Change your Cookie settings



The controller as defined in the data protection legislation, especially the EU General Data Protection Regulation (GDPR), is:

Katharina-von-Bora-Strasse 1
80333 Munich, Germany
Managing Directors: Michael Keller, Christoph Rohrer, Marc Ziegler
Munich District Court, HRB 196269

Legal basis for data processing

We process personal data on the following legal grounds to display our website properly and ensure that our users have fully functional access to all available services:

  • Consent (Art. 6 para. 1 lit. a) GDPR)
  • To fulfill contracts (Art. 6 para. 1 lit. b) GDPR
  • On the basis of a balance of interests (Art. 6 para. 1 lit. f) GDPR)
  • To fulfill a legal obligation (Art. 6 para. 1 lit. c) GDPR)

Your rights

You are authorized to exercise the following rights at any time by notifying our data protection officer (contact details above):

  • Get information about your saved personal data and its processing (Art. 15 GDPR),
  • Rectify incorrect personal data (Art. 16 GDPR),
  • Erase your saved personal data (Art. 17 GDPR),
  • Restrict data processing provided we are not yet authorized to erase your data due to legal obligations (Art. 18 GDPR),
  • Object to the processing of your personal data (Art. 21 GDPR) and
  • Data portability, provided you have consented to data processing or have signed a contract with us (Art. 20 GDPR).

Once you have provided your consent, you can revoke it at any time. This will only impact future data processing and will not negate the legality of any processing that occurred previously.

You have the right to complain to your responsible supervisory agency at any time (Art. 77 GDPR in connection with § 19 BDSG (German Federal Data Protection Act)). Your responsible supervisory authority is determined by the state in which you live or work, or the suspected infringement. A list of supervisory authorities (for the private sector) with addresses is available at:

General information collected during website use, type and purpose of data processing:

When you access our website, i.e. if you do not register or provide any other type of information, general information is automatically collected. This information (server log files) includes the type of web browser, the operating system used, the domain name of your internet service provider, and other similar details. Only information is collected that does not specifically identify you personally.

This information is processed for the following purposes:

  • Ensure a trouble-free connection to the website,
  • Ensure trouble-free use of the website,
  • Evaluate system security and stability, and
  • for other administrative purposes.

We do not use your data to make any conclusions about your identity.

We may evaluate such anonymous information statistically to improve our website and technical functionalities.

Legal basis:

Data is processed in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.


The data is only sent to the responsible data controller and potentially technical service providers involved in the operation and maintenance of our website as processors.

Storage duration:

The data is erased once it is no longer required for the purpose for which it was originally collected. Data used only to deploy the website is always erased once the corresponding session has been completed.

Provision required or mandatory:

The provision of the aforementioned personal data is not legally or contractually required. If we do not have the IP address and the consent to the use of cookies, however, it is not possible to guarantee the full functionality of our website. Individual services may also be unavailable or limited in scope. For this reason, the user has no right to object to this data collection.

SSL encryption

We use up-to-date encryption technologies (e.g. SSL) via HTTPS to ensure the security of your data during transmission.


This site uses the security plugin WORDFENCE to protect the website from hacker attacks etc.. Provider is DEFIANT, 800 5th Ave Ste 4100, Seattle, WA 98104.

The DSGVO-compliant data processing agreement provided has been concluded.

WORDFENCE currently uses three cookies and the following explains what each cookie does, who set the cookie, and why the cookie helps protect the site.

What it does: This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded.
Who gets this cookie: This is only set for users that are able to log into WordPress.
How this cookie helps: This cookie allows the Wordfence firewall to detect logged in users and allow them increased access. It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.

What it does: This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location.
Who gets this cookie: This is only set for administrators.
How this cookie helps: This cookie helps site owners know whether there has been an admin login from a new device or location.

What it does: Wordfence offers a feature for a site visitor to bypass country blocking by accessing a hidden URL. This cookie helps track who should be allowed to bypass country blocking.
Who gets this cookie: When a hidden URL defined by the site admin is visited, this cookie is set to verify the user can access the site from a country restricted through country blocking. This will be set for anyone who knows the URL that allows bypass of standard country blocking. This cookie is not set for anyone who does not know the hidden URL to bypass country blocking.
How this cookie helps: This cookie gives site owners a way to allow certain users from blocked countries, even though their country has been blocked.

Changes in our data protection regulations

We reserve the right to adapt this Data Protection Policy to ensure that it always reflects the latest legal requirements, or to incorporate any changes to our services into this Data Protection Policy, e.g. when we introduce new services. In this case, the new Data Protection Policy would apply the next time you use the website.

Use of Matomo

The web analytics tool “Matomo” is used on this website. We operate and host this on our own server. We use this analytics tool to ensure the correct and optimized presentation of our website.

This analytics tool uses so-called cookies, or text files that are saved on the computer that allow us to evaluate how people use our website.
The information generated by the cookie about the website use is saved on our server.
The IP address is anonymized directly after processing and prior to being saved. As such, it is impossible to track it to you specifically.

For more information on the privacy settings available in Matomo software, please see:

You can prevent cookies from being installed by changing your browser settings. Or, you can prevent all types of user analysis on this website by setting a so-called block cookie or opt-out cookie – which will apply to future site visits provided it is not deleted.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.


