Privacy policy

Website - Status: 09.02.2026

1. responsible person

NMD - New Materials Development GmbH
Eduard-Rüber-Str. 7
83022 Rosenheim

Phone: +49 / 8031 / 27106- 0

2. data protection officer

Achim Barth - Barth Datenschutz GmbH
e-mail: info@barth-datenschutz.de

3. overview of data processing

We process personal data when you visit our website, contact us or - depending on the configuration - use functions such as appointment booking, newsletters, analysis or marketing tools.

Typical data categories:

- Access data (e.g. IP address, date/time, page accessed, referrer URL, browser/device information)
- Communication data (e.g. e-mail content, contact details)
- Content and form data (information that you enter in fields)
- Consent and cookie data (consent status, cookie identifiers)

4. basic processing

4.1 Provision of the website and server logs

Purpose: To deliver the website, ensure stability and security, detect misuse and attacks, analyse errors.
Data: IP address, timestamp, content accessed, technical information (browser/operating system), referrer URL, log data.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and functional operation).
Recipients: Technical service providers (e.g. hosting, IT) as part of order processing.
Storage duration: Log data is only stored for as long as is necessary for security and error analysis (typically: a few days to a few weeks), then deleted or anonymised.

4.2 Use of service providers and order processing

We use service providers to operate and maintain the website (e.g. hosting, IT, support, web development). Where necessary, an order processing contract has been concluded with these service providers in accordance with Art. 28 GDPR.

4.3 Cookies and consent management

We use cookies and similar technologies (e.g. local storage) to make the website technically available (necessary), to offer functions and - optionally and only with consent - to measure reach or to enable marketing.

If cookies or technologies requiring consent are used, we will obtain your consent before using them.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent) for cookies and tools requiring consent; Art. 6 para. 1 lit. f GDPR for the operation and logging of the consent status.
Change or revoke consent: Cookie settings

4.4 Making contact

Purpose: Processing your enquiry, communication.
Data: Contact data, message content, metadata if applicable.
Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures or contract) or Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication), depending on the content of the enquiry.
Storage period: Until final processing; beyond that only if necessary (e.g. proof, follow-up questions) or statutory retention obligations.

5. processing in detail

5.1 Newsletter

Purpose: Sending information, news and offers.
Data: E-mail address, name if applicable; log data for registration (double opt-in: time, IP address).
Legal basis: Art. 6 para. 1 lit. a GDPR (consent).
Cancellation: At any time via the unsubscribe link in the newsletter or by sending us a message.
Recipient: Newsletter service provider (order processing according to Art. 28 GDPR).
Storage period: Until consent is withdrawn; log data as long as required for verification purposes.

5.2 Appointment booking

Purpose: To arrange and organise appointments.
Data: Name, contact details, appointment request, notes if applicable.
Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures or contract); if the tool uses tracking or cookies: Art. 6 para. 1 lit. a GDPR.
Recipient: Appointment service provider (if applicable, order processing according to Art. 28 GDPR).
Storage period: Until the appointment has been completed and the purpose of the connection has been fulfilled; thereafter deletion as required or within statutory periods.

5.3 Application form / Career

Purpose: Processing of applications.
Data: Application data, correspondence, documents submitted.
Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (organisation of the application procedure).
Recipient: HR and IT service provider (if applicable, order processing according to Art. 28 GDPR).
Storage period: After completion of the procedure, deletion after a reasonable period (usually six months), unless further consent has been given.

5.4 Analysis and reach measurement

Purpose: Measurement of usage, optimisation of the website.
Data: Usage data, device and browser data, interactions, cookie IDs if applicable.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent).
Revocation: Via the cookie settings.
Recipient: Analysis service provider (if applicable, order processing according to Art. 28 GDPR).
Third country: Possible, depending on the provider (see section 6).
Storage duration: Depending on the tool settings; deletion or anonymisation according to configuration.
Tools: Google Analytics Tracking Pixel, Microsoft Clarity Pixel

5.5 Marketing, conversion and retargeting

Purpose: Advertising playout, performance measurement, retargeting.
Data: Interactions, visit and conversion events, cookie IDs, campaign allocation if applicable.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent).
Revocation: Via the cookie settings.
Recipients: Marketing and advertising service providers; joint responsibility depending on the tool design (to be checked on a case-by-case basis).
Third country: Possible, depending on the provider.
Tools: Meta Pixel (Facebook, Instagram), Google Ads Conversion Tag, Microsoft Advertising

5.6 Social media links

Purpose: Linking to external social media profiles.
Data: We do not transfer any data to social media providers when you click on a link; you only leave our website when you click on the link.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in information and communication).
Platforms: LinkedIn, Facebook, Instagram

6th recipient

Depending on the functions used, data may be transmitted to the following categories of recipients:

- IT and hosting service provider (order processing)
- Communication, forms and appointment service provider
- Analysis and marketing service provider (only with corresponding activation)
- Provider of embedded content (video, audio, widgets)
- Payment service provider (for payment functions)

7. third country transfers

Depending on the service providers used, personal data may be processed outside the EU or the EEA. In these cases, we rely - where necessary - on suitable guarantees (e.g. standard contractual clauses) and take measures to minimise risk.

Note: In the case of transfers to third countries, a residual risk (e.g. state access possibilities) cannot be completely ruled out.

8. storage duration

We only store personal data for as long as is necessary for the respective purposes. Data is then deleted or anonymised, provided there are no statutory retention obligations to the contrary.

9. your rights

You have the following rights:

- Information about your stored data (Art. 15 GDPR)
- Correction of incorrect data (Art. 16 GDPR)
- Deletion of your data (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing on the basis of Art. 6 para. 1 lit. f GDPR (Art. 21 GDPR)
- Revocation of consent given with effect for the future (Art. 7 para. 3 GDPR)

Assertion: Via the contact details of the controller or to the data protection officer (info@barth-datenschutz.de).

10. right of appeal

You have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

11. obligation to provide data

The provision of certain data is technically necessary for the mere use of the website (e.g. IP address). If you contact us or enquire about services, certain information is required in order to process your enquiry.

12 Automated decisions and profiling

Automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place. If individual marketing or analysis modules can create profiles, this is only done with prior consent (Art. 6 para. 1 lit. a GDPR).