Contact


MVI Group GmbH
Candidplatz 11
D-81543 Munich



Phone +49 / 89 / 61 46 97 - 0
Fax +49 / 89 / 61 46 97 - 39

Data Protection
Imprint
Jobs


Apply now for a job
at the MVI Group

Privacy Policy

Data Privacy Policy pursuant to the GDPR

Name and address of the controller

The Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

MVI Group GmbH
Represented by: Christian Hirsch
Candidplatz 11
81543 Munich
Germany
Phone: +49 89 614 697 0
E-mail: info@mvi-group.com
Website: www.mvi-group.com

Name and address of the Data Protection OfficerThe Data Protection Officer of the data controller is:

BerIsDa GmbH
Rangstraße 9
36037 Fulda
Germany
Phone: +49 661 29698090
E-mail: datenschutz@berisda.de
Website: www.berisda.de

I. General information on data processing
1.      Scope of the processing of personal data

The controller collects and uses personal data of its users (hereinafter also referred to as “data subject”, “data affected person” or “visitor”) only insofar as this is necessary to provide a functioning website and to present the contents and services. The collection and processing of users’ personal data for other purposes is generally only carried out with the consent of the user. An exception applies in those cases in which it is not possible to obtain consent in advance for actual reasons, the processing is carried out based on pre-contractual or contractual measures, the processing of the data is permitted by legal regulations and/or there is a legitimate interest of the controller in the processing.

2. Legal basis for the processing of personal data

Insofar as the controller obtains the consent of the data subject for the processing of personal data, Article 6 (1) sentence 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. For any transfer to a non-secure third country, the processing is based on Art. 49 (1) sentence 1 lit. a GDPR.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which the controller is subject, Article 6 (1) sentence 1 lit. c GDPR serves as the legal basis.
If the vital interests of the data subject or another natural person make the processing of personal data necessary, Article 6 (1) sentence 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of the controller or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and duration of storage

The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply or consent granted is revoked by the data subject or processing is objected to. Furthermore, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the standards expires unless there is a need to continue storing the data for the conclusion or fulfilment of a contract.

4. Data transfer to non-secure third countries

The transfer and processing of personal data of data subjects in a non-secure third country, such as the USA, takes place under the conditions of Article 49 (1) sentence 1 a of the GDPR – based on consent granted by the data subject. For the USA (and other non-secure third countries), there is currently no adequacy decision by the EU Commission within the meaning of Article 45 (1) and (3) of the GDPR. This means that the EU Commission has not yet positively determined that there is a level of data protection there comparable to the requirements of the GDPR. Furthermore, the GDPR requires so-called “appropriate safeguards” for a data transfer to a third country or to international organizations, Art. 46 (2), (3) GDPR. These can be, for example, internal company data protection regulations approved by a supervisory authority or standard data protection contracts. In summary, there is no level of data protection comparable to the requirements of the GDPR in the non-secure third countries.

Risks of a transfer to a non-secure third country

Personal data could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who could use the data for advertising purposes, for example. In addition, it is probably not possible to effectively enforce any rights of access against the subcontractor. There may be a higher probability that incorrect data processing may occur, as the technical and organizational measures of the subcontractor for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality. It is also possible that state authorities access the personal data provided without the data subject being aware of this. This risk is particularly present when data is transferred to the USA. In principle, this also corresponds to the European legal regulations, e.g. for the purpose of security. However, the permissibility threshold for such data processing in the European Union is higher than in the country of the data recipient.

II. Rights of the data subject

If we process personal data about you, you have the following rights as a data subject vis-à-vis us as the controller:

1. Right of access, Art. 15 GDPR

Within the framework of the applicable legal provisions, you have the right to (free) information about your collected and stored personal data at any time. This includes, among other things, information about the purposes of processing, the origin and recipients of the data, the storage period and the existence of various rights.

2. Right of rectification, Art. 16 GDPR

You have the right to have your data corrected and/or completed by the controller if the personal data processed concerning you is inaccurate or incomplete. The controller shall rectify and/or complete the data without undue delay.

3. Right to erasure, Art. 17 GDPR

You can request the deletion of your personal data at any time under the conditions of Article 17 of the GDPR, unless exceptions or circumstances still apply that entitle the controller to continue to process your personal data (such as statutory retention obligations).

4. Right to restriction of processing, Art. 18 GDPR

Within the framework of the provisions of Art. 18 GDPR, you have the right to demand a restriction of the processing of the data concerning you. The prerequisite is that one of the facts mentioned in Article 18 (1) of the GDPR applies.

5. Right to information, Art. 19 GDPR

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

6. Right to data portability, Art. 20 GDPR

If processing is carried out based on your consent or on the basis of a contract and with the help of automated processes, you have the right to transfer the data you have provided within the scope of Art. 20 of the GDPR, provided that this does not affect the rights and freedoms of other persons. The data will be provided in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.

