Talk to a specialist

Privacy Policy

Thank you for visiting our website. In the privacy policy, we would like to inform you about the handling of your data in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR).

​​Controller Information

The controller for the data processing described below is named in the imprint. You can also find the corresponding contact details there.

Note: Select a section to read more about our data processing.

Data protection on our website

Data security

In order to protect your data as comprehensively as possible from undesired access we take technical and organizational measures. We use an encryption method on our website. Your information are transmitted from your computer to our server and vice versa via the internet using a TLS encryption. In general you can detect this by the padlock symbol in the status bar of your browser and by the fact that the address line starts with https://.

When you visit our website

When you visit our website, our web server temporarily evaluates the usage data for statistical purposes in order to improve the quality of our website. This data record comprises

  • the name and the address of the requested content,
  • the date and time of the query,
  • the transmitted data amount,
  • the access status (contents transmitted, content not found),
  • the description of the web browser and the operating system used,
  • the referral link specifying from which site you accessed our site,
  • the IP address of the querying computer, shortened in such a way that it is not possible to reference an individual person.

These listed log data are only evaluated in an anonymous manner.

When you enter data to web forms

To protect our web forms from automated requests, we use a so-called Captcha. Within the scope of the captcha function, you may be asked to solve tasks or click on checkboxes. The user input made in this context and possibly also the mouse movements are used to assess whether the input originates from a human or an automated program.

The data processing is carried out on the basis of Art. 6 (1) (f) GDPR and in the legitimate interest of protection against spam and abuse as well as ensuring the security of our systems.

If you do not wish this data processing, please refrain from using our web forms.

We are supported in the provision and evaluation of the captcha by a processor bound by instructions. A data processing agreement has been concluded.

Content Delivery Network

We use the Content Delivery Network (CDN) and security services provided by Cloudflare to ensure the fast, stable and secure delivery of our website. When you access our website, requests are automatically routed through Cloudflare servers in order to optimize load times, protect the site from abusive traffic (such as DDoS attacks), and provide general security functions.

Cloudflare processes your IP address and other technically required connection data and sets cookies and/or webstorage elements to provide these services. These elements do not serve tracking or profiling purposes. They are used exclusively for website security, performance optimization, and to prevent misuse of our services.

The processing is based on our legitimate interest in ensuring the security, availability, and proper functioning of our website (Art. 6 (1) (f) GDPR).

Cloudflare acts as our data processor and follows our instructions. If personal data is transferred outside the EU/EEA (e.g., to the USA), we inform you about the applicable level of data protection in the section “Data transfers to service providers and external recipients”.

Embedded videos

We embed videos on our websites that are not stored on our servers. When you call up our pages with embedded videos, the content of the third-party provider that provides the videos is reloaded. The third-party provider is therefore able to obtain the information that you have accessed our site as well as the usage data that is technically required in this context

We have no influence on the further data processing by the third-party provider. However, when embedding the videos, we made sure to activate the extended data protection mode offered by the third-party provider. If the extended data protection mode is used, the third-party provider does not set tracking cookies.

The embedding is based on Art. 6 (1) (f) GDPR and in our interest of making our site as appealing and informative as possible.

If data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information about the level of data protection.

ProviderAdequate level of data protectionPossibility to object
Google (YouTube)For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).If you wish to object to the embedding, please stop using our site. ​
Vimeo​ For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).​If you wish to object to the embedding, please stop using our site.

Data protection for cookies, tracking, (re-)targeting

Information about cookies and web storage elements can be found in the consent banner under “Preferences”. You may access it at any time by clicking the cookie button located at the bottom left of the page. For some services, we provide more detailed information below:

Consent banner

We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR to provide you with our content according to your preferences and to be able to prove your consent(s). The settings you have made, the consents you have given and parts of your usage data are stored in a cookie. This ensures that it is kept for further website visits and that your consents continue to be traceable. You can find more information about this under the section “Necessary cookies”.

