(Last revised: 27.11.2018)
When you visit our website, in certain cases we collect data that are or can be related to you. Some of these data are already visible to us when you access our website and some we collect when you provide them to us. We wish to inform you below of the purpose for which we collect these data and what we do with them.
What are Personal Data?
Personal data is all data that can be associated with you personally, e.g.:
- your name
- your address
- your email address
- your telephone number
- your user behaviour
When is the Processing of Personal Data Legally Permitted?
Pursuant to Art. 6 of the EU General Data Protection Regulation (EU GDPR) the processing of personal data is lawful in the following cases among others:
- If you have given us your consent to do so (Art. 6 paragraph 1 sentence 1 (a) EU GDPR).
- Processing is necessary for the performance of a contract to which you are a contracting party or in order to take steps at your request prior to entering into a contract (Art. 6 paragraph 1 sentence 1 (b) EU GDPR).
- Processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 paragraph 1 sentence 1 (c) EU GDPR).
- Processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 paragraph 1 sentence 1 (f) EU GDPR).
In addition to the purposes pursued when we collect data, we will state the legal basis on which we process data in each case below.
I. Controller; Data Protection Officer
(1) MVB GmbH
60311 Frankfurt am Main
represented by Chief Executive Officer Ronald Schild
Tel.: +49 69 1306-550
Fax: +49 69 1306-255
(2) You can reach our data protection officer by email at email@example.com or by post at the address named above and by adding "Data Protection Officer".
II. Data Collection when You Visit Our Website
1. Data collection when you access our website
(1) If you only access our website to obtain information (i.e. if you do not register or provide personal details in any other manner, e.g. by filling in a form), we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect data that are technically necessary for us in order to display our website to you and ensure stability and security. These data are the following:
- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of the request (specific site)
- access status/http status code
- quantity of data transmitted in each case
- website from which we receive the request
- operating system and its user interface
- language and version of the browser software
The data named above are also stored by us in the logfiles of our system. These are not stored with other data relating to you.
(2) The temporary storage of the IP address by our system is necessary in order to improve the stability and functionality of the website and for troubleshooting where necessary. The legal basis for this is Art. 6 paragraph 1 sentence 1 (f) EU GDPR.
(3) The data named above are deleted as soon as it is no longer necessary to store them to achieve the purpose. For the provision of the website, this is the case once you have finished visiting our site. Logfiles are deleted after 30 days at the latest.
(2) We use transient and persistent cookies.
a) Scope and functioning of transient cookies: Transient cookies are automatically deleted when the browser is closed. In particular, such transient cookies include session cookies which save what is referred to as a session ID that allows various requests of your browser to be allocated to the joint session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you logout or close your browser.
b) Scope and functioning of persistent cookies: Persistent cookies are automatically deleted after a specific period which varies depending on the cookie. You can delete cookies at any time in the security settings of your browser.
(4) You can set your browser so that you are informed when cookies are placed and so that you can decide on whether you will accept them on a case-by-case basis or generally refuse to accept cookies. Cookies already stored can be deleted at any time. If you wish to select appropriate settings for your browser, please note that the method of administration for each cookie setting differs from browser to browser. You will find descriptions on how you can change cookie settings in the help menu of any browser. You can find this description for the browsers below under the following links:
- Chrome: www.support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Firefox: www.support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Internet Explorer: www.support.microsoft.com/de-de/windows/loeschen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
- Opera: www.help.opera.com/de/latest/web-preferences/#cookies
- Safari: www.support.apple.com/de-de/guide/safari/sfri11471
If cookies are not accepted, this can restrict the functionality of our website.
3. Web analysis through Matomo (formerly PIWIK)
(1) We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software places a cookie on the computer of the users (see II.2 above on the functioning of cookies). If individual pages of our website are accessed, the following data are stored:
- two bytes of the IP address of the user’s calling system
- the website accessed
- the website from where the user reached the website being accessed (referrer)
- the subpages that are accessed from the accessed website
- the length of time spent on the website
- the frequency in which the website is accessed
The software runs exclusively on the servers of our website. Any storage of the personal data of users takes place only there. Data are not transmitted to third parties. The software is set so that IP addresses are not fully stored. Instead only 2 bytes of the IP address are masked (example: 192.168.xxx.xxx). This ensures that any allocation of the abbreviated IP address to the calling computer is no longer possible.
(2) Processing the personal data of users allows us to analyse the surfing behaviour of our users. The evaluation of the data captured allows us to compile information on the use of the individual components of our website. At the same time, it allows us to continually improve our website and its user friendliness. These are the purposes that create our legitimate interest in processing the data in accordance with Art. 6 paragraph 1 (f) GDPR. Through the anonymization of the IP address, due consideration is given to the interest of users in the protection of their personal data.
