1. Controller for Data Processing, Data Protection Officer; Scope
(1) We, the MAS GmbH, Schmigalla Straße 1, 71229 Leonberg, Germany, Tel.: +49 7152-6065-0, Fax: +49 7152-6065-65, E-Mail: email@example.com
, are controller for the processing of your personal data as a user of our website, available at www.mas-tools.de (hereinafter referred to as “WEBSITE”), as our business partner (e.g. customer or supplier), as an applicant or any other person we are communicating with (“You”) subject to Art. 4 No. 7 General Data Protection Regulation (“GDPR”).
(2) Our Data Protection Officer is Dr. Norbert Kuhn, Heustraße 3, 70174 Stuttgart, Germany, e-mail: firstname.lastname@example.org
(3) Hereinafter, in the context of our information obligations, we would like to inform you in detail about the processing of your personal data when visiting our WEBSITE, when conducting any other business transaction with us and our communication with you as well as in the course of a job application at our company. Furthermore, we would like to inform you about the associated protective measures we have also taken in technical and organizational terms with regard to our WEBSITE and your rights with regard to the processing of your personal data.
2. General Principles of Processing of Personal Data
(1) „Personal data“ means any information relating to an identified or identifiable natural person (‘data subject’). Your personal data therefore includes all data that can be directly or indirectly assigned to your person such as your name, your address, your phone number or your e-mail address.
(2) Personal data is processed by us primarily if and to the extent of which
- you have given us your consent to the processing of data for one or more specific purposes (Article 6 (1) Subpar. 1 a) GDPR);
- the processing is necessary for the performance of a contract of which you are a party or for the performance of pre-contractual actions that you request (Article 6 (1) Subpar. 1 b) GDPR);
- the processing of data is necessary to fulfill a legal obligation to which we are subject to (Article 6 (1) Subpar. 1 c) GDPR), or
- the processing of data is necessary to ensure our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data prevail (Article 6 (1) Subpar. 1 f) GDPR).
(5) The extent and nature of the processing of your data differs depending on whether you visit our WEBSITE to retrieve information (see the following Sect. 3) or contact us, or wish to be in a business relationship or apply to us (see the following Sect. 4). In addition, when using the WEBSITE, cookies are being stored on your computer (see the following Sect. 5). You can find further information about contents of third parties in Sect. 6.
3. Merely informative use of our WEBSITE
(1) In connection with the mere informational use of our WEBSITE, that is, if you do not provide us with any information, we will only collect those data that your Internet browser automatically transmits to our server. The following data is collected hereby:
- IP address of the requesting computer
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access Status / HTTP status code
- Each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(2) This information is technically necessary for us to enable you usage and functionality of our WEBSITE, in particular to display the WEBSITE and to ensure the security and stability of the WEBSITE. There is no link between this data and personal data of a specific natural person. Our legitimate interest lies in a functioning website. The legal basis is Art. 6 (1) Subpar. 1 f) GDPR.
(3) We will delete your data as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for the merely informative provision of our WEBSITE, the deletion takes place when the respective session has ended. A storage of your IP address takes up to seven days. The temporary storage of the IP address by our system is necessary in order to remedy disruptions of our website and to avert dangers.
4. Contact/Business Relationship/Job Application
In addition to the mere informational use of our WEBSITE, we process your personal data when you get in touch with us, you are in a business relationship with us or you want to apply for a job with us. In detail:
(1) If you contact us, e.g. to provide us with your feedback, the processing of your communicated contact information (e.g. first name, surname, e-mail address, telephone number) will be used to answer your inquiries and / or suggestions via e-mail or otherwise.
(2) The legal basis for the processing of the data is Art. 6 (1) Subpar. 1 f) GDPR. If your message aims to conclude a contract, then additional legal basis for the processing of your data is Art. 6 (1) Subpar. 1 b) GDPR.
(3) Insofar as the deletion of your personal data does not prevent statutory or contractual retention periods, we will delete them as soon as they are no longer necessary for the purpose of their collection. This is the case when the conversation with you is over. In general, the conversation is over when it can be inferred from the circumstances that the matter in question has been finally clarified.
