MC² Europe GmbH’s Privacy Policy
Policy version: December 2023
Preamble
Thank you for your interest in our company. We give high priority to data protection at MC² Europe GmbH. The purpose of this Privacy Policy is to provide you with information about the type, scope, purpose and legal basis of the processing of personal data on this website and on any online presences in social networks. We will also set out here our information and notification obligations with respect to the use of personal data in our company.
MC² Europe GmbH’s Privacy Policy applies equally to men and women. However, for the sake of improved readability, only the masculine form will be used.
Controller’s name and address
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is the entity indicated in the site notice.
Data Protection Officer’s contact details
Christian Krause
Basic information on the processing of personal data
We only collect and process our users’ personal data if this is necessary to provide a functional website as well as our company’s services. Processing will only take place with your consent or if a legal regulation requires or allows us to undertake such processing.
In this connection, your personal data’s security has a high priority for us. We therefore protect your data through technical and organisational measures to prevent misuse. We regularly review the measures taken and adapt these to current technical conditions. We also ensure all our staff are bound to observe confidentiality in accordance with Article 28 GDPR.
Purposes of and legal basis for the processing, transfer to third parties and abroad
We process your data for the following purposes:
Fulfilment of new or existing contractual relationships or for the implementation of pre-contractual measures, e.g. the preparation of offers;
Dispatch of marketing information;
Processing of inquiries, e.g. as part of our core activity or for applications;
Provision of telemedia, e.g. our website or e-mail;
In this connection, we process the data on the legal basis of Article 6(1) GDPR:
Article 6(1)(a) GDPR: Processing operations based on your consent
Article 6(1)(a) GDPR: Processing procedures for the performance of a contract or the implementation of pre-contractual measures, e.g. a purchase or service contract or the solicitation of an offer
Article 6(1)(c) GDPR: Processing operations which we are legally obliged to undertake, e.g. storage for tax reasons
Article 6(1)(f) GDPR: Processing operations we undertake on the basis of our legitimate interests, e.g. the transfer of your data to postal service providers for the purpose of sending mail or to a tax consultant. This also includes storing information about website usage for the purpose of optimizing our website.
The transfer of your data to third parties is also based on the above authorisation facts and your data will only be transferred within the scope of a processing agreement or if other confidentiality obligations exist. This includes persons subject to a duty of professional secrecy or shipping carriers.
Duration of storage, erasure of personal data
Personal data will only be processed and stored for the period necessary to fulfil the processing purposes. Following the purpose’s fulfilment, we will erase or block your data, provided that we are no longer subject to any legal storage obligation.
Data transfer to third parties
MC² Europe GmbH can transfer personal data to the following third parties:
Public authorities in the event of overriding legal provisions;
Other companies within the MCH Group;
MCH Group agencies abroad;
internally for purposes of internal communication, support, administration and billing;
MC² Europe GmbH’s data processor;
Service partners for accompanying services, if the data subject requests corresponding services from MC² Europe GmbH.
Collection of access data and log files
We collect access data (log files) about each server access on the basis of our legitimate interests in accordance with Article 6(1)(f) GDPR. This includes the name of the accessed website, date and time of access, transferred file and data volume, notification of successful or unsuccessful access, browser type and version, the operating system, referrer URL (the previously visited page) and your IP address.
Log files are collected for security reasons (e.g. to investigate criminal offences), are stored for a period of 7 days and subsequently deleted. If data are still required for evidence purposes, they will be excluded from erasure until the respective incident has been finally cleared up.
To guarantee a fast and stable connection, we have outsourced hosting to an external service provider. This provider will process the above-mentioned log data according to our specifications. Data is transferred on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR.
Use of cookies and tracking information
Cookies are text files that are stored by the internet browser on the user's computer system and identify a website user across multiple sessions to maintain website settings (e.g., language preferences). When accessing this website, technically necessary cookies are stored in the browser.
Additionally, we conduct anonymized user tracking using the web analytics tool Matomo, hosted on our own servers, to generate statistics on website usage. The IP address of the website user is anonymized, meaning only the first two octets of the IP address are processed. Since this involves anonymised user data, your consent is not required, and opting out is not possible (Recital 26 of the GDPR). If you wish to prevent tracking, block the connection to 'matomo.dxm.space' with an ad blocker.
