1. Controller for Data Processing, Data Protection Officer; Scope
(1) We, the MAS GmbH, Schmigalla Straße 1, 71229 Leonberg, Germany, Tel.: +49 7152-6065-0, Fax: +49 7152-6065-65, E-Mail: email@example.com
, are controller for the processing of your personal data as a user of our website, available at www.mas-tools.de (hereinafter referred to as “WEBSITE”), as our business partner (e.g. customer or supplier), as an applicant or any other person we are communicating with (“You”) subject to Art. 4 No. 7 General Data Protection Regulation (“GDPR”).
(2) Our Data Protection Officer is Dr. Norbert Kuhn, Heustraße 3, 70174 Stuttgart, Germany, e-mail: firstname.lastname@example.org
(3) Hereinafter, in the context of our information obligations, we would like to inform you in detail about the processing of your personal data when visiting our WEBSITE, when conducting any other business transaction with us and our communication with you as well as in the course of a job application at our company. Furthermore, we would like to inform you about the associated protective measures we have also taken in technical and organizational terms with regard to our WEBSITE and your rights with regard to the processing of your personal data.
2. General Principles of Processing of Personal Data
(1) „Personal data“ means any information relating to an identified or identifiable natural person (‘data subject’). Your personal data therefore includes all data that can be directly or indirectly assigned to your person such as your name, your address, your phone number or your e-mail address.
(2) Personal data is processed by us primarily if and to the extent of which
- you have given us your consent to the processing of data for one or more specific purposes (Article 6 (1) Subpar. 1 a) GDPR);
- the processing is necessary for the performance of a contract of which you are a party or for the performance of pre-contractual actions that you request (Article 6 (1) Subpar. 1 b) GDPR);
- the processing of data is necessary to fulfill a legal obligation to which we are subject to (Article 6 (1) Subpar. 1 c) GDPR), or
- the processing of data is necessary to ensure our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data prevail (Article 6 (1) Subpar. 1 f) GDPR).
(5) The extent and nature of the processing of your data differs depending on whether you visit our WEBSITE to retrieve information (see the following Sect. 3) or contact us, or wish to be in a business relationship or apply to us (see the following Sect. 4). In addition, when using the WEBSITE, cookies are being stored on your computer (see the following Sect. 5). You can find further information about contents of third parties in Sect. 6.
3. Merely informative use of our WEBSITE
(1) In connection with the mere informational use of our WEBSITE, that is, if you do not provide us with any information, we will only collect those data that your Internet browser automatically transmits to our server. The following data is collected hereby:
- IP address of the requesting computer
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- Each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(2) This information is technically necessary for us to enable you usage and functionality of our WEBSITE, in particular to display the WEBSITE and to ensure the security and stability of the WEBSITE. There is no link between this data and personal data of a specific natural person. Our legitimate interest lies in a functioning website. The legal basis is Art. 6 (1) Subpar. 1 f) GDPR.
(3) We will delete your data as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for the merely informative provision of our WEBSITE, the deletion takes place when the respective session has ended. A storage of your IP address takes up to seven days. The temporary storage of the IP address by our system is necessary in order to remedy disruptions of our website and to avert dangers.
4. Contact / MAS Events / Newsletter
In addition to the mere informational use of our WEBSITE, we process your personal data when you get in touch with us, you are in a business relationship with us or you want to apply for a job with us. In detail:
(1) If you contact us, e.g. to provide us with your feedback, the processing of your communicated contact information (e.g. first name, surname, e-mail address, telephone number) will be used to answer your inquiries and / or suggestions via e-mail or otherwise.
(2) The legal basis for the processing of the data is Art. 6 (1) Subpar. 1 f) GDPR. If your message aims to conclude a contract, then additional legal basis for the processing of your data is Art. 6 (1) Subpar. 1 b) GDPR.
(3) Insofar as the deletion of your personal data does not prevent statutory or contractual retention periods, we will delete them as soon as they are no longer necessary for the purpose of their collection. This is the case when the conversation with you is over. In general, the conversation is over when it can be inferred from the circumstances that the matter in question has been finally clarified.
4.2 Registration for MAS events (workshops)
(1) If you want to register for a workshop on our website, it is necessary for the conclusion of the contract that you provide your (personal) data in the registration form, which we need to process your registration. Further information from you is optional and can be provided via the message field. We also process the optional data provided by you to process your registration. The legal basis is Art. 6 (1) Subpar. 1 (b) DSGVO or Art. 6 (1) Subpar. 1 (f) DSGVO for the optional data provided by you.
