPR serves as legal basis.

Is the pro­cessing of per­son­al data re­quired to ful­fil a con­tract whose con­tract­ing party is the data sub­ject, Art. 6 para. 1 lit. b of the GDPR serves as legal basis. This also ap­plies to pro­cessing op­er­a­tions that are ne­ces­sary to carry out pre-con­trac­tu­al meas­ures and ac­tions.

In­so­far as the pro­cessing of per­son­al data is ne­ces­sary in order to ful­fil a legal ob­lig­a­tion to which our com­pany is sub­ject, Art. 6 para 1 lit. c of the GDPR serves as legal basis.

If the pro­cessing of data is ne­ces­sary to safe­guard a le­git­im­ate in­terest of our Com­pany or of a third party, and if the in­terests, fun­da­ment­al rights and fun­da­ment­al freedoms of the data sub­ject do not out­weigh the first-men­tioned in­terest, Art. 6 para. 1 lit. f of the GDPR serves as legal basis for the pro­cessing.

c. Data eras­ure and stor­age peri­od
The per­son­al data of the data sub­ject will be erased or blocked as soon as the pur­pose of stor­ing the data ceases to apply. Fur­ther­more, data may be stored if doing so has been provided for by European or na­tion­al law­makers in EU reg­u­la­tions, laws or other pro­vi­sions to which the con­trol­ler is sub­ject. The data will like­wise be blocked or erased if a stor­age peri­od stip­u­lated by the afore­men­tioned rules ex­pires, un­less it is ne­ces­sary to con­tin­ue stor­ing the data in order to con­clude or ful­fil a con­tract.

4. Pro­vi­sion of the Web­site and Creation of Log Files
As a basic prin­ciple, you are able to use our in­ter­net site without provid­ing your per­son­al data.

a. Web­serv­er log files
Every time our in­ter­net pages are ac­cessed, in­form­a­tion trans­mit­ted from your browser is auto­mat­ic­ally saved in so-called web­serv­er log files. In par­tic­u­lar, this in­form­a­tion in­cludes the name of your pro­vider, your an­onym­ized IP ad­dress, your browser type, your op­er­at­ing sys­tem, in­ter­net sites you have pre­vi­ously vis­ited, and the serv­er re­quest time. Neither this data nor other as­so­ci­ated per­son­al data of the user are stored.

The legal basis for the tem­por­ary stor­age of data is Art. 6 para. 1 lit. f of the GDPR.

The tem­por­ary stor­age of the IP ad­dress by the sys­tem is ne­ces­sary in order to make it pos­sible for the web­site to be de­livered to the user’s com­puter. To do this, the user’s IP ad­dress must re­main stored for the dur­a­tion of the ses­sion. The log files are stored in order to en­sure the func­tion­al­ity of the web­site. In ad­di­tion, the data helps us op­tim­ize the web­site and safe­guard the se­cur­ity of our in­form­a­tion tech­no­logy sys­tems. In this con­text, no ana­lys­is of the data is con­duc­ted for mar­ket­ing pur­poses.

These pur­poses are con­sti­tut­ing our le­git­im­ate in­terest as per Art. 6 para. 1 lit. f of the GDPR.

The data will be de­leted as soon as they are no longer ne­ces­sary to achieve the pur­pose for which they were col­lec­ted. As relates to the col­lec­tion of data for the pro­vi­sion of the web­site, this is the case when the re­spect­ive ses­sion has ended.

The col­lec­tion of data for the pro­vi­sion of the web­site as well as the stor­age of data in log files is ab­so­lutely ne­ces­sary for the op­er­a­tion of the web­site. For this reas­on, there is no op­tion to ob­ject on the user’s side.

b. Cook­ies and Web Ana­lys­is Ser­vices Matomo or Google Ana­lyt­ics
On our web sites, we do not use Cook­ies and web ana­lys­is ser­vices.

c. Use of Google Maps
Our web site uses Google Maps to dis­play the geo­graph­ic loc­a­tion of our of­fice. Google Maps is op­er­ated by Google, Inc., 1600 Am­phi­theatre Park­way, Moun­tain View, CA 94043, USA.

We would like to point out that by using Google Maps in­form­a­tion about our web site as well as your IP ad­dress are being sub­mit­ted to a serv­er Google hosts, which may be loc­ated in the Un­ited States of Amer­ica and which is con­nec­ted to data pro­tec­tion risks.

The terms of use of Google Maps can be found under Google Maps/Google Earth Ad­di­tion­al Terms of Ser­vice. You may ob­tain de­tailed in­form­a­tion under Google’s Pri­vacy State­ment.

5. Third-Party Ac­cess and Data Dis­clos­ure
The re­cord­ing, pro­cessing and use of per­son­al data is car­ried out by us as well as other com­pan­ies in the Cor­por­ate Group or by ex­tern­al ser­vice pro­viders who are con­trac­ted by us and both con­trac­tu­ally and leg­ally bound to data pro­tec­tion. In these cases, we en­sure that Group com­pan­ies and these ex­tern­al ser­vice pro­viders abide by the rel­ev­ant legal data pro­tec­tion rules.

In­so­far as you re­quest the ser­vices of or con­tact from one of our as­so­ci­ated com­pan­ies from a portal provided by us, we will share the data you have made avail­able to us with this as­so­ci­ated com­pany.

