Privacy Policy of
MRM Distribution GmbH & Co. KG
Status: 02/2021
We comply with the applicable data protection regulations, in particular the requirements of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). We only process your personal data if the law permits the data processing or if you have given your consent to the processing of your data. The transparency of data processing is an important concern for us, so we would like to inform you comprehensively with the following notes on data protection.
Overview:
1. RESPONSIBILITY
3. GENERAL INFORMATION ON DATA PROCESSING
9. DATA PROCESSING FOR ADVERTISING PURPOSES
10. WEBSITE OPTIMIZATION, REACH MEASUREMENT AND ONLINE MARKETING
12. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT
13. DISCLOSURE OF DATA; PROCESSING IN THIRD COUNTRIES
16. GOOGLE FONTS (local embedding)
In detail:
1. RESPONSIBILITY
Responsible for the processing of your personal data on this website is:
MRM Distribution GmbH & Co KG
Represented by the general partner:
MRM Distribution Verwaltungs GmbH, represented by the managing director Christian Bedel;
Carl-von-Linde-Strasse 38
85716 Unterschleißheim
Germany
https://mrm-distribution.com
info@mrm-distribution.com
Data Protection Officer
Regier Thomas
DataCo GmbH
Dachauer Straße 65
80339 Munich, Germany
datenschutz@dataguard.de
089740045840
2. DATA PROTECTION OFFICER
You can reach our data protection officer at datenschutz@mrm-distribution.com or by phone at +49 (0)89 2488 369-0.
3. GENERAL INFORMATION ON DATA PROCESSING
a. Scope & purpose of the processing of personal data
As a user of this website, we process your personal data only to the extent necessary to provide a functional website and our content and services. Your personal data will only be processed according to your purpose-related consent, unless the data processing is also permitted by law without obtaining prior consent. The purposes of the processing result from the processing activities described in more detail below.
b. Legal basis for the processing of personal data
Insofar as we obtain your consent for processing operations involving personal data, Art. 6 para. 1 p. 1 a) EU Data Protection Regulation (DSGVO) serves as the legal basis.
If the processing of your data is necessary for the performance of a contract to which you are a party, Art. 6 (1) p. 1 b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as processing of your personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 para. 1 p. 1 c) DSGVO serves as the legal basis.
In the event that vital interests of you or another natural person require the processing of personal data, Art. 6 (1) d) DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 (1) p. 1 f) DSGVO serves as the legal basis for the processing.
c. Data deletion and storage period
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this is required by law or by other legal provisions that are binding for us. Data will also be blocked or deleted if a storage period prescribed by the aforementioned legal provisions expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
d. Types of data processed
– inventory data (e.g. name, address);
– contact data (e.g. e-mail address, telephone number);
– content data (e.g. text input, photographs, videos);
– usage data (e.g. website views, access times, personal interests);
– communication and metadata (e.g. IP addresses, device information).
e. Purposes of processing
– provision of the online offer, its functions and content;
– answering contact requests and communication with users;
– security measures;
– reach measurement/marketing.
f. Categories of data subjects
Visitors and users of the online offer (hereinafter “users”).
g. Regulations on the provision of data and consequences of non-provision
The provision of personal data is in part required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may be necessary for you to provide us with personal data that must subsequently be processed by us. For example, you are obliged to provide us with personal data if our company concludes a contract with it. Failure to provide the personal data would mean that the contract could not be concluded.
h. Automated decision-making
Automated decision-making does not take place through us.
4. YOUR RIGHTS
When processing your personal data, you have the following rights, which we would like to inform you about below. For this purpose, you can contact us as the responsible party, the contact details can be found above under 1.
a. Right to information (Art. 15 DSGVO)
Upon request, we will confirm whether personal data concerning you is being processed. If this is the case, you have a right to be informed about the following information
– the purpose(s) of the data processing,
– the categories of data processed, as well as
– if applicable. the recipients or categories of recipients to whom data are disclosed on the basis of legal obligations or contractual relationships; in particular in the case of recipients in third countries
– the planned storage period, or if this is not possible, the criteria for determining the period – the existence of a right to rectification or erasure of the personal data concerning them, or to restriction of processing by us or a right to object to such processing
– the existence of a right of appeal to the supervisory authority
– in the event that the personal data are not collected from the data subject: Any available information about the origin of the data
– The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the scope and the intended effects of such processing for the data subject
– In case of transfer to a third country or to an international organization, about the appropriate safeguards in connection with the transfer.
