1. Data protection at a glance
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data collection on our website
We use the personal data provided by you generally, to answer your enquiries, to process your orders or to afford you access to specific information or services. For the purposes of customer relations management, it may also be necessary for us or a service company contracted by us to use this personal data to notify you of product offers or to conduct online surveys in order to better meet the needs and requirements of our customers. We naturally respect your wishes if you choose not to surrender your personal data to us to support our customer relations activities (in particular for direct marketing or for market research purposes). We will not sell your personal data to third parties or market it in any other way.
We will collect, process and use the personal data you provide online exclusively for the stated purposes. Your personal data will not be disclosed to third parties without your express consent. Personal data is only collected and disclosed to government institutions and authorities that are entitled to information in line with the relevant laws or if we are obliged to do so by a court order. Our employees and the service providers contracted by us are obliged by us to observe confidentiality and to adhere to the provisions of the EU’s General Data Protection Regulation (GDPR).
This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
3. General and mandatory information
3.1 Data protection
Various examples of personal data are collected when you use this website.
Please bear in mind that online data transmission (e.g. email communication) can entail security vulnerabilities and that data cannot be fully protected against third-party access.
3.2 Information regarding the controller
The data processing controller for this website is:
3.3 Statutory data protection officer
We have appointed a data protection officer for our company.
Phone: +49 611 950008-40
Fax: +49 611 950008-59
3.4 Revoking your consent to data processing
Many data processing procedures are only permissible with your explicit consent. You may revoke the consent you have granted at any time. To do so, you simply need to send us an informal email to this effect.
Your revocation does not affect the lawfulness of the data processing performed prior to the revocation of consent.
3.5 Data subject rights
3.5.1 Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)
Where your personal data is processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be processed for such direct marketing purposes (objection pursuant to Art. 21  GDPR).
3.5.2 Right to lodge a complaint with the competent supervisory authority
If the GDPR is infringed, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint shall exist without prejudice to any other administrative or judicial remedy.
3.5.3 Right to data portability
You have the right to have data which we process automatically on the basis of your consent or for the performance of an agreement surrendered to you or to a third party in a commonly used and machine-readable format. Insofar as you demand that data be transmitted to another controller, this shall be only affected where technically feasible.
3.5.4 Access, blocking, erasure and rectification
In accordance with the applicable statutory provisions, you have the right to access the personal data saved relating to you, its source and recipients, and the purpose of the processing of this data at any time free of charge, and, if applicable, the right to have this data rectified, blocked or erased. In this regard and should you have any other queries, you may contact us at any time at the address listed in our legal notice.
3.5.5 Right to restriction of processing
You shall have the right to obtain restriction of the processing of your personal data.
In this regard, you may contact us at any time at the address listed in our legal notice. A right to the restriction of processing exists in the following cases:
- If you contest the accuracy of the personal data stored by us, we generally need time to verify its accuracy. You shall have the right to obtain restriction of the processing of your personal data for the duration of this verification process. If the processing of your personal data was/is unlawful, you may demand that its processing be restricted rather than it being erased.
- If we no longer need your personal data, but it is required by you for the exercise, defence or establishment of legal claims, you have the right to obtain restriction of its processing rather than it being erased.
- If you have objected to data processing pursuant to Art. 21 (1) GDPR, your interests must be weighed up against ours. Until it is determined whose interests take precedence, you shall have the right to obtain restriction of the processing of your personal data..
If you have restricted the processing of your personal data, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.
3.6 Storage duration
3.7 Legal basis of processing
If you have given your consent to your personal data being processed for a specific purpose, this processing shall be in accordance with point (a) of Art. 6 (1) GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TTDSG. The consent can be revoked at any time. If such processing is necessary in order to perform or initiate a contract with you, the processing shall be founded on point (b) of Art. 6 (1) GDPR. In a number of cases such as to comply with tax law obligations, we may be subject to a legal obligation to process personal data; in such cases, the legal basis for this is point (c) of Art. 6 (1) GDPR. In rare cases, data may be processed to protect the vital interests of you or of another natural person. In this exceptional case, data shall be processed pursuant to point (d) of Art. 6 (1) GDPR. Finally, data processing may also be founded on point (f) of Art. 6 (1) GDPR. This is the case if data is processed to protect a legitimate interest of the company or of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. It can already be assumed that such a legitimate interest exists if you are a customer of ours. If the processing of personal data is based on point (f) of Art. 6 (1) GDPR, our legitimate interest shall be the execution of our business activities.
