Thank you very much for your interest in our company website. Since you are personally identifiable in your visit, we provide you with information on the requirements of the General Data Protection Regulation (GDPR). See section VI. Definitions for an explanation of the used terms.

I. Name and contact details of the responsible and authorized persons for the protection of personal data

Pursuant to Art. 4 Point 7 of the General Data Protection Regulation (GDPR), the administrator of personal data is:

Certa Personalmanagement GmbH
Wandsbeker Marktstr. 24-26
22041 Hamburg

Tel. +49 40 30090730
Fax +49 40 30090759

Person in charge: Swen Karbownik

We are not legally obliged to name the responsible person for the protection of personal data.

II. Processing of personal data, legal basis for processing, duration of storage

1. Use of our website

When you access our website from your device, information is automatically sent to the server from a browser. This information is temporarily stored in the so-called Logfile.

The following information is compiled without your intervention and stored until it is automatically deleted.

  • IP address of the requesting computer
  • language set in the browser
  • browser type used and the operating system of the computer in the appropriate version
  • whether Java-script and cookies are allowed
  • resolution as well as monitor size of the issuing device
  • date and time of access
  • your time zone
  • name of your access provider
  • name and URL of the data searched for
  • website from which access is made (referred URL)

These data are processed by us for the following purposes:

  • providing a seamless connection to the website
  • ensuring the good user experience of the website
  • assessment of system security and stability as well
  • other system-administrative goals, such as error reporting.

The legal basis for the processing of personal data is in accordance with Art. 6, item 1, letter f, of the GDRP.

Our legitimate interest stems from the aforementioned purposes of processing personal data. We do not in any way use the purpose data to draw conclusions about your personality.

After 7 days at the latest, the IP address used in connection with the operation of these websites is deleted from all systems. The remaining data can no longer be contacted by the user.

2. Data protection in the application and in the application process

We process applicants’ personal data for purposes related to the development of the application process. Processing can be done electronically.

This is especially the case when an applicant has submitted the relevant application documents electronically, for example by e-mail and through the web form available on our site.

When concluding an employment contract with one candidate, the information provided is stored for the purpose of developing employment relations and under the control of legal rules. If the data processing officer does not conclude an employment contract with the applicant, the application documents shall be deleted six months after the announcement of the decision to withdraw from the contract, unless there are other legitimate interests for the responsible person to prevent the deletion. In that sense, for example, they may be required to provide evidence in a proceeding under the General Act on Equal Treatment.

3. Cookies

Cookies are used on our website. These are small data that is automatically generated by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

Cookies contain information that is always displayed in relation to a particular device. However, this does not mean that we are directly receiving information about your identity.

The use of cookies on the one hand serves to make the use of our site more enjoyable for you. In this way we apply the so-called sessions cookies to recognize that you have already visited individual pages on our website.

We also use temporary cookies, which are stored on your device for a certain period of time, to help us recall user friendliness. When you re-visit our site to re-search our services, it automatically recognizes that you have already been to our website, as well as what data and settings were entered so you don’t have to re-enter.

The processed data through cookies is required for the stated purposes to preserve our legitimate interests as well as those of third parties in accordance with Art. 6, para. 1 (f) of the GDRP.

If you do not want cookies, you can disable the storage of cookies or receive a notification as soon as cookies are sent.

III. Recipients and recipient categories

1. Recipients 1: Plug-ins and Tools

No transfer of your personal data to third parties for purposes other than those listed, is carried out. Your personal data is transferred to third parties if:

  • you have given your explicit consent under Art. 6, para. 1 (a) of the GDRP,
  • is legally admissible and is not necessary for the development of contractual relations with you under Art. 6, para. 1 (а) of the GDRP.
  • there is a legal obligation to provide under Art. 6, para. 1, (c)
  • according to Art. 6, para. 1 (f) is compulsory for the validity, exercise or defense of legal claims, and there is no reason to believe that you have a legal interest in not providing your personal information.

a. Google Maps

This website uses Google Maps through the API. Provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

To use Google Maps features, it is necessary to store your IP address. As a rule, this information is transmitted and stored on a Google server in the USA. The provider of this site has no influence on the transmission of personal data.

The use of Google Maps is carried out in the interest of the targeted presentation of online offers and the ease of finding the sites assigned to our website. This is a legitimate interest under Art. 6, para. 1 (f) of the GDRP.

For more information on handling user data, please see the Google Privacy Policy:

b. Google Web Fonts

For the same presentation of font types, this website uses the so-called Web Fonts provided by Google. When you open a page, your browser loads the necessary Web Fonts in Browsercache to display the texts and fonts correctly.

For this purpose, the browser you are using must have a connection to Google’s servers. In this way, Google is informed that your IP address has opened our website. The use of Google Web Fonts is carried out in the interest of a uniform and purposeful presentation of our online offers. This is a legitimate interest within the meaning of Art. 6, para. 1 (f) of the GDRP.

If your browser does not protect Web Fonts, a standard font is used on your computer.

