Data Protection Declaration

 

MC² Europe GmbH’s Privacy Policy 

Policy version: May 2018

Preamble

Thank you for your interest in our company. We give high priority to data protection at MC² Europe GmbH. The purpose of this Privacy Policy is to provide you with information about the type, scope, purpose and legal basis of the processing of personal data on this website and on any online presences in social networks. We will also set out here our information and notification obligations with respect to the use of personal data in our company.

MC² Europe GmbH’s Privacy Policy applies equally to men and women. However, for the sake of improved readability, only the masculine form will be used.

Controller’s name and address

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is the entity indicated in the site notice.

Data Protection Officer’s contact details

Christian Krause

privacy@mc-2europe.com

Basic information on the processing of personal data

We only collect and process our users’ personal data if this is necessary to provide a functional website as well as our company’s services. Processing will only take place with your consent or if a legal regulation requires or allows us to undertake such processing.

In this connection, your personal data’s security has a high priority for us. We therefore protect your data through technical and organisational measures to prevent misuse. We regularly review the measures taken and adapt these to current technical conditions. We also ensure all our staff are bound to observe confidentiality in accordance with Article 28 GDPR.

Purposes of and legal basis for the processing, transfer to third parties and abroad

We process your data for the following purposes:

  • Fulfilment of new or existing contractual relationships or for the implementation of pre-contractual measures, e.g. the preparation of offers;
  • Dispatch of marketing information;
  • Processing of inquiries, e.g. as part of our core activity or for applications;
  • Provision of telemedia, e.g. our website or e-mail;

In this connection, we process the data on the legal basis of Article 6(1) GDPR:

  • Article 6(1)(a) GDPR: Processing operations based on your consent
  • Article 6(1)(a) GDPR: Processing procedures for the performance of a contract or the implementation of pre-contractual measures, e.g. a purchase or service contract or the solicitation of an offer
  • Article 6(1)(c) GDPR: Processing operations which we are legally obliged to undertake, e.g. storage for tax reasons
  • Article 6(1)(f) GDPR: Processing operations we undertake on the basis of our legitimate interests, e.g. the transfer of your data to postal service providers for the purpose of sending mail or to a tax consultant. This also includes storing information about website usage for the purpose of optimizing our website.

The transfer of your data to third parties is also based on the above authorisation facts and your data will only be transferred within the scope of a processing agreement or if other confidentiality obligations exist. This includes persons subject to a duty of professional secrecy or shipping carriers. If data is transferred to third countries outside the European Economic Area, there shall be a corresponding adequacy resolution pursuant to Article 45 GDPR for the respective third country (e.g. for Switzerland), or the recipient shall have put in place the corresponding safeguards pursuant to Article 46 GDPR, e.g. certification under the Privacy Shield for companies in the USA.

Duration of storage, erasure of personal data

Personal data will only be processed and stored for the period necessary to fulfil the processing purposes. Following the purpose’s fulfilment, we will erase or block your data, provided that we are no longer subject to any legal storage obligation. 

Data transfer to third parties

MC² Europe GmbH can transfer personal data to the following third parties:

  • Public authorities in the event of overriding legal provisions;
  • Other companies within the MCH Group;
  • MCH Group agencies abroad;
  • internally for purposes of internal communication, support, administration and billing;
  • MC² Europe GmbH’s data processor;
  • Service partners for accompanying services, if the data subject requests corresponding services from MC² Europe GmbH.

Collection of access data and log files

We collect access data (log files) about each server access on the basis of our legitimate interests in accordance with Article 6(1)(f) GDPR. This includes the name of the accessed website, date and time of access, transferred file and data volume, notification of successful or unsuccessful access, browser type and version, the operating system, referrer URL (the previously visited page) and your IP address.

Log files are collected for security reasons (e.g. to investigate criminal offences), are stored for a period of 7 days and subsequently deleted. If data are still required for evidence purposes, they will be excluded from erasure until the respective incident has been finally cleared up. 

To guarantee a fast and stable connection, we have outsourced hosting to an external service provider. This provider will process the above-mentioned log data according to our specifications. Data is transferred on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR.

Use of cookies and tracking information

Cookies are text files that are stored by the internet browser on the user's computer system. Cookies will be stored in the data subject’s browser memory when this website is accessed.

You can prevent the storage of cookies in the browser, but the site may then only function to a limited extent. Instead, it makes more sense to set the browser to delete all cookies after the end of the respective browser session, which works on our site without restriction and prevents recognition at the next visit with all positive and negative consequences for you.

We use technical cookies because this is technically necessary for the operation of the service offered in accordance with Article 6(1)(f) GDPR, i.e. to protect our legitimate interest.

Technical cookies are used to recognize a user when the website is called up again and thus, for example, to save language settings made, a shopping basket or suchlike beyond a browsing session.

In addition, we use tracking cookies to compile statistical information about how our website is used. The legal basis for this is also for the purposes of our legitimate interests in accordance with Article 6(1)(f) GDPR. Tracking cookies also include

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer to help the website analyse how visitors use the site. The information generated by the cookie about your use of the website (including your IP address) will usually be transmitted to a Google server in the United States and stored there. However, if IP anonymization is activated on this website, Google will truncate your IP Address beforehand within member states of the European Union or other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of this website’s operator to evaluate your use of the website, compile reports on website activity and provide the website operator with other services relating to website activity and internet usage. Google will not associate your IP address with any other data it holds. You may prevent the use of cookies by selecting the appropriate settings in your browser, but please note that you may not be able to use this website’s full functionality if you do this. You can also prevent transfer of the data generated by the cookie pertaining to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout


More detailed information on terms of use and data protection can be found in the Google Analytics terms of service or the Google Analytics privacy and terms overview (https://policies.google.com/technologies/ads). Please also note that this website uses the Google Analytics code “gat._anonymizeIp();” to guarantee the anonymous collection of IP addresses (so-called IP masking).