As the data processing controller, we have implemented technical and organisational security measures in accordance with Art. 32 GDPR. These include in particular measures to safeguard the confidentiality, integrity and availability of data. Further, we have put processes in place which guarantee the protection of data subjects’ rights, the erasure of personal data and an immediate reaction to such data being jeopardized. We additionally guarantee the protection of personal data already when developing and selecting hard- and software in accordance with the principles of Art. 25 GDPR. All of our employees and those persons who are involved in data processing are obliged to comply with the General Data Protection Regulation and other data protection legislation and to handle personal data confidentially.
In the event that personal data is collected and processed, the information shall be transmitted in encrypted form in order to prevent the misuse of data by third parties. Our security measures are revised on an ongoing basis in line with technological developments.
Online data transmission can nonetheless entail security vulnerabilities, and as such comprehensive protection cannot be guaranteed.
3.9 Changes to our data privacy rules
4. Data collection on our website
These web pages occasionally make use of so-called cookies. Cookies will not damage your computer and do not contain any viruses. Cookies serve to make our website more user-friendly, more efficient and more secure. Cookies are small text files which are stored on your computer by your browser.
The majority of the cookies used by us are so-called session cookies. These are automatically deleted at the end of your visit. Other types of cookie remain stored on your terminal until you delete them. These cookies enable us to recognize your browser when you next visit the website.
You can alter your browser settings such that you are notified whenever cookies are to be set so that you can accept cookies on a case-by-case basis, such that the acceptance of cookies is excluded in certain cases or in general or such that cookies are automatically deleted upon the browser being closed. Deactivating cookies may limit the functionality of this website.
Cookies which are necessary for electronic communication processes or for the provision of specific functions requested by you (e.g. shopping cart function) shall be stored in accordance with point (f) of Art. 6 (1) GDPR. The website operator has a legitimate interest in cookies being stored for the technically flawless and optimised provision of its services. If your consent to the storage of the cookies and similar recognition technologies has been requested, processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TTDSG); this consent may be revoked at any time.
4.2 Using of ‘Microsoft Teams’ for online Meetings
4.2.1 Purpose of processing
We use the tool ‘Microsoft Teams’ to conduct teleconferences, online meetings, video conferences and/or webinars (hereinafter referred to as: ‘online meetings’). ‘Microsoft Teams’ is a service of the Microsoft Corporation.
4.2.2 Person responsible
The person responsible for data processing in direct connection with the implementation of ‘online meetings’ is MÜPRO GmbH.
Please note: When you access the ‘Microsoft Teams’ website, the provider of ‘Microsoft Teams’ is responsible for data processing. However, accessing the website is only necessary in order to download the software to use ‘Microsoft Teams’.
If you do not want to or are not able to use the ‘Microsoft Teams’ app, you can also use ‘Microsoft Teams’ via your browser. In this case, the service will then also be provided by the ‘Microsoft Teams’ website.
4.2.3 Which data are processed?
Various types of data are processed when ‘Microsoft Teams’ is used. The scope of the data also depends on the details you provide before or during participation in an ‘online meeting’.
4.2.4 The following personal data are subject to processing:
User details: e.g. display name or email address, profile picture (optional), preferred language
Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
Text, audio and video data: you may have the option to use the chat function during an ‘online meeting’. The text you submit there will be processed so it can be displayed in the ‘online meeting’. To enable video display and audio playback, the data from the microphone on your end device and any video camera on your end device will be processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the ‘Microsoft Teams’ apps.
4.2.5 Scope of processing
We use ‘Microsoft Teams’ to conduct ‘online meetings’. If we want to record ‘online meetings’, we will inform you transparently of this in advance and request consent if necessary.
If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will not normally be the case.
Automated decision-making in the sense of Art. 22 GDPR is not used.
4.2.6 Legal basis of the data processing
If personal data is processed by employees of MÜPRO GmbH, section 26 BDSG (German Federal Data Protection Act) is the legal basis for data processing. If personal data are not necessary for the creation, implementation or termination of the employment relationship in connection with the use of ‘Microsoft Teams’ but are nevertheless an elementary component of the use of ‘Microsoft Teams’, Article 6 (1) (f) GDPR is the legal basis for the data processing. In these cases, our interest lies in the effective implementation of ‘online meetings’.
In addition, the legal basis for data processing in connection with ‘online meetings’ is Art. 6, para. 1 (b) GDPR, insofar as the meetings are held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 (f) GDPR. In this regard, our interest again lies in the effective implementation of ‘online meetings’.