Upon request, you will receive a copy of the data collected and processed from you. In principle, this will be done free of charge.
b. Right to rectification (Art. 16 GDPR)
You have the right to request that inaccurate personal data relating to you be rectified without undue delay. You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
c. Right to deletion (Art. 17 DSGVO) (so-called right to be forgotten)
Upon request or after fulfillment or termination of the contract with us, your personal data will be deleted immediately if this does not conflict with tax or commercial law storage or documentation obligations or the safeguarding of the legitimate interests of the responsible party is at risk.
A claim for deletion exists under the following conditions:
– The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
– You withdraw your consent on which the processing was based pursuant to Art. 6 (1) sentence 1 a DSGVO or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.
– you object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or an objection to the processing has been lodged pursuant to Art. 21 (2) DSGVO.
– the personal data have been processed unlawfully.
– erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
– The personal data has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR (consent was given by a child).
d. Right to restriction of processing (Art. 18 DSGVO) (blocking).
Under the following conditions, you have the right to request the restriction of processing, i.e. the blocking of your personal data for processing:
– the accuracy of the personal data is contested by you for a period of time which allows us to verify the accuracy of the personal data.
– the processing is unlawful, you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
– The controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims.
– The user has objected to the processing pursuant to Article 21 (1) DSGVO and it is not yet clear whether the legitimate grounds of the controller outweigh those of the user.
e. Right to data portability (Art. 20 DSGVO) (Data portability)
Upon request, your data can be provided in a structured, common and machine-readable format for you and a service provider working in the connection, for a fee, in order to enable a quick transfer. This applies in any case insofar as the processing is based on consent pursuant to Art. 6 (1) p. 1 a DSGVO or Art. 9 (2) a) DSGVO or on a contract pursuant to Art. 6 (1) p. 1 b DSGVO and the processing is carried out with the aid of automated processes.
f. Right to revoke your consent (Art. 7 para. 3 DSGVO)
You may revoke your consent once given at any time by declaration to us. This has the consequence that we may no longer continue the data processing based on this consent for the future.
g. Right of appeal to the supervisory authority (Art. 77 DSGVO)
If you are of the opinion that a violation of data protection regulations has occurred, you have the right of appeal to the competent supervisory authority. For example, for companies in Bavaria, this is the Bavarian State Commissioner for Data Protection: https://www.datenschutz-bayern.de
h. Right of objection (Art. 21 DSGVO)
You also have the right to object to the processing of your personal data. If the processing is carried out for the purpose of direct advertising (e.g. newsletter), this right exists at any time. Otherwise, the right may also exist for reasons arising from your particular situation to object at any time to the processing of personal data concerning you. This only applies insofar as the processing is carried out on the basis of Art. 6 (1) (e) or (f) DSGVO (perception of public interests or protection of legitimate interests by the controller). We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
To exercise this right of revocation, you can also send us an informal message via the contact options mentioned under point 1 or 2, stating your intention to revoke.
5. SERVER AND LOGFILES
Log files
In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 f) EU-DSGVO):
Date and time of access, name of the pages accessed, anonymized IP address of the requesting device, referrer URL (origin URL from which visitors came to our websites), the amount of data transferred, loading time, browser type, language & version, name of the visitor’s access provider, operating system and its interface. The log data is stored for a period of 60 days.
Hosting
We use a so-called hoster to provide certain services in connection with the operation of this website: in detail, IT infrastructure, computing services, database services, e-mail dispatch, security services, server storage space and technical maintenance services are provided, among others.
In doing so, we. or our hoster, respectively, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of our website visitors on our behalf on the basis of our legitimate interests in a professional and secure provision of our website pursuant to Art. 6 para. 1 p. 1 f) DS
GVO.
6. USE OF COOKIES
In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and allow certain information to flow to us as the entity that set the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.