You can find more information about Google Web Fonts here: and in Google’s privacy policy:

IV. Rights of the persons concerned

As we process your personal data, you have the following rights:

1. Right of access

According to Art. 15 of the GDRP, you may request information about your personal data being processed. This right applies especially to information for the purposes of processing, the category of personal data, the category of recipients to whom your personal data are available or have been made available, the planned length of storage, the existence of the right to rectify, erase, limit processing or objection, the existence of a right of appeal, the origin of your information, not collected by us, and the existence of an automated individual decision-making incl. profiling and also requesting meaningful information about the details.

2. Right to rectification

According to Art. 16 you may immediately request the rectification of incorrect data or the addition of any data stored with us.

3. Right to erasure or “right to be forgotten”

According to Art. 17 of the GDRP, you may require the erasure of personal data stored with us insofar as the processing for exercising the right of free speech and information, for fulfilling a legal obligation based on public interest or for the validity, exercise or defense of legal claims.

4. Right to restriction of processing

According to Art. 18 of the GDRP, you may require the restriction of the processing of your personal data insofar as their accuracy is impaired or if the processing is unlawful, but you refuse to delete them, we no longer need the data, but you need them to assert, enforce or defend legal claims or object to their processing under Art. 21 of the GDRP.

5. Right to data portability

According to Art. 20 of the GDRP you can obtain your personal data available to us in a structured, accessible and recognizable format for all devices, or request their providing by an administrator.

6. The right to revoke the declaration of consent under data protection law

According to Art. 7 para. 3 of the GDRP, you may revoke your declaration of consent to the processing of personal data already given to us at any time. It follows that we can no longer continue to process your data based on this consent.

7. Right to lodge a complaint with a supervisory authority

According to Art. 77 of the GDRP, you may file a complaint with the competent supervisory authorities if you believe that the processing of your personal data is contrary to the provisions on personal data protection.

For example, you can do this with the competent supervisory authorities:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstraße 98
24103 Kiel

8. Right of object

In case your personal data are processed on the basis of legitimate interests according to Art. 6 (1) (f) of the GDRP, pursuant to Art. 21 of the GDRP you have the right to object to the processing of personal data if they are based on your particular situation or the objection is against direct advertising. In the latter case, you have a universal right of objection that can be applied without particulars of a particular situation.

If you wish to exercise your right of objection, you need only to send an e-mail to us.

9. Automated individual decision-making

As a responsible company, we opt out of automatic solutions or profiling.

V. Security of personal data

In your visit to our site, we use the SSL distribution encryption method (Secure Socket Layer). Whether a page is encoded on our web platform, you can tell by the character encoding in the bottom bar of your browser.

We work through appropriate technical and organizational security measures to protect your data from accidental or deliberate manipulation, partial or total loss, disintegration, or against unauthorized access by third parties. Our security measures are improved in a timely manner with technological developments.

VI. Definitions

This privacy statement is based on concepts from the general data protection regulation. The most important concepts are explained as follows:

Personal data

Personal data is all information relating to an identified or identifiable individual (hereinafter referred to as “the person concerned”). An identifiable person is an individual who, directly or indirectly, can be identified especially by classifying by name, distinguishing number, location data, online recognition, or by one or many special features, the expression of a natural, psychological, genetic, economic, cultural or social identity.

Concerned persons

Concerned person is any identifiable or with an ability to be an identifiable person whose personal data is processed by the administrator or the responsible person.


“Processing” is any process performed, with or without the aid of an automated procedure or a series of procedures that relate to personal data, such as processing, storing, adapting or modifying, retrieving, consulting, using, disclosing, transmitting, distributing or otherwise providing or combining, limiting, deleting or destroying personal data.

Restriction of processing

Restriction of processing is the marking of stored personal data in order to limit future processing.


‘Profiling’ means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal aspects relating to an individual, and in particular to analyze or forecast aspects relating to the performance of professional duties of that individual, his or her economic status, health, personal preferences, interests, reliability, behavior, location or movement.


‘Pseudonymisation’ means the processing of personal data in such a way that personal data can no longer be linked to a specific data subject without the use of additional information, provided that it is stored separately and is subject to technical and organizational measures with to ensure that personal data are not linked to an identified or identifiable individual

Administrators and responsible persons for the processing of personal data

‘Administrator’ means a natural or legal person, public authority, agency or other entity that independently or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the administrator or the specific criteria for determining it may be laid down in Union law or in a Member State law.

Personal data processor

‘Personal data processor’ means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the responsible person.


‘Recipient’ means a natural or legal person, public authority, agency or other entity to whom personal data are disclosed, whether a third party or not. At the same time, public authorities which may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as ‘recipients’.

Third parties

‘Third party’ means a natural or legal person, public authority, agency or other body other than the data subject, the administrator, the processor and the persons who, under the direct control of the administrator or the processor, have the right to process the personal data.


Consent is any voluntary declaration of will, in the form of a declaration or other unambiguous act of the person concerned, expressing his/her understanding of consent to the processing of personal data.

VII. Modification of the privacy statement

This privacy statement is from May 2018. The privacy statement may need to be modified in the course of the development of our website and its offerings, or on the basis of changed legal requirements. An up-to-date privacy statement can be found at any time on our site and printed.