Privacy Policy

Privacy Policy for the Nordex Group Career Pages

Thank you for visiting us and for your interest in a position within the Nordex Group. Nordex SE and its affiliates and subsidiaries worldwide (collectively, "Nordex," "we," or "us") are committed to protecting the privacy of all job applicants and candidates.

This Privacy Notice applies globally to all individuals whose personal data Nordex processes in the context of recruitment, whether you applied on your own initiative, were referred to us by a third party, or were proactively identified and approached by Nordex. It covers all stages of the recruitment process, from the initial collection of your data through to the final hiring decision, as well as data processed in connection with your use of the Career Portal regardless of whether you ultimately submit an application. Where local laws impose additional or different requirements, Nordex will comply with those requirements.

Name and Contact details of the Controller
Nordex SE
Langenhorner Chaussee 600
22419 Hamburg
Germany
Tel.: +49 – (40) – 300 30 – 1000
Fax: +49 – (40) – 300 30 – 1101

1. Processing of Personal Data in the Context of Application Management and Recruitment

a. Sources of Data Collection

We may collect personal data about you from the following sources:

Directly from you, when you submit an application through our career pages or any other channel;
From cloud storage services, where you choose to import your application documents directly from your account using the portal's document upload feature. In that case, you will be prompted to authenticate with the relevant service provider, who will share the selected files with us on your behalf;
From third parties acting on your behalf or referring you to us, such as recruitment agencies, headhunters, or professional references; or
On our own initiative, from publicly available sources such as LinkedIn or similar professional networking platforms, where you can reasonably expect that your profile may be reviewed in connection with job opportunities.

b. Categories of Personal Data Processed

Depending on the stage of the recruitment process and the applicable local law, we generally record the following categories of data:

Basic data (e.g. first and last name, gender, date of birth)
Contact details (address, e-mail address, telephone number)
Application materials (e.g. curriculum vitae, cover letter, certificates, diplomas, and professional qualifications)
Employment history, professional experience, and educational background
Answers to application questions or assessments
Interview notes and evaluation records
Verification and screening data (e.g. identity checks, right-to-work verification, reference check outcomes, and professional licence verification), only where permitted or required under applicable local law
Integrity and compliance screening data (e.g. criminal background information, sanctions list screenings), only where collection and processing is permitted or required under applicable local law
Bank details, where necessary for the reimbursement of travel expenses
Any other information you voluntarily provide during the recruitment process

You are not legally required to provide your personal data to us. However, without it, we may not be able to process your application or progress your candidacy.

c. Purposes and Legal Bases

We process your personal data solely for recruitment-related purposes. The legal bases for this processing depend on the applicable law in your jurisdiction. Where the GDPR, the UK GDPR, the Brazilian LGPD, or an equivalent framework applies, the legal bases are as set out below. Where local law imposes additional or different requirements, we will comply with those requirements.

The core of our recruitment activity, receiving and evaluating your application, assessing your qualifications and suitability for the role, communicating with you throughout the selection process, and reimbursing any travel expenses incurred, is carried out based on pre-contractual measures taken at your request.

Where we have proactively identified you through a publicly available source such as LinkedIn, or where we use AI tools to support our recruiters in reviewing applications, we rely on our legitimate interests in identifying suitable candidates and maintaining an efficient and consistent recruitment process. The same applies to our use of recruitment-related data for satisfaction measurement, for improving the performance and reliability of our digital recruitment tools, for the defence of legal claims, and for anonymizing and aggregating data for analytical or statistical purposes.

Where we are required by law to collect or retain certain data, for example to meet regulatory or record-keeping obligations, processing is carried out based on compliance with a legal obligation.

Finally, where you have registered for job notifications, agreed to retention in our talent pool for future vacancies, or voluntarily provided information beyond what is required, such as photographs or other non-mandatory content, processing is based on your revocable consent. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

In limited circumstances, we may also process special categories of personal data that are particularly sensitive in nature and therefore subject to additional safeguards. This may include:

Health and disability-related data, for example where you request reasonable accommodations during the recruitment process or where a fitness-for-role assessment is required for a safety-sensitive position;
Diversity and equal opportunities data, such as information relating to racial or ethnic origin, gender identity, or other protected characteristics, where we are required or permitted to collect it for the purposes of equal opportunities monitoring, diversity and inclusion reporting, or compliance with applicable legal obligations.

