Icon-envelope Phone-alt

DATA SECURITY AT A GLANCE

PRIVACY POLICY

Privacy policy

General information

The following privacy policy in accordance with Art. 13 GDPR provides an overview of how we process your personal data when you visit our website.

The subject of data protection is personal data. According to Art. 4 No. 1 GDPR, this is all information relating to an identified or identifiable natural person. This includes, for example, details such as name, postal address, email address, or telephone number.

Below, we provide detailed information about how we handle your personal data.

 

Responsible person and data protection officer

The controller within the meaning of Art. 4 No. 7 GDPR is

NEXTTOP GmbH

Siemensstr. 57-59

48153 Münster

E-Mail: info@nexttop.de

Phone: +49 251 59060277

 

If you have any questions about data protection, please feel free to contact our data protection officer at any time:

Said-Elham Sadat

DSB Münster GmbH

Martin-Luther-King-Weg 42-44

48155 Münster

Phone: +49 251-71879-0

E-Mail: Datenschutz(at)dsb-ms.de

 

Scope and purpose of processing personal data

When you use this website, various personal data is collected. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

 

When visiting this website

 

Serverlogfiles

When you visit our website, the Internet browser you are using automatically sends data to our website server and stores it in a log file for a limited period of time. The following data is stored without further input from the visitor until it is automatically deleted:

  • IP address of the visitor's device,
  • Date and time of access by the visitor,
  • Name and URL of the page accessed by the visitor,
  • Website from which the visitor arrives at the website (“referrer URL”)
  • Browser and operating system of the visitor's device, as well as the name of the access provider used by the visitor.

The processing of this personal data is justified under Art. 6 (1) (f) GDPR. Our company has a legitimate interest in data processing for the purpose of

  • quickly establish a connection to the company's website,
  • to enable user-friendly use of this website,
  • to identify and ensure the security and stability of the systems and to facilitate and improve the administration of this website

Access to information on your end device is technically necessary in accordance with Section 25 (2) No. 2 TDDDG in order to provide the telemedia service you have expressly requested. The data will be deleted as soon as the purposes of data collection have been achieved. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of data storage in log files, this is the case after 7 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to assign the calling client.

 

Cookies

Cookies are small text files that your browser stores on your device when you visit a website. As soon as you visit our website, information is collected and stored via cookies. The advantage of cookies for you is that they enable us to make your browsing experience as positive as possible by recognizing your habits and needs. If you do not want cookies to be stored on your device, you can prevent this by adjusting your browser settings accordingly. Cookies that have already been stored can also be deleted there. However, if you deactivate technically necessary cookies, you will no longer be able to use this website to its full extent. The most common types of cookies are explained below for your understanding:

  • Session cookies: While you are active on a website, a session cookie is temporarily stored in your computer's memory, in which a session ID is stored to prevent you from having to log in again each time you change pages, for example. Session cookies are deleted when you log out or lose their validity as soon as your session has automatically expired.
  • Persistent cookies: A persistent cookie stores a file on your device for the period specified in the expiration date. These cookies enable websites to remember your information and settings the next time you visit. This results in faster and more convenient access, as you do not have to re-enter your language settings, for example. When the expiration date passes, the cookie is automatically deleted when you visit the website that created it.
  • Third-party cookies: Third-party cookies are stored and managed by partners. We use these cookies, for example, to perform statistical analyses on our websites or for marketing activities.
  • Technically necessary cookies: Technically necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website.

Some elements of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The cookies are deleted when the browser is closed. The legal basis for the processing of personal data using these technically necessary cookies is Art. 6 para. 1 lit. f) GDPR. The cookies serve our legitimate interest in enabling the use and provision of our website.

 

Social Media Channels

You can access our company profiles on Instagram, Facebook, Xing, and LinkedIn directly via our website and find out about the latest news from our company there. When you interact with our social media channels—for example, by liking, commenting, sharing posts, or sending messages—we process the personal data you provide to us. This includes your name, profile picture, the content of your comments, and technical usage data such as your IP address, browser type, and time of access.

The use of social networks is at your own risk, as the operators of the platforms also process personal data, the scope of which we have no influence over. In these cases, there is joint responsibility under data protection law. You can find information on this in the data protection notices of the respective platforms. We use your data to communicate with you, respond to inquiries, analyze the use of our channels, and optimize our content and advertising measures.

