Data protection

Thank you for your interest in our company. Data security is of particular importance to the management of Projektgesellschaft Norderelbe mbH. It is possible to use the Projektgesellschaft Norderelbe mbH website without entering any personal data whatsoever. However, the processing of personal data could become necessary if a data subject decides to make use of particular company services via the website. If the processing of personal data is necessary and there is no legal basis for this processing, we generally obtain the data subject’s consent.

The processing of the personal data, e.g. name, address, email address or telephone number of a data subject happens only according to the General Data Protection Regulation (GDPR) and in agreement with any country-specific data protection regulations applying to Projektgesellschaft Norderelbe mbH. Our company would like to use this data protection statement to inform the public about the nature, scope and purpose of the data we collect, use and process. In addition, this data protection statement will inform data subjects of their rights.

As controller, Projektgesellschaft Norderelbe mbH has implemented a number of technical and organisational measures to ensure the most complete protection possible for any data processed via this website. However, any data transferred anywhere on the internet may generally be subject to security breaches, which means we cannot guarantee total protection. For this reason, it is also possible for any data subject to disclose their personal data over the phone instead.

1. Name and address of the controller

of data processing in the sense of the GDPR, other applicable data protection regulations in the EU member states and other issues related to data protection:

Projektgesellschaft Norderelbe mbH
Viktoriastrasse 17
25524 Itzehoe

Phone: +49 (0) 4821.1 78 88-0
Phone: +49 (0) 4821.1 78 88-11


Authorised Managing Director: Martina Hummel-Manzau, Dr Harald Georg Schroers

2. Cookies

Cookies are text data that are stored on a computer’s system and saved via an internet browser.

Many websites and servers use cookies. Lots of cookies contain what is known as a cookie ID. A cookie ID is a unique code for the cookie. It consists of a series of characters by which websites and servers can be assigned to the specific browser in which the cookie was stored. This means the websites and servers that were visited can differentiate between the individual browser of the data subject and other internet browsers that contain other cookies. A certain internet browser can be recognised and identified by its unique cookie ID. The implementation of cookies means Projektgesellschaft Norderelbe mbH can offer users of its website more user-friendly services that would not be possible without cookies.

Cookies allow information and offers on the website to be optimised for the user. As mentioned above, cookies allow us to recognise the users of our website. The point of this recognition is to make using the website easier. The user of a website that uses cookies does not, for example, have to enter their access details every time they visit that website, because these are transmitted using the cookie stored on that user’s computer system. Another example is the cookie for a shopping basket in an online shop. Using cookies, the online shop notes the articles that a customer places in their basket.

The Projektgesellschaft Norderelbe mbH website uses cookies in certain situations. Cookies are needed to store the consent of the data subject to use cookies that are not necessary for the provision of the website. This is valid for one year. The Projektgesellschaft Norderelbe mbH website also contains elements from Twitter. If the data subject consents to the use of Twitter, cookies from Twitter will be used and information transferred to Twitter. Cookies from Twitter are valid for up to two years. Further information on this can be found under number 11 of this data protection statement. The data subject can also generally prevent the use of cookies in the corresponding settings of the browser they are using and permanently deny them. Stored cookies can also be deleted at any time using a browser or other software. This is possible in all common internet browsers. If the data subject deactivates the storing of cookies in the internet browser, not all of the functions of our website remain usable.

3. Collecting and processing general data and information from the website visitor

The Projektgesellschaft Norderelbe mbH website collects a variety of general data and information every time the website is accessed by a data subject or an automatic system. This general data and information are saved in the server’s log files. What can be collected: the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an IP address, (7) the internet service provider of the accessing system and (8) other similar data and information which serve to prevent danger in the event of attacks on our information technology systems.

When using this general data and information, Projektgesellschaft Norderelbe mbH does not draw conclusions about the data subject. This information is only required to (1) deliver the content of our website correctly, (2) optimise both the content of our website and the advertising for it, (3) ensure the permanent operability of our information technology systems and the technology of our website and (4) to provide law enforcement agencies with the information necessary for criminal prosecution in case of a cyberattack. These anonymously collected data and information are therefore statistically evaluated by Projektgesellschaft Norderelbe mbH with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data on the server log files are stored separately from all personal data provided by a data subject.

The processing of personal data is necessary to achieve the above-mentioned purposes of protecting the legitimate interest of the company in the proper provision of the website and ensuring the security of the processing in accordance with Article 1 (1) (f) GDPR.

4. Processing of personal data for customer satisfaction surveys and direct marketing

Projektgesellschaft Norderelbe mbH may use your data with your explicit and informed consent under Article 6 (1) (a) GDPR for the purposes of direct marketing (e.g. invitations to trade events, newsletters) or to undertake customer satisfaction surveys, also by email. It remains within your rights to refuse the use of your data for these purposes by writing an email to or to make use of the “disagree” function in the message you received.

5. Contact options on the website

Due to legal regulations, the Projektgesellschaft Norderelbe mbH website contains information that enables fast electronic contact with our company and direct communication with us; this also includes a general address for electronic mail (email address). If a data subject contacts the controller by email, the personal data transmitted will be automatically saved. Such personal data transmitted on a voluntary basis from a data subject to the controller are stored for the purposes of processing or for contacting the data subject. This personal data shall not be disclosed to third parties.

