Nah-shuttle Logo

Privacy Policy NAHSHUTTLE Website

1. General information

NAH.SH GmbH, Raiffeisenstraße 1, 24103 Kiel, is responsible for data processing on this website in accordance with the European General Data Protection Regulation (GDPR). We respect your personal rights. We understand the importance of any personal information you provide as a user of our website. We respect the protection of your personal data and will process all data obtained solely in accordance with the applicable data protection laws and strictly within the scope of our business purposes.

2. Definitions

Personal data is any information relating to an identified or identifiable natural person. A natural person is identifiable if they can be identified directly or indirectly, in particular by being assigned to such identifiers as names, ID numbers, location data, an online identifier, or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that person.

3. Legal basis of the processing

If we obtain your consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a of the GDPR shall apply as the legal basis. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, this is done within the framework of Art. 6 para. 1 sentence 1 lit. c GDPR. If the processing is necessary to protect a legitimate interest of ours or a third party, and your interests, fundamental rights, and freedoms do not override the legitimate interest, Art. 6, para. 1 sentence 1 lit. f GDPR shall apply as the legal basis for processing. In the case of storage of information on your device, e.g., by means of cookies (see also in particular sections 5.2 and 5.6), the permissibility of the use of data is additionally based on § 25 para. 1 TDDDG (German Telecommunications Digital Services Data Protection Act) (consent), or, in the case of mandatory storage processes, according to § 25 para. 2 no. 1 (communication process) or no. 2 (provision of a telemedia service) TDDDG. Unless otherwise stated, the legitimate interest of our company lies in the ongoing optimization of our services and presentations in order to continuously develop our services, taking due account of your interests.

4. Data deletion and storage duration

Your personal data will be deleted or blocked as soon as the legitimate purpose of storage ceases to apply. Storage can also take place if this has been provided for. The data will also be blocked or deleted if a prescribed storage period expires, unless there is a need for further storage of the data for other legal reasons, which we must prove, e.g., due to legitimate interests in defending legal claims.

5. Collection of personal data

When you visit our website, we process personal data only to the extent necessary to provide a fully functional website and our content and services, or where you have given your consent. The above does not apply where the processing of data is required by statutory provisions. Below, we would like to inform you about the type, scope and purpose of our data processing on this website:

5.1. Website hosting

The website is hosted by Hetzner Online GmbH (https://www.hetzner.com/). The hoster receives the above data as a processor on the basis of an agreement that meets the requirements of Art. 28 GDPR.

5.2. Server log files

Each time you access our website, the access data necessary to enable use is stored in a log file, which your Internet browser automatically transmits to us. This includes:
  • Internet browser type/Internet browser version;
  • Operating system used;
  • User name (when using Basic-Auth)
  • Date and time of the server request;
  • IP address of the computer requesting the website;
  • The website from which the access was made (referrer URL);
  • Files accessed;
  • Request type (GET, POST, etc.)
  • HTTP response code (e.g., 200 or 404)
  • Duration for the response (e.g., 50 ms)
  • Amount of data transferred
The log file is stored for the following purposes:
  • Analysis of file retrieval for statistical purposes;
  • System security and website stability;
  • Checking for contract violations or other unlawful use, provided there are concrete indications for doing so.
The legal basis for this data processing is Art. 6, para. 1 sentence 1 lit. f GDPR. Our legitimate interest is derived from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally. We do not collate this data with other data sources. This data is automatically deleted within a month, unless there are special indications for longer storage in individual cases.

5.3. Necessary cookies

When you visit our website, “cookies” are stored on the user’s computer. Cookies are small text files in a designated file directory of the computer. This file is used to identify the user’s computer for the duration of the session. These cookies cannot manipulate the user’s device and can be deleted manually at any time, most easily in the Internet browser. You can individually set the handling of cookies in your Internet browser so that cookies are rejected or only accepted after confirmation. The cookies, here called “session cookies,” serve the purpose of expanding the functionality of our Internet offer and to make your use as convenient as possible. If you refuse these cookies, not all components of our application will function properly. The processing of data by cookies is necessary for the purposes mentioned for the provision of our service (website offer) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, § 25 para. 2 TDDDG.

