Zum Hauptinhalt springen
Back to home

Privacy Policy

1. Privacy at a glance

General information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on data protection can be found in our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by danad GmbH as the website operator. You can find the full contact details in the section "Controller" of this privacy policy as well as in our imprint.

How do we collect your data?

Your data is collected, on the one hand, by you providing it to us, e.g. when you send us an email or apply for a position. Other data is collected automatically or with your consent when you visit the website through our IT systems. This is mainly technical data (e.g. internet browser, operating system, IP address, time of page access). The collection of this data takes place automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors and to guarantee its secure operation. Other data may be used – only after your express consent via our cookie banner – to analyse your user behaviour. No reach measurement takes place without your consent.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2. Controller and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations (in particular GDPR, BDSG and TDDDG) as well as this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Controller

The controller responsible for data processing on this website within the meaning of the GDPR is:

danad GmbH
Max-Josef-Metzger-Straße 21
86157 Augsburg

Phone: +49 821 999686-0
E-Mail: info@danad.de
Internet: www.danad.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Data Protection Officer

Pursuant to Art. 37 GDPR and § 38 BDSG, we are not obliged to appoint a Data Protection Officer. For all questions regarding data protection, the exercise of your rights as a data subject or data protection incidents, please contact the controller named above directly or write to info@danad.de.

General storage period

Unless a more specific storage period has been mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing it (in particular commercial and tax retention obligations of 6 or 10 years under §§ 147 AO, 257 HGB).

3. Your rights as a data subject

You have the following rights against us at any time with regard to the personal data concerning you:

Right to withdraw consent (Art. 7 (3) GDPR)

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time for the future. The lawfulness of data processing carried out until revocation remains unaffected. For consents relating to cookies/tracking, please use the "Cookie settings" link in the footer or adjust your consent directly via the Cookiebot banner.

Right to object (Art. 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR (legitimate interest). This also applies to profiling based on these provisions. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority

In the event of infringements of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. The authority competent for us is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany (https://www.lda.bayern.de). The right to complain exists without prejudice to any other administrative or judicial remedy.

Right to data portability (Art. 20 GDPR)

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.

Access, rectification and erasure (Art. 15, 16, 17 GDPR)

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to rectification of inaccurate data or erasure of this data. You can contact us at any time for this and for further questions on the subject of personal data.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful, we no longer need the data, or you have objected. You can contact us at any time for this.

4. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the site operator, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties. The encryption is provided via our CDN provider Cloudflare (see section "Hosting and content delivery").

5. Hosting, domain and server log files

For the operation of this website we use infrastructure and services from several providers. Below you will find a transparent list of all service providers involved that may come into contact with the processing of your data.

Domain registration (IONOS)

The domain danad.de is registered with IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. Within the scope of domain administration, master data of danad GmbH (e.g. registrant information) is processed. IONOS does not process any personal data of our website visitors within the scope of the domain registration.

IONOS processes the data exclusively within the European Union. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with IONOS.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operating our own domain and a professional online presence).

Hosting and Content Delivery Network (Cloudflare)

This website is delivered via Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA ("Cloudflare"). Cloudflare acts as a Content Delivery Network (CDN) and hosting platform (via Cloudflare Workers). In addition, Cloudflare provides security, TLS termination, bot and DDoS protection functions.

When you visit our website, all requests are routed through Cloudflare's infrastructure. In doing so, technically necessary connection data is processed, in particular IP address, date and time of access, HTTP method and URL accessed, referrer URL, browser used (user agent), operating system, language settings and the amount of data transferred. This data is required to enable the delivery of the website and to protect it from attacks.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure, fast and efficient provision of our website as well as in the defence against attacks).

Data transfer to third countries: Cloudflare also processes data in the USA. An adequacy decision of the European Commission of 10 July 2023 exists for the USA (EU-US Data Privacy Framework, DPF). Cloudflare is certified under the EU-US Data Privacy Framework. For transfers to other third countries, EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR) serve as an additional basis.

Data processing: A data processing agreement pursuant to Art. 28 GDPR has been concluded with Cloudflare.

Further information can be found in the Cloudflare privacy policy.

Server log files

Each time our website is accessed, our infrastructure provider Cloudflare automatically collects information in so-called server log files. This includes: IP address (shortened or full), date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, operating system, referrer URL and requesting host.

This data cannot be assigned to specific persons. danad GmbH does not merge this data with other data sources. Server logs are typically stored at Cloudflare for up to 30 days and are then automatically deleted or aggregated. Longer storage only takes place on a case-by-case basis in the event of security-relevant incidents (e.g. attacks).

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the technically error-free presentation, optimisation and security of our website).

6. Communication and contact

Inquiries by email and telephone

If you contact us by email (e.g. at info@danad.de) or by telephone, your inquiry including all resulting personal data (in particular name, email address, telephone number, content of the inquiry) will be stored and processed by us for the purpose of processing your concern.

This website itself currently does not include its own online contact form. Contact is made exclusively via the displayed email addresses and telephone numbers.

Legal basis: Art. 6 (1) (b) GDPR if your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if you have given it.