Use of cookies:
a) Temporary cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Permanent cookies remain stored even after the browser is closed. In this way, settings or preferences can be saved, for example.
c) First-party cookies are set by the respective website operator itself, whereas third-party cookies are used by third parties (e.g. advertising partners).
d) Necessary cookies (also called necessary or essential cookies) are, on the one hand, absolutely necessary for the operation of a website (e.g. to save logins or other user entries) or are required for security reasons.
e) Furthermore, there are cookies set, for example, for personalization, for statistical purposes and for marketing.
This website uses the following cookies, some of which are necessary for the operation of our website:
| Responsible | Designation | Purpose | Storage duration | Receiver | Required |
| Item 1 | _ga, _gat, -gid | Analysis / Tracking (Google Analytics) | 14 months | No | |
| Item 1 | _ga, _gat, -gid | Analysis / Tracking (Google Tag Manager) | 14 months | No | |
| Item 1 | mrm-cookie | Consent | 1 year | – | Yes |
| Item 1 | googtrans | Multilingualism (Google Translate) | Session | No | |
| Item 1 | NID | Google Maps | 6 months | No | |
| Item 1 | NID | Youtube – Contents | 6 months | No |
If these cookies are not required and/or information contained therein is personal data, the legal basis for data processing is your consent pursuant to Art. 6 para. 1 S.1 a) DSGVO, which is stored via a cookie. You give your consent via our cookie notice. This summarizes the cookies into certain purpose-related categories. The category of cookies required is pre-filled and cannot be deselected.
Insofar as these cookies are necessary cookies and/or information contained therein is personal data, the legal basis for data processing is Art. 6 (1) p. 1 f) DSGVO. Our interest in maintaining the functionality of our website is thereby to be regarded as legitimate within the meaning of the aforementioned provision.
If the processing is based on your consent, you have the option to revoke this at any time with effect for the future and thus prevent the further collection of your data by deselecting optional cookie categories or cookies (detail view) in the cookie settings. Unless and insofar as you do not consent or revoke granted consent, the (further) collection of data by means of optional cookies requiring consent and the associated data processing will cease. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can also configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website. In addition, you can generally object to the use of cookies for online marketing, for example, on the https://www.youronlinechoices.com/de/ page.
The details of the previously mentioned third-party services can be found in the items listed below.
7. CONTACT US
Contacting us by email, mail & phone
You have the option to contact us in several ways. By e-mail, by phone or by mail. When you contact us, we use the personal data that you voluntarily provide in this context solely for the purpose of contacting you and processing your request.
The legal basis for this data processing is Art. 6 (1) b). Your data will be deleted when it is no longer needed for the purpose of processing and there is no legal obligation to store it.
Contact form
A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered by you in the input mask will be transmitted to us in encrypted form and stored.
The legal basis for the processing of your data is Art. 6 para. 1 p. 1 a) DSGVO if you have given your consent. If there is no individual consent from you, we process your data on the basis of Art. 6 para. 1 p. 1 b) DSGVO. The processing of personal data from the input mask serves us solely to process the contact.
8. (PRE)CONTRACTUAL SERVICES
Processing in connection with online store
We process your personal data as a registered and activated commercial customer only to the extent necessary
for processing your orders in the online store or in the context of your contact.
We only ever process the personal data that you provide us with, such as your name, contact details, payment data and order data.
The data processing is carried out for the purpose of fulfilling the contract as well as carrying out pre-contractual measures on the legal basis of Art. 6. para. 1 sentence 1 letter b DSGVO. In order to process your email address in the event of a purchase via our websites/apps, we are also required by law in the German Civil Code (BGB) to send an electronic order confirmation (Article 6 para. 1 letter c) DSGVO).
In order to provide you with the greatest possible convenience, we offer you the permanent storage of your personal data in a password-protected customer account/user account.
The creation of the customer account is basically voluntary and is based on your consent within the meaning of Article 6 (1) (a) DSGVO. After setting up a customer account, no new data entry is required. In addition, you can view and change the data stored about you in your customer account at any time.