The use of cookies is in accordance with Article 6(1)(f) of the GDPR, i.e., processing is necessary for the purposes of the legitimate interests in providing you with a positive website experience.
Making Contact
When contact is made (e.g. via the contact form, e-mail, telephone or social networks), the user’s personal data will be processed to process the contact request in accordance with Art. 6(1)(b) GDPR, i.e. to fulfil a contract or implement pre-contractual measures. Your data may be transferred to a customer management program (CRM system) for this purpose. Please note that we are required to archive e-mails in accordance with the German GoBD [Principles for the Proper Maintenance and Keeping of Books, Records and Documents in Electronic Form and for Data Access], and emails sent to us can therefore not be completely deleted (from our archive system).
No automated decision-making
MC² Europe GmbH shall refrain from automatic decision-making within the meaning of Article 22 GDPR.
Updating the Privacy Policy
We will update this privacy policy from time to time with respect to new legal bases or jurisprudence or modified processing procedures in our company. We therefore expressly reserve the right to make changes.
Notice on the rights of data subjects
If we process your personal data, you are the data subject within the meaning of the GDPR, and you have the following rights with respect to the controller:
Right to information and data portability
You have the right to request information about your stored personal data.
You have the right to receive the requested data in a commonly used and machine readable format.
Right to rectification
You have the right to obtain immediate rectification of any inaccurate personal data concerning you from the controller. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
Right to restriction of processing
You can request the restriction of the processing of personal data concerning you where one of the following conditions applies:
1) The data subject has contested the personal data’s accuracy for a period enabling the controller to verify the personal data’s accuracy;
2) The processing is unlawful, and the data subject opposes the personal data’s erasure and requests the restriction of the personal data’s use instead;
3) The controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defence of legal claims, or if
4) the data subject has lodged an objection to the processing, as long as it has not been established whether the controller’s justified grounds outweigh those of the data subject.
If processing has been restricted, such personal data shall only be processed – apart from being stored – with the data subject’s consent or for the purpose of establishing, exercising or defending legal claims or protecting the rights of another natural person or legal entity or on grounds of an important public interest of the Union or a Member State. We will notify you before the restriction is lifted.
Right to erasure
You can request the erasure of personal data concerning you where one of the following conditions applies:
1) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
2) The data subject withdraws their consent and there is no other legal ground for the processing;
3) The data subject objects to the processing and there are no overriding legitimate grounds for the processing.
4) The personal data was processed illegally;
5) The personal data erasure is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject;
6) The personal data was collected in relation to the use of web services.
Right to withdraw a declaration of consent
You have the right to withdraw consent to the processing of personal data at any time. In the event of withdrawal, the lawfulness of the processing carried out on the basis of the consent until the withdrawal shall not be affected.
Right to information
If you have exercised your right to rectification, erasure or restriction of processing, we shall also notify all recipients to whom this data has been transferred of this fact, unless this involves a disproportionate effort or is impossible.
Right to object
You also have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you. This also applies to a profiling based on these provisions. In the event of an objection, the controller shall no longer process personal data unless it can prove compelling reasons worthy of protection for the processing that override the data subject’s interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising. This also applies to profiling, if it is associated with such direct marketing.
Automated decisions in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which produces legal effects concerning you or similarly affects you significantly. This does not apply if the decision:
1) is necessary for the conclusion or performance of a contract between you and the data controller;
2) is permitted by Union law or the law of the Member States to which the data controller is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
3) is made with your express consent.
Decisions under paragraph 2 may not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies, and appropriate measures have been taken to protect the data subject’s rights, freedoms and legitimate interests.
With respect to the cases described in (1) and (3), the controller shall implement suitable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain human intervention on the controller’s part, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Collection of personal data
If you do not provide us with the personal data we require for contractual purposes, this failure to provide data shall not generally mean that the contract cannot be concluded. In individual cases we can advise you whether the provision of persona data is legally obligatory or contractually prescribed, and what consequences the failure to provide personal data would have in individual cases.