4.2.7 Recipient/forwarding of the data
Personal data processed in connection with participation in ‘online meetings’ are generally not forwarded to third parties unless they are specifically intended to be forwarded. Please note that content from ‘online meetings’, as is the case with in-person meetings, often serves to communicate information to customers, interested parties or third parties and is therefore intended to be forwarded.
Additional recipients: the provider of ‘Microsoft Teams’ necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in our contract processing agreement with ‘Microsoft Teams’.
4.2.8 Data processing outside the European Union
Data processing outside the European Union (EU) does not take place as a matter of principle as we have restricted our storage location to computer centres within the European Union. However, we cannot exclude the possibility that data may be routed via Internet servers located outside the EU. This may in particular be the case if participants in an ‘online meeting’ are situated in a third country.
However, the data are encrypted during transmission via the Internet and are therefore secured against unauthorized access by a third party.
4.3 Children and adolescents
Persons under the age of 16 should not submit personal data to us without the authorisation of a parent or legal guardian. We do not request information from children and adolescents, collect information on them or share information on them with third parties.
4.4 Server log files
The provider of these web pages automatically collects and records information in so-called server log files, which your browser automatically sends to us. This information is:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data shall not be combined with other data sources.
This data shall be collected in accordance with point (f) of Art. 6 (1) GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimisation of its website, and server log files must be logged to this end.
4.5 Enquiries by email, telephone, fax or contact form
If you contact us by email, telephone, fax or contact form, your enquiry and all the personal data obtained (name, enquiry) shall be stored and processed by us for the purposes of handling your enquiry. We do not share this data without your consent.
This data shall be processed in accordance with point (b) of Art. 6 (1) GDPR insofar as your enquiry relates to the performance of a contract or is necessary for the taking of steps prior to entering into a contract. In all other cases, the processing shall be founded on your consent (point [a] of Art. 6  GDPR) and/or on our legitimate interests (point [f] of Art. 6  GDPR), as we have a legitimate interest in the efficient processing of the enquiries addressed to us. The data you submit to us via the contact form remains with us until you request that we erase it, you revoke your consent to its storage or the purpose of storing the data is no longer applicable (e.g. once your enquiry has been fully processed). Compelling legal requirements – in particular statutory retention periods – shall remain unaffected.
4.6 Registration on this website
You have the option to register on this website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise, we shall reject the registration.
To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process.
We shall process the data entered during the registration process on the basis of your consent (Art. 6(1)(a) GDPR).
The data recorded during the registration process shall be stored by us as long as you are registered on this website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.
4.7 Processing of data (customer and contractual data)
We collect, process and use personal data only insofar as it is needed in order to initiate, elaborate or modify the legal relationship (inventory data). This occurs on the basis of point (b) of Art. 6 (1) GDPR, which allows for the processing of data for the performance of a contract or to take steps prior to entering into a contract. We collect, process and use personal data regarding the use of our web pages (usage data) only insofar as this is necessary in order to enable the user to use the service or to bill the user for said service.
The customer data collected shall be erased upon conclusion of the order or termination of the business relations. The statutory retention periods shall remain unaffected.
4.8 Data transmission upon conclusion of a contract for online shops, merchants and goods dispatch
We share personal data with third parties only if this is necessary for the purpose of contract processing, for example with the companies commissioned with the delivery of goods or with the bank commissioned with payment processing. Your data shall not be shared otherwise or shall only be shared otherwise if you have explicitly given your consent to this. Your data shall not be shared with third parties for, for example, advertising purposes without your explicit consent.
The data processing shall occur on the basis of point (b) of Art. 6 (1) GDPR, which allows for the processing of data for the performance of a contract or to take steps prior to entering into a contract.
To dispatch your order, we share your postal address and, if applicable, your email address and telephone number with the logistics company commissioned with delivery for the purposes of delivery coordination.
Some products are delivered to you directly by the manufacturer. In this instance, we share your address details with the manufacturer for the delivery of your ordered goods.
4.9 Data transmission upon conclusion of a contract for services and digital content
We share personal data with third parties only if this is necessary for the purpose of contract processing, for example with the bank commissioned with payment processing.
Your data shall not be shared otherwise or shall only be shared otherwise if you have explicitly given your consent to this. Your data shall not be shared with third parties for, for example, advertising purposes without your explicit consent.
The data processing shall occur on the basis of point (b) of Art. 6 (1) GDPR, which allows for the processing of data for the performance of a contract or to take steps prior to entering into a contract.