 

The legal basis for data processing is Art. 6 (1) (f) GDPR for the maintenance of our channels and Art. 6 (1) (a) GDPR for voluntarily provided data, for example through interactions. Your data will not be passed on to third parties unless platform operators process this data independently. If data is transferred to third countries, such as the USA, this is done using appropriate protective measures such as standard contractual clauses. You have the right to obtain information about your personal data stored by us at any time, as well as the right to have it corrected, deleted, or restricted. You can also withdraw your consent at any time. Further information on your rights and how to assert your rights on social media platforms can be found here:

 

Facebook: https://de-de.facebook.com/privacy/policy/

Instagram: https://help.instagram.com/155833707900388

LinkedIn: https://de.linkedin.com/legal/privacy-policy

XING: https://privacy.xing.com/de/datenschutzerklaerung

 

Wenn Sie Fragen zur Verarbeitung Ihrer personenbezogenen Daten im Zusammenhang mit unseren Social-Media-Kanälen haben oder Ihre Rechte wahrnehmen möchten, können Sie sich jederzeit an uns unter (datenschutz@dsb-ms.de) wenden.

 

In unserem Unternehmen

 

Contact

You can contact us at any time in various ways: by email, telephone, or via our web form. We process the personal data that you voluntarily provide us with when contacting us exclusively for the purpose of communicating with you individually.

This data is processed on the basis of Art. 6 (1) (b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest (pursuant to Art. 6 (1) (f) GDPR) in the effective processing of inquiries addressed to us or on your consent (§ 6 (1) (b) KDG) if this has been requested.

The data you provide will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.

 

Employee data

This data is processed for the purpose of fulfilling employment contracts and legal obligations. It is regularly transferred to social security institutions, tax authorities, and other agencies in order to fulfill legal obligations. The data is deleted after the statutory retention periods have expired. There is no automated decision-making, including profiling, for this purpose. The processing of this personal data is justified in accordance with Art. 88 GDPR in conjunction with §26 (1) BDSG-neu (German Federal Data Protection Act) and is based on Art. 6 (1) lit. b) and Art. 6 (1) lit. c) GDPR (contract fulfillment and legal obligation).

 

Clients data

This data is processed within the scope of executing our contracts with customers and implementing pre-contractual measures. The purposes of data processing are based on the needs of the customer and may also include sales/consulting discussions and similar activities. Furthermore, we process personal data for the initiation and fulfillment of contracts with suppliers and service providers on the basis of Art. 6 (1) lit. b) GDPR.

 

Applicant data

We offer you the opportunity to apply for a position with us (e.g., by email, post, or via our online application form). Below, we provide information about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions, and that your data will be treated as strictly confidential.

When you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. If we do not offer you a position, we may add you to our applicant pool. If you are included, all documents and information from your application will be transferred to the applicant pool so that we can contact you if suitable vacancies arise. The legal basis for this is Art. 6 (1) (b) GDPR (general contract initiation) and – if you have given your consent – Art. 6 (1) (a) GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.

If your application is successful, the data you submit will be stored in our data processing systems for the purpose of implementing the employment relationship on the basis of Section 26 of the German Federal Data Protection Act (BDSG) and Article 6(1)(b) of the GDPR. Inclusion in the applicant pool is based exclusively on your express consent in accordance with Article 6(1)(a) of the GDPR. The granting of consent is voluntary and is not related to the current application process. The data subject may revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided that there are no legal reasons for retention. If we are unable to offer you a position, you decline a job offer, or you withdraw your application, we reserve the right to store the data you have provided on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed.

The storage serves in particular for verification purposes in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies. Longer storage may also take place if you have given your consent (Art. 6 (1) (a) GDPR) or if statutory retention obligations prevent deletion. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

 

Legal basis for data processing

Unless the legal basis has already been specifically stated in Section 4, the following applies to data processing:

  • Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.
  • If the processing of personal data is necessary for the performance of a contract, whether paid or unpaid, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
  • If processing is necessary to fulfill a legal obligation to which we are subject, Art. 6 (1) (c) GDPR serves as the legal basis.
  • If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interests, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for processing.

Recipients or categories of recipients of the data

Within the company, only those departments that need your data to perform their tasks will receive it. Your personal data will not be transferred to third parties. Exceptions to this rule only apply if this is necessary for the execution of contractual relationships with you, if you have given your consent, if legal provisions require this, or if we are entitled to pass on the data. This includes, in particular, the transfer to service providers commissioned by us (e.g., processors) or other third parties whose activities are necessary for the execution of the contract (e.g., organizers, authorities, courts, experts, etc.). The transferred data may only be used by third parties for the purposes specified.