In addition to the data requested when placing an order, you must enter a password of your choice to set up a customer account. This serves together with your e-mail address for access to your customer account. Please treat your personal access data confidentially and in particular do not make them accessible to unauthorized third parties. You have the option to delete your customer account at any time. Please note, however, that once you have placed an order with us, this does not mean that the data visible in the customer account will be deleted at the same time. The deletion of your data takes place automatically after the expiry of the retention obligations applicable to us under commercial and tax law. The legal basis for this data processing is Art. 6 (1) letter c) DSGVO and Art. 6 (1) sentence 1 letter f) DSGVO.
For the processing of a purchase contract, details of your delivery address will be passed on to logistics companies and shipping partners commissioned by us. The respective data will be transmitted solely for the respective purposes and deleted after delivery.
Insofar as we do not use your data for advertising purposes, we store the data collected for the processing of the contract until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiration of this period, we keep the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period, the data will be processed again solely in the event of an audit by the tax authorities.
9. DATA PROCESSING FOR ADVERTISING PURPOSES
Advertising existing customers
In principle, we have a legitimate interest in using the data of our existing customers for marketing purposes. We collect the following data from our existing customers for our own marketing purposes: first name, last name, postal address, e-mail address, year of birth. The legal basis for the use of personal data for marketing purposes is Art. 6 para. 1 p. 1 f) DSGVO.
If you are not an existing customer of ours, we will only process your data for marketing purposes on the basis of your express consent for these purposes pursuant to Art. 6 (1) p. 1 a) DSGVO.
Proper order processing agreements have been concluded with service providers that we use for the purpose of supplying advertising and who process data on our behalf strictly in accordance with instructions.
Note on the right of revocation
You may object to the use of your personal data for the aforementioned advertising purposes at any time, free of charge and with effect for the future, by using the contact details provided in section 1 or 2.
If you object, your data will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.
Advertising with consent
We process your data for marketing purposes only on the basis of explicit consent for these purposes pursuant to Art. 6 (1) p. 1 a) DSGVO.
Proper order processing agreements have been concluded with service providers that we use for the purpose of supplying advertising and who process data on our behalf strictly in accordance with instructions.
Note on the right of revocation
You can revoke your consent at any time free of charge with effect for the future.
To exercise this right of revocation, you can send us an informal message via the contact options mentioned under point 1 or 2, expressing your intention to revoke. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Newsletter
If you would like to receive the newsletter offered on our website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. We use your data exclusively for sending the newsletter. The legal basis for this data processing is your consent according to Art. 6 para. 1 p. 1 a) DSGVO.
The newsletter is sent on the basis of our legitimate interests in an effective, secure and user-friendly newsletter system in accordance with Art. 6 para. 1 p. 1 f) DSGVO by means of the service provider dskom GmbH, Reginhardstraße 34, 13409 Berlin, Germany within the framework of a concluded order processing agreement (Art. 28 DSGVO). The privacy policy of the shipping service provider can be found at: https://www.dskom.de/werbung-marketing/kontakt/datenschutz.php.
The newsletters contain a so-called web beacon. These are small graphics that enable log file recording or log file analysis, which are used for statistical evaluations for online marketing and are retrieved by dskom when the newsletter email is opened. In the course of this retrieval, technical information, such as information about the browser and your system and the time of retrieval, is collected. This information is used for the technical improvement of our services based on the technical data, the target groups and their respective reading behavior. The statistical data collected includes information on whether a newsletter is opened, its time and the links clicked. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
The data you provide for the purpose of receiving the newsletter will be stored by us or dskom until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or dskom in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) p. 1 f) DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
Notice Right of revocation
You can revoke your consent to the sending of the newsletter at any time with effect for the future and unsubscribe from the newsletter. You can request the revocation by clicking on the link provided in each newsletter e-mail or, for example, by sending an e-mail to us (see section 1 or 2).
10. WEBSITE OPTIMIZATION, REACH MEASUREMENT AND ONLINE MARKETING
Google (Universal) Analytics
We use Google (Universal) Analytics on our website based on your consent given in the cookie banner pursuant to Art. 6 para. 1 S.1 a) DSGVO for the analysis and improvement as well as the commercial design of our online offer Google (Universal) Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) with the extension of “IP anonymization” (also called “IP mask method”). Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there. The information generated by the cookie about your use of this website are about
– browser type/version,
– operating system used,
– referrer URL (the previously visited page),
– host name of the accessing computer (IP address),
– time of the server request.
