NM-Bau GmbH

HRB 110502 (Local Court of Düsseldorf)

Hammerstr. 19, 40219 Düsseldorf, Germany

Phone: +49 211 54249800

Email (general): info@nmbau.com

Email (privacy): privacy@nmbau.com / datenschutz@nmbau.com

Last updated: 11 Oct 2025

1. Controller

NM-Bau GmbH, Hammerstr. 19, 40219 Düsseldorf, Germany

Phone: +49 211 54249800

Email: info@nmbau.com

2. Privacy Contact / (if applicable) Data Protection Officer

For any privacy questions, contact privacy@nmbau.com / datenschutz@nmbau.com

or by post to the address above (add “Privacy”).


If a formal DPO under Art. 37 GDPR is appointed, list their name and direct contact here.

3. Purposes, legal bases, and data categories

3.1 Visiting our website (server logs)

Data: IP address, date/time, pages/URLs accessed, referrer URL, browser/OS info.

Purpose: Technical delivery, stability, IT security, troubleshooting, aggregated stats.

Legal basis: GDPR Art. 6(1)(f) (legitimate interests).

Retention: Typically 11 days (then deletion or anonymization).

3.2 Contacting us (form, email, phone)

Data: Name/company, contact details, message contents, attachments.

Purpose: Handling enquiries, quotations, pre-contract/contract communication.

Legal basis: GDPR Art. 6(1)(b) (contract/steps prior thereto); alternatively Art. 6(1)(f) (legitimate interests in efficient communication).

Retention: For the handling period and as required by statutory retention rules.

3.3 Applications (by email/portal/post)

Data: Contact details, CV, qualifications, certificates, correspondence; please avoid sending special category data where possible.

Purpose: Assessing and deciding on employment.

Legal basis: GDPR Art. 6(1)(b) and German § 26(1) BDSG; if you provide additional optional data, we may rely on your consent (Art. 6(1)(a)/Art. 9(2)(a)).

Retention: 6 months after the process ends; longer talent-pool storage only with your consent (typically +6–12 months).

3.4 Customers, suppliers, project partners

Data: Contact and contract data, project/offer/invoice data.

Purpose: Contract execution, administration, legal compliance (tax etc.).

Legal basis: GDPR Art. 6(1)(b), Art. 6(1)(c), and Art. 6(1)(f).

Retention: Statutory retention periods (usually 6–10 years).

3.5 Newsletter/marketing (opt-in only)

Data: Email, optional name/company, interaction data.

Purpose: Sending information/offers.

Legal basis: GDPR Art. 6(1)(a) (consent); you can withdraw at any time.

Retention: Until withdrawal; evidence of consent may be stored for up to 3 years.

4. Cookies & similar technologies

We use strictly necessary cookies (e.g., session ID, consent state) to provide and secure the site.

Legal basis: GDPR Art. 6(1)(f).

Non-essential cookies (analytics/marketing/maps/video) are used only with your consent via our cookie banner (GDPR Art. 6(1)(a)). You can change choices anytime in the banner.

Example overview (adjust):

- nm_session (NM-Bau): essential session cookie – session

- nm_consent (NM-Bau): stores cookie preferences – 6–12 months

Add your real cookie names/lifetimes and any third-party providers (e.g., Matomo/GA4/Maps/YouTube/CDN).

5. Recipients and processors

- IT/hosting/security providers (data processing agreements per Art. 28 GDPR).

- Professional advisers as needed.

- Public authorities where legally required.

- Group companies/project partners where necessary and lawful (e.g., consent, contract).

6. International transfers

We aim to process data within the EEA. If transfers to third countries occur, we ensure appropriate safeguards (GDPR Art. 44 et seq., e.g., EU Standard Contractual Clauses).

List concrete providers/locations here if used.

7. Obligation to provide data / Automated decisions

Providing contact/application data may be necessary for the stated purposes.

We do not use automated decision-making including profiling under Art. 22 GDPR.

8. Security

We apply technical and organizational measures (access controls, encryption, hardening/monitoring) and review them regularly.

9. Your rights

You have the rights of access, rectification, erasure, restriction, data portability, and to object to processing based on legitimate interests, as well as the right to withdraw consent with future effect.

You may lodge a complaint with a supervisory authority (e.g., North Rhine-Westphalia data protection authority).

To exercise rights: privacy@nmbau.com / datenschutz@nmbau.com or by post (see above).

10. Changes

We may update this policy to reflect legal or technical changes.

The current version is published on this website.