7. Right to object, Art. 21 GDPR

You have the right to object at any time, on grounds relating to your situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection pursuant to Art. 21 (1) GDPR).

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to pro-filing, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. (Objection according to Art. 21 para. 2 GDPR).

You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.

8. Automated decision in individual cases, Art. 22 GDPR

In accordance with Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision (1) is necessary for the conclusion or performance of a contract between you and the controller, (2) is permitted by Union or Member State law to which the controller is subject and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or (3) is made with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. Regarding the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

9. Right to withdraw your consent, Art. 7 para. 3 GDPR

You have the right to revoke your declaration of consent under data protection law at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation. You can send the revocation to the data controller by e-mail or by post.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

If you are in another federal state or not in Germany, you can also contact the data protection authority there. The supervisory authority responsible for us is The Bavarian State Commissioner for Data Protection.

III. SSL/TLS-Encryption

This website uses SSL/TLS encryption for reasons of security and to protect the transmission of confidential content, such as enquiries that you, as the data subject, send to us as the site operator. An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in the browser line. If SSL/TSL encryption is activated, the data you transmit to us cannot be read by third parties.

IV. External hosting

1. Description and scope of data processing

This website is hosted by an external service provider (so-called hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, page views and other data generated via a website.

2. Legal basis for the data processing

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR for the provision of the website.

3. Purpose of the data processing

The hoster is used for the purpose of a secure, fast and efficient provision of our online offer as well as the reliable presentation and provision of our internet site by a professional provider. Our legitimate interest lies in these purposes.

4. Duration of storage, possibility of objection and elimination

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. Consequently, there is no possibility for the user to object.

5. Conclusion of a contract on commissioned processing

In connection with the data processing described above, the data is forwarded and processed by our external hoster: Mittwald CM Service GmbH & Co. KG, Königsberger Str. 4-6, 32339 Espelkamp. We have concluded a contract on order processing with our hoster. This is a contract prescribed by data protection law which guarantees that Mittwald CM Service GmbH & Co. KG only processes the personal data of our site visitors in accordance with our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).

V. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the calling end device.

The following data is collected:

(1) Information about the browser type and the version used

(2) The user’s operating system

(3) The user’s Internet service provider

(4) The IP address of the user

(5) Date and time of access

(6) Internet pages from which the user’s system accesses our website

(7) Internet pages that are accessed by the user’s system via our Internet site.

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for the data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 S. 1 lit. f GDPR.

4. Duration of storage, possibility of objection and elimination

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling end device is no longer possible.

The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. Consequently, the user has no right of objection.

 

 

VI. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s system. When a user calls up our website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

When accessing our website, users are informed of the use of cookies by a consent management system from the provider Borlabs and are referred to this data protection declaration. Further information on the consent management system used can be found under point VII of this data protection information.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. In summary, these cookies are technically necessary for the operation of our website.

We also use cookies on our website that allow us to analyse the surfing behaviour of users. In this way, the following data can be transmitted:

(1) Pages visited and click behaviour

(2) Frequency of website visits and current visits

(3) Use of website functions

When accessing our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of personal data used in this context is obtained. In this context, a reference to this data protection information is also made.

Transfer to a third country: The data collected via the cookies for analysis purposes may be transferred to a service provider based in a third country. Further information can be found in this data protection information with the respective service provider. Processing of personal data thus also takes place in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. You can find further information on the transfer to a non-secure third country in this data protection information under “I. General information on data processing – 4. data transfer to non-secure third countries”.

In principle, you can prevent or block the storage of cookies in your end device in the settings of your browser. To do this, you must call up the respective settings of your browser. In addition, you can delete your stored cookie data in your browser settings.

You can change your preferences anytime:

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR; the storage of cookies in your terminal device is based on § 25 para. 2 no. 2 TTDSG.

The legal basis for the processing of personal data using cookies for [analysis purposes] is the existence of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR; for a transfer to a non-secure third country additionally based on Art. 49 para. 1 lit. a GDPR. The storage of the cookie in your terminal device takes place based on § 25 para. 1 p. 1 TTDSG.

3. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of the website for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a change of internet page. Furthermore, cookies are required to manage your consents and refusals.

We need cookies for the following applications: Consent management.

These purposes are also our legitimate interest in processing personal data according to Art. 6 Para. 1 S. 1 lit. f GDPR. The user data collected through technically necessary cookies are not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. Furthermore, the use of cookies serves to provide external content.