(2) We are obliged by commercial and tax law to store your data for a period of ten years. However, after two years we will restrict the processing, i.e. your data will only be used to comply with the legal obligations.
(3) To prevent unauthorised access to your personal data by third parties, the registration process is encrypted using TLS technology.
4.2.2 Online seminars
1) If you want to participate in our online seminars, it is necessary to enter your (personal) data in the registration form on the registration page, which we need to process your registration (mandatory fields). The scope of the required data depends on whether you register for a free online seminar or an online seminar with costs. The other information you provide is optional. We also process the optional data provided by you to process your registration. The legal basis is Art. 6 (1) Subpar. 1 (b) DSGVO or Art. 6 (1) Subpar. 1 (f) DSGVO for the optional data provided by you.
(2) In addition to the data provided by you on registration, the following information will be stored as part of your participation in the online seminar: Date and time of registration for the event, entry and exit from the event, your browser used, connection attempts, the rough location transmitted by your Internet provider, your evaluation of the event and your answers to surveys within the online seminar. In addition, data that you may provide in the chat history will be stored. We delete your data in ClickMeeting after 90 days at the latest.
(4) In the case of paid online seminars, we are obliged by commercial and tax law to store your data for a period of ten years. However, after two years we will restrict the processing, i.e. your data will only be used to comply with the legal obligations.
4.3 Order our newsletter
(1) With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers and activities. The advertised offers and activities are named in the declaration of consent.
(3) We use the so-called double-opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data or to assist in clarifying the matter.
(4) Your e-mail address is the only mandatory information for sending the newsletter. The provision of further, separately marked data is optional and will be used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 (1) Subpar. 1 (a) DSGVO.
(5) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by e-mail to Datenschutz@mas-tools.de or by sending a message to the contact details given in Sect. 1.
(6) We will delete your data as soon as they are no longer required for the purpose of their collection, your e-mail address becomes unreachable or if you revoke your declaration of consent for the sending of newsletters. Your data will therefore be stored for as long as the subscription to the newsletter is active.
5. Business Relationship
(1) If you are our business partner (e.g. customer or supplier), we process information concerning your company and you as a person (e.g. contact detail) or any other person in your company. Your personal data will essentially be collected directly by you (e.g. by placing an order) or in the course of processing by us, if this is necessary for the execution of the business relationship. Changes to contact persons in your company may also result in further collection of personal data about your company's employees.
(2) Your data will be stored and processed electronically primarily for the purpose of carrying out contractual obligations between you and us. For communication in the context of the contracts (e.g. quotations, orders, order confirmations, delivery notes and/or invoices), we may contact you about the data you have collected. This may be done via the postal address, e-mail address or the telephone and fax numbers. The technical and content design of contracts, in particular content, specifications and prices, may be handled with the stored data. The legal basis for this is Art. 6 (1) Subpar. 1 (b) GPDR.
(3) We may also provide you with information and notices about your business relationship with us as well as opportunities to initiate new business with the information you provide. The legal basis for this is Art. 6 (1) Subpar. 1 (f) GPDR. Insofar as we receive feedback from you regarding these notices, which is intended to conclude a contract with us, additional legal basis for the processing of your data is Art. 6 (1) Subpar. 1 (b) GPDR.
(4) In order to fulfill our contractual obligations, we sometimes use different service providers. We will only pass on your data to third parties if this is necessary for the execution of the contract or if you expressly consent to the data transfer. The legal basis for this is Art. 6 (1) Subpar. 1 (b) GPDR or Art. 6 (1) a) GPDR in case of your consent.
(5) In general, we do not transfer your personal data to countries outside the European Union or the European Economic Area (third countries). However, obligations arising from contracts between you and us may require that data be transferred to a third country. This transmission takes place only after careful examination and evaluation and only if the special requirements of Art. 44 et seq. GDPR are fulfilled (e.g. adequacy decision of the commission, standard data protection clauses, approved codes of conduct).
(6) Insofar as the deletion of your personal data does not conflict with statutory or contractual retention periods, we will delete them as soon as they are no longer necessary for the purpose of their collection. This is usually the case if a customer relationship with your company no longer exists or if you have left the company as a contact person.
6. Job Application
(1) When you apply for a position in our company, we process the personal data that you provide us with, e.g. sent by e-mail. We do not require any information from you that is not usable under the General Equal Treatment Act (such as race, ethnic origin, religion or belief, age, sexual identity). We also do not ask you to submit any information on pregnancy, political views, philosophical or religious convictions and union membership.