For details on cookies, please refer to section 5 above.
The data collected as part of Google Analytics may be stored and processed in the USA or in any other country in which Google or subcontractors of Google maintain facilities. However, the IP mask method used by us ensures that the IP address is shortened within EU member states or in other EEA member states before it is transmitted to a Google server in the USA and stored there, so that a full IP address is not transmitted and the identification of a person is thus prevented or made significantly more difficult. Only in exceptional cases is the full, i.e. unabbreviated, IP address transmitted to a Google server in the USA and only shortened there.
Google will use the aforementioned information on our behalf to evaluate the use of our online offer by users and to provide us with reports on the activities within this online offer and, if necessary, to provide us with further services in this context. For this purpose, pseudonymous user profiles can be created from the processed data.
The (shortened) IP address transmitted by the user’s browser is not merged with other data from Google. You can prevent the storage of cookies by selecting the appropriate settings on your browser software and prevent the collection of data generated by the cookie in relation to the online offer and its processing by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information about Google’s use of data, settings and opt-out options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads) as well as Google’s advertising display settings (https://adssettings.google.com/authenticated).
Users personal data is deleted or anonymized after 14 months.
For additional information on the transfer of data to the USA, please refer to section 13.
Google Signals
We have enabled the Google Signals feature in Google Analytics (see previously). As a result, existing Google (Universal) Analytics features, such as re-marketing with Google Analytics, ad reporting features, interest and demographic reporting, and cross-device reporting are updated.
This allows us to receive aggregated and anonymized data from you, provided you have allowed personalized ads in your Google account. Data of individual users is not disclosed. Google Signals enables cross-device tracking, which means that your data can also be analyzed across devices. By activating Google signals, data is collected and linked to your Google account.
This allows Google to track when you visit our website via different devices, such as smartphone and PC. Through Google signals, we can consequently launch cross-device remarketing campaigns (see section 11), so that we can also display our offer to you on other websites.
Google Analytics also collects additional visitor data on our website history and actions through Google Signals, which provides us with advertising reports from Google and helpful information about your interests, geographic and demographic characteristics, and social criteria to define target/people groups.
With the help of these reports, we can optimize and adapt our services and products for you. This data expires by default after 26 months. However, the collection of data within the scope of Google signals only takes place if you have allowed personalized advertising in your Google account. You can manage or also delete this data in your Google account.
In all other respects, the information previously provided under Google (Universal) Analytics applies.
Google Tag Manager
We would like to point out that we use the Google Tag Manager based on your consent given in the cookie banner in accordance with Art. 6 (1) p. 1 a) DSGVO. The Google Tag Manager itself does not collect any personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites.
We use the Tag Manager for the Google services Google Analytics and GA Audience. If you have made a deactivation, this deactivation is taken into account by the Google Tag Manager.
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
Website: https://marketingplatform.google.com;
Privacy policy: https://policies.google.com/privacy;
For more information on Google Tag Manager visit: https://www.google.com/intl/de/tagmanager/use-policy.html.
For supplementary information on the transfer of data to the USA, please refer to Section 13.
Calendly
On our website you have the possibility to make appointments with us. We use the tool “Calendly” for booking appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).
For the purpose of booking an appointment, enter the requested data and the desired date in the mask provided. The entered data will be used for the planning, execution and, if necessary, for the follow-up of the appointment. The appointment data is stored for us on the servers of Calendly, whose privacy policy you can view here: https://calendly.com/privacy.
The data you enter will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.
The legal basis for the data processing is Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in making it as uncomplicated as possible to arrange appointments with interested parties and customers. If consent has been requested, Art. 6 para. 1 lit. a DSGVO is the legal basis for data processing; consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://calendly.com/pages/dpa.
Order processing
We have concluded
an order processing
agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Hotjar
This website uses Hotjar. Provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool for analyzing your user behavior on this website. With Hotjar, we can record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you have remained with the mouse pointer on a certain place. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.
Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).
In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator’s web offerings.
Hotjar uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or use of device fingerprinting).
The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) a DSGVO; the consent can be revoked at any time.