 

Processor

We pass on your data within the scope of order processing in accordance with Art. 28 GDPR to service providers who support us in operating our websites and the associated processes. These include, for example, hosting service providers. Our service providers are strictly bound by our instructions and are contractually obligated accordingly. Below, we list the processors with whom we work, if we have not already done so in the preceding text of the privacy policy. If data is transferred outside the EU or the EEA in this context, we provide information on the appropriate level of data protection.

 

Processor

               Purpose                                  

Adequate level of data protection

 

IONOS SE

Webhosting

Processing only within the EU/EEA

Storage period

Unless otherwise specified in this statement in individual cases, we only store personal data for as long as is necessary to fulfill the purposes pursued. Your personal data will be deleted as soon as the purpose of data processing no longer applies. If there are legitimate reasons for deletion within the meaning of Art. 17 (3) GDPR, such as a legal retention obligation, the processing of the data will be restricted during this period. A statutory retention obligation exists, for example, due to tax and commercial law documentation requirements. In these cases, the data will be deleted when the reason for further storage no longer applies, e.g., when the statutory retention period expires.

 

Rechte der betroffenen Personen

Within the framework of the applicable legal provisions, you have the right to information, correction or supplementation, deletion, data portability, restriction, and objection to the processing of your personal data. If you wish to exercise any of your data protection rights, we recommend that you first contact our data protection officer directly. This will enable us to resolve your request quickly and without bureaucracy. You can reach us by email at datenschutz@dsb-ms.de or in writing at the address given in the legal notice.

 

Right to information

You have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details. (Art. 15 GDPR)

 

Right to rectification or completion

Sie haben das Recht, unverzüglich die Berichtigung unrichtiger oder Vervollständigung Ihrer bei uns gespeicherten personenbezogenen Daten zu verlangen. (Art. 16 DSGVO)

 

Right to erasure

You have the right to request the deletion of your personal data stored by us, unless further processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims. (Art. 17 GDPR)

 

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you oppose its erasure and we no longer need the data, but you need it to assert, exercise, or defend legal claims, or you have objected to the processing pursuant to Art. 21 GDPR. (Art. 18 GDPR)

 

Obligation of the controller to provide information

If you have asserted your right to rectification, erasure, or restriction of processing against us, we are obliged to notify all recipients to whom we have disclosed your personal data of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients. (Art. 19 GDPR)

 

Right to data portability

You have the right to data portability, i.e. the right to have data stored by us about you transferred to you in a commonly used, machine-readable format. (Art. 20 GDPR) You also have the right to have your personal data, which we process on the basis of your consent or in fulfillment of a contract and in an automated manner, transferred to another controller in a commonly used, machine-readable format.

If you request the direct transfer of data to another controller, this will only be done to the extent that it does not restrict the rights and freedoms of other persons.

 

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. Or the processing serves to assert, exercise, or defend legal claims.

 

Right to withdraw consent

If we process your personal data on the basis of your consent, you have the right to revoke this consent at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent (e.g., statutory retention periods). Your revocation of consent does not affect the lawfulness of the processing that took place prior to your revocation.

 

Right to lodge a complaint with the supervisory authority

You also have the right to lodge a complaint with the competent data protection supervisory authority at any time. To do so, you can contact the data protection supervisory authority of the federal state in which you reside or the authority of the federal state in which the controller is based.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

 

Right to lodge a complaint with the supervisory authority

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2–4
40213 Düsseldorf
Telefon: 0211 / 38424-0
Fax: 0211 / 38424-10
E-Mail: poststelle@ldi.nrw.de
Web: https://www.ldi.nrw.de

 

Data security

We take technical and organizational measures to protect your data as comprehensively as possible from unwanted access. We use an encryption method on our websites. Your information is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the closed padlock symbol in the status bar of your browser and the address line beginning with https://.

Status and updates to this privacy policy

This privacy policy is current as of October 2025. We reserve the right to amend the privacy policy at regular intervals to reflect changes in the underlying data processing procedures or due to changes in the legal situation.

Scroll up

Bewerben Sie sich gerne!

Arrange a brief, non-binding consultation now.