In order for us to be able to provide services in advance (payment on account, instalments etc.), we have to protect our legitimate interests and ensure that the use of this type of payment method does not lead to misuse and that consumers are not placed under excessive financial pressure. Our company is therefore connected to a credit reference agency’s credit quality warning system in order to protect itself against default due to inability to pay, misuse through unwillingness to pay and the filing of improper claims by third parties. Before and during any contractual relationship in which we provide our consideration in advance, we have a credit reference agency carry out a credit check on every customer in the form of a credit scoring procedure based on mathematical and statistical methods within the meaning of Art. 22 GDPR. In line with Art. 22 GDPR, your address data alone does not form the basis of the calculated probability – your credit quality – but rather also your particulars (first name and surname) and personal data concerning your payment history.
The data is collected exclusively in order to determine a statistical risk in terms of your ability and willingness to meet financial obligations in future as well as the likelihood of default. In this way, you enable us to make a sufficiently sound decision as to whether to provide you with the contractual consideration in advance and whether we will be able to sustain it. In order for the credit reference agency to carry out such a credit check, we provide it with your particulars (first name and surname) as well as your address data. You can object to the disclosure of your data to the credit reference agency at any time and in any format. In this case, however, the payment options available to you will be limited to payment in advance. We will no longer be able to perform the contract in advance and will potentially have to discontinue any ongoing performance.
5. Social media
5.1 Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
5.2 Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).
5.3 Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
5.4 Storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
5.5 Individual social networks
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
6. Analytics tools and advertising
6.1 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. Google may consolidate these data in a profile that is allocated to the respective user or the user’s device.
Google Analytics uses technologies that make the recognition of the user for the purpose of analysing the user behaviour patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
This analysis tool is used on the basis of Art. 6(1)(f) GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
On this website, we have activated the IP anonymization function. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyse your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. For details, please click the following link: https://support.google.com/analytics/answer/7667196?hl=en.
6.2 Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If the relevant consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
6.3 Facebook Pixel
Our website uses Facebook's visitor action pixel for conversion measurement, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") .
This allows the behaviour of site visitors to be tracked after they click on a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.
The collected data is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data use guidelines. This will allow Facebook to display ads both on Facebook and on third-party sites. We have no control over how this data is used.
You can also disable the remarketing feature "Custom Audiences" in the Ad Settings section (To do so, you will first need to log onto Facebook): https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
If you do not have a Facebook account, you can disable Facebook usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
Our website uses LinkedIn Conversion Tracking from LinkedIn Corporation to measure conversion. LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA ("LinkedIn").
We use LinkedIn conversion tracking to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of LinkedIn Conversion-Tracking is Art. 6 para. 1 sentence 1 lit. f EU-DSGVO.
The LinkedIn Insight tag enables the behaviour of site visitors to be tracked after they have been directed to the provider's website by clicking on a LinkedIn advertisement. This allows the effectiveness of LinkedIn advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised. The LinkedIn Insight tag enables the collection of information about visits, including URL, referrer URL, IP address, device and browser characteristics (user agent), and timestamps. This data is encrypted, the IP addresses are truncated and the direct IDs of members are removed within seven days to pseudonymise the data. This remaining pseudonymised data is then deleted within 90 days.
The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by LinkedIn so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes, in accordance with the LinkedIn data use policy. This enables LinkedIn to serve ads on LinkedIn sites and outside LinkedIn. This use of the data cannot be influenced by us as the site operator.
LinkedIn members have the option to opt-out of LinkedIn conversion tracking and to block and delete cookies or disable demographic features at https://www.linkedin.com/psettings/advertising/. LinkedIn does not share any personally identifiable information with the site owner, but only provides aggregate reports about the site's audience and ad performance. LinkedIn also provides retargeting for website visitors, which allows the website owner to use this data to display targeted advertising outside of their website without identifying the member. LinkedIn members can control the use of their personal information for advertising purposes in their account settings.
For more information about LinkedIn's marketing and tracking solutions, please visit the LinkedIn website: https://www.linkedin.com/help/linkedin/answer/87150/linkedin-marketinglosungen-und-die-datenschutz-grundverordnung-dsgvo-?lang=en.
If you wish to receive the newsletter offered on the website, you are required to provide us with an email address and with information that authorises us to verify that you are the owner of the email address provided and consent to being sent the newsletter. No other data is collected or is collected on a voluntary basis only.
The data provided in the newsletter subscription form is processed exclusively on the basis of your consent (point [a] of Art. 6  GDPR). You may revoke your consent to your data and email address being recorded and to your data being used to distribute the newsletter at any time, for example by using the ‘Unsubscribe’ link in the newsletter. Your revocation does not affect the lawfulness of the data processing performed prior to the revocation of consent.