4.2 Registration for MAS events (workshops)
(1) If you want to register for a workshop on our website, it is necessary for the conclusion of the contract that you provide your (personal) data in the registration form, which we need to process your registration. Further information from you is voluntary and can be provided via the message field. We also process the voluntary data provided by you to process your registration. The legal basis is Art. 6 (1) Subpar. 1 (b) DSGVO or Art. 6 (1) Subpar. 1 (f) DSGVO for the voluntary data provided by you.
(2) We are obliged by commercial and tax law to store your data for a period of ten years. However, after two years we will restrict the processing, i.e. your data will only be used to comply with the legal obligations.
(3) To prevent unauthorised access to your personal data by third parties, the registration process is encrypted using TLS technology.
4.3 Business Relationship
(1) If you are our business partner (e.g. customer or supplier), we process information concerning your company and you as a person (e.g. contact detail) or any other person in your company. Your personal data will essentially be collected directly by you (e.g. by placing an order) or in the course of processing by us, if this is necessary for the execution of the business relationship. Changes to contact persons in your company may also result in further collection of personal data about your company's employees.
(2) Your data will be stored and processed electronically primarily for the purpose of carrying out contractual obligations between you and us. For communication in the context of the contracts (e.g. quotations, orders, order confirmations, delivery notes and/or invoices), we may contact you about the data you have collected. This may be done via the postal address, e-mail address or the telephone and fax numbers. The technical and content design of contracts, in particular content, specifications and prices, may be handled with the stored data. The legal basis for this is Art. 6 (1) Subpar. 1 b) GPDR.
(3) We may also provide you with information and notices about your business relationship with us as well as opportunities to initiate new business with the information you provide. The legal basis for this is Art. 6 (1) Subpar. 1 f) GPDR. Insofar as we receive feedback from you regarding these notices, which is intended to conclude a contract with us, additional legal basis for the processing of your data is Art. 6 (1) Subpar. 1 b) GPDR.
(4) In order to fulfill our contractual obligations, we sometimes use different service providers. We will only pass on your data to third parties if this is necessary for the execution of the contract or if you expressly consent to the data transfer. The legal basis for this is Art. 6 (1) Subpar. 1 b) GPDR or Art. 6 (1) a) GPDR in case of your consent.
(5) In general, we do not transfer your personal data to countries outside the European Union or the European Economic Area (third countries). However, obligations arising from contracts between you and us may require that data be transferred to a third country. This transmission takes place only after careful examination and evaluation and only if the special requirements of Art. 44 et seq. GDPR are fulfilled (e.g. adequacy decision of the commission, standard data protection clauses, approved codes of conduct).
(6) Insofar as the deletion of your personal data does not conflict with statutory or contractual retention periods, we will delete them as soon as they are no longer necessary for the purpose of their collection. This is usually the case if a customer relationship with your company no longer exists or if you have left the company as a contact person.
(1) When you apply for a position in our company, we process the personal data that you provide us with, e.g. sent by e-mail. We do not require any information from you that is not usable under the General Equal Treatment Act (such as race, ethnic origin, religion or belief, age, sexual identity). We also do not ask you to submit any information on pregnancy, political views, philosophical or religious convictions and union membership.
(2) The processing of your personal data is for the sole purpose of staffing within our company. A transfer of your personal data will not take place, unless you have given us your consent. In certain cases, however, personal data may have to be disclosed to external parties, such as public authorities (authorities and offices, etc.), external service providers or other recipients.
(3) The legal basis for the processing of your personal data in this context is Art. 6 (1) Subpar. 1 (b), Art. 9 (2) (b), Art. 88 GDPR in conjunction with § 26 FDPA (new version).
(4) We will delete your personal data as soon as it is no longer necessary for the above purposes. In the event of failure to do so, we will delete your information no later than three months after completing the application process or canceling the application, depending on what happens earlier, unless you give us your consent to the longer retention of your application dates.
