NEXUS / CHILI GmbH collects, processes and stores your personal data in compliance with the General Data Protection Regulation (GDPR). We developed this notice to explain the types of personal data we collect and the scale and purpose of data collection and utilization.

The following is deemed to be the controller pursuant to data protection legislation, especially the EU General Data Protection Regulation (GDPR):

Friedrich-Ebert-Straße 2
69221 Dossenheim, Germany

Your rights as a data subject

You have the following rights:

  • Information about the data we hold about you and its processing,
  • Rectification of inaccurate personal data,
  • Deletion of data we hold about you,
  • Restriction of data processing,
  • Objection to our processing of your data, and
  • Data portability if you have given your consent to data processing or have concluded a contract with us.

If you have given us your consent, you may withdraw it at any time with future effect.

You can assert your rights at any time by contacting our Data Protection Officer. The relevant contact details are provided below.

You may file a complaint with your competent supervisory authority at any time:

Purposes of data processing by the controller and third parties

We process your personal data only for the purposes specified in this Privacy Statement. We do not transfer your personal data to third parties for any purposes other than those specified. We will pass on your personal data to third parties only if:

  • You have given your express consent to this,
  • The processing is necessary for the performance of a contract to which you are party,
  • The processing is necessary for compliance with a legal obligation,
  • The processing is necessary to protect vital interests, and
  • There is no reason to believe that you have an overriding and legitimate interest in the non-communication of your data.


Deleting and locking personal data

We adhere to the principles of data avoidance and data economy. We store your personal data only as this is necessary for achieving the here mentioned purposes or as it is required according to the statutory storage periods. After the discontinuation of the purpose or the end of the storage period, data are routinely locked or deleted in accordance with the legal statutes.

Collection of general information when visiting our website

When you visit our website, cookies are used to collect and store general information. This information (server log files) includes details about your web browser, operating system, the domain name of your Internet service provider and other similar information. None of this information can be used to identify you personally.

This information is required for technical reasons to enable the correct delivery of the requested website content and is generated automatically when using the Internet. It is processed for the following purposes in particular:

  • To ensure a good website connection,
  • To prevent technical issues when using our website,
  • To evaluate system security and stability, and
  • For other administrative purposes.

We may, from time to time, statistically analyse anonymous information of this kind in order to optimise our website and the underlying technology.

Access data / server log files of the webspace provider

The web space provider collects data about every access to the offer. Access data includes: Name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

The provider uses the log data only for statistical evaluations for the purpose of operation, security and optimization of the offer. However, the provider reserves the right to retrospectively review the log data if, on the basis of concrete evidence, the legitimate suspicion of unlawful use exists.


To protect your data during transmission, we use state-of-the-art encryption technologies (for example, SSL) via HTTPS.


If you subscribe to the newsletter, the information you provide is exclusively used for this purpose. Subscribers can be notified by e-mail about matters related to the service or the registration (e.g., changes in the newsletter service or technical matters).

For your registration, we require a valid e-mail address. To confirm whether a registration is conducted by the actual owner of the e-mail address, we use a double-opt-in process. Therefore, we record the subscription to the newsletter, the sending of a confirmation e-mail, and the receipt of the requested response. Further data are not collected. Data are used solely for sending the newsletter and are never passed to a third party.

At any time, you can withdraw the consent to store your personal data and to use this data for the newsletter mailing. Each newsletter contains a link, which you can use to withdraw your consent. Furthermore, you can unsubscribe to the newsletter at any time on our website or you may use the contact form below this privacy notice to unsubscribe.

Contact form

We collect personal data that you provide on a voluntary basis when entering into contact with us (for example, via a contact form or e-mail). The data that is collected is evident from the relevant data entry form. We use the data that you provide to process your requests. Once we have finished processing your request, we will delete your data upon expiry of the legal retention periods, unless you have provided explicit consent to the further use of your data.

Using Google Maps

This website uses Google Maps API to visually present geographical information. When using Google Maps, Google will also collect, process, and use data about using the map tool by visitors to the site. For more information please visit Google’s privacy notice.

Here you can also change your personal privacy preferences.

Detailed guidance to manage your personal data in conjunction with Google products is given here.

Embedded YouTube videos

We embed YouTube videos on some of our websites. The corresponding plug-ins are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, it will connect to YouTube's servers. YouTube will be informed which pages you visit. If you are logged into your YouTube account, YouTube can link your surfing behaviour to your account. This can be prevented by logging out of your YouTube account beforehand.

When a YouTube video is started, the provider uses cookies that collect information about user behaviour.Anyone who has disabled the storage of cookies for the Google Ad programme will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in your browser.

