top of page

Privacy Policy

Below, we inform you about the collection of personal data when using our website.
If you have any further questions regarding the handling of your personal data, please feel free to contact our data protection officer.

Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

 

NORDAKADEMIE gemeinnützige Aktiengesellschaft Hochschule der Wirtschaft
Köllner Chaussee 11
25337 Elmshorn
Telephone: +49 (0) 4121 4090-0
Fax: +49 (0) 4121 4090-40
Email: info@nordakademie.de

 

If you have any questions regarding data protection, our external data protection officer will be happy to assist you:

 

Herr Christopher Schewior
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
Email: dsb@nordakademie.de

Contact

When you contact us by email or via a contact form, the data you provide (your email address, and if applicable, your name and telephone number) will be stored by us in order to answer your questions and process your requests. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. If we request information via our contact form that is not required for contacting you, we always mark these fields as optional. This information helps us to specify your inquiry and to process your request more efficiently. Providing this information is expressly voluntary and with your consent, pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. If this includes information about communication channels (such as email address or telephone number), you also consent to us contacting you via these channels, if necessary, to respond to your inquiry. You may, of course, revoke this consent at any time with effect for the future.

 

Your data, which we have received in the course of contacting you, will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed, and no further communication with you is necessary or desired by you.

 

As the data controller, our company has implemented numerous technical and organizational measures to ensure the most comprehensive protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security vulnerabilities. Absolute protection cannot be guaranteed; in particular, sending unencrypted emails is not secure. We therefore ask that you do not send sensitive data via unencrypted email, but instead use encrypted communication channels (e.g., our contact form) or postal mail for this purpose.

Your Rights

We are happy to inform you whether personal data concerning you is being processed; if this is the case, you have the right to access this personal data and the specific information listed in Article 15 of the GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR), and the right to data portability (Art. 20 GDPR), each under the respective legal requirements.

 

You have the right, under the legal requirements, to object to the processing of your data (Art. 21 GDPR).

To exercise your rights, please contact us by email at DSB@Nordakademie.de or by post. Exercising your aforementioned rights is free of charge for you.
Notwithstanding these rights and the possibility of seeking any other administrative or judicial remedy, you also have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates data protection regulations (Art. 77 GDPR).

 

Legal Bases of our data processing

The processing of personal data can be based on various legal grounds. If we require your data to fulfill a contract with you or to respond to inquiries from you regarding a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. This also includes the organization of events and related (preparatory) data processing.

If we obtain your consent for a specific data processing activity, the legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.

Some data processing activities are carried out on the basis of our legitimate interests, whereby a balance is always struck between your interests worthy of protection and our legitimate interests. The legal basis in this case is Art. 6 para. 1 sentence 1 lit. f) GDPR.

If processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 sentence 1 lit. c) GDPR.

Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

Data Processing when accessing the Website

When you use the website for informational purposes only, meaning you do not register or otherwise provide us with information (e.g., via a contact form), we collect the following technical information (log file data):

– Operating system of the device you use to visit our website
– Browser (type, version & language settings)
– The amount of data transferred
– The current IP address of the device you use to visit our website
– Date and time of access
– The URL of the previously visited website (referrer)
– The URL of the (sub-)page you access on our website
– The internet service provider of the accessing system

The collection of this data is technically necessary to display our website to you and to ensure stability and security. As a rule, we do not know who is behind an IP address. We do not combine the above data with other data.

 

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Since the collection of data for providing the website and the storage in log files are absolutely necessary for the operation of the website and for protection against misuse, our legitimate interest in data processing prevails in this case.

 

Data Security

We have implemented extensive technical and organizational safeguards to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological advancements.

 

Data Transmission

As a rule, your personal data will not be transferred to third parties unless we are legally obliged to do so, the transfer of data is necessary for the performance of the contractual relationship, or you have expressly consented to the transfer of your data in advance.

External service providers and partner companies, such as a shipping company commissioned with delivery, will only receive your data to the extent necessary to process your order. In these cases, the scope of the transmitted data is limited to the necessary minimum. If our service providers process your personal data on our behalf, we ensure within the framework of data processing agreements pursuant to Art. 28 GDPR that they comply with data protection laws in the same way. Please also note the privacy policies of the respective providers. The respective service provider is responsible for the content of external services, although we check the services for compliance with legal requirements within reasonable limits.

 

We place great importance on processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. In such cases, we ensure that, before your personal data is transferred, an adequate level of data protection comparable to the standards within the EU is established at the recipient. This can be achieved, for example, through EU standard contractual clauses, binding corporate rules, or special agreements to which the company may be subject.

Use of Wix.com as a Hosting Platform

Our website is hosted on the Wix Studio platform by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (“Wix”). The hosting is based on Art. 6 para. 1 lit. f GDPR due to our legitimate interest in a reliable presentation of our website.
All data you enter on this website is processed and stored on Wix’s servers. Wix enables the provision of the website on modern, technically secure infrastructures and supports us in the operation and maintenance of the website.
Wix uses server locations both within the European Union and outside, particularly in Israel and the USA. Therefore, it is possible that personal data may be transferred to and processed in countries outside the EU/EEA. For these transfers, appropriate safeguards pursuant to Art. 44 et seq. GDPR exist through adequacy decisions of the EU Commission or standard contractual clauses.