4. Duration of storage, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted to our website by the user. Therefore, you as a user also have full control over the use of Coo-kies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

Our cookies used are stored in detail for the following duration:

borlabs-bookie – storage period: one month

_ga (Google Analytics) – storage period: 24 months

_gid (Google Analytics) – storage period: 2 days

_gat_gtag_UA_ (Google Analytics) – storage period: 2 minutes

 

As a user, you have the right to revoke your declaration of consent under data protection law for technically unnecessary cookies at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation. You can revoke the consent you have given at any time by clicking on the blue button below on this page.

VII. Cookie Consent with Borlabs Cookie

  1. Description and scope of data processing

Our website uses the cookie consent technology of Borlabs Cookie to obtain consent for the storage of certain cookies on the end device of data subjects or for the use of certain technologies and to document this in a data protection compliant manner. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg.

When data subjects enter our website, a Borlabs cookie is stored in their browser, in which the consent given or the revocation of this consent is stored. The following information is stored in the borlabs cookie: cookie duration, cookie version, domain and path of the website, consents and UID (randomly generated ID without personal data).

This data is not passed on to the provider of borlabs-cookie.

2. Legal basis for the data processing

The use of Borlabs cookie consent technology takes place to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.  The storage of the cookie in your terminal device takes place based on § 25 para. 2 no. 2 TTDSG.

3. Purpose of the data processing

The processing of personal data serves to comply with the legal requirements of the GDPR and the TTDSG for obtaining and documenting consent.

4. Duration of storage, possibility of objection and elimination

The collected data is stored until the data subject requests us to delete it or the Borlabs cookie itself is deleted or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.

Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

VIII. E-mail-contact

1. Description and scope of data processing

On our website and in our signatures, e-mail addresses are provided via which it is possible to contact us electronically. In this case, the personal data of the person concerned transmitted with the e-mail will be stored.

To process your enquiries, data may be transmitted to a company of the MVI group of companies. The data is used exclusively for contacting you and for conducting the conversation.

2. Legal basis for the data processing

The legal basis for the processing of data transmitted while sending an e-mail is Art. 6 para. 1 p. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of personal data is solely for the purpose of processing the contact. This is also the basis for the necessary legitimate interest in processing the data.

4. Duration of storage, possibility of objection and elimination

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the data subject has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If a contract is concluded because of the e-mail contact, the corresponding (legal) retention obligations and regulations apply.

If a data subject contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. All personal data saved while contacting us will be deleted in this case.

IX. Contact form

1. Description and scope of data processing

Our website contains a contact form which you can use to contact us electronically. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:

(1) First name
(2) Surname
(3) e-mail address
(4) Subject
(5) Your message and other personal data that you send us via the message field in the contact form.

All information is mandatory.

The following data is also stored at the time the message is sent:

(1) The IP address of the user
(2) Date and time of registration

For the processing of the data, reference is made to this data protection information in the context of the sending process. In order to process your enquiries, data may be transferred to a company of the MVI group of companies. The data shall be used exclusively for processing the conversation.

2. Legal basis for the data processing

The legal basis for the processing of data transmitted via the contact form is Art. 6 para. 1 sentence 1 lit. f GDPR. If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage, possibility of objection and elimination

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

If a user contacts us via the form, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. All personal data stored while contacting us will be deleted in this case.

X. YouTube with enhanced data protection

  1. Description and scope of data processing

This website integrates videos from the YouTube platform. The operator of YouTube is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Li-mited is a subsidiary of Google LLC based in the USA.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network – regardless of whether you watch a video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. In the process, the YouTube server is informed which of our Internet pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube can save various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent fraud attempts. If necessary, further data processing processes may be triggered after the start of a YouTube video, over which we have no control.

Upstream user action

If you have not consented to the processing of your data by YouTube within the consent management, the videos that are embedded on our site will not be played immediately. You can also give your consent directly to the video afterwards by means of an upstream action.

Personal data is therefore also processed in a non-secure third country. In the USA, there is no data protection level comparable to the requirements of the GDPR. In addition, data may be transferred to YouTube partners. Further information on the transfer to a non-secure third country can be found in this data protection information under “I. General information on data processing – 4. data transfer to non-secure third countries”.

2. Legal basis for the data processing

The legal basis for the processing of the data is the existence of the user’s consent pursuant to Art. 6 para. 1 sentence 1 lit. a and Art. 49 para. 1 sentence 1 lit. a GDPR – as well as Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

3. Purpose of the data processing
YouTube is used in the interest of an appealing and clear presentation of our online offers, products and services.

4. Duration of storage, possibility of objection and elimination
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation. You can revoke the consent you have given via the Consent Management or the Data Protection page.
For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

XI. Google Tag Manager

  1. Description and scope of data processing

This website uses the Google Tag Manager. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of Google LLC based in the USA.

The Google Tag Manager is a tool with the help of which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to servers in the USA.

