The controller as defined in the data protection legislation, especially the EU General Data Protection Regulation (GDPR), is:

Katharina-von-Bora-Strasse 1
80333 Munich, Germany

HRB 196269
Munich District Court
VAT ID No. DE281503071

Managing Directors:
Michael Keller, Christoph Rohrer, Marc Ziegler

Legal basis for data processing:
We process personal data on the following legal grounds to display our website properly and ensure that our users have fully functional access to all available services

  • Consent (Art. 6 para. 1 lit. a) GDPR)
  • To fulfill contracts (Art. 6 para. 1 lit. b) GDPR
  • On the basis of a balance of interests (Art. 6 para. 1 lit. f) GDPR)
  • To fulfill a legal obligation (Art. 6 para. 1 lit. c) GDPR)

Your rights:
You are authorized to exercise the following rights at any time by notifying our data protection officer (contact details above):

  • Get information about your saved personal data and its processing (Art. 15 GDPR),
  • Rectify incorrect personal data (Art. 16 GDPR),
  • Erase your saved personal data (Art. 17 GDPR),
  • Restrict data processing provided we are not yet authorized to erase your data due to legal obligations (Art. 18 GDPR),
  • Object to the processing of your personal data (Art. 21 GDPR) and
  • Data portability, provided you have consented to data processing or have signed a contract with us (Art. 20 GDPR).

Once you have provided your consent, you can revoke it at any time. This will only impact future data processing and will not negate the legality of any processing that occurred previously.

You have the right to complain to your responsible supervisory agency at any time (Art. 77 GDPR in connection with § 19 BDSG (German Federal Data Protection Act)). Your responsible supervisory authority is determined by the state in which you live or work, or the suspected infringement. A list of supervisory authorities (for the private sector) with addresses is available at:… .

General information collected during website use, type and purpose of data processing:

When you access our website, i.e. if you do not register or provide any other type of information, general information is automatically collected. This information (server log files) includes the type of web browser, the operating system used, the domain name of your internet service provider, and other similar details. Only information is collected that does not specifically identify you personally.

This information is processed for the following purposes:

  • Ensure a trouble-free connection to the website,
  • Ensure trouble-free use of the website,
  • Evaluate system security and stability, and
  • for other administrative purposes.

We do not use your data to make any conclusions about your identity.

We may evaluate such anonymous information statistically to improve our website and technical functionalities.

Legal basis:

Data is processed in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.


The data is only sent to the responsible data controller and potentially technical service providers involved in the operation and maintenance of our website as processors.

Storage duration:

The data is erased once it is no longer required for the purpose for which it was originally collected. Data used only to deploy the website is always erased once the corresponding session has been completed.

Provision required or mandatory:

The provision of the aforementioned personal data is not legally or contractually required. If we do not have the IP address and the consent to the use of cookies, however, it is not possible to guarantee the full functionality of our website. Individual services may also be unavailable or limited in scope. For this reason, the user has no right to object to this data collection.

SSL encryption:

We use up-to-date encryption technologies (e.g. SSL) via HTTPS to ensure the security of your data during transmission.

Shariff tool to share content

You can share content from our website on social media such as Facebook, Twitter, etc. in line with our Data Protection Policy. Our website uses Shariff for this purpose. This tool only establishes a direct contact between the networks and users once the user clicks on one of these buttons. The tool does not automatically transmit user data to the operators of these platforms.

External links

We use links to make reference to other websites and services rather than using plugins, some of which would result in the immediate transmission of data. We make every attempt to ensure that the linked pages comply with the necessary data protection and security standards. At the same time, please note that the operators of these linked pages are responsible for protecting your personal data. As such, such websites are outside of the scope of our own Data Protection Policy. The website operator will provide information about the type of data collection used in its own data protection policy.

Data protection policy for applicants

We are thrilled that you have taken an interest in BLACKSPACE and have decided to apply for a position at our company. In the following, we would like to share information about how we process your personal data in the context of your application.