The data you submit to us in order to receive the newsletter is stored by us until you are removed from the newsletter mailing list and is deleted following cancellation of your newsletter subscription. This shall not affect data which we store for other purposes.
This website uses “Optimizely” for the sending of newsletters. The provider is the Episerver GmbH, Wallstrasse 16, 10179 Berlin, Germany.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
8. Plug-ins and tools
Information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyse, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.
Our website uses YouTube plug-ins operated by Google. The operator is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit one of our pages featuring a YouTube plug-in, a connection is established with the YouTube servers. The YouTube server is notified which of our pages you have visited.
YouTube can additionally store various cookies on your terminal, which it uses to obtain information regarding visitors to our website. This information is used among other things to record video statistics, improve user-friendliness and prevent attempted fraud. The cookies remain on your terminal until you delete them.
If you are logged into your YouTube account, you allow YouTube to associate your surfing patterns directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interests of the attractive presentation of our online services.
This is a legitimate interest within the meaning of point (f) of Art. 6 (1) GDPR.
For individual surveys, we use the SurveyMonkey web service (SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) to create and evaluate online surveys. Participation is voluntary. The legal basis is your consent in accordance with Article 6 (1) (a) of the GDPR.
Further information on the cookies used by SurveyMonkey, data protection and storage duration can be found under the following link: https://www.surveymonkey.com/mp/legal/privacy/.
Since the data collected by SurveyMonkey can also be transmitted to servers in the USA, Survey Monkey is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active.
As a participant in a survey, you can contact us at any time and ask for the deletion of your survey data, including personal data, if collected. Subsequent correction of individual answers after submitting the survey is not possible.
8.3 Google Web Fonts
To ensure that fonts used on this website are uniform, this website uses so-called Web Fonts provided by Google. When you access a page on our website, your browser will load the required web fonts into your browser cache to correctly display text and fonts.
To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Web Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If a respective declaration of consent has been obtained (e.g., consent to the archiving of cookies), the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time.
If your browser should not support Web Fonts, a standard font installed on your computer will be used. For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
8.4 Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google web fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6(1)(a) GDPR. This declaration of consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
8.5 Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyses the behaviour of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.
Data are stored and analysed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If a respective declaration of consent has been obtained, the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time.
We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).
The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).
For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/.
9. Own services
We offer you the opportunity to apply for a position with us, for example by email, by post or via an online application form. Here, we will outline the scope, purpose and use of the personal data we collect in the course of the application process. We offer our assurance that your data is collected, processed and used in accordance with the applicable data protection laws and all other legal provisions and that your data is handled in the strictest confidence.
9.2 Scope and purpose of data collection
If you apply to us, we process the personal data this entails (e.g. contact and communication data, application documents, notes made during job interviews, etc.) insofar as this is necessary to reach a decision regarding justifying the employment relationship. The legal basis for this is Section 26 of Germany’s revised Federal Data Protection Act (BDSG) (initiation of an employment relationship), point (b) of Art. 6 (1) GDPR (general initiation of a contract) and – insofar as you have granted your consent – point (a) of Art. 6 (1) GDPR. You may revoke your consent at any time. Your personal data shall be shared only with persons within our company who are involved in processing your application.
Insofar as your application is successful, the data submitted by you shall be stored in our data processing system for the purposes of executing the employment relationship on the basis of Section 26 BDSG as revised and point (b) of Art. 6 (1) GDPR.
9.3 Duration of data retention
If we are unable to offer you a position, you reject an offer of employment, withdraw your application, revoke your consent to data processing or request that we erase your data, the data transmitted by you including, if applicable, any remaining physical application documents shall be stored/retained for a maximum of 6 months following conclusion of the recruitment process (retention period) in order that we can track the details of the application process in the event of disagreements (point [f] of Art. 6  GDPR).
You may object to this data storage insofar as you have legitimate interests which override our legitimate interests.
9.4. Individual Services
In addition, we have concluded an order processing contract with MHM in accordance with Art. 28 GDPR.
So that you do not miss any career opportunities, you can subscribe to suitable job offers via our JobAgent. We process the information you provide us with your consent exclusively for the stated purpose and you can unsubscribe from JobAgent emails and services at any time.
The legal basis for receiving the newsletter is the consent you have given in accordance with Article 6 Para. 1 a) GDPR. You can revoke your consent at any time by clicking the unsubscribe button in the newsletter.
Correct as at: 01 / 2022