Such data will only be processed where a valid legal ground exists under applicable law, which may include compliance with legal obligations, the pursuit of substantial public interest, or your explicit consent. Where your consent is required, it will be sought separately and you may withdraw it at any time. You will always be informed when we collect data of this nature.

d. Retention

Retention periods for personal data collected during the recruitment process vary depending on the applicable local law, the outcome of your application, and the specific circumstances of your case.

If you are offered and accept a position within the Nordex Group, your application data will be incorporated into your employee file and retained in accordance with our internal data retention policies.

If your application is unsuccessful, your personal data will generally be deleted once it is no longer needed for the purposes for which it was collected. Retention may be extended where required by applicable law, for example to meet tax, financial, or regulatory record-keeping obligations, or where necessary to establish, exercise, or defend legal claims within the relevant statutory limitation period.

Where you have indicated your interest in being considered for future opportunities, we will retain your data for that purpose. Retention periods in this talent pool vary by country. Depending on your jurisdiction, retention in the talent pool may require your prior consent, which you can withdraw at any time without affecting the lawfulness of any processing carried out before withdrawal.

For more specific information about the retention periods applicable to your particular situation, please do not hesitate to contact us using the details set out in section 8 "Contact Details of our Data Protection Officer" below.

2. Processing of Personal Data Within the Career Pages

When you visit Nordex's career websites, your browser automatically transmits certain data to our web server. To the extent this data relates to an identified or identifiable person, it constitutes personal data and is processed as described below:

a. Usage Data

Server log files record user activity on our website. We collect this data to provide our services, ensure system security and stability, and detect and protect against attacks. The data collected includes:

the page from which the file was requested,
the name of the file,
the date and time of the query,
the amount of data transferred,
the access status (file transferred, file not found),
the description of the type of web browser used,
the IP address of the requesting computer.

To the extent your local laws require a legal basis for the processing of personal data, that legal basis is Nordex's legitimate interest in ensuring the stable and secure operation of its career portal and protecting its systems against attacks and unauthorized access. Data is erased as soon as it is no longer required for the purpose for which it was collected, which is generally when the respective session ends.

b. Cookies and Web Storage

The Career Portal uses cookies and similar technologies to provide basic functionality, measure performance, and enhance the user experience. Cookies are small text files stored on your device when you visit a website. We use the following types:

Essential cookies are necessary for the portal to operate correctly. Without them, certain functions may be unavailable or the site may not display properly. Their use is based on our legitimate interest in providing a functional website.
Analytics cookies help us understand how visitors interact with the portal by collecting and reporting usage data, including site performance, user behavior, and engagement across sessions.
Functional cookies enable non-essential features that improve your experience, such as storing language preferences or enabling enhanced interaction with embedded content. Some of these features are provided through third-party services.

The use of non-essential cookies is based on your consent. You can review the cookies currently in use, withdraw your consent, and adjust your preferences at any time via the cookie settings symbol at the bottom-left of the portal.

c. External Media and Third-Party Services

The Career Portal integrates third-party services, such as embedded videos and maps, visitor analytics, document import integrations, and job advertising distribution. When these services are loaded, data such as your IP address and browser identifiers may be transmitted to the respective provider, in some cases through cookies, and in others through direct server requests or browser storage mechanisms that do not involve cookies at all.

Where your local law requires a legal basis for this, Nordex relies on your consent for analytics, media, and advertising-related services, and on its legitimate interest for services that are technically integral to the operation of the portal such as tag management.

3. Categories of Data Recipients

The recipients of your data are, internally, only the departments and persons responsible for the respective processing, as well as the following categories of external recipients:

Other entities within the Nordex Group, where they are involved in or have an interest in the recruitment process;
IT service providers and providers of applicant tracking, communication, HR, financial, and accounting software and recruitment tools;
Providers of website analytics, tag management, embedded media, job advertising distribution, and other digital services integrated into the Career Portal, who may receive technical data when their services are loaded. The service provider supporting our career website infrastructure and applicant tracking system is SAP Deutschland SE & Co. KG;
Providers of cloud storage and identity services, such as Google, where you choose to authenticate and import documents through the portal's document upload feature. In doing so, the provider receives confirmation of the authentication event, which may be associated with your use of the Career Portal;
Providers of background screening and verification services, to the extent permitted by applicable local law;
Providers of candidate experience and satisfaction measurement tools, recruitment agencies, and executive search firms engaged to support specific hiring processes;
Legal advisors or public authorities, where required by law or to defend legal claims.