(3) The legal basis for the processing of personal data of users is Art. 6 paragraph 1 sentence 1 (f) EU GDPR.
(4) The data are deleted as soon as they are no longer required for recording purposes. In our case, this is 3 months afterwards.
(6) We offer users on our website the option of selecting to opt-out of the analytical procedure. You must follow an appropriate link for this purpose. By doing so, another cookie is placed on your system that signalises to our system that the user data may not be stored. If the user deletes this cookie from his own system at some stage, he must again place the opt-out cookie.
You have the possibility of preventing actions that you have performed here from being analysed and linked. This will protect your privacy, but it will also prevent the owner from learning from your actions and improving usability for you and other users.
Link to this topic: https://www.theadex.com/privacy-opt-out/
(7) Further information on the private sphere settings of the Matomo software is provided under the following link: www.matomo.org/docs/privacy.
4. Use of social media plugins
(1) We use the following social media plugins: Facebook, Google+, Instagram, Linkedin, Twitter and Xing to which the data named above under II.1. and 2. are transmitted. With Facebook and Xing the IP address is anonymised immediately after collection according to the respective provider in Germany. By activating the plugin, your personal data are thus transmitted to the respective plugin provider and stored there (in the case of U.S. providers in the United States). As the plugin provider collects data particularly via cookies, we recommend that you delete all the cookies (via the security settings of your browser) before clicking on the greyed out box.
(2) We can neither influence the data collected in this connection nor the data processing procedures nor do we know the full extent to which data are collected, the purposes of processing or the storage periods. Nor do we have any information on the deletion of the collected data by the plugin provider.
(3) The plugin provider stores the data collected on you as user profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried particularly (also for users not logged in) to present needs-based advertising and to inform other users of the social network of your activities on our website. You are entitled to object to the creation of these user profiles, although you must contact the respective plugin provider to exercise this right. We offer you the opportunity to interact with social networks and other users via the plugins so that we can improve our website and design it so that it is more interesting for you as a user. The legal basis for the use of the plugins is Art. 6 paragraph 1 sentence 1 (f) EU GDPR.
(4) Data are transmitted irrespective of whether you have set up an account with the respective plugin provider and are logged in there. If you have logged into the plugin provider, the data we have collected on you will be directly allocated to the account you have with the respective provider. If you click on the activated button and, for example, link up to the page, the plugin provider also stores this information in your user account and makes it public to your contacts. It is thus recommended that you logout of a social network after using it, particularly before activating the button. By doing so, you can avoid any allocation to your profile with the plugin provider.
(5) If you wish to receive further information on the purpose and extent of data collection and data processing by the plugin provider, you can do this as follows:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other#applications and www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-U.S. Privacy Shield, www.privacyshield.gov/eu-us-framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-U.S. Privacy Shield, www.privacyshield.gov/eu-us-framework.
c) Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA; https://help.instagram.com/155833707900388/
d) Linkedin Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-U.S. Privacy Shield, www.privacyshield.gov/eu-us-framework.
f) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; www.xing.com/privacy.
5. Integration of Youtube videos
(1) We integrate Youtube videos in several places on our website. These are stored on the youtube.com portal and can be played directly via our website.
(3) If you wish to receive further information on the purpose and the extent of data collection, you can access this directly in the privacy statement of Youtube. This also provides further information on your rights and setting options to protect your private sphere: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has submitted to the EU-U.S. Privacy Shield, www.privacyshield.gov/eu-us-Framework
6. Integration of Google Maps
(1) We integrate Google maps in several places on our website. This allows us to show you interactive maps directly on the website and to enable you to use the map function.
(3) You can obtain further information on the purpose and extent of data collection and the processing thereof by the plugin provider in the privacy statements of the provider. This also provides further information on your rights and setting options to protect your private sphere: www.google.de/intl/de/policies/privacy. Google also processes your data in the United States and has submitted to the EU-U.S. Privacy Shield, www.privacyshield.gov/eu-us-Framework.
(1) We work together with Aumago GmbH ("Aumago"), Berlin, a target group marketer. Aumago uses what are known as cookies, a text file that is stored in the browser of the computer. Pseudonymous usage data are collected in the form of cookie IDs and advertising IDs without IP addresses in the cookie. The cookie IDs and advertising IDs without IP addresses are not sufficient to identify a natural person behind a browser/user.
(2) On the basis of a user's surfing behaviour (website visited, categories, product pages), Aumago presumes the user has an interest in a specific B2B industry and uses this information on our behalf to deliver more targeted, usage-based online advertising. In the process, the cookies can be synchronised with other platforms via so-called cookie matching. Matching can take place, for example, for: Google, Doubleclick, Adition, Appnexus, Mediamath, The Trade Desk, Adform, Active Agent and yieldlab.