 

You can find further information on data protection at Wix at:

https://de.wix.com/about/privacy

What are Cookies?

Cookies are data that are stored on your computer by a website you visit and allow your browser to be recognized again. Cookies transmit information to the entity that sets the cookie. Cookies can store various types of information, such as your language settings, the duration of your visit to our website, or the entries you made there. For example, this prevents you from having to re-enter required form data each time you use the website. The information stored in cookies can also be used to identify preferences and tailor content to areas of interest.

 

There are different types of cookies: Session cookies are data that are temporarily stored in memory and deleted when you close your browser. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. The information in these cookies can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

 

First-party cookies are set by the website you are currently visiting. Only this website may read information from these cookies. Third-party cookies are set by organizations that are not the operator of the website you are visiting. These cookies are used, for example, by marketing companies.

 

The legal bases for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR. If data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. The stated purpose then corresponds to our legitimate interest.

 

We use cookies to ensure the proper operation of the website, to provide basic functionalities, for reach measurement, and—with your consent—to tailor our services to preferred areas of interest.


You can delete cookies already stored on your device at any time. If you want to prevent the storage of cookies, you can do so via your internet browser settings. Alternatively, you can also install so-called ad blockers. Please note that certain functions of our website may not work if you have disabled the use of cookies.

 

When you access our website, all users are also informed about our use of cookies via an information banner and are referred to this privacy notice. As a user, you are also asked for your consent to the use of certain cookies, especially those relevant for the personalization of services and marketing measures. Any consent you have given can be revoked at any time with effect for the future.

1. General Information

If you contact us, wish to enter into a collaboration with us, or conclude a contract with us, we process your personal data. In addition, we also process your personal data, among other things, to fulfill legal obligations, to protect a legitimate interest, or based on consent you have given. We only process personal data that we have received from you.

Depending on the legal basis and the contractual relationship with us, the following categories of personal data are involved:

 

- First name, last name

- Company

- Business address

- Business contact details (telephone, email address)

- Account information, in particular registration and logins (e.g., Teams account for external parties)

- Video or image recordings

 

2. Purposes and Legal bases

Based on the consent you have given (Art. 6 para. 1 sentence 1 lit. a) GDPR)
If you have voluntarily given us your consent to process certain personal data, this consent forms the legal basis for the processing of these data.

 

In the following cases, we process your personal data based on the consent you have given:

 

- Sending information about our projects, news, events, webinars.

 

To fulfill a contract (Art. 6 para. 1 sentence 1 lit. b) GDPR)
We use your personal data for contract execution as well as for pre-contractual communication.

 

To fulfill legal obligations (Art. 6 para. 1 sentence 1 lit. c) GDPR)
As a company, we are subject to various legal obligations. In order to fulfill these obligations, it may be necessary to process personal data:

- Prevention/defense against criminal acts (only in specific cases).

- Retention and storage obligations (§ 257 HGB; § 147 AO).

- Obligations to process customer data (e.g., due to tax law obligations).

 

Based on a legitimate interest (Art. 6 para. 1 sentence. 1 lit. f) GDPR)
In certain cases, we process your data to protect our legitimate interests:

 

- Communication with the contact persons at our business partners.

- Direct marketing for similar projects within the scope of our business relationship.

- Ensuring IT security and IT operations.

- Video surveillance to protect property rights.

- Customer satisfaction surveys.

- Case-related comparison of first and last names of business contacts with the lists of the EU anti-terror regulations (Regulation (EC) No. 881/2002, Regulation (EC) No. 2580/2001, so-called anti-terror lists) due to the prohibition on provision under the EU anti-terror regulation.

 

3. Retention period

We retain your personal data for as long as it is necessary to fulfill our legal and contractual obligations, including but not limited to:

 

- Fulfillment of, for example, commercial and tax law retention obligations. These include retention periods stipulated by the German Commercial Code (HGB) or the Fiscal Code (AO). The retention periods are up to 10 years.

- Preservation of evidence within the framework of statutory limitation periods. According to the limitation provisions of the German Civil Code (BGB), these limitation periods can be up to 30 years in some cases; the regular limitation period is three years.

- After subscribing to the newsletter, your email address is stored in our newsletter distribution list. After unsubscribing from the newsletter, your email address is removed from the distribution list and placed on a blacklist. This list is deleted every 6 months.

 

4. Who will your data be shared with?

As a rule, your personal data is further processed by the internal departments of NORDAKADEMIE that require it to fulfill their tasks. However, it is also possible that other external parties may be involved in processing your data. If a data processor is involved, NORDAKADEMIE has concluded a corresponding data processing agreement with the respective external service provider in accordance with Art. 28 GDPR. Other recipients will only receive your data if you have given NORDAKADEMIE your consent to the data transfer, if it is required by a contract concluded with you, or if NORDAKADEMIE is legally obliged to transfer the data.

 

- IT service providers (e.g., maintenance service providers, hosting service providers)

- Service providers for document and data destruction

- Tax authorities and auditors

- Web hosting service providers

 

As of July 2025

Use of Customer, Supplier and Service Provider Data (Business Partners)

bottom of page