Privacy Policy for the Nordex Group career pages

Thank you for visiting us and for your interest in a position within the Nordex Group. If you use the career pages and the functions offered, it will be necessary for Nordex SE or, in case you submitted your online application to one of our subsidiaries, the respective organization, to process your personal data.
We would therefore like to draw your attention to the following information in accordance with Article 13 of the General Data Protection Regulation (hereinafter referred to as "GDPR").

Name and Contact details of the Controller
Nordex SE
Langenhorner Chaussee 600
22419 Hamburg
Germany
Tel.: +49 – (40) – 300 30 – 1000
Fax: +49 – (40) – 300 30 – 1101
E-Mail: info@nordex-online.com

Processing of Personal data within the Career Pages

Access and Use
By accessing the career pages, usage data is automatically collected for the purpose of optimal delivery of the contents. Your Internet browser transmits this data to our web server and it may constitute personal data. These include:

  • The IP address of the requesting device
  • Date and time of the query
  •  The accessed page
  • The amount of data transferred
  • Source/reference from which you visit us (referrer URL)
  • The description of the web browser and operating system used; and
  • The access status (file transferred; file not found).

We also store the above data in order to be able to identify, limit and eliminate attacks on our websites. We delete this information as soon as it is no longer required to achieve the stated purposes. The legal basis is Article 6 paragraph 1 letter f of the GDPR. The overriding legitimate interest lies in ensuring the smooth function of our website.

Cookies
We use cookies on our career pages to enable the execution of certain functionalities. Depending on the purpose of use, small text files are stored on your end device either for the duration of the session or beyond and read out by us. Details of the cookies we use can be found in the table below.

1. JSESSIONID

  • Domain: jobs.nordex-online.com
  • Purpose: Single cookie placed on the user’s device during their session so the server can identify the user. Created as a session cookie whenever a user visits the Career Site. The value is not updated unless the current session ends, in which case a completely new JSESSIONID cookie is set.
  • Retention Period: Cookie expires when the browser session ends.
     

2. Load balancer cookie

  • Domain: jobs.nordex-online.com
  • Purpose: Cookie for session stickiness preventing a user from bouncing from one instance to another. Typically issued by F5 once, upon new entry to career site, if prior cookie doesn't exist.
  • Retention Perion: Cookie expires when the browser session ends.  
     

3. rmk12    

  • Domain: jobs.nordex-online.com
  • Purpose: A number that indicates if the user has acknowledged the cookies policy banner. If the cookie is not set, then the banner will be shown. If they cookie is set and its value is 1, the banner will be suppressed. This cookie will persist across user sessions, no matter which type of cookies are enabled sitewide. Created as a persistent cookie when the user acknowledges the cookies policy banner by either viewing the cookies policy or choose to dismiss the banner.
  • Retention Period: If Persistent, cookie doesn't expire. If Session, cookie expires when the session ends.

The legal basis for the storage of information or access to such information by means of cookies is to this extent, insofar as personal data is concerned, Article 6 paragraph 1 letter f of the GDPR. The legitimate interest required for this lies in the possibility of being able to determine certain technical attributes on our career pages.
We would also like to point out that you can always set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time by using the appropriate browser settings and prevent the setting of new cookies. Please note that our web pages may not be optimally displayed and some functions may no longer be available for technical reasons.

Maps
In some sub-pages, the map services "Google Maps" by Google Ireland Limited are embedded for the purpose of displaying interactive maps and creating directions. When you use the maps, e.g. by clicking on our locations listed there, we do not collect any data from you. However, since this service is embedded in our site, when you access the respective websites the content is automatically loaded and your usage data described above is transmitted to the provider for the purpose of carrying out the service. We have no influence on the further processing by Google Ireland Limited.
The legal basis for the data processing connected with the use of the map services is Article 6 paragraph 1 letter f of the GDPR. The legitimate interest required for this lies in the optimization of our websites through localization and visualization of our companies and vacancies.

Embedded videos
We have embedded in some sub-pages of our websites YouTube videos from the provider Google Ireland Limited. When accessing these pages, the content is automatically loaded and your usage data is transmitted to the provider to carry out the service. To protect your privacy, however, all of these videos are embedded in the so-called "extended data privacy mode", so that no cookies are stored.
The legal basis is Article 6 paragraph 1 letter f of the GDPR. The embedding of YouTube videos serves the company presentation and is done in the interest of optimizing our websites.