5.4. Data collected when you make contact

If you send us inquiries via nahshuttle@nah.sh, your details will be stored by us via the email address provided for contacting us, including the contact data you have provided there, solely for the purpose of processing the respective inquiry and in the event of follow-up questions. We do not share this information with third parties without your permission. The corresponding data is used on the basis of Art. 6, para. 1 sentence 1 lit. b GDPR.

5.5. Third-party services

The use of third-party services, in particular tracking tools and the cookies set in this context, is based—unless explicitly stated otherwise in the service description—on Art. 6 para. 1 sentence 1 lit. a GDPR / § 25 para. 1 TDDDG through your consent, which you may revoke at any time. In this way, we want to ensure that our website is designed to meet requirements and is continuously optimized (through statistical evaluations, the improvement of the retrievability and presentation of content, and the integration of requested services).

5.7. Use of our consent management tool (CMT)

Our website uses the CMT “Borlabs Cookie,” a web service of Borlabs GmbH Hamburger Str. 11, 22083 Hamburg. We use this data to ensure the full functionality of our website and to inform the user about the use of cookies on our website and to obtain and record the user’s consent in accordance with the law. The following data are automatically transmitted to the provider/technical service of our CMT:
  • The user’s anonymized IP address;
  • The date and time of consent;
  • The user agent of the end user’s Internet browser;
  • The website from which the access was made (referrer URL);
  • An anonymous, random and encrypted key;
The cookies approved by the user (cookie status), which serves as proof of consent. An automatically generated key by the CMT for managing/proving given consents, along with the consent status, is also stored in a cookie in the end user’s web browser. This allows the website to automatically read and follow the end user’s consent for all subsequent page requests and future end user sessions for up to 12 months. The legal basis for data processing is Art. 6, para 1 lit. c GDPR in conjunction with § 25 para. 2 no. 2 TDDDG. We can only comply with the legal requirements with an appropriate mechanism for granting and managing consent. You can prevent the collection and processing of your data by our CMT by disabling the execution of script codes in the settings of your Internet browser or by installing a script blocker in your Internet browser. Further information on the scope of data processing by the CMT can be found in the privacy policy of our CMT provider at: https://de.borlabs.io/datenschutz/.

6. Your rights

Insofar as we process your personal data on our website, you are a “data subject” within the meaning of the GDPR. You have the following rights with respect to us:

6.1. Right to information

You can request confirmation from us as to whether we are processing your personal data. If such processing is taking place, you can request the following information from us:
  • The purposes for which the personal data is being processed;
  • The categories of personal data being processed;
  • The recipients or categories of recipients to whom your personal data has been or will be disclosed;
  • How long we plan to store your personal data, or, if specific information in this respect is not possible, our criteria for determining the retention period;
  • Right to lodge a complaint with a supervisory authority;
  • Any available information on the origin of the data, if the personal data has not been collected from you;
  • The existence of automated decision-making processes, including profiling, as defined in Art. 22 para. 1 and 4 GDPR and – at least in such cases – meaningful information about the logic involved and the scope and intended effects of such processing for you.
You have the right to request information regarding whether your personal information is being transmitted to a third-party country or an international organization. In this respect, you can request the appropriate guarantees in connection with the transmission in accordance with Art. 46 GDPR.

6.2. Right to have data corrected

You have the right ask us to correct and/or complete your personal data if what we have on file is incorrect or incomplete. If this is the case, we will make the correction immediately.

6.3. Right to restrict processing

You have the right to request the restriction of the processing of your personal data under the following conditions, if:
  • You dispute the accuracy of the data we have on file about you and set a deadline for us to verify its accuracy;
  • The processing is unlawful and you object to the deletion of your personal data, instead requesting a restriction of its use;
  • We no longer need your personal data for the purpose of data processing, but you require it to assert, exercise or defend legal claims, or
  • You have objected to processing pursuant to Art. 21 para. 1 GDPR, and it has not yet been determined whether our legitimate grounds outweigh yours.
If you have requested a restriction of the processing of your personal data, such data may—apart from its storage—only be processed with your consent, for the establishment, exercise, or defence of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State. You will be informed by us before the restriction is lifted.