Who is responsible for processing data?

The party responsible for data processing in the context of German data protection law is

Katharina-von-Bora-Strasse 1
80333 Munich, Germany

Phone +49 89 41 41 600-0

For more information about our company, details on people authorized to represent BLACKSPACE as well as other contact information, please see the Contact section of our website:

Which of your personal data do we process? For what purpose(s)?

We process the data that you have sent us in conjunction with your application to establish whether or not you are suitable for the position for which you have applied (or other open positions at our company, if applicable), and to carry out the application process.

What is the legal basis for ths?

The primary legal basis for the processing of your personal data in this application process is the version of § 26 BDSG (German Federal Data Protection Act) applicable effective May 25, 2018. This allows the processing of data deemed necessary to make a decision about an employment relationship. If the data is necessary for (if applicable) prosecution purposes once the application process has been completed, data processing may be conducted on the basis of the conditions stated in Art. 6 GDPR, especially to observe our legitimate interest as stated in Art. 6 para. 1 lit. f) GDPR. Our interest lies in the enforcement of or defense against claims.

How long is my data saved?

Applicant data is deleted after six months if the application is rejected.

In the event that you have consented to us saving your personal data, we will add this data to our pool of applicants. We will delete the data from this pool after one year.

If you are hired as part of our application process, your data will be transferred from our applicant data system to our personnel information system.

When sending your application data via e-mail, please note that the legal regulations in effect in Germany require us to store your complete, original e-mails in a tamper-proof, yet fully accessible location for a period of up to 10 years. This includes all correspondence in which any business or transaction is prepared, processed, completed or reversed.

To what recipients do we forward your data?

Our Human Resources department will examine your applicant details once we receive your application. Suitable applications will then be forwarded internally to the person responsible for the relevant position in the corresponding department. Then, next steps will be decided in detail. Only people at our company who need access to your data to properly conduct our application process will be given access to your data.

Of course, your data is completely confidential. We do not forward data to third parties. The only exceptions involve isolated cases of potential legal obligations to transmit data.

Automated decision-making or profiling
We do not use automated decision-making or profiling.
Where is the data processed?
We only process data in data centers in the Federal Republic of Germany.
Your data protection rights

You have the right to get information about the personal data relevant to you, as well as to rectify any incorrect data, or erase personal data, provided one of the reasons listed in Art. 17 GDPR is applicable, e.g. if the data is no longer required for the originally intended purposes. You also have the right to restrict data processing if one of the prerequisites listed in Art. 18 GDPR applies, and to object to the processing of your personal data if any of the prerequisites in Art. 21 GDPR apply. You also have the right to data portability as stated in Art. 20 GDPR.

Once you have given us your consent to conduct certain types of data processing, you can revoke it at any time. This will not negate the legality of any processing that occurred previously. We will no longer process the data in question. Please send your notice of revocation by mail to BLACKSPACE GmbH.

You also have the right to complain to your responsible supervisory agency at any time if you believe that the processing of your data violates any data protection regulations. You can exercise your right in the EU country in which you or your workplace are located, or in the location of the suspected violation.


You can contact us at any time via the published channels. We process your contact data received in order to process your enquiry, to address you correctly and to reply. In this context, other persons or departments with corresponding core competencies may also receive knowledge of your enquiry in order to answer it in the best possible way.

When contacting us by e-mail, we would like to point out that the legal requirements applicable in Germany force companies to keep their e-mails complete, true to the original, tamper-proof and available at all times for a period of sometimes 10 years. This includes any correspondence through which a transaction can be prepared, processed, concluded or reversed.

The processing of personal data such as e-mail address, first name and surname is based on our legitimate interest in maintaining business contacts.

Our data protection officer:

To contact the person responsible for data protection at your company, please email:
nextwork GmbH
Marco Peters

Questions for the data protection officer:

If you have questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organization:

nextwork GmbH
Marco Peters