For more information on data protection at YouTube, see the privacy policy of the provider at:

Personal data of candidates

We are pleased that you would like to apply for a job with us. In the following, we explain how we process your personal data in the context of an application and provide further relevant information in this context.

Purposes and legal basis for processing personal applicant data

We process personal data about you for the purpose of your application for employment, insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Section 26 (1) in conjunction with (8) sentence 2 BDSG.

Furthermore, we may process personal data about you insofar as this is necessary for the defence of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1, lit. f DSGVO; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

We can transfer your personal data to companies affiliated with us in the NEXUS group of companies. The legal basis for this is Art. 6 Para. 1 S.1 Lit. f DSGVO; the legitimate interest is, for example, the economic interest of the NEXUS group of companies. The legal basis for a transfer to our affiliated companies in Switzerland is the adequacy decision of the EU Commission (V 2000/518/EC) according to Art. 45 Para. 1 DSGVO.

Insofar as an employment relationship between you and us is established, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

Categories of personal applicant data processed

We process data related to your application. This may be general data about you (such as your name, address and contact details), information about your professional qualifications and school education or information about further professional training or other information that you provide to us in connection with your application. In addition, we may process job-related information that you have made publicly available, such as a profile on professional social media networks.


Categories of recipients of personal application data

The collection and processing of your personal application data is exclusively for the purpose of filling vacancies within our company. In principle, your data will only be forwarded to the internal departments and specialist departments of our company responsible for the specific application procedure.

We can also transfer your personal data to companies affiliated with us in the NEXUS group of companies, insofar as this is permissible within the framework of the purposes and legal bases explained above. A transmission beyond this does not take place.

Transmission to a third country

The transfer within the NEXUS group of companies includes the safe third country of Switzerland.


Retention period of personal applicant data

We store your personal data as long as this is necessary for the decision on your application. If an employment relationship between you and us does not come about, we may continue to store data beyond this, insofar as this is necessary for the defence against possible legal claims. In this case, the application documents will be deleted at the latest when there is no longer any legal remedy against the announcement of the rejection decision.

If we are not able to offer you a current vacancy, but believe on the basis of your profile that your application may be of interest for future vacancies, we will store your personal application data for twelve months, provided you expressly consent to such storage and use.

Information and revocation

The paragraph of our general data protection statement (first paragraph; YOUR RIGHTS) applies.

You can exercise your rights at any time by contacting us (datenschutznexus-chilicom).

If you have any further questions, please contact our data protection officer: datenschutznexus-agde.


Changes to our Privacy Policy

We reserve the right to adjust this Privacy Statement to meet new legal requirements or to incorporate changes to our services in the Privacy Statement (for example, upon the introduction of new services). The new Privacy Statement applies when you visit our website again.

Questions for the Data Protection Officer

If you have general questions about data protection at NEXUS / CHILI, please contact our Data Protection Coordinator by e-mail:


If you have any questions to our Data Protection Officer, please contact himself by e-mail:


Video conferencing applications | Microsoft Teams

General information

When you communicate with us via a video conferencing application such as Microsoft Teams, we process your data or information. This information may be personal data. The following notices provide an overview of how we process your personal data.

You can use Microsoft Teams if you have been provided with the relevant meeting ID and, if applicable, other access data for the meeting and join it via the Teams app. It is also possible to join a meeting without the Teams app. Teams can also be used via a browser version, which you can find on the Microsoft Teams website:

In a Teams meeting, you also have the option to participate as a guest. In this case, you do not have to give your name. You can also use a pseudonym. Please note the compatibility of your browser:

Responsible entity

NEXUS / CHILI GmbH, Friedrich-Ebert-Str. 2 69221 Dossenheim, Germany

Please note additionally for Microsoft Teams:

If you access the Microsoft Teams website, the Microsoft Teams provider is responsible for data processing. Responsible party:

Microsoft Corporation
One Microsoft Way Redmond
WA 98052-6399 USA

However, accessing the website is only necessary to download the software for using Microsoft Teams. The Microsoft Teams privacy notice can be found here:


Data Protection Officer

If you have any questions about data protection, please contact our data protection officer at the following address:

Nexus AG

- Data Protection Officer -

Irmastr. 1

78166 Donaueschingen

E-mail: datenschutznexus-agde

If you have any questions about the data protection of our service provider for Microsoft Teams, you can reach the Microsoft EU Data Protection Officer at the following contact.

Microsoft Place
South County Business Park, Leopardstown
Dublin 18, Ireland.

Telephone: +353 1 706 3117

Translated with DeepL

Data subjects' rights

You have the right at any time to receive information free of charge about the type, origin, recipient and processing purpose of your personal data, as well as to demand the correction, blocking, restriction or deletion of this data, as well as to revoke your consent at any time, if necessary, to object to processing or to exercise your right of complaint with the competent supervisory authority.