The consent management provider CookieYes acts as our data processor and follows our instructions. If personal data is transferred outside the EU/EEA (e.g., to the USA), we inform you about the applicable level of data protection in the section “Data transfers to service providers and external recipients”.

Google Analytics

We use the web analysis tool “Google Analytics” to design our websites in accordance with the needs of our visitors. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and accessed by us. This allows us to recognise returning visitors and count them as such.

The data processing is based on your consent, provided you have given your consent via our banner. You can withdraw your consent at any time. To do so, please click the cookie button located at the bottom left of the page and adjust your settings via our banner.

We use Google Consent Mode V2 (basic mode). This means that your IP address is transmitted to Google irrespective of your settings in the banner. However, this is deleted by Google immediately after collection and is not logged. The processing is based on our legitimate interest in being able to better control and use certain functions of the Google services used on the website that require consent. The legal basis for processing is Art. 6 (1) (f) GDPR.

Google acts as our data processor and follows our instructions. If personal data is transferred outside the EU/EEA (e.g., to the USA), we inform you about the applicable level of data protection in the section “Data transfers to service providers and external recipients”.

Data protection in business correspondence

If you have questions of any kind, you can contact us by e-mail or telephone. This action involves the transmission of at least one valid e-mail-address or your phone number. For communication purposes, we might process other data regarding your person transmitted by you to us.

Data processing for the purpose of contacting us takes place acc. to Art. 6 (1) (a) GDPR basing on your consent. In the course of a business relationship, we might process the data on the basis of a contract or pre-contractual measures acc. to Art. 6 (1) (b) GDPR. In individual cases, we process customer and interested party data due to our legitimate interest acc. to Art. 6 (1) (f) GDPR if and insofar as our interests in regard to this data processing prevail.

The personal data collected by us in the contacting process are generally deleted after your query has been settled. If the personal data of customers or interested persons are subject to a legal requirement of storage (e.g. as part of a contractual relationship), we shall store such data basing on Art. 6 (1) (c) GDPR until the legal period has expired. In some cases we have a legitimate interest in storing relevant processes (e.g. until the end of the limitation period) and shall save such data until the period expires basing on our legitimate interest acc. to Art. 6 (1) (f) GDPR.

Data protection for marketing purposes

Data processing for advertising measures

We use your contact data for the purpose of direct advertising if we have legitimate interests (Art. 6 (1) (f) GDPR) or have received your express consent (Art. 6 (1) (a) GDPR) to contact you, for example by e-mail and/or telephone. We generally process contact data (e.g. name, postal address, email address, telephone numbers) and your interests/preferences in relation to our products for, for example

  • Invitations to events or trade fairs,
  • Offers and information about our services and products by e-mail,
  • Christmas/ New Year greetings,
  • invitations to participate in customer surveys or market research.

If you have given your consent for advertising, you can revoke this at any time without giving reasons. In the case of direct advertising based on our legitimate interests, you have the right to object at any time.

Data processing for Newsletter and Mailings

On our websites we offer subscription to our newsletters and mailings. For signing up for topic related newsletters and mailings your name, company, audience group and email address is necessary.

If you subscribe to an an email newsletter of mailing list, for which your name and email address has to be stated, you will receive an email confirmation to your email address you stated. Only after confirming the email your subscription is completed.

In some of our newsletters and mailings we may monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance future user experiences. With your subscription you agree to the storage and monitoring.

You may withdraw your consent at any time by using the unsubscribe link included at the end of each newsletter. For additional information about your rights, please refer to the section “Your rights as a data subject” below.

Data protection for applications

We are always happy to receive your application. For security reasons, please submit your documents exclusively via our application portal. This ensures that your data is transmitted in a protected and confidential manner.

We therefore ask you not to send applications by unencrypted e‑mail, as this may allow unauthorized third parties to access your information.

If you nevertheless choose to contact us by e‑mail in encrypted form, please use the following address only: personalwesen@gabler.wpenginepowered.com.

