Data Protection

This Privacy Policy serves to inform the users of the domain listed below, as well as its subdomains, about the type, scope and purpose of the collection and use of personal data:

We take the protection of your personal data very seriously. Therefore, we would like to explain to you how our services work and how the protection of your personal data is guaranteed. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this Privacy Policy. We only collect, process and use personal data if you have consented to this or if the law allows. Personal data is any information that is personally identifiable to you, e.g. name, address, e-mail address, user behaviour.

1. Controller

Produktionsbüro Romey von Malottky GmbH
Mönkedamm 9
20457 Hamburg
Tel: +49 (0)40 325857-0

2. Collection, processing and use of your personal data when visiting our website.
2.1. Our website can generally be used without providing personal data. Insofar as personal data (e.g. name, address or e-mail address) are collected on our sites, this is done on a voluntary basis as far as possible. These data will not be passed on to third parties without your express consent.

2.2. We would like to draw your attention to the fact that data transmission over the Internet (e.g. communication by e-mail) may be subject to security vulnerabilities. It is not possible to completely protect such data against access by third parties.

2.3. When you contact us by e-mail or via the contact form, the data you provide, such as your name, e-mail address, telephone number, request, as well as the documents you submit containing personal data, are stored by us in order to answer your questions. We erase the data gathered in this context after the storage is no longer necessary or restrict the processing if legal retention periods exist.

2.4. If our website is used for purely informational purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data in particular, which are technically necessary for us to display our website to you and to ensure its stability and security:

  • Visitor’s IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GTM)
  • “Request Line” from the client
  • Content of the request (specific page)
  • Access status/http-Statuscode
  • each transmitted data volume
  • Website, from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

3. Cookies
3.1. In order to make your visit to our website attractive and user-friendly and to enable the use of certain functions, we use so-called cookies. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the site that sets cookies (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. Cookies enable us, for example, to track and determine your preferences and to individually identify you during a visit to our website. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the joint session. This enables your computer to be recognised when you return to our website. Most of the cookies we use are deleted from your hard drive at the end of the browser session. The so-called permanent cookies (e.g. to identify you as a customer and to enable you to log in), on the other hand, remain on your computer and thus enable us to recognise you, for example, the next time you visit. We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

3.2. Some of the third-party services we have integrated may also use cookies. Please refer to the websites of the respective providers for information on the respective functioning and data processing. The services used can be found in this Privacy Policy.

3.3. You can configure your browser, as you wish, to notify you when you receive a cookie and only allow cookies in individual cases, to block cookies in certain cases or in general, and to automatically delete cookies when you close your browser. Please contact your browser provider for information on the specific procedure. Our website will still be accessible, but our service may only offer limited functionality or may not function at all.

4. Other functions and offers of our website
4.1. In addition to the use of our website for purely informational purposes, we offer various other services for your use if you are interested. You will usually have to provide further personal data which we use to provide the respective services and to which the aforementioned data processing principles apply.

4.2. In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

5. TLS encryption (HTTPS protocol)
To provide optimal protection for your transmitted data, we use TLS encryption. Encrypted connections have the prefix “https://“” in the page link in the address bar of your browser. Unencrypted pages are marked with “http://“”. Any data that you transmit to our website, for example when making enquiries or logging in, cannot be read by third parties thanks to TLS encryption.

6. Objection to and withdrawal of consent to the processing of your data
6.1. If you have given consent to the processing of your data, you can withdraw it at any time. Such withdrawal affects the admissibility of the processing of your personal data after you have given us consent.

6.2. You can object to the processing of your data if we base the processing on the balancing of interests. This is the case if the processing is not particularly necessary for the fulfilment of a contract with you, which is shown by us in each case in the following description of functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way that we have. In the event of your justified objection, we will review the situation and either discontinue or modify the data processing or show you our compelling legitimate grounds based on which we will continue the processing.

6.3. Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising by contacting us at:

7. Separate information on online applications
7.1. We process personal data that we receive or collect from you as part of the application process. In certain cases, we also collect data from other bodies. Relevant personal data are data from the application process, such as personal details (name, address and other contact details, date and place of birth and nationality), information relating to your professional career (e.g. education and training, certificates), performance records and assessments (e.g. from an assessment centre). This may also include special categories of personal data such as health information and job-related information that you have placed in the public domain, such as a professional profile on professional social media networks.

7.2. The processing of personal data (Art. 4 No. 2 EU-GDPR) is carried out to initiate the employment relationship (implementation of the application process). The legal basis for this is Art. 6 (1) lit b) EU-GDPR in conjunction with Section 26 of the German Data Protection Act (“Bundesdatenschutzgesetz” – BDSG). In addition, collective agreements (in particular works agreements and collective bargaining agreements) under Art. 6 (1) lit. b, Art. 88 (1) EU_GDPR in conjunction with Section 26 BDSG may also be used. Section 26 (4) BDSG may be used for processing. Finally, we process your personal data if you have given us your consent to do so (Art. 6 (1) lit. a, and Art. 7 EU_GDPR in conjunction with Section 26 (2) BDSG).