To exercise your right, please contact our data protection officer as indicated above.

Nature and purpose of the processing

We use the "Microsoft Teams" video conferencing application for the purpose of conducting conference calls, online meetings, video conferences and/or webinars.

In the Microsoft stream cloud storage In our Microsoft Teams Admin Center, we have disabled allowing cloud recordings by default. Meeting content (including chats) is also not logged or recorded, these features are disabled by default.

To participate in a meeting, you can also use a pseudonym.

You can make use of the option to share your screen. In this case, users will become aware of the data and content you share via your screen.

You can use the option to set background effects, e.g. to hide your private environment.

Team data is encrypted during transmission. This includes message files (audio, video, etc.), meetings, chat messages and other content. Microsoft uses standard technologies to do this. You can find more information about the security of Microsoft Teams here

Categories of personal data

When you use Microsoft Teams, various types of data are processed. The scope of the data depends largely on the information you provide before or during participation in an online meeting. When using Microsoft Teams, data of the communication participants is processed and stored on the servers of the third-party provider used, insofar as it is data required for the communication process.

Relevant personal data categories may include in particular:

User data: Display name ("Display Name"), optionally, if applicable, e-mail address, profile picture, preferred language, master data (e.g. name, address), if applicable, pseudonyms, contact data (e.g. e-mail address, telephone number),

Content data: (e.g. text entries, photographs, videos), meta and communication data (e.g. device information, IP addresses).

Metadata: Date, time, meeting ID, phone numbers, location.

Legal basis

If personal data is processed by employees of Nexus Cloud IT GmbH (or affiliated companies), the following applies

- Section 26 para. 1 BDSG

is the legal basis for data processing. If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, performance or termination of the employment relationship, in the use of Microsoft Teams.

- Art. 6 para. 1 lit. f) DSGVO

is the legal basis for the data processing. Our interest lies in simplifying internal communication, processing enquiries, increasing efficiency and promoting cross-company or cross-location cooperation. There are no interests worthy of protection of a data subject that would conflict with the introduction/use of such a service.

Furthermore, the legal basis for data processing when conducting online meetings is

- Art. 6 para. 1 lit. b) DSGVO

insofar as the meetings are held within the framework of contractual relationships.

In some cases, we also process your data on the basis of consent pursuant to

- Art. 6 para. 1 lit. a) DSGVO.

This happens when the use of teams is initiated by you or when you voluntarily provide us with data that is not required for the implementation of the online service (optional information).

Translated with DeepL

Data colletion

The data is collected directly from you or provided by your employer.

Recipient categories

Personal data processed in connection with the use of teams will not be disclosed to third parties if it is not intended for disclosure. Often, the content of a meeting, for example, is used to communicate information to (potential) customers or third parties. The Microsoft Teams service provider necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with Microsoft Teams.


Data processing in third country

Microsoft Teams is a service provided by a service provider in the USA. Personal data may therefore also be processed in a third country. This may result in risks for users, as it may, for example, be more difficult to enforce the rights of the data subject. We have concluded an order processing agreement with the provider that complies with the requirements of Art. 28 DSGVO.

Order processor:

Microsoft Corporation
One Microsoft Way Redmond
WA 98052-6399 USA

There is no adequacy decision of the EU Commission for the transfer to the third country. The transfer takes place on the basis of Art. 46 DSGVO. We have concluded an order processing agreement with the service provider in accordance with Art. 28 DSGVO.

The transfer of data to a third country only takes place when the requirements of Art. 44 et seq. DSGVO are fulfilled. The present transfer of data to the USA takes place on the basis of standard data protection clauses, as well as the amended contractual conditions after the Schrems II ruling by Microsoft. In addition, Microsoft guarantees a claim for damages for the data subject of unlawful processing, the information of the data subject if Microsoft is obliged by government orders to hand over data, as well as the obligation of Microsoft to take legal action against the official orders to hand over the data.

Retention and deletion periods

The data will be deleted immediately after the purpose has been fulfilled. A purpose may exist if the data is still needed, for example, to fulfil contractual services, to enforce legal claims or to comply with legal obligations (e.g. retention periods).

If the data is deleted by the user, Microsoft will ensure that all copies of the personal data are deleted within 30 days.

If the use of Tams is terminated by the responsible entity, the relevant personal data will be deleted between 90 and 180 days after the service is discontinued. Further information can be found here:

Reference to a right to object to and revoke processing

The controller processes your data for the above-mentioned purpose. The legal basis for this may be Art. 6 (1) lit. a) or f) DSGVO. You have your own right of objection and revocation against processing based on these legal bases, the exercise of which leads to the termination of processing for this purpose.

If possible, please send the objection by e-mail to: datenschutznexus-agde