Online Application
Within the career pages, you have the opportunity to apply to the vacancy of your interest in the Nordex Group, after registering by entering your data in the fields marked as "mandatory" in the application form and uploading your documents. In doing so, we generally record the following categories and types of data using the information and documents you provide:

  • Personal data (e.g. title, first and last name)
  • Contact details (address, e-mail)
  • Qualification data (e.g. career, references, certifications, knowledge relevant to the profession)
  • Content data (information in your cover letter and resume)
     

Additionally, further data relating to you from job interviews may be processed in the further stages of the application process. In individual cases, we also collect details of your bank account if, for example, travel expenses are to be reimbursed.
We process this information solely for the purpose of managing your application by you and by us, organizing the selection process and assessing your suitability for the vacant position.
The legal basis is, with regard to the registration, Article 6 paragraph 1 letter b of the GDPR and, to the extent of the application form and your uploaded documents contain mandatory information, as well as the content from the job interviews and , where relevant, your bank details, Article 88 paragraph 1 GDPR in conjunction with Article 26 paragraph 1 sentence 1 of the Federal Data Protection Act or, if you apply to one of our companies outside Germany, Article 6 paragraph 1 letter b DSGVO and, if applicable, Article 88 paragraph 1 DSGVO in conjunction with local regulations.
If you have also voluntarily provided us with additional content, such as images or non-mandatory information, the legal basis is your revocable consent in accordance with article 6 paragraph 1 letter a and 7 GDPR.
We will of course process your data in a confidential manner. Applications received by us will be processed exclusively by Nordex SE and the respective company and disclosed internally only to the responsible offices and designated persons.
The data collected in this respect will be deleted as soon as the purpose for processing the data is no longer applicable and no legal storage obligations or legitimate interests prevent their deletion.
In the event that your application process is discontinued, your personal data will be deleted no later than three months after the letter of refusal is sent. The basis for the storage of your data beyond the end of the application procedure is our legitimate interest in being able to defend ourselves against possible claims. Your user account will also be deleted after this period.  
In individual cases, certain data may be stored for longer periods (e.g. travel expense). The duration of storage depends on the retention periods under commercial and tax law and can personal data related to these categories may be up to 10 years.       
Finally, your data can also be retained if we have obtained your consent in individual cases.    

Notification of job advertisements
If you have registered for the notification function, we will process your name and your e-mail-address in order to keep you electronically informed about jobs within the group that are of interest to you.
Processing will then be based on your revocable consent in accordance with article 6 paragraph 1 letter 1 a and 7 GDPR.

Data Recipients
The recipients of your data are, internally only the departments and persons responsible for the respective processing, as well as external service providers who support us in the provision of the career websites and the related processes on the basis of a data processing agreement. In concrete terms these are:

  • The service provider SAP Deutschland SE &Co. KG
     

Data will only be transmitted to third parties if this is explicitly mentioned elsewhere in this privacy policy.

Transfer of data to third countries
If you are a resident in the European Union (EU) or the European Economic Area (EEA) and send your application to one of our organisations outside the EU or EEA, your data will be transferred to a third country. This transfer is necessary for the implementation of a pre-contractual measure within the meaning of Article 49 paragraph 1 letter b of the GDPR.   We also ensure that an adequate level of data protection is guaranteed by concluding the standard contractual clauses.

Data Security
In order to protect your data as comprehensively as possible from unwanted access, we have implemented technical and organizational measures, such as the use of a state-of-the-art encryption method. Your data will therefore be transferred from your computer to our server and vice versa via the Internet using TLS encryption.

Your rights as a data subject
As a data subject, you have the right to obtain information about the personal data we process about you (Article 15 GDPR). In the event that the information processed is incorrect, you can request that it be corrected (Article 16 GDPR). If the conditions are met, you also have the right to have your data deleted (Article 17 GDPR) and to restrict processing (Article 18 GDPR) and, in accordance with Article 20 GDPR, to have your data transferred.
If your data are processed in accordance with Article 6 paragraph 1 letter f of the GDPR, to protect our legitimate interests, you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process your personal data unless there are demonstrably compelling reasons for processing, which are subject to protection and which outweigh your interests, rights and freedoms or unless the processing serves to assert, exercise or defend legal claims.
When the data processing is based on your consent, you are entitled to withdraw your consent under Art. 7 para. 3 of the GDPR at any time, the withdrawal of your consent shall not affect the lawfulness of processing before its withdrawal.

Right to lodge a complaint to a supervisory authority
Furthermore, as a data subject, you have the right to complain to a supervisory authority if you believe that the processing of data concerning you is in breach of data protection legislation. In particular, the right to complain may be exercised before a supervisory authority in the Member State in which you are resident or in which you work or in which the alleged breach occurs.

Contact details of our data protection officer
In fulfilling our data protection obligations, we are supported by our data protection officer, who can be reached at the following contact details:

Data Protection Officer for the Nordex Group (except Germany)

FIRST PRIVACY GmbH
Peter Suhren
E-Mail: office@datenschutz-nord.de
Web: www.first-privacy.com
Phone number: +49 421 69663280

Data Protection Officer Germany

datenschutz nord GmbH
Jennifer Jähn-Nguyen
E-Mail: office@datenschutz-nord.de
Web: www.datenschutz-nord-gruppe.de
Phone number: +49 421 6966320