(2) The processing of your personal data is for the sole purpose of staffing within our company. A transfer of your personal data will not take place, unless you have given us your consent. In certain cases, however, personal data may have to be disclosed to external parties, such as public authorities (authorities and offices, etc.), external service providers or other recipients.
(3) The legal basis for the processing of your personal data in this context is Art. 88 (1) DSGVO in conjunction with § 26 Art. (1) BDSG and, if applicable, Art. 6 (1) Subpar. 1 (b) DSGVO.
(4) We will delete your personal data as soon as it is no longer necessary for the above purposes. In the event of failure to do so, we will delete your information no later than three months after completing the application process or canceling the application, depending on what happens earlier, unless you give us your consent to the longer retention of your application dates.
7. Data Security
(1) We use technical and organizational security measures in order to protect accruing or collected personal data, against accidental or intentional manipulation, loss, destruction or against the attack of unauthorized persons in particular. Our security measures are continuously improved in line with technological developments.
(2) Our WEBSITE is encrypted using SSL technology to prevent access by unauthorised third parties. You can recognize the secure transmission by the protocol designation "https://" in the URL line.
8. Your Rights
(1) With regard to the processing of personal data concerning you, subject to the legal preconditions you are entitled to the rights listed below in a)-h). Please contact our Data Protection Officer or us for this. The contact details can be found under Sect. 1.
a) Right to Information
Subject to Art. 15 GDPR you can require a confirmation as to whether personal data concerning you are processed by us. In this case, according to Art. 15 (1) GDPR, you have the right to obtain information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned retention period or the criteria for the personal data determining the retention period, the right of rectification or deletion of your personal data, as well as restriction of processing or objection to processing, the existence of a right to complain to a supervisory authority, the origin of the data, if we have not collected your data from you, existence of an automated decision-making including profiling and according to Art. 15 (2) GDPR the right to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transfer of personal data to third countries.
b) Right to Rectification
According to Art. 16 GDPR you can demand the immediate correction and / or considering the purpose of the processing the completion of your personal data, if your data is incorrect or incomplete.
c) Right to Deletion
According to Art. 17 GDPR you can require the immediate deletion of your personal data, provided that there is a reason under Art. 17 (1) a) - f) GDPR. However, the right to delete your personal data does not exist, in particular, if its processing is required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal rights (Art. 17 (3) GDPR).
d) Right to Restriction of Processing
You may restrict the processing of your personal data in accordance with Art. 18 GDPR, as long as we verify the accuracy of your data, if you refuse the deletion of your data due to unlawful processing and instead demand the restriction of the use of your data, if you need your data for the assertion, exercise or defense of legal claims or if you have objected to the processing, as long as it is not certain that our legitimate reasons prevail.
e) Right to Consultation
According to Art. 19 GDPR we communicate any rectification or deletion of your personal data or a limitation of their processing under Art. 16, 17 (1) and 18 GDPR to all recipients to whom your personal data have been disclosed, unless this turns out to be impossible or is associated with a disproportionate effort. According to Art. 19 sent. 2 GDPR you have the right to be informed about these recipients on request.
f) Right to Data Portability
According to Art. 20 GDPR you have the right to receive your personal data, which you have provided us, in a structured, common and machine-readable format and to transmit this data to another person responsible, provided that the further requirements of Art. 20 GDPR exist, in particular, this is technically feasible.
g) Right to Objection
As far as we base the processing of your personal data on the legitimate of interests according to Art. 6 (1) Subpar. 1 f) GDPR, you can object to the processing according to Art. 21 GDPR. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in each case in the above description of the offers. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we examine the situation and according to Art. 21 (1) sent. 2 GDPR either no longer process the personal data or prove to you our compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms. Further processing is reserved, if the processing serves the assertion, exercise or defense of legal claims.
According to Art. 21 (2) GDPR, you can object to the processing of your personal data for the purpose of advertising and profiling at any time, as far as it is associated with direct advertising.
You can inform our Data Protection Officer or us about your objection under the contact data mentioned in Sect. 1.
h) Right to Revoke the Consent
(1) According to Art. 7 (3) GDPR you have the right to revoke any data protection consent granted to us at any time with effect for the future. However, this does not affect the lawfulness of the processing that took place based on your consent until the time of the cancellation.
(2) If you believe that the processing of your data violates data protection regulations, you have the additional right to complain to a supervisory authority according to Art. 77 GDPR. Please contact a supervisor in the Member State of your place of residence, of your work place or of the location of the potential breach.
Effective: June 1st, 2021