Vimeo & information on incorporating videos

We use the Vimeo platform for videos on our website due to performance limitations in local video hosting. We do this on the basis of our legitimate interest in ensuring an appropriate and optimized display as well as acceptable load times for our website. For technical reasons, the server at provider Vimeo is accessed as a result of the incorporated videos. Please refer to the provider’s data protection policy for information about how the browser or device uses data, as they are responsible for this data processing. To see Vimeo’s privacy policy, please see:

Shariff tool to share content

You can share content from our website on social media such as Facebook, Twitter, etc. in line with our Data Protection Policy. Our website uses Shariff for this purpose. This tool only establishes a direct contact between the networks and users once the user clicks on one of these buttons. The tool does not automatically transmit user data to the operators of these platforms.

External links

We use links to make reference to other websites and services rather than using plugins, some of which would result in the immediate transmission of data. We make every attempt to ensure that the linked pages comply with the necessary data protection and security standards. At the same time, please note that the operators of these linked pages are responsible for protecting your personal data. As such, such websites are outside of the scope of our own Data Protection Policy. The website operator will provide information about the type of data collection used in its own data protection policy.

Data protection policy for applicants

We are thrilled that you have taken an interest in BLACKSPACE and have decided to apply for a position at our company. In the following, we would like to share information about how we process your personal data in the context of your application.

Who is responsible for processing data?

The party responsible for data processing in the context of German data protection law is

Katharina-von-Bora-Strasse 1
80333 Munich, Germany

Phone +49 89 41 41 600-0

For more information about our company, details on people authorized to represent BLACKSPACE as well as other contact information, please see the Contact section of our website:

Which of your personal data do we process? For what purpose(s)?

We process the data that you have sent us in conjunction with your application to establish whether or not you are suitable for the position for which you have applied (or other open positions at our company, if applicable), and to carry out the application process.

What is the legal basis for ths?

 The primary legal basis for the processing of your personal data in this application process is the version of § 26 BDSG (German Federal Data Protection Act) applicable effective May 25, 2018. This allows the processing of data deemed necessary to make a decision about an employment relationship. If the data is necessary for (if applicable) prosecution purposes once the application process has been completed, data processing may be conducted on the basis of the conditions stated in Art. 6 GDPR, especially to observe our legitimate interest as stated in Art. 6 para. 1 lit. f) GDPR. Our interest lies in the enforcement of or defense against claims.

How long is my data saved?

Applicant data is deleted after six months if the application is rejected.

In the event that you have consented to us saving your personal data, we will add this data to our pool of applicants. We will delete the data from this pool after one year.

If you are hired as part of our application process, your data will be transferred from our applicant data system to our personnel information system.

When sending your application data via e-mail, please note that the legal regulations in effect in Germany require us to store your complete, original e-mails in a tamper-proof, yet fully accessible location for a period of up to 10 years. This includes all correspondence in which any business or transaction is prepared, processed, completed or reversed.

To what recipients do we forward your data?

Our Human Resources department will examine your applicant details once we receive your application. Suitable applications will then be forwarded internally to the person responsible for the relevant position in the corresponding department. Then, next steps will be decided in detail. Only people at our company who need access to your data to properly conduct our application process will be given access to your data.

Of course, your data is completely confidential. We do not forward data to third parties. The only exceptions involve isolated cases of potential legal obligations to transmit data.

Automated decision-making or profiling

We do not use automated decision-making or profiling.

Where is the data processed?

We only process data in data centers in the Federal Republic of Germany.

Your data protection rights

You have the right to get information about the personal data relevant to you, as well as to rectify any incorrect data, or erase personal data, provided one of the reasons listed in Art. 17 GDPR is applicable, e.g. if the data is no longer required for the originally intended purposes. You also have the right to restrict data processing if one of the prerequisites listed in Art. 18 GDPR applies, and to object to the processing of your personal data if any of the prerequisites in Art. 21 GDPR apply. You also have the right to data portability as stated in Art. 20 GDPR.

Once you have given us your consent to conduct certain types of data processing, you can revoke it at any time. This will not negate the legality of any processing that occurred previously. We will no longer process the data in question. Please send your notice of revocation by mail to BLACKSPACE GmbH.

You also have the right to complain to your responsible supervisory agency at any time if you believe that the processing of your data violates any data protection regulations. You can exercise your right in the EU country in which you or your workplace are located, or in the location of the suspected violation.


You can contact us at any time via the published channels. We process your contact data received in order to process your enquiry, to address you correctly and to reply. In this context, other persons or departments with corresponding core competencies may also receive knowledge of your enquiry in order to answer it in the best possible way.

When contacting us by e-mail, we would like to point out that the legal requirements applicable in Germany force companies to keep their e-mails complete, true to the original, tamper-proof and available at all times for a period of sometimes 10 years. This includes any correspondence through which a transaction can be prepared, processed, concluded or reversed.

The processing of personal data such as e-mail address, first name and surname is based on our legitimate interest in maintaining business contacts.

Our data protection officer

To contact the person responsible for data protection at your company, please e-mail:

Nextwork GmbH, E-Mail:

Questions for the data protection officer

If you have questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organization:

nextwork GmbH, Marco Peters,