Google is certified in accordance with the Privacy Shield agreement and therefore guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). We have concluded the required data protection agreement with Google in writing: see also www.google.com/analytics/terms/us.html

FACEBOOK PIXEL

In order to track site visitors and website conversions, our website uses Facebook pixels from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
This allows the behaviour of site visitors after they have been redirected to the provider's website by clicking on a Facebook ad to be tracked. As a result, the effectiveness of Facebook advertisements can be evaluated for statistical and market research purposes and future advertising measures optimised.

The data collected are anonymous to us, the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data are stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to Facebook's Data Policy: https://www.facebook.com/about/privacy. As a result, Facebook can enable ads to be displayed on and outside of Facebook. We, the site operator, have no influence over this use of the data.

The use of Facebook pixels is based on Article 6 (1) f GDPR. The website operator has a legitimate interest in effective advertising including social media.

Facebook's Privacy Policy will provide you with more information regarding the protection of your privacy: https://de-de.facebook.com/about/privacy/.

You can also disable the remarketing Custom Audiences feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. In order to do so, you have to be logged into Facebook.

If you do not have a Facebook account, you can opt-out of Facebook-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

Making Contact

When contact is made (e.g. via the contact form, e-mail, telephone or social networks), the user's personal data will be processed to process the contact request in accordance with Art. 6(1)(b) GDPR, i.e. to fulfil a contract or implement pre-contractual measures. Your data may be transferred to a customer management program (CRM system) for this purpose. Please note that we are required to archive e-mails in accordance with the German GoBD [Principles for the Proper Maintenance and Keeping of Books, Records and Documents in Electronic Form and for Data Access], and emails sent to us can therefore not be completely deleted (from our archive system).

No automated decision-making

MC² Europe GmbH shall refrain from automatic decision-making within the meaning of Article 22 GDPR.

Updating the Privacy Policy

We will update this privacy policy from time to time with respect to new legal bases or jurisprudence or modified processing procedures in our company. We therefore expressly reserve the right to make changes.

Notice on the rights of data subjects

If we process your personal data, you are the data subject within the meaning of the GDPR, and you have the following rights with respect to the controller:

Right to information and data portability

You have the right to request information about your stored personal data.

You have the right to receive the requested data in a commonly used and machine readable format.

Right to rectification

You have the right to obtain immediate rectification of any inaccurate personal data concerning you from the controller. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

Right to restriction of processing

You can request the restriction of the processing of personal data concerning you where one of the following conditions applies:

1) The data subject has contested the personal data’s accuracy for a period enabling the controller to verify the personal data’s accuracy;

2) The processing is unlawful, and the data subject opposes the personal data’s erasure and requests the restriction of the personal data’s use instead;

3) The controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defence of legal claims, or if

4) the data subject has lodged an objection to the processing, as long as it has not been established whether the controller's justified grounds outweigh those of the data subject.

If processing has been restricted, such personal data shall only be processed - apart from being stored - with the data subject’s consent or for the purpose of establishing, exercising or defending legal claims or protecting the rights of another natural person or legal entity or on grounds of an important public interest of the Union or a Member State. We will notify you before the restriction is lifted.

Right to erasure

You can request the erasure of personal data concerning you where one of the following conditions applies:

1) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

2) The data subject withdraws their consent and there is no other legal ground for the processing;

3) The data subject objects to the processing and there are no overriding legitimate grounds for the processing.

4) The personal data was processed illegally;

5) The personal data erasure is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject;

6) The personal data was collected in relation to the use of web services.

Right to withdraw a declaration of consent

You have the right to withdraw consent to the processing of personal data at any time. In the event of withdrawal, the lawfulness of the processing carried out on the basis of the consent until the withdrawal shall not be affected.

Right to information

If you have exercised your right to rectification, erasure or restriction of processing, we shall also notify all recipients to whom this data has been transferred of this fact, unless this involves a disproportionate effort or is impossible.

Right to object

You also have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you. This also applies to a profiling based on these provisions. In the event of an objection, the controller shall no longer process personal data unless it can prove compelling reasons worthy of protection for the processing that override the data subject’s interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising. This also applies to profiling, if it is associated with such direct marketing.

Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - which produces legal effects concerning you or similarly affects you significantly. This does not apply if the decision:

1) is necessary for the conclusion or performance of a contract between you and the data controller;

2) is permitted by Union law or the law of the Member States to which the data controller is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or

3) is made with your express consent.

Decisions under paragraph 2 may not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies, and appropriate measures have been taken to protect the data subject’s rights, freedoms and legitimate interests.

With respect to the cases described in (1) and (3), the controller shall implement suitable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain human intervention on the controller’s part, to express your point of view and to contest the decision. 

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Collection of personal data

If you do not provide us with the personal data we require for contractual purposes, this failure to provide data shall not generally mean that the contract cannot be concluded. In individual cases we can advise you whether the provision of persona data is legally obligatory or contractually prescribed, and what consequences the failure to provide personal data would have in individual cases.

Please turn your phone 90 degrees.