(2) Our WEBSITE uses the following types of cookies; its scope and operation are explained hereinafter:
- Transient Cookies (see below a)
- Persistent Cookies (see below b)
a) Transient cookies are automatically deleted when you close the browser. In particular, these include the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our WEBSITE. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
(3) If personal data are processed by individual cookies, the processing is carried out in accordance with Art. 6 (1) Subpar. 1 f) GDPR for the protection of our legitimate interests in the best possible functionality of our WEBSITE as well as a customer-friendly and effective design of the page visit.
(4) You can configure your browser settings according to your wishes and e.g. decline the acceptance of third-party cookies or all cookies. We point out that in this case you may not be able to use all the features of our WEBSITE.
6. Data Security
We use technical and organizational security measures in order to protect accruing or collected personal data, against accidental or intentional manipulation, loss, destruction or against the attack of unauthorized persons in particular. Our security measures are continuously improved in line with technological developments.
7. Your Rights
(1) With regard to the processing of personal data concerning you, subject to the legal preconditions you are entitled to the rights listed below in a)-h). Please contact our Data Protection Officer or us for this. The contact details can be found under Sect. 1.
a) Right to Information
Subject to Art. 15 GDPR you can require a confirmation as to whether personal data concerning you are processed by us. In this case, according to Art. 15 (1) GDPR, you have the right to obtain information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned retention period or the criteria for the personal data determining the retention period, the right of rectification or deletion of your personal data, as well as restriction of processing or objection to processing, the existence of a right to complain to a supervisory authority, the origin of the data, if we have not collected your data from you, existence of an automated decision-making including profiling and according to Art. 15 (2) GDPR the right to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transfer of personal data to third countries.
b) Right to Rectification
According to Art. 16 GDPR you can demand the immediate correction and / or considering the purpose of the processing the completion of your personal data, if your data is incorrect or incomplete.
c) Right to Deletion
According to Art. 17 GDPR you can require the immediate deletion of your personal data, provided that there is a reason under Art. 17 (1) a) - f) GDPR. However, the right to delete your personal data does not exist, in particular, if its processing is required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal rights (Art. 17 (3) GDPR).
d) Right to Restriction of Processing
You may restrict the processing of your personal data in accordance with Art. 18 GDPR, as long as we verify the accuracy of your data, if you refuse the deletion of your data due to unlawful processing and instead demand the restriction of the use of your data, if you need your data for the assertion, exercise or defense of legal claims or if you have objected to the processing, as long as it is not certain that our legitimate reasons prevail.
e) Right to Consultation
According to Art. 19 GDPR we communicate any rectification or deletion of your personal data or a limitation of their processing under Art. 16, 17 (1) and 18 GDPR to all recipients to whom your personal data have been disclosed, unless this turns out to be impossible or is associated with a disproportionate effort. According to Art. 19 sent. 2 GDPR you have the right to be informed about these recipients on request.
f) Right to Data Portability
According to Art. 20 GDPR you have the right to receive your personal data, which you have provided us, in a structured, common and machine-readable format and to transmit this data to another person responsible, provided that the further requirements of Art. 20 GDPR exist, in particular, this is technically feasible.
g) Right to Objection
As far as we base the processing of your personal data on the legitimate of interests according to Art. 6 (1) Subpar. 1 f) GDPR, you can object to the processing according to Art. 21 GDPR. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in each case in the above description of the offers. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we examine the situation and according to Art. 21 (1) sent. 2 GDPR either no longer process the personal data or prove to you our compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms. Further processing is reserved, if the processing serves the assertion, exercise or defense of legal claims.
According to Art. 21 (2) GDPR, you can object to the processing of your personal data for the purpose of advertising and profiling at any time, as far as it is associated with direct advertising.
You can inform our Data Protection Officer or us about your objection under the contact data mentioned in Sect. 1.
h) Right to Revoke the Consent
(1) According to Art. 7 (3) GDPR you have the right to revoke any data protection consent granted to us at any time with effect for the future. However, this does not affect the lawfulness of the processing that took place based on your consent until the time of the cancellation.
(2) If you believe that the processing of your data violates data protection regulations, you have the additional right to complain to a supervisory authority according to Art. 77 GDPR. Please contact a supervisor in the Member State of your place of residence, of your work place or of the location of the potential breach.
Effective: October 5th, 2020