(3) The cookies are either Aumago cookies or cookies from service providers that Aumago uses, such as The ADEX GmbH, Berlin. The user can opt out and thus object to this cookie tracking at any time via the following link: www.theadex.com/privacy-opt-out/. By doing so, what is known as an opt-out cookie is set. The opt-out cookie requires a setting in the browser that will not prevent the storage of cookies or delete the cookie. After deleting the opt-out cookie, the user must repeat his objection. Alternatively, the user can delete the cookies directly in the browser, set his browser settings to do-not-track from the outset or manage his cookie preferences there. If you wish to find out what information is stored in your cookie, please send us your cookie ID.
(4) The legal basis for the processing of the personal data of the user is Art. 6 paragraph 1 sentence 1 (f) EU GDPR.
8. Use of Google Recaptcha
(1) We integrate the bots detection function (e.g. for entries in online forms) "Recaptcha" from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
(2) If you wish to receive further information on the purpose and extent of data collection and data processing by the plugin provider, you can access this directly in the provider's privacy statement. This also provides further information on your rights and setting options to protect your private sphere: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has submitted to the EU-U.S. Privacy Shield, www.privacyshield.gov/eu-us-framework.
(3) Opt-out: https://adssettings.google.com/authenticated.
III. Data Collection when You Contact Us
(1) When you contact us by email or via a contact form we have provided for this purpose, we store the data you give us in this connection (your email address and if applicable, your name, your address and your telephone number) in order to deal with your request and if applicable, to answer the questions you have asked.
(2) The legal basis for this is Art. 6 paragraph 1 sentence 1 (f) EU GDPR. If by contacting us, you intend to enter into a contract with us, the legal basis is also Art. 6 paragraph 1 sentence 1 (b) EU GDPR.
(3) We delete the data arising after it is no longer necessary to store them or we restrict processing if statutory retention periods apply.
IV. Data Collection if You Order a Newsletter or if Newsletters are Sent after Newsletter Subscription
(1) You may subscribe to a free newsletter via our website in which we inform you of our offers, the latest news and our ongoing activities. The individual contents of the news are named in the respective declaration of consent.
(2) During your registration, your email address is sent to us (mandatory field). If you provide further personal details to us, this is done voluntarily and serves the purpose of addressing you personally.
(3) After we have received your registration, we send an email to the email address you have given in which we request you to confirm that you wish to receive the newsletter (referred to as the double opt-in procedure). If you do not confirm your registration within 48 hours, we block your information and automatically delete it after one month. We also save your IP addresses and the time of your registration as well as your confirmation. Our purpose in collecting this information is to be able to furnish proof of your registration in order to investigate any misuse of your personal data.
(4) After you have confirmed your subscription to the newsletter, we save your email address for the purpose of sending you the newsletter. The legal basis for this is Art. 6 paragraph 1 sentence 1 (a) EU GDPR.
(5) You can revoke your consent to receiving the news at any time with effect for the future and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided for this purpose in every newsletter or by sending us an email at firstname.lastname@example.org.
(6) If you order goods or a service from us and we receive your email address in this connection, we also use this email address to offer you similar goods or services (Section 7 paragraph 3 of the Act Against Unfair Competition). The legal basis for this is Art. 6 paragraph 1 sentence 1 (f) EU GDPR.
(7) We save your email address for the period in which you have not objected to our using it for the purpose of news dispatch and we send you our newsletter on a regular basis.
V. Right of Objection
(1) You have the right to object to the processing of your personal data for the purposes of direct advertising or data analysis.
(2) If we process your data to safeguard legitimate interests, you may object to such processing if there are reasons in your particular situation for the data not being processed.
VI. Use of Blog Functions
(1) In the blog functions we offer you can comment on the topics we publish. These comments can be seen by everyone. Your respective comment will be published with your name in the contribution. Your name and your email address must be provided, any other particulars are supplied voluntarily.
(2) If you make any comment, we will continue to store your IP address, which we will delete after six months. We need to store this information so that we can defend ourselves against liability claims in the event that any unlawful contents are published. We require your email address so that we can contact you if a third party believes your comments are unlawful and objects to these. The legal basis is Art. 6 paragraph 1 sentence 1 (b) and (f) EU GDPR.