Data we require:

In the application, we process those of your data that we need for your application. This includes contact data, data in connection with your application (résumé, certificates, qualifications, responses to questions, etc.) and possibly data of your bank account (to reimburse you for travel expenses). The legal basis for this is Art. 6 (1) (b) GDPR and § 26 of the German Federal Data Protection Law.

Deletion of data:

Unless there is a legal requirement to store data over a specified period, the data will be deleted as soon as storage is no longer necessary and/or the justifiable interest to storage has lapsed. If no employment results, this happens on a regular basis, latest six months after concluding the application process. 

In individual cases, individual data can be stored over a longer period (e.g. travel expenses). The duration of storage then depends on the legal requirements for storage for example in the General Fiscal Law (6 years) or the Commercial Code (10 years).

Should there be no suitable position available for you at this time, but your application has nonetheless caught our interest, we will ask for your permission to retain your application documents for future openings.

Confidential treatment of your data:

Naturally we shall treat your data confidentially and do not transmit them to third parties beyond the Gabler Group.

We process your data in the context of your application with the support of our service providers – specifically d.vinci HR-Systems GmbH for operating our application portal and handling further application management, as well as additional service providers for our internal IT systems. All service providers act as processors on our behalf, bound by our instructions and under our full control.

Data protection for our social media channels

We are operating the following social media pages:

Data processing by us

Public relations

The data you provide on our social media pages, such as usernames, comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not processed by us for any other purpose at any time. We only reserve the right to delete content if this is necessary. Where appropriate, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform.

If you send us an enquiry on the social media platform, depending on the content, we may also refer you to other secure communication channels that guarantee confidentiality. For example, you have the option at any time to send us your enquiries to our address or e-mail address stated in the imprint or communications@gabler-naval.com. It is your own responsibility to choose the appropriate communication channel.

The legal basis for the aforementioned processing of your data is Art. 6 (1) (f) GDPR. We process the data in our legitimate interest of carrying out public relations work for our company and being able to communicate with you.

Data processing as a joint controller

For some processing activities we act as a joint controller with the respective operator of the social media platform.

Therefore, we have concluded the necessary agreement in accordance with Art. 26 GDPR, provided that the operator of the social media platform offers this option.

https://legal.linkedin.com/pages-joint-controller-addendum

https://www.facebook.com/legal/terms/page_controller_addendum

You can find the essential components of joint responsibility in the following section.

Statistics (Insights)

The social media platforms regularly provide statistics (insights) based on usage data that contain information about your interaction with our social media site. We cannot determine the performance and provision of these statistics.

We process the aforementioned information (statistics) in accordance with Art. 6 (1) (f) GDPR in the legitimate interest of validating the use of our social media pages and improving our content in target group-oriented manner.

Target group advertising

We also use the mentioned social media platforms to place target group-oriented advertising. 

For this purpose, we use target group definitions that are provided to us by the social media provider. We use only anonymous target group definitions – we define characteristics based on, for example, general demographics, behavior, interests and connections. The social media provider uses this information to display advertisements to its users. The legal basis for this is the consent that the provider of the social media platform has requested from its users.

If you wish to withdraw your consent, please use the withdrawal options provided by the social media provider, as the social media provider acts as controller for this processing.

We or the social media provider also use publicly available data for target group definition. The legal basis for this processing is then Art. 6 (1) (f) GDPR. The legitimate interest on our part in this context is to define a target group that is as suitable as possible. We never use sensitive categories of personal data mentioned in Articles 9 and 10 GDPR (e.g. political opinions, sexual orientation) to define target groups.

We do not use target group definition based on location data. Within the scope of the target group definition, we do not pass on any personal data to the social media provider.

Data processing by the social media provider

The social media provider uses web tracking methods. The web tracking can also take place regardless of whether you are registered on the social media platform or not.

