top of page
Data Technology

Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data that can be used to personally identify you. For detailed information on data protection, please refer to our full privacy policy listed below this text.

Data Collection on this Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the section “Information about the Responsible Party” in this privacy policy.

How do we collect your data?
Your data are collected partly when you provide them to us, for example, by entering information in a contact form. Other data are automatically collected or with your consent when you visit the website through our IT systems. These mainly include technical data (e.g., web browser, operating system, or time of page visit). The collection of this data occurs automatically as soon as you enter this website.

What do we use your data for?
Some data are collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts are concluded or initiated through the website, the transmitted data are also processed for contract offers, orders, or other service requests.

What rights do you have regarding your data?
You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of these data. If you have given consent to data processing, you may revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time regarding this and other questions about data protection.

2. Hosting

We host the content of our website with the following provider: WIX

The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter “WIX”). WIX is a tool for creating and hosting websites. When you visit our website, WIX analyzes user behavior, visitor sources, the region of website visitors, and visitor numbers. WIX stores cookies on your browser that are necessary for displaying the website and ensuring security (necessary cookies). The data collected via WIX can be stored on various servers worldwide, including servers in the USA.

For details, see WIX’s privacy policy: https://de.wix.com/about/privacy. According to WIX, data transfers to the USA and other third countries are based on the standard contractual clauses of the EU Commission or equivalent guarantees under Art. 46 GDPR. Details here: https://de.wix.com/about/privacy-dpa-users. Use of WIX is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the reliable presentation of our website. Where consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG, insofar as consent includes cookie storage or access to information on the user’s device (e.g., device fingerprinting). Consent can be revoked at any time. The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement ensuring compliance with European data protection standards in the USA. Certified companies commit to these standards. More information: https://www.dataprivacyframework.gov/participant/5626.

3. General Information and Mandatory Disclosures

Data Protection
The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy. When you use this website, various personal data are collected. Personal data are data that can personally identify you. This privacy policy explains what data we collect, how we use them, and for what purpose. It also explains how and why this occurs. Please note that data transmission over the Internet (e.g., via email) may have security gaps. Complete protection against third-party access is not possible.

Information about the Responsible Party
The responsible party for data processing on this website is:

NBS Northern Business School gGmbH
Wandsbeker Marktstraße 103–107
22041 Hamburg, Germany
Phone: (+49) 040 - 35 700 340
Email: info@nbs.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration
Unless a more specific storage period is mentioned in this privacy policy, your personal data will remain with us until the purpose of data processing ceases. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods). In the latter case, deletion will occur after these reasons no longer apply.

General Information on Legal Bases for Data Processing on the Website
If you have consented to data processing, we process your personal data based on Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data are processed. If you have explicitly consented to the transfer of personal data to third countries, processing is also based on Art. 49 para. 1 lit. a GDPR. If you have consented to cookie storage or access to information on your device (e.g., via device fingerprinting), processing is additionally based on §25 para. 1 TDDDG. Consent can be revoked at any time. If your data are required for contract fulfillment or pre-contractual measures, processing is based on Art. 6 para. 1 lit. b GDPR. Further processing may occur to comply with legal obligations (Art. 6 para. 1 lit. c GDPR) or based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Specific legal bases are detailed in the following sections of this privacy policy.

Recipients of Personal Data
In the course of our business activities, we work with various external entities. Personal data are only shared with external entities if required to fulfill a contract, if legally obliged (e.g., tax authorities), if we have a legitimate interest under Art. 6 para. 1 lit. f GDPR, or if another legal basis permits disclosure. When using processors, personal data are shared only under a valid data processing agreement. In cases of joint processing, a joint processing agreement is concluded.

Revocation of Consent for Data Processing
Many processing operations require your explicit consent. You can revoke a previously given consent at any time. The legality of data processing carried out before the revocation remains unaffected.

Right to Object to Data Collection in Certain Cases and to Direct Marketing (Art. 21 GDPR)
If processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The legal basis for processing is stated in this privacy policy. If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing is required to assert, exercise, or defend legal claims (Art. 21 para. 1 GDPR). If your personal data are processed for direct marketing, you have the right to object at any time to processing for such purposes, including profiling related to direct marketing (Art. 21 para. 2 GDPR).

Right to Lodge a Complaint with the Supervisory Authority
In case of GDPR violations, you have the right to lodge a complaint with a supervisory authority, especially in the member state of your usual residence, workplace, or the place of the alleged violation. This right exists independently of other administrative or judicial remedies.

Right to Data Portability
You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a common, machine-readable format. Direct transfer to another controller is possible if technically feasible.

Access, Correction, and Deletion
You have the right at any time, under applicable law, to free information about your stored personal data, their origin, recipients, and processing purpose, as well as the right to correction or deletion. You can contact us at any time regarding these rights or other questions about personal data.

Right to Restrict Processing
You have the right to request restriction of processing of your personal data. This applies in the following cases:

  • If you dispute the accuracy of your personal data stored with us, you can request restriction while we verify.

  • If processing of your personal data is/was unlawful, you can request restriction instead of deletion.

  • If we no longer need your personal data, but you require them to assert, exercise, or defend legal claims, you can request restriction instead of deletion.

  • If you have objected under Art. 21 para. 1 GDPR, a balance of interests must be made; until determined, you can request restriction.

Restricted data may only be processed – apart from storage – with your consent, to assert legal claims, to protect the rights of another person, or for important public interest reasons of the EU or a member state.

Review: 24.10.2025/ms

Bildschirmfoto 2025-08-22 um 17.27.14.png
To the website of the Federal Ministry of Research
To the website of the Federal Ministry of Research
To the website of the Federal Ministry of Research

Privacy Policy

Accessibility statement

imprint

KIWIT is an interdisciplinary and inter-university research network.

Funded by the Federal Ministry for Research, Technology and Space (BMFTR).

© 2025 NBS Northern Business School for KIWIT. Email: forschungsgruppe.kiwit[at]uol.de

bottom of page