The processing of personal data is necessary either for the execution and performance of a contract with the data subject pursuant to Article 6 (1) (b) GDPR, for the fulfilment of legal obligations to which Projektgesellschaft Norderelbe mbH is subject pursuant to Article 1 (1) (f) GDPR or to safeguard the legitimate interests of Projektgesellschaft Norderelbe mbH pursuant to Article 6 (1) (f) GDPR. The legitimate interest of Projektgesellschaft Norderelbe mbH lies in the initiation, implementation and handling of the business relationship.

6. Routine deletion and blocking of personal data

The controller shall process and store personal data relating to the data subject only for the time necessary to achieve the purpose of storage or where provided for by the European legislator or by any other law or regulation to which the controller is subject. If the purpose of storage ceases to apply or if a storage period prescribed by the European legislator or any other responsible legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

7. Implementation and use of Twitter

The controller has integrated elements of Twitter into the website which only become active after your consent according to Article 6 (1) (a) GDPR. Twitter is a multilingual, publicly available micro-blogging site on which users can publish tweets (short messages) of a maximum of 280 characters. These short messages are visible to everyone, even those without a Twitter account. The tweets appear to the followers of that user. Followers are other users of Twitter who follow the tweets of a certain user. Twitter also uses hashtags, links and retweets to reach a wide audience. Twitter’s operating company is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Every time the data subject accesses one of the individual pages of this website which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Twitter component to download a display of the corresponding Twitter component from Twitter. Further information on the Twitter buttons can be found at In the course of this technical procedure, Twitter is informed about which specific subpages of our website the data subject visits. The purpose of integrating the Twitter component is to enable our users to disseminate the content of this website, to make this website known in the digital world and to increase our visitor numbers.

If the data subject is logged on to Twitter at the same time, Twitter will recognise which specific subpage of our website the data subject is visiting each time the subject accesses our website and for the entire duration of the stay on our website. This information is collected by the Twitter component and assigned by Twitter to the Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, the data and information transmitted in this way is assigned to the personal Twitter user account of the data subject and stored and processed by Twitter.

Twitter receives information via the Twitter component that the data subject has visited our website if the data subject is logged on to Twitter at the same time as they are accessing our website. This occurs regardless of whether the data subject clicks on the Twitter component or not. If the data subject does not want this information to be sent to Twitter, they can prevent this from being sent by logging out of their Twitter account before accessing our website. Twitter’s applicable data protection regulations can be found at

8. Rights of the data subject

a) Your rights
You have the right to obtain information from Projektgesellschaft Norderelbe mbH about the personal data relating to you (Article 15 GDPR) that is processed by us. You also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR) and data portability (Article 20 GDPR).

You have the right not to be subject to a decision based solely on automated processing, including profiling, which could have legal consequences or a significant similar impact. In order to safeguard the rights, freedoms and legitimate interests of the data subject, they therefore at least have the right to express their point of view and to challenge the decision.

There is also the right to lodge a complaint at any time with the respective supervisory authority for data protection. For this purpose, please contact the state representative for data protection at the address below.

b) Right to revoke consent
If you have given your consent for the processing of your data (Article 6 (1) (a) GDPR or Article 9 (1) (a) GDPR), you have the right to revoke this consent at any time.
You also have the right to object to the processing of your personal data in accordance with Article 21 GDPR.
If you lodge an objection, we will no longer process your personal data, unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
For concerns of this kind, please send enquiries to the address of Projektgesellschaft Norderelbe mbH listed above.

9. Data security

Our employees and the service providers commissioned by us are obliged to maintain confidentiality and comply with the provisions of the applicable data protection laws. The company takes appropriate technical and organisational security measures to protect your personal data from loss, alteration, destruction and access by unauthorised persons and from unauthorised disclosure. Our security measures are constantly being improved in line with technological developments.

10. Automatic decision-making

As a responsible-minded company, we do not participate in automatic decision-making or profiling.

11. Links to other websites

This data protection statement is valid only for Projektgesellschaft Norderelbe mbH online offers and not for third-party applications or websites. Projektgesellschaft Norderelbe mbH online offers may contain links to third-party websites and applications that might be of interest to you. Projektgesellschaft Norderelbe mbH is not responsible for the collection, processing and utilisation of your data transmitted via other websites or applications that are not operated by Projektgesellschaft Norderelbe mbH, nor for their content.

12. Newsletter

With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter: We send newsletters, emails and other electronic notifications with information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the course of registration, they are decisive for the consent of the users. Apart from that, our newsletters contain information about our services and us.

Double opt-in and logging: Registration for our newsletter is carried out in a so-called double opt-in procedure. This means that after registration you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.

Registration data: To register for the newsletter, it is sufficient to enter your email address. Optionally, we ask you to enter a name for the purpose of a personal address in the newsletter.

The newsletter is sent and its success measured on the basis of the recipients' consent pursuant to Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 Para. 2 No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 Para. 1 lt. f. DSGVO in conjunction with. § 7 para. 3 UWG.

The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. We are interested in providing a user-friendly and secure newsletter system that serves our business interests as well as the expectations of the users and also allows us to prove consent.