Personal data is therefore also processed in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. It is also possible for data to be transferred within the Google network. Further information on the transfer to a non-secure third country can be found in this data protection information under “I. General information on data processing – 4. data transfer to non-secure third countries”.

2. Legal basis for the data processing

The Google Tag Manager is used based on your consent in accordance with Art. 6 para. 1 p. 1 lit. a. GDPR and Art. 49 para. 1 p. 1 lit. a GDPR – as well as § 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

3. Purpose of the data processing
The Google Tag Manager is used to manage website tags via an interface. This enables us to control the precise integration of services on our website. This allows us to flexibly integrate additional services to evaluate our users’ access to our website.

4. Duration of storage, possibility of objection and elimination
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation. You can revoke the consent you have given via the Consent Management or the Data Protection page.

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the data protection statement for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

XII. Google Analytics

  1. Description and scope of data processing

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of Google LLC based in the USA.

Google Analytics enables the site operator to analyse the behavior of site visitors. In doing so, the site operator receives various usage data, such as website visits, length of stay, operating systems used and the origin of the user. Among other things, the following personal data can be collected and analysed: User activities, device and browser information (in particular IP address), data on the advertisements displayed (click rates) and data from advertising partners. This data may be combined by Google into a profile that is assigned to the respective user or their end device.

Google Analytics uses cookies and other browser technologies that enable the recognition of the user for the purpose of analysing user behavior. This information is used, among other things, to compile reports on website activity. The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there. Google also transfers your data to Google affiliates and other partners.

Personal data is therefore also processed in a non-secure third country. In the USA, there is no data protection level comparable to the requirements of the GDPR. It is also possible for data to be transferred within the Google network.  Further information on the transfer to a non-secure third country can be found in this data protection information under “I. General information on data processing – 4. data transfer to non-secure third countries”.

IP address anonymisation (Google Analytics 4)

We use Google Analytics 4 on this site. Your IP address is automatically anonymised. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

2. Legal basis for the data processing
The use of this analysis tool is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR and for any transfer to a third country based on Art. 49 para. 1 lit. a GDPR. The storage of information in your terminal equipment is based on Art. 25 para. 1 p. 1 TTDSG.

3. Purpose of the data processing
The use of Google Analytics on our site serves to analyse the user behaviour of our site visitors to optimise and play out both our web offer and our advertising.

4. Duration of storage, possibility of objection and elimination
The collected data will be stored until you delete the cookies set by Google Analytics yourself or the purpose for storing the data no longer applies. As a user, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation. You can revoke the consent you have given via the Consent Management or the Data Protection page.

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

For site visitors who do not want their data to be used in Google Analytics, Google has developed a browser add-on to deactivate Google Analytics. You can download and install the available browser plug-in at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on how Google Analytics handles user data can be found in Google’s data protection statement: https://support.google.com/analytics/answer/6004245?hl=de

Further information on data protection can also be found in the data protection declaration for Google Analytics: https://policies.google.com/privacy.

5. Conclusion of a contract on commissioned processing

We have concluded an order processing contract with Google. This is a contract required by data protection law, which ensures that Google only processes the personal data of our site visitors according to our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).

XIII. Content Delivery Network (Cloudflare)

1. Description and scope of data processing

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. The transfer of information between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyse the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but only for the purposes described here. When you visit our website, a connection is established to Cloudflare’s servers, e.g. in order to retrieve content. As a result, personal data may be stored and analysed in server log files, in particular the user’s activity (especially which pages have been visited) and device and browser information (especially the IP address and the operating system).

Personal data is therefore also processed in a non-secure third country. In the USA, there is no data protection level comparable to the requirements of the GDPR. You can find further information on the transfer to a non-secure third country in this data protection information under “I. General information on data processing – 4. data transfer to non-secure third countries”.

2. Legal basis for the data processing

The legal basis for the processing of the data is the existence of the user’s consent in accordance with Art. 6 para. 1 sentence 1 lit. a and Art. 49 para. 1 sentence 1 lit. a of the German Data Protection Act (GDPR) – as well as Section 25 para. 1 sentence 1 of the German Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG.

3. Purpose of the data processing
The data processing serves the secure and fast provision of our website as well as the delivery and acceleration of online applications.

4. Duration of storage, possibility of objection and elimination
Your personal information will be retained for as long as necessary to fulfil the purposes described above or as required by law.

Information on objection and removal options vis-à-vis Cloudflare can be found at: https://www.cloudflare.com/de-de/privacypolicy/.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation. You can revoke the consent you have given via the Consent Management or the Data Protection page.

5. Conclusion of a contract on commissioned processing

In connection with the data processing described above, the data is transferred to and processed by Cloudflare. We have concluded an order processing contract with Cloudflare. This is a contract required by data protection law, which ensures that Cloudflare only processes the personal data of our site visitors according to our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.). Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/. Further information on the topic of security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.