7.3. Where necessary, we also process your data to protect our legitimate interests. This applies in particular for the purpose of internal communication as well as for administrative purposes or in our defence against claims arising from the application process. A legitimate interest may be, for example, a burden of proof in proceedings under the General Equal Treatment Act (“Allgemeines Gleichbehandlungsgesetz” – AGG).

7.4. Insofar as you have given us your consent to process personal data for certain purposes (e.g. publication of photographic material for our company’s website), we process your data on this basis. This also applies in principle to health information (Art. 9 (2) lit. a and lit. b EU-GDPR in conjunction with Section 26 (3) BDSG), unless processing is based on legal requirements or is in the public interest. Once you have given your consent, you can withdraw it at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.

7.5. Within the company, entities who are required to fulfil our contractual and legal obligations (e.g. HR department, the respective manager) have access to your data.

7.6. We store your personal data for as long as is necessary for the decision to be made on your application. If we do not enter into an employment relationship with you, we may continue to store data beyond this insofar as is necessary for our defence against possible legal claims. The application documents will be erased no later than six months after notification of the rejection decision, unless they are required to be stored for longer due to legal disputes or because you have given your consent.

7.7. As part of the application process, you must provide the personal data that allow us to decide on the establishment of an employment process. Data will not be transferred to third countries (countries outside the European Economic Area – EEA).

7.8. As a general rule, we do not use fully automated decision-making pursuant to Art. 22 EU-GDPR to initiate and implement the employment relationship. If we use these procedures in individual cases, we will inform you separately if required to do so by law.

8. Integration of Google Maps
8.1. Type and scope of processing
Our website integrates content from Google Maps (from the company Google). By visiting a subpage of our website on which Google Maps is integrated, data about your behaviour when using Google Maps are sent to Google and processed by Google. The processing and transmission to Google does not take place automatically but exclusively through active clicks by the user. Only through this conscious use are data about your behaviour when using Google Maps sent to Google and processed by Google. For example, Google receives information that you have accessed the corresponding subpage of our website. The data processed by Google may include, in particular, your IP address and location which will not be collected without your consent (usually completed as part of the settings of your mobile devices).

8.2. Purpose and legal basis
Google processes these data as usage profiles and uses them for the purposes of market research and/or the needs-based design of Google Maps. If you are a Google customer and are logged into a Google service, these data will be directly linked to your Google account. If you do not want this to happen, you must log out of Google before visiting our website.
The processing of data is based on Art. 6 (1) lit. a) GDPR. This is the legal basis of our company for processing in which we obtain consent for a specific processing purpose. The provision of personal data is neither legally nor contractually required and is also not necessary to conclude a contract. You are also not obliged to provide your personal data. However, failure to provide these data may result in you not being able to use our website or not being able to use it to its full extent.

8.3. Storage period
If you wish to prevent your data from being shared, you cannot use the Google Maps functions. Irrespective of this, we recommend that you regularly log out of your user account after using a social network, but especially before activating integrated content, as this prevents your profile from being assigned to the respective provider.

9. Google services
Google offers numerous services and is affiliated with various companies. For this reason, they may exchange data with each other from time to time. When using certain Google services, your consent is required. Once you have given your consent, data will be transmitted to Google. We would like to point out that this involves the transfer of data to a third country (USA) using an unsecured level of data protection. If you do not want this to happen, please refrain from giving your consent. Further information regarding the services involved in data transfer to a third country lacking an adequate level of data protection based on your consent, the personal data that Google processes, etc., can be obtained from Google at

Further information on Google reCAPTCHA and Google’s privacy policy can be found at:

10. Use of jQuery and jQueryUI
Our website uses Ajax and jQuery or jQueryUI technologies, which optimise loading speeds. In this respect, program libraries are accessed from Google servers. Google’s CDN (content delivery network) is used. If you have previously used jQuery on another Google CDN page, your browser will revert to the cached copy. If this is not the case, a download is required, whereby data from your browser will be passed to Google LLC. (“Google”). Your data will be transferred to the USA.
You can find out more at: and by referring to the privacy policy ( of

Purpose and legal basis
Where cookies are technically necessary, the legal basis for the processing of personal data is Art. 6 (1) lit. f) GDPR. The service is integrated in our own interest in order to optimise the loading speed of our webpages.

Storage period
This information is erased as soon as the data transmitted to us via the cookies are no longer required to achieve the above purposes. This is the case after the session has ended (please enquire with controller).

11. Data Protection Officer
The Data Protection Officer of the controller is:

IBS data protection services and consulting GmbH
Tel: 040 / 540 90 97 80


12. Amendments to the Privacy Policy
Changes in the law or changes to our internal processes may make it necessary to modify this Privacy Policy. This Privacy Policy was last updated on 23 July 2020. We will keep you informed about significant modifications to our Privacy Policy on our website.

13. Your rights
13.1. You have the following rights with regard to your personal data:

  • right of access,
  • right to rectification or erasure,
  • right to restriction of processing,
  • right to objection to processing,
  • right to data portability.

13.2. The erasure of stored personal data takes place if you withdraw your consent to the storage or if knowledge of these data is no longer required to fulfil the purpose of the storage. However, the erasure will only take place after the expiry of the deadlines of the tax and commercial law regulations.

13.3. You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.