Other­wise, no third parties have ac­cess to your per­son­al data. We will only for­ward data to the re­spons­ible au­thor­ity in the event of of­fi­cial or legal de­mands as well as legal ob­lig­a­tions to trans­mit data. This also ap­plies in the event of a court order for trans­mis­sion. In the case of an of­fi­cial, legal or ju­di­cial ob­lig­a­tion to trans­mit data, we will ex­am­ine in each in­di­vidu­al case wheth­er the trans­mis­sion com­plies with the basic prin­ciples of the GDPR and/or the ap­plic­able na­tion­al law.

6. Se­cur­ity
We have im­ple­men­ted ex­tens­ive se­cur­ity pro­vi­sions and meas­ures to pro­tect per­son­al data stored by us from un­au­thor­ized ac­cess, mis­use, al­ter­ing, mis­ap­pro­pri­ation, de­struc­tion and loss. However, we must point out that un­en­cryp­ted data trans­fer via the in­ter­net can­not provide any guar­an­tee that ac­cess to your data by third parties is pro­hib­ited. Com­plete pro­tec­tion of your data dur­ing un­en­cryp­ted trans­fer from your sys­tem to our serv­er is not pos­sible in tech­nic­al terms.

7. Rights of the data sub­ject
If your per­son­al data is pro­cessed, then you are a “data sub­ject” with­in the mean­ing of the GDPR. You have the fol­low­ing rights vis-à-vis the con­trol­ler:

a. Right of ac­cess: You may re­quest in­form­a­tion about your data pro­cessed by us, in par­tic­u­lar about the pur­poses of pro­cessing, the cat­egory of per­son­al data, the cat­egor­ies of re­cip­i­ents to whom the data have been or will be dis­closed by us, the en­vi­sioned peri­od of stor­age, the ex­ist­ence of a right of rec­ti­fic­a­tion, eras­ure, re­stric­tion of pro­cessing or ob­jec­tion to it, the ex­ist­ence of a right to lodge a com­plaint, where your data are col­lec­ted from (if these are not col­lec­ted by us), and the ex­ist­ence of auto­mated de­cision-mak­ing, in­clud­ing pro­fil­ing.

b. Right to rec­ti­fic­a­tion: You have the right to de­mand without undue delay the rec­ti­fic­a­tion of in­ac­cur­ate per­son­al data stored by us as well as to have in­com­plete per­son­al data stored by us com­pleted.

c. Right to eras­ure: You have the right to de­mand that per­son­al data stored by us be erased as long as the pro­cessing of this data is not ne­ces­sary to ful­fil a legal ob­lig­a­tion, for reas­ons of pub­lic in­terest, or for the es­tab­lish­ment, ex­er­cise or de­fence of legal claims.

d. Right to block data: You have the right to de­mand that your per­son­al data be blocked. Data that is blocked will not be de­leted from our data­bases, but they will not be pro­cessed as long as the block is in ef­fect.

e. Right to data port­ab­il­ity: You have the right to re­ceive the per­son­al data on you that you have provided us in a struc­tured, com­monly used and ma­chine-read­able format or to de­mand that it be trans­mit­ted to an­oth­er con­trol­ler.

f. Right to ob­ject: Con­sent given to pro­cess your per­son­al data can be re­voked at any time. As a res­ult of this, we will no longer be per­mit­ted to con­tin­ue pro­cessing data based on this con­sent in the fu­ture.

g. Right to lodge a com­plaint: You have the right to lodge a com­plaint with a su­per­vis­ory au­thor­ity. To do so, you can con­tact the su­per­vis­ory au­thor­ity of the place of busi­ness of our com­pany.

In order to ex­er­cise your rights as a data sub­ject, please con­tact our Data Pro­tec­tion Of­ficer (cf. Sec­tion I of this Data Pri­vacy State­ment). As an al­tern­at­ive, you may also con­tact a cus­tom­er ser­vice rep­res­ent­at­ive or other con­tact per­son you know at Nord­ic Ham­burg Pro­jects & Fin­ance GmbH.

If an in­di­vidu­al ex­er­cises his or her rights in ac­cord­ance with the GDPR, we will not charge any fees. However, a reas­on­able fee may be charged if your in­quiry is demon­strably ab­us­ive im­prop­er or if you make a re­peated in­quiry without rel­ev­ant jus­ti­fic­a­tion.

We may need to col­lect in­form­a­tion on you that will en­able us to clearly identi­fy you as a data sub­ject. In doing so, we will en­deav­our not to com­plic­ate or even hinder your re­quest. Rath­er, we want to make sure that none of your per­son­al data falls into the hands of un­au­thor­ized per­sons.

8. Hyper­links
Our in­ter­net sites may con­tain hy­per­links (i.e., elec­tron­ic cross-ref­er­ences) with which in­ter­net sites from other com­pan­ies can be called up. This Data Pri­vacy State­ment does not apply to these linked in­ter­net sites be­long­ing to other com­pan­ies.

9. Changes to this Pri­vacy Notice
It may be ne­ces­sary to adapt our Data Pro­tec­tion State­ment to chan­ging frame­work con­di­tions of a fac­tu­al and legal nature. The Data Pri­vacy State­ment pub­lished on our pages is kept up to date.

As of: May 2018