Where any of the above recipients process personal data on behalf of Nordex, they are contractually required to process personal data only in accordance with our instructions and in compliance with applicable data protection laws.

Nordex does not sell your personal data, nor does it share it for cross-context behavioural advertising or any purpose other than those described in this Notice. We do not have actual knowledge that we sell or share personal data of applicants under the age of 16.

4. Transfer of Data to Third Countries

Personal data we collect may be transferred to and processed in countries other than your country of residence, including the United States and other countries whose data protection laws may differ from those in your jurisdiction. Where such transfers occur, Nordex ensures that appropriate safeguards are in place, which may include:

Adequacy decisions issued by a competent authority recognizing that the destination country provides an equivalent level of data protection;
Standard contractual clauses or equivalent contractual mechanisms approved under applicable law;
Certification schemes, such as the EU-U.S. Data Privacy Framework, where the recipient has certified accordingly; or
Other lawful transfer mechanisms recognized under applicable law in your jurisdiction.

For more information about the specific safeguards applicable to a particular transfer, please contact the relevant Data Protection Officer using the details in section 8.

5. Data Security

Nordex implements technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include encryption of data in transit using TLS, access controls limiting data access to authorized personnel only, and regular review of our security practices. The Career Portal is hosted on SAP SuccessFactors infrastructure, which maintains its own security certifications and controls.

If you create an account on the Career Portal, you play an important role in keeping your data secure by choosing a strong password, keeping it confidential, and logging out after each session. Please notify us immediately using the contact details in section 1 if you suspect that your account has been compromised or that your interaction with the portal is no longer secure.

6. Your Rights as a Data Subject

Nordex is committed to upholding your rights under applicable privacy law. Depending on your jurisdiction, you may have some or all of the following rights in relation to your personal data:

Be informed: You have the right to receive clear and transparent information about how your personal data is collected and used. This notice serves that purpose; you may request further details using the contact information in section 8.
Access: You may obtain confirmation of whether we process your personal data, receive a copy of it, and request information about its sources, purposes, recipients, and the specific data we hold about you.
Rectification: You may request that we correct any inaccurate or incomplete information we hold about you.
Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected.
Restriction: You may request that we limit how we use your data in certain circumstances.
Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transmitted directly to another controller.
Object: You may object to processing carried out on the basis of legitimate interests.
Opt-out of automated decision-making: You may request not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you.
Opt-out of sale or sharing: You may direct us not to sell or share your personal data. As stated in this notice, Nordex does not sell applicant personal data.
Withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
Lodge a complaint: You may file a complaint with the supervisory authority competent for your jurisdiction. If you are located in the European Economic Area, you can find a list of the available supervisory authority in this link.
Non-discrimination: You may exercise any of the above rights without being subjected to discriminatory treatment. Nordex will not take your exercise of data subject rights into account in any hiring or rejection decision.

Please note that not all of the above rights apply in every jurisdiction, and some rights may be subject to limitations or exceptions under applicable law. Additional rights may also apply depending on your location.

7. Exercising Your Rights

To submit a data subject request, please contact the relevant Data Protection Officer using the details in section 8. Authorized agents may also submit requests where permitted by applicable law.

To protect your personal data, we may need to verify your identity before acting on a request, which in some cases involves asking you to provide additional personal data. Where a request is submitted through an authorized agent, we may require proof of signed permission. We will respond to all requests in accordance with applicable law and will inform you if an exception applies or if we are unable to process your request.

8. Contact Details of our Data Protection Officer

In fulfilling our data protection obligations, we are supported by our Data Protection Officer, who can be reached at the following contact details:

Data Protection Officer for the Nordex Group (except Germany)

FIRST PRIVACY GmbH
Peter Suhren
E-Mail: office@datenschutz-nord.de
Web: www.first-privacy.com
Phone number: +49 421 69663280

Data Protection Officer Germany

datenschutz nord GmbH
Jennifer Jähn-Nguyen
E-Mail: office@datenschutz-nord.de
Web: www.datenschutz-nord-gruppe.de
Phone number: +49 421 6966320

Provider	Description	Enabled
YouTube	YouTube is a video-sharing service where users can create their own profile, upload videos, watch, like, and comment on videos. Opting out of YouTube cookies will disable your ability to watch or interact with YouTube videos. Cookie Policy Privacy Policy Terms and Conditions
Google Maps	Google Maps is used on the SuccessFactors career site to display interactive job location maps. This service is provided by Google LLC and may process personal data such as IP address and location-related data when the map is loaded.