6.4. Right to deletion

You can ask us to delete your personal data immediately. We are obliged to delete this data immediately if one of the following reasons applies:
  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You revoke any existing consent on which the processing is based in accordance with Art. 6, para. 1, sentence 1, lit. a or Art. 9, para. 2 sentence 1 lit. a GDPR and there is no other legal basis for its continued processing.
  • You object to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing.
  • You object to the processing for direct marketing purposes pursuant to Art. 21 para. 2 GDPR.
  • The personal data has been unlawfully processed.
  • The deletion of your personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which we are subject.
  • The personal data has been collected in relation to services offered by an information collection company according to Art. 8, para. 1 GDPR.
If we have made your personal data public and are obliged to erase it pursuant to Art. 17 para. 1 GDPR, we will take appropriate measures—considering available technology and implementation costs—to inform the data controller(s) that you have requested the deletion of all links to, copies, or replications of your personal data. The right to deletion does not exist if processing is necessary
  • to exercise the right to freedom of expression and information;
  • to comply with a legal obligation requiring the processing under the law of the Union or the Member States to which we are subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in us;
  • for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 sentence 1 lit. h and i as well as Art. 9 para. 3 GDPR;
  • for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the exercise of the right specified in para. 1 is likely to make meeting the objectives of such processing impossible or severely compromised; or
  • to assert, exercise, or defend legal claims.

6.5. Right to information

If you have exercised your right to rectification, erasure, or restriction of processing with us, we are obliged to inform all recipients to whom your personal data has been disclosed of the rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

6.6. Right to data portability

You have the right to obtain your personal data, which you have provided to us in a structured, commonly used, machine-readable format. You have the right to transmit this data to another responsible party without any hindrance by us, provided that:
  • the processing is based on consent pursuant to Art. 6, para. 1 sentence 1 lit. a GDPR or Art. 9, para. 2 sentence 1 lit. a GDPR or on a contract in accordance with Art. 6, para. 1 sentence 1 lit. b GDPR and
  • the processing is carried out using automated methods.
In addition, you have the right to request the transfer of your personal data directly from us to another data controller, insofar as this is technically feasible. This transfer may not affect the rights and freedoms of other persons. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on us. We currently do not believe that any data collected through this website would fall under the right to data portability.

6.7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is conducted on the basis of Art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions. We will then no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims. If your personal data is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. In the context of the use of information company services, and Directive 2002/58/EC notwithstanding, you may exercise your right to object using an automated process.

6.8. The right to revoke the data protection declaration of consent

You have the right to revoke your consent to this Privacy Policy or the processing of your data at any time. The revocation of consent shall not affect the lawfulness of processing based on the consent prior to its revocation. Renew or change your cookie consent here

6.9. Automated decision in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. We do not carry out such processing.

6.10. The right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, work, or where the alleged infringement of the GDPR occurred, without prejudice to any other available rights of complaint.

7. Responsibility for linked content

Our website may contain links to other websites. This Privacy Policy does not apply to such third-party sites. If the use of these third-party websites involves the collection, processing, or use of personal data, please refer to the privacy policies of the respective providers. We are not responsible for how they handle your data.

8. Disclosure of personal data to third parties

Your personal data will only be stored on our servers or on servers used on our behalf. Access to and use of the data is only possible for authorized employees or service providers and is also limited to the data required to perform the respective task. The data will not be transferred to a third party. A data transfer to third countries (countries outside the European Economic Area) does not take place, unless otherwise stated herein and is not planned for the future.

9. Data security

To protect your personal data, we have taken technical and organizational measures to ensure that your data is protected against accidental or intentional loss, destruction, or manipulation as well as access by unauthorized persons. Our protective measures are reviewed at regular intervals and adapted to changes in technology as necessary.

10. Data Protection Officer

If you have any further questions regarding the processing of your personal data, please contact our Data Protection Officer: compolicy GmbH Schwedenkai 1 24103 Kiel info@compolicy.de.

11. Changes to this Privacy Policy

We reserve the right to change this Privacy Policy at any time as necessary in accordance with the data protection regulations applicable at that time. Last updated: September 2025