Therefore we would like to point out that it cannot be excluded that the social media provider uses and evaluates your profile and behavioral data for its own purposes. We have no influence on the processing of your data by the social media provider. Please keep this in mind when using the social media platform.

For more information on data processing by the social media provider, configuration options to protect your privacy and further objection options, please refer to the operator’s privacy policy.

Storage period

We delete your personal data once they are no longer required for the purposes described above, provided that no statutory retention obligations prevent their deletion.

Data transfers to service providers and external recipients

Any transfer of your personal data to third parties for other purpose than listed herein will not take place.

We only disclose your personal data to third parties if:

  • you have given us your express consent pursuant to Art. 6 (1) (a) GDPR,
  • the relevant disclosure pursuant to Art. 6 (1) (f) GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have no overriding and legitimate interest warranting non-disclosure of your data,
  • we are legally obliged to disclose the data pursuant to Art. 6 (1) (c) GDPR, or
  • the disclosure is lawful and required to handle a contractual relationship with you pursuant to Art. 6 (1) (b) GDPR.

We disclose your data as part of order processing acc. to Art. 28 GDPR to service providers who assist us in the operation of our website and any processes in connection therewith. These are e.g. hosting service providers or IT providers for the support of our IT systems. Our service providers are strictly bound by our instructions and under according contractual obligations.

In the following we provide you with the names of the order processors with whom we cooperate which we have not given in the previous part of this privacy policy. If data are transmitted beyond the EU or the EEA in the course of these processes, we provide you with information to the suitable privacy level. 

Order processorPurposeSuitable privacy level
Profihost AGWeb hosting and supportProcessing only within the EU/EEA
CookieYes LimitedConsent Management Provider (Consent Banner)EU GDPR and UK GDPR, EU Standard Contractual Clauses
Cloudflare Inc.Content Delivery Network (CDN) and Bot-Recognition ServicesEU US Data Privacy Framework, EU Standard Contractual Clauses
d.vinci HR-Systems GmbHHosting of our Recruiting PortalProcessing only within EU/EEA
EQS Group GmbHHosting of our CRM SystemProcessing only within EU/EEA
Google Cloud EMEA Ltd.reCAPTCHA bot recognition for web formsEU-US Data Privacy Framework, EU Standard Contractual Clauses
Google Ireland Ltd.Google Analytics, Google Tag ManagerEU-US Data Privacy Framework, EU Standard Contractual Clauses

Data protection for storage limitation

We only store your personal data for as long as is necessary for the respective purpose. After these periods have expired, your data will be securely deleted or anonymized to ensure the protection of your privacy.

Insofar as we did not already inform you about the storage period, we delete personal data when they are no longer required for the processing purposes given above and if no legal obligations for storage preclude a deletion.

Your rights as a data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data of you is being processed; if this is the case, you have the right to obtain information about the processed personal data and to receive the information listed in detail in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to request the rectification of any inaccurate personal data relating to you and, where applicable, the completion of any incomplete data, without delay.

Right to erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing, for the duration of the assessment by the controller, if one of the requirements listed in Art. 18 GDPR is met, e.g. if you have objected to the processing.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to request the transfer of this data to a third party.

Right to withdraw consent (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal of the consent only effective for the future. Processing that took place before the withdrawal is not affected.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 (1) (f) GDPR (data processing for the protection of legitimate interests) or on the basis of Art. 6 (1) (e) GDPR (data processing for the protection of public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. The right to lodge a complaint can be asserted in particular witha supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.

Asserting your rights

Unless otherwise described above, please contact the controller of the data processing named in the imprint to assert your rights as a data subject.

Contact details of our data protection officer

Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: https://www.dsn-group.de/
E-mail: office@datenschutz-nord.de

If you contact our data protection officer, please also state the controller for the data processing named in the imprint.

Updating and changing this privacy policy

This privacy policy is currently valid and is dated March 2026.

As our website evolves and offers become available, or as a result of changes in legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be viewed and printed at any time on our website.