Storage period: We store your inquiry until the purpose for data storage no longer applies (e.g. after completed processing) or you request us to delete it. Mandatory statutory retention obligations – in particular the commercial and tax retention periods of 6 or 10 years (§§ 147 AO, 257 HGB) – remain unaffected.

Email processing via Microsoft 365 / Exchange Online

For the receipt, sending and administration of our business emails we use Microsoft 365 / Exchange Online from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. When you send us an email (e.g. to info@danad.de or karriere@danad.de), content, metadata (sender, recipient, timestamp, subject) and any attachments are processed and stored in Microsoft's cloud infrastructure.

A data processing agreement (Microsoft Products and Services Data Protection Addendum, DPA) pursuant to Art. 28 GDPR has been concluded with Microsoft Ireland Operations Limited. Microsoft uses a combination of data centres in the EU ("EU Data Boundary") and infrastructure in the USA.

Data transfer to third countries: Despite the EU Data Boundary, data may be transferred to Microsoft Corporation in the USA. Microsoft Corporation is certified under the EU-US Data Privacy Framework. In addition, EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR) are agreed as a basis for third-country transfers.

Applications (careers page)

On our careers page we offer you the opportunity to apply for advertised positions via email (karriere@danad.de). In doing so, we process the application documents and data you provide, in particular: name, contact details, cover letter, CV, certificates, qualifications, previous activities and other information you voluntarily provide.

The processing of your applicant data takes place for the purpose of conducting the application procedure and deciding on the establishment of an employment relationship. Email sending and receipt takes place via Microsoft 365 / Exchange Online (see above).

Legal basis: § 26 (1) BDSG in conjunction with Art. 88 GDPR (data processing for the purposes of the employment relationship), Art. 6 (1) (b) GDPR (initiation of an employment contract) and – insofar as you voluntarily provide further information – Art. 6 (1) (a) GDPR (consent). For special categories of personal data (e.g. health data, severe disability), Art. 9 (2) (b) GDPR additionally applies.

Storage period: If no employment relationship is established, your application documents will be deleted at the latest 6 months after completion of the application procedure, in order to be able to comply with any statutory evidence obligations (in particular from the AGG). Longer storage only takes place with your express consent (e.g. inclusion in our talent pool) or if we are legally obliged to keep the data longer. In case of successful hiring, the application documents will be transferred to the personnel file.

7. Cookies and consent management

With the exception of technically necessary cookies, our website only sets cookies or comparable technologies (e.g. localStorage) if you have given your consent via our consent banner. This corresponds to the requirements of § 25 TDDDG in conjunction with the GDPR.

Consent management with Cookiebot

This website uses the cookie consent technology of Cookiebot, a product of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark ("Cookiebot"), to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection regulations.

When you access our website, a randomly generated anonymous ID (CookieConsent ID), your consent decision per category, date/time of consent and your IP address (for computational purposes, not for storage) are processed by Cookiebot. The consent data is processed by Cookiebot in data centres within the European Union.

The consent data is stored for a period of 12 months; after that, the consent expires and you will be asked for consent again. You can revoke or adjust your consent at any time (see below). Mandatory statutory retention periods remain unaffected.

The legal basis for the use of Cookiebot is Art. 6 (1) (c) GDPR in conjunction with § 25 (1) TDDDG (obligation to provide evidence for the collection of effective consent) and Art. 6 (1) (f) GDPR (legitimate interest in legally compliant cookie management). A data processing agreement pursuant to Art. 28 GDPR has been concluded with Usercentrics/Cookiebot.

Further information can be found in the Cookiebot privacy policy.

Cookie categories

We use the following cookie categories on our website:

  • Necessary cookies: These cookies are technically required for the operation of the website and cannot be disabled. This includes in particular the cookie for storing your cookie consent (Cookiebot) as well as technically necessary session information. Legal basis: § 25 (2) No. 2 TDDDG, Art. 6 (1) (f) GDPR.
  • Statistics cookies: These cookies help us understand how visitors interact with the website by collecting and evaluating information anonymously (currently: Google Analytics 4, see section "Analytics and third-party tools"). These cookies are only set after your express consent. Legal basis: Art. 6 (1) (a) GDPR, § 25 (1) TDDDG.

You can adjust or revoke your cookie settings at any time via the "Cookie settings" link in the footer of our website or via the following .

Cookies used (automatically updated)

The following overview transparently lists all cookies used on this website, their purpose, storage duration and the respective provider. The list is kept up to date automatically by the regular Cookiebot cookie scan.

8. Analytics and third-party tools

We use the following analytics and third-party tools. All tools that use cookies or comparable technologies are activated exclusively after your prior consent via our consent banner (§ 25 (1) TDDDG, Art. 6 (1) (a) GDPR).

Google Consent Mode v2

For the technical implementation of your cookie consent, we use Google Consent Mode v2. This ensures that all tracking signals (e.g. analytics_storage, ad_storage, ad_user_data, ad_personalization) are set to "denied" by default. Only when you give the corresponding consent in our consent banner are the affected signals set to "granted" and the associated services are allowed to set cookies or transmit data.

Before consent, no identifying cookies are set and no personal data is transmitted to Google. Google can only receive aggregated, anonymised signals for modelling purposes ("Consent Mode pings") – this serves exclusively statistical measurement and does not allow identification of individual users. As of March 2026, Consent Mode v2 is mandatory for all Google tracking integrations within the EU/EEA.

Google Tag Manager

We use Google Tag Manager from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Tag Manager is a tag management system through which we can uniformly manage tracking and statistics tags (currently: Google Analytics 4). Google Tag Manager itself does not set its own cookies and does not collect personal data for tracking purposes.

When the Tag Manager script is loaded, however, your IP address is transmitted to Google servers (primarily within the EU, and if necessary forwarded to Google LLC, USA). Tag Manager is only loaded after you have given your consent to the "Statistics" category via our consent banner.

Legal basis: Art. 6 (1) (a) GDPR and § 25 (1) TDDDG (consent).

Google Analytics 4 (GA4)

We use Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Analytics 4 uses cookies and similar technologies that enable an analysis of the use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google LLC server and processed there.

We have activated IP anonymisation in Google Analytics (anonymize_ip: true); your IP address will therefore be shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area before being transferred to the USA. The cookies are set with the flag SameSite=None;Secure. In particular, the following data is collected: pseudonymous user ID, page views, time spent, click paths, device category, operating system, browser type, approximate location (country/city based on shortened IP), referrer and screen resolution.

Google Analytics is only activated after you have explicitly agreed to the setting of statistics cookies via our consent banner. Before your consent, no cookies are set and no identifying data is transmitted to Google (see "Google Consent Mode v2"). A data processing agreement (Google Ads Data Processing Terms) pursuant to Art. 28 GDPR has been concluded with Google Ireland Limited.

Legal basis: Art. 6 (1) (a) GDPR and § 25 (1) TDDDG (consent).

Storage period: User and event data is stored by Google for 14 months from the last activity of the user and is then automatically deleted. Aggregated report data (without personal reference) may be retained longer. You can revoke your consent to the setting of the statistics cookies at any time via the "Cookie settings" link in the footer.

Data transfer to third countries: Google LLC is certified under the EU-US Data Privacy Framework (adequacy decision of the EU Commission of 10 July 2023). In addition, EU Standard Contractual Clauses are agreed as the basis for third-country transfers.

Further information can be found in the Google privacy policy.

Cloudflare Turnstile (spam and bot protection)

Where forms are used on our website (e.g. a contact or application form), we protect them against automated abusive entries (spam, bots) by means of Cloudflare Turnstile from Cloudflare, Inc. (see section "Hosting, domain and server log files"). Turnstile is a privacy-friendly alternative to Google reCAPTCHA: no advertising cookies are set, no cross-site tracking is carried out and no personal data is transmitted to Google.

When the Turnstile widget is displayed, technical data such as IP address, user agent, behavioural signals (e.g. mouse movements, interactions with the widget) and non-personal browser environment data (e.g. installed fonts, canvas characteristics, language settings) are transmitted to Cloudflare in order to check whether the request originates from a human. This data is used exclusively for challenge evaluation and is not used for profiling.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in protecting our forms and IT systems against spam and bot attacks). Turnstile is classified as a technically necessary protection service and does not require separate consent (§ 25 (2) No. 2 TDDDG).

Data transfer: Processing takes place within Cloudflare's infrastructure. For any data transfers to the USA that may occur there, the safeguards mentioned in the section "Hosting, domain and server log files" apply (EU-US Data Privacy Framework as well as EU Standard Contractual Clauses).

Google Fonts (self-hosted)

This site uses Google Fonts for uniform font display. The fonts used (Plus Jakarta Sans) are served exclusively locally from our own servers via the Cloudflare CDN. No connection is made to Google servers when loading the fonts, no IP addresses or other personal data are transmitted to Google.

9. Automated decision-making and profiling

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place on this website. We do not use the data collected via this website for automated individual decisions that would have a legal effect on you or significantly affect you in a similar way.

10. Data transfer to third countries (summary)

In the context of the services described above, data may be transferred to countries outside the European Union and the European Economic Area (in particular to the USA). This particularly affects the services Cloudflare, Microsoft 365 and Google (Analytics / Tag Manager).

For data transfers to the USA, an adequacy decision of the European Commission has been in place since 10 July 2023 (EU-US Data Privacy Framework, DPF). All of the US service providers mentioned are certified under the DPF. As an additional safeguard, we have concluded EU Standard Contractual Clauses (SCC) pursuant to Art. 46 (2) (c) GDPR with all relevant service providers.

Despite these safeguards, when transferring to the USA there is a residual risk that US security authorities (in particular on the basis of FISA Section 702 and Executive Order 12333) may access data without the persons concerned in the EU having effective legal protection against this. By using the website as well as by granting a cookie consent, you consent to this data transfer (Art. 49 (1) (a) GDPR as an additional legal basis, insofar as applicable).

11. Validity and amendment of this privacy policy

This privacy policy is currently valid and has the status shown above. Due to the further development of our website and offers or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed and printed by you at any time at www.danad.de/datenschutz.

Last updated: April 2026