(3) If you wish to be informed when another user has commented on a contribution, you can activate the tick box in our email service when you write your comment. You will receive an email from us for this purpose in which you confirm that you are the owner of the email address and wish to receive the notification (referred to as the double opt-in procedure). You can unsubscribe from the notifications at any time by clicking on the link shown in the email. We store your personal data, including your email address, the times at which you registered for the notifications and your IP address until you cancel your registration for the notification service. The legal basis is Art. 6 paragraph 1 sentence 1 (b) EU GDPR.
VII. Data Collection if You Order from Our Web Shop
(1) We ask you to provide specific personal details when you place orders via our web shop. Several fields in the order form are marked as mandatory fields which must be filled in to complete the order and to implement a contract. Mandatory information as such includes:
- your first name and surname
- your address (an if applicable, any invoicing or delivery address where these differ)
- your email address
- possibly the position you hold in your company
- data that arise in connection with the method of payment you have selected (banking details)
All other particulars are voluntary and serve the purpose of personalising our communication with you.
(2) If you open a customer account, you can place further orders using this customer account. In that case you do not need to keep re-entering your personal details as we will store them until you revoke them.
(3) To execute your order, we disclose your name and your address (or your delivery address) to the company that we have engaged to deliver the goods.
(4) The purpose of data collection is to execute your order. The legal basis is Art. 6 paragraph 1 sentence 1 (b) EU GDPR.
VIII. Processing of Data by External Service Providers
In some cases we use external service providers to process your data. These were carefully selected and engaged by us, are bound to our instructions and are checked on a regular basis.
IX. Data Processing in the Corporate Group
(1) Areas of the Börsenverein Group perform specific centralised data processing tasks for the affiliated companies in the group. To the extent that there are contractual relations between you and us or between you and one or several companies in our group, your data might be centrally processed. This occurs, for example, for the central administration of address data, for contract and service processing, for debt collections and disbursements or in order to generally deal with post. Further information on the affiliated companies in the group is available here.
(2) The legal basis for this is Art. 6 paragraph 1 sentence 1 (f) EU GDPR.
X. Recipients of Data for Actions, Events and Similar with Partners
(1) We can disclose your personal data to third parties if we offer and/or carry out actions, events, competitions, contract conclusions or similar services together with partners. You will receive further information on these when you provide your personal data.
(2) Insofar as our partner is domiciled in a country outside the European Economic Area, we will inform you of the consequences of this fact in the description of the respective offer.
XI. Further Recipients of Personal Data
We can transmit your personal data to further recipients, such as to authorities to meet legal reporting obligations (e.g. fiscal authorities, social insurance agencies or prosecution authorities).
XII. Credit Checks
We transfer personal data collected within the context of this contractual relationship on the application, the execution and termination of these business relations and data concerning non-contractual or fraudulent behaviour to CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Germany. The legal basis for these transmissions is Article 6 paragraph 1 and Article 6 paragraph 1 (f) EU GDPR. Transmissions on the basis of Article 6 paragraph 1 (f) GDPR may only take place to the extent necessary to protect the legitimate interests of our company or third parties and provided these interests are not outweighed by the interests or fundamental rights and freedoms of the person concerned requiring the protection of personal data. The exchange of data with CRIF Bürgel serves the purpose of fulfilling legal obligations to carry out credit checks of customers (Sections 505a and 506 of the German Civil Code). CRIF Bürgel processes the data received and also uses these for the purpose of profiling (scoring) in order to provide information to its contractual partners in the European Economic Area and in Switzerland as well as possibly other third countries (if there is an decision on the appropriateness for these of the European Commission), among other things to assess the creditworthiness of natural persons. More detailed information on the activities of CRIF Bürgel can be found in the CRIF Bürgel information sheet or online at www.crifbuergel.de/de/datenschutz.
XIII. Your Data Protection Rights
(1) You can obtain information on the data stored on you under the address named above under I. In addition, you may demand that data are corrected if we have stored incorrect data on you. Taking the processing purposes into account, you also have the right to demand that further details are added to your personal data to make them complete if the data we have stored on you are incomplete. Furthermore, you may demand the deletion of your data under certain conditions. You may also have the right to limit the processing of your data and the right to the surrender of the data you have provided in a structured, common and machine-readable format.
(2) You have the right to contact a data protection authority with any complaint. The supervisory authority responsible for us is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.
XIV. Duration of Data Storage: Reference to Retention Obligations Under Tax and Commercial Law
(2) We might store personal data for the period in which claims can be asserted against us (statutory limitation period of up to three years). The legal basis for this is Art. 6 paragraph 1 sentence 1 (f) EU GDPR.
(3) We also store your personal data if we are legally obliged to do so. Such obligations to furnish and retain proof arise, among other things, from the German Commercial Code or tax regulations and specify periods of up to ten years. The legal basis for this is Art. 6 paragraph 1 sentence 1 (