Disabling Hotjar
If you would like to disable data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/opt-out
Please note that disabling Hotjar must be done separately for each browser or device.
For more information about Hotjar and the data it collects, please see Hotjar’s privacy policy at the following link: https://www.hotjar.com/privacy
Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
11. ADVERTISING PARTNER
We work with advertising partners to make the online offer on our site even more interesting for you. For this purpose, when you visit our site, the cookies mentioned above under item 5 are also set by our advertising partners (so-called third-party cookies). In the cookies of our advertising partners, information is also stored using pseudonyms about your user behavior and your interests when visiting our site. In some cases, information is also collected that was obtained on other sites before you visited our site. Based on this information, interest-related advertisements from our advertising partners are displayed to you. No personal data is stored and no usage profiles are merged with personal data about you.
You can prevent the interest-based advertising of our advertising partners by selecting the appropriate cookie setting in your browser.
Google AdSense
We use Google AdSense on our website based on your consent granted in the cookie banner pursuant to Art. 6 (1) p. 1 a) DSGVO. Google AdSense is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, for embedding advertisements. Google AdSense uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. Furthermore, Google AdSense uses so-called web beacons. These web beacons enable Google to analyze information such as the flow of visitors to our site. In addition to your IP address and the recording of the advertising formats displayed, this information is transmitted to Google in the USA, stored there and may be passed on by Google to contractual partners. However, Google does not merge your IP address with other data stored by you. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. You can object to the use of your information at any time here.
For more information, please visit: https://policies.google.com/privacy?hl=de
Google Ads (Adwords)
Our website uses the service based on your consent given in the cookie banner in accordance with Art. 6 para. 1 p. 1 a) DSGVO Google Ads. Google AdWords is an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy?hl=en.
In doing so, we use on the one hand the remarketing function (“similar target groups”) within the Google Ads service. With the remarketing function, we can present users of our website with advertisements based on their interests on other websites within the Google display network (on Google itself, so-called “Google Ads” or on other websites). For this purpose, the interaction of the users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to the users on other sites even after they have visited our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google display network. This number, known as a “cookie”, is used to record the visits of these users. This number is used to uniquely identify a web browser on a particular computer and not to identify a person; personal data is not stored.
Furthermore, we measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page marked with a so-called “conversion tracking tag”. However, we ourselves do not receive any information with which users can be identified.
The legal basis for this data processing is Article 6 (1) f) DSGVO.
You can disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: www.google.com/settings/ads/plugin.
You can find more information about Google Remarketing and Google’s privacy policy at: www.google.com/privacy/ads/.
12. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT
Within the scope of our website, we use offers from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”), on the basis of consent pursuant to Art. 6 (1) p. 1 a) DSGVO or, if consent does not exist in an individual case and is not legally required, on the basis of our legitimate interests (i.e. interest in evaluating the use of our website and improving the operation of our website within the meaning of Art. 6 (1) p. 1 f) DSGVO).
This may require the respective third-party providers to perceive your IP address, as they could not send the content to your browser without the IP address. The IP address is thus required for the delivery and display of this content. The third-party providers may also use so-called “pixel tags” (invisible graphic files, also called “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze usage behavior on this website. The pseudonymous information may be stored in cookies on your device and may contain, for example, technical information about visiting times, the browser and operating system, previously visited website and other information about the use of our website. A link with similar information from other sources does not take place.
If you do not want pixel tags to record your usage behavior, you can object to the data collection at any time by sending us a message (see section 1 or 2).
Google Maps
We may integrate maps of the Google Maps service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, provided that you have given your consent to this in the context of the cookie query. Accordingly, the legal basis is your consent pursuant to Art. 6 para. 1 p. 1 a) DSGVO. The processed data may include, in particular, IP addresses and location data of the users, which, however, will not be collected without their consent (usually executed as part of the settings of their mobile devices). The data may be processed in the USA. Its privacy notice can be found at: https://www.google.com/policies/privacy/. You can set an opt-out under this link: https://adssettings.google.com/authenticated.
YouTube
We may integrate videos from the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on the basis of your consent given with the cookie notice. You can find their data protection information at: https://www.google.com/policies/privacy/
The legal basis for the processing is your consent pursuant to Art. 6 para. 1 p. 1 a) DSGVO. You can set an opt-out under this link: https://adssettings.google.com/authenticated or by adjusting the cookie settings.
Google Translator (Google Translate)
We integrate the so-called Google Translator on the basis of your consent given with the cookie notice, if applicable, in order to be able to offer our website in different languages. The legal basis for the processing is your consent pursuant to Art. 6 para. 1 p. 1 a) DSGVO. The service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can find their data protection information at: https://www.google.com/policies/privacy/. You can set an opt-out under this link: https://adssettings.google.com/authenticated or by adjusting the cookie settings.
13. DISCLOSURE OF DATA; PROCESSING IN THIRD COUNTRIES
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO).
The data collected as part of the aforementioned Google products may be stored and processed by Google in the USA, among other places. We have no influence on the further data processing by Google. For a data transfer to a third country, i.e. a country outside the EU or the EEA, appropriate guarantees for the protection of your personal data are generally required. After the European Court of Justice invalidated the Commission’s Implementing Decision (EU) 2016/1250 of July 12, 2016 on the adequacy of the protection provided by the EU-US Privacy Shield (“EU-US Privacy Shield”), the EU-US Privacy Shield can no longer be used as a guarantee for an adequate level of protection in the US according to EU standards. Thus, there is currently no level of data protection in the U.S. equivalent to that in the EU within the meaning of Art. 45 GDPR, and we are also unable to provide suitable guarantees under Art. 46 GDPR to compensate for this deficit. Thus, data transfer to the USA is only permissible here with your express consent pursuant to Art. 49 (1) a) DSGVO, which can be granted by you with the cookie notice by selecting optional cookie categories or cookies (detail view). Possible risks of this data transfer are that access by state authorities, such as security authorities and/or intelligence services, cannot be ruled out and your data could be processed by them, possibly without you being informed separately and without enforceable rights and effective legal remedies being available to you, for reasons of national security, law enforcement or for other purposes in the public interest of the USA.
Otherwise, we will only share your information with third parties if:
– you have expressly given your consent to this in accordance with Art. 6 (1) p. 1 a) DSGVO,
– the disclosure is necessary in accordance with Art. 6 (1) p. 1 f) DSGVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
– there is a legal obligation for the disclosure in accordance with Art. 6 para. 1 p. 1 c) DSGVO a legal obligation exists or
– this is legally permissible and required under Art. 6 para. 1 p. 1 b) DSGVO for the processing of contractual relationships with you.
Disclosure to tax offices and social security institutions only takes place if there is a legal obligation to do so; the legal basis is Art. 6 (1) p. 1 c) DSGVO. The transfer to service providers takes place only on the basis of a proper agreement on commissioned processing in accordance with Art. 28 DSGVO.
14. APPLICANT DATA
We process the personal data of applicants for the purpose of handling the application process. The processing may also take place electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by e-mail. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents are automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the responsible party oppose deletion.
15. AMENDMENTS
The responsible party reserves the right to adapt security and data protection measures insofar as this becomes necessary due to technical or legal developments. In these cases, the responsible party will also adapt this data protection notice accordingly. Please therefore note the current version of our data protection information.
16. GOOGLE FONTS (local embedding)
This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site.
These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Fonts, please follow this link:
https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under:
https://policies.google.com/privacy?hl=en.
17. DEFINITIONS
For a better understanding, we would like to provide you with the definitions of the GDPR here below, as far as they are relevant for our privacy notices.
| Supervisory authority | “Supervisory Authority” means an independent governmental body established by a Member State pursuant to Article 51 of the GDPR. |
| Processor | Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller. |
| Third | Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor. |
| Restriction of processing | Restriction of processing is the marking of stored personal data with the aim of limiting their future processing (in the sense of blocking) |
| Consent | Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her. |
| Receiver | A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients. |
| Personal data | Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data is, simplified, individual information about personal or factual circumstances of an identified or identifiable natural person, i.e. not legal entities, such as a GmbH. Personal data primarily includes information such as the name, address, e-mail address, but also the IP address. |
| Profiling | is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location. |
| Pseudonymization | Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person. |
| Responsible | The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law. |
| Processing | Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |