We are delighted that you are interested in our company. Data protection is a particularly high priority for the management of THE GOODWINS Berlin GmbH. We would therefore like to inform you about the nature, scope, and purpose of the processing of personal data in the context of our company website and the associated functions and content. We collect and process your personal data in accordance with current data protection regulations. If you are unclear about certain terms, you can find the relevant explanations in the Art. 4 DSGVO can be inferred.
Verantwortliche
The controller within the meaning of the GDPR is:
THE GOODWINS Berlin GmbH
Swinemünder Straße 121
10435 Berlin
Deutschland
Tel.: +49 (0)30 284 897 73
E-Mail: andre@thegoodwins.de
Website: www.thegoodwins.de
Data protection officer
If you have any questions about how your personal data is handled, please contact us by email. Alternatively, you can also contact the responsible data protection officer:
Nextwork GmbH, represented by Marco Peters: datenschutz@nextwork.de
Changes
We reserve the right to amend this privacy policy at any time in order to comply with current legal requirements or to reflect changes in our services, for example when introducing new services. Please note that this privacy policy is for your information only and that you do not have to agree to it anywhere on our company website.
Zuletzt aktualisiert: 12.09.2025
Rights of affected persons
Sie können die folgenden Rechte jederzeit über uns oder die Kontaktdaten unseres Datenschutzbeauftragten ausüben:
Art. 15 GDPR, Right of access: The right to be informed about the personal data we process about you and to request information about it.
Article 16 GDPR, Right to rectification: the right to request that we change or update your personal data if it is inaccurate or incomplete.
Art. 17 GDPR, Right to erasure: the right to request that we permanently delete your personal data, unless other legal provisions or an overriding interest on our part prevent this.
Art. 18 GDPR, Right to restriction of processing: Right to restriction – the right to request that we temporarily or permanently stop processing your personal data.
Article 20 GDPR, Right to data portability: the right to request a copy of your personal data in electronic format and the right to transfer this personal data to a third party for use.
Art. 21 GDPR, Right to object: The right to object at any time to the processing of your personal data by us for reasons arising from your particular situation. This right to object requires the existence of special circumstances relating to your personal situation, whereby our rights may conflict with your right to object in individual cases.
Art. 7(3) GDPR, Right to withdraw consent: You have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Art. 77 Right to lodge a complaint with a supervisory authority: In addition, you have the right to lodge a complaint with a competent data protection supervisory authority. A list of supervisory authorities (for the non-public sector) with addresses can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
Data security
To protect the security of your data during transmission, our company website is encrypted and authenticated with TLS 1.3. We use HTTPS as standard.
Collection of general data and information (server log files)
The corporate website of THE GOODWINS Berlin GmbH collects a range of general data and information each time the website is accessed by a data subject or an automated system. When processing this data, THE GOODWINS Berlin GmbH does not draw any conclusions about the data subject. Rather, this information is required in order to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. The data in the server log files is stored separately from all personal data provided by a data subject. In particular, the following is recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the subpages accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serves to avert danger in the event of attacks on our information technology systems. Processing is carried out on the basis of Article 6(1)(f) GDPR and is based on our legitimate interest in the security, stability, and functionality of our website.
Your personal data will not be transferred to a third country. We use service providers within the scope of order processing for services, in particular for the provision, maintenance, and servicing of our IT systems and the company website.
Ihre Daten werden gelöscht, sobald sie nicht mehr für den Verarbeitungszweck benötigt werden.
Die Bereitstellung von personenbezogenen Daten wie der IP-Adresse und Cookie-Identifikatoren ist weder durch Gesetze noch durch vertragliche Vereinbarungen zwingend erforderlich. Jedoch ist eine angemessene Servicequalität und die Funktionsfähigkeit der Webseite ohne diese Informationen nicht gewährleistet. Zudem könnten bestimmte Dienste und Angebote ohne diese Daten nur eingeschränkt oder gar nicht zur Verfügung stehen.
Contact
Our website contains contact information that enables you to communicate with us quickly. We process your personal data for the purpose of handling your request. If you contact us by email, telephone, or mail, your personal data will be transferred to our database systems and stored.
The legal basis for processing the data you provide when contacting us is Art. 6 (1) (b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if this has been requested. Your personal data will not be transferred to countries outside the EU or the EEA. It will be deleted as soon as its intended purpose has been fulfilled. The provision of your data is voluntary, but without this information it is unfortunately not possible for us to contact you.
Cookies
We only use technically necessary cookies to operate our company website. These cookies are essential in order to provide you with the functions of our website and to fulfill our legal obligations. The processing of your personal data is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in order to enable you to use our website and to fulfill our legal obligations pursuant to Art. 6 (1) lit. c GDPR.
Data protection in job applications and during the application process
We process the personal data received in connection with an application in order to assess suitability for the position in question (or other vacant positions in the company, if applicable) and to carry out the application process. Processing may also be carried out electronically. This is particularly the case when application documents are sent by email. In this context, the following categories of personal data are processed: information in the resume, gender, title, first name, last name, address, telephone number, email address, and the content of any personal messages written. The legal basis for the processing of personal data in the application process is primarily Art. 6 (1) (b) GDPR (fulfillment of (pre)contractual measures). If the data is required for legal purposes after the application process has been completed, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular for the purposes of legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest then lies in asserting or defending claims under the General Equal Treatment Act (AGG). Applicants' data will be deleted after 6 months in the event of rejection. If consent has been given for further storage of personal data, the data will be transferred to a talent pool. The data is deleted after 12 months. If the applicant is offered a position as part of the application process, the data is transferred from the applicant data system to the personnel information system. The applicant data is reviewed by the human resources department after receipt of the application. Suitable applications are then made available for review by the internal department managers responsible for the respective open position. Within the company, only those persons who need the data for the proper conduct of the application process have access to it. The personal data is stored within the European Union for the application process.
No automated decision-making or profiling takes place as part of the application process. The provision of personal data is neither required by law nor contractually stipulated. However, without the provision of such data, it is not possible to consider your application. Withdrawal of consent means that the data may no longer be processed from that point onwards and can therefore no longer be considered in the application process.
We have integrated components from the Facebook company into this website. Facebook is a social network.
A social network is an online social meeting place, an online community that generally allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or enable the Internet community to provide personal or company-related information. Facebook allows users of the social network to create private profiles, upload photos, and connect with others via friend requests, among other things.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook.
A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE can be accessed.
As part of this technical process, Facebook receives information about which specific subpage of our website is visited by the data subject.
If the data subject is logged into Facebook at the same time, Facebook recognizes which specific subpage of our website the data subject visits each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject.
Facebook erhält über die Facebook-Komponente immer dann eine Information darüber, dass die betroffene Person unsere Internetseite besucht hat, wenn die betroffene Person zum Zeitpunkt des Aufrufs unserer Internetseite gleichzeitig bei Facebook eingeloggt ist; dies findet unabhängig davon statt, ob die betroffene Person die Facebook-Komponente anklickt oder nicht. Ist eine derartige Übermittlung dieser Informationen an Facebook von der betroffenen Person nicht gewollt, kann diese die Übermittlung dadurch verhindern, dass sie sich vor einem Aufruf unserer Internetseite aus ihrem Facebook-Account ausloggt.
You can find more information, including details on suppressing data transmission itself, here. https://de-de.facebook.com/about/privacy/
We have integrated components from LinkedIn Corporation into our website. LinkedIn is an Internet-based social network that enables users to connect with existing business contacts and establish new business contacts.
LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.
Each time our website, which is equipped with a LinkedIn component (LinkedIn plug-in), is accessed, this component causes the browser used by the data subject to download a corresponding representation of the LinkedIn component. Further information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins be retrieved. As part of this technical process, LinkedIn receives information about which specific subpage of our website is visited by the data subject.
If the data subject is logged into LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website the data subject visits each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on a LinkedIn button integrated into our website, LinkedIn assigns this information to the data subject's personal LinkedIn user account and stores this personal data.
LinkedIn receives information via the LinkedIn component that the data subject has visited our website whenever the data subject is logged into LinkedIn at the same time as visiting our website; this occurs regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before visiting our website.
LinkedIn offers under https://www.linkedin.com/psettings/guest-controls the option to unsubscribe from email messages, SMS messages, and targeted ads, as well as to manage ad settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Such cookies can be found at https://www.linkedin.com/legal/cookie-policy be rejected. LinkedIn's current data protection provisions can be found at https://www.linkedin.com/legal/privacy-policy available. LinkedIn's cookie policy is available at. https://www.linkedin.com/legal/cookie-policy available.
Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or as provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the purpose for storage no longer applies or if a storage period prescribed by European directives and regulations or other competent legislators expires, personal data is routinely blocked or deleted in accordance with legal requirements.
Automated decision-making and profiling
We do not use automated decision-making or profiling.
Referrer
When you visit our website or click on external links, your browser may transmit so-called referrer information. This includes the address of the previously visited page. In order to protect your privacy as best as possible, we have implemented a so-called “no-referrer” policy on our website. This means that when loading external content or leaving our site, no referrer information is transmitted to the target page. External services therefore do not know which page you came from. This measure helps to prevent the unnoticed transfer of usage information and complies with the requirements of the GDPR.
Tracking
Our website does not use tracking technologies such as Google Analytics, Facebook Pixel, or similar services. No personal usage data is collected or processed. No user profiles are created. No data is passed on to third parties. Our website can be used completely anonymously.