Legal Information
Transparency and compliance are at the core of our business. Here you'll find all important legal documents and information.
Privacy Policy
NM-Bau GmbH
HRB 110502 (Local Court of Düsseldorf)
Hammerstr. 19, 40219 Düsseldorf, Germany
Phone: +49 211 54249800
Email (general): info@nmbau.com
Email (privacy): privacy@nmbau.com / datenschutz@nmbau.com
Last updated: 11 Oct 2025
1. Controller
NM-Bau GmbH, Hammerstr. 19, 40219 Düsseldorf, Germany
Phone: +49 211 54249800
Email: info@nmbau.com
2. Privacy Contact / (if applicable) Data Protection Officer
For any privacy questions, contact privacy@nmbau.com / datenschutz@nmbau.com
or by post to the address above (add “Privacy”).
If a formal DPO under Art. 37 GDPR is appointed, list their name and direct contact here.
3. Purposes, legal bases, and data categories
3.1 Visiting our website (server logs)
Data: IP address, date/time, pages/URLs accessed, referrer URL, browser/OS info.
Purpose: Technical delivery, stability, IT security, troubleshooting, aggregated stats.
Legal basis: GDPR Art. 6(1)(f) (legitimate interests).
Retention: Typically 11 days (then deletion or anonymization).
3.2 Contacting us (form, email, phone)
Data: Name/company, contact details, message contents, attachments.
Purpose: Handling enquiries, quotations, pre-contract/contract communication.
Legal basis: GDPR Art. 6(1)(b) (contract/steps prior thereto); alternatively Art. 6(1)(f) (legitimate interests in efficient communication).
Retention: For the handling period and as required by statutory retention rules.
3.3 Applications (by email/portal/post)
Data: Contact details, CV, qualifications, certificates, correspondence; please avoid sending special category data where possible.
Purpose: Assessing and deciding on employment.
Legal basis: GDPR Art. 6(1)(b) and German § 26(1) BDSG; if you provide additional optional data, we may rely on your consent (Art. 6(1)(a)/Art. 9(2)(a)).
Retention: 6 months after the process ends; longer talent-pool storage only with your consent (typically +6–12 months).
3.4 Customers, suppliers, project partners
Data: Contact and contract data, project/offer/invoice data.
Purpose: Contract execution, administration, legal compliance (tax etc.).
Legal basis: GDPR Art. 6(1)(b), Art. 6(1)(c), and Art. 6(1)(f).
Retention: Statutory retention periods (usually 6–10 years).
3.5 Newsletter/marketing (opt-in only)
Data: Email, optional name/company, interaction data.
Purpose: Sending information/offers.
Legal basis: GDPR Art. 6(1)(a) (consent); you can withdraw at any time.
Retention: Until withdrawal; evidence of consent may be stored for up to 3 years.
4. Cookies & similar technologies
We use strictly necessary cookies (e.g., session ID, consent state) to provide and secure the site.
Legal basis: GDPR Art. 6(1)(f).
Non-essential cookies (analytics/marketing/maps/video) are used only with your consent via our cookie banner (GDPR Art. 6(1)(a)). You can change choices anytime in the banner.
Example overview (adjust):
- nm_session (NM-Bau): essential session cookie – session
- nm_consent (NM-Bau): stores cookie preferences – 6–12 months
Add your real cookie names/lifetimes and any third-party providers (e.g., Matomo/GA4/Maps/YouTube/CDN).
5. Recipients and processors
- IT/hosting/security providers (data processing agreements per Art. 28 GDPR).
- Professional advisers as needed.
- Public authorities where legally required.
- Group companies/project partners where necessary and lawful (e.g., consent, contract).
6. International transfers
We aim to process data within the EEA. If transfers to third countries occur, we ensure appropriate safeguards (GDPR Art. 44 et seq., e.g., EU Standard Contractual Clauses).
List concrete providers/locations here if used.
7. Obligation to provide data / Automated decisions
Providing contact/application data may be necessary for the stated purposes.
We do not use automated decision-making including profiling under Art. 22 GDPR.
8. Security
We apply technical and organizational measures (access controls, encryption, hardening/monitoring) and review them regularly.
9. Your rights
You have the rights of access, rectification, erasure, restriction, data portability, and to object to processing based on legitimate interests, as well as the right to withdraw consent with future effect.
You may lodge a complaint with a supervisory authority (e.g., North Rhine-Westphalia data protection authority).
To exercise rights: privacy@nmbau.com / datenschutz@nmbau.com or by post (see above).
10. Changes
We may update this policy to reflect legal or technical changes.
The current version is published on this website.
GDPR Compliant
Fully compliant with EU data protection regulations
Transparent
Clear and honest communication about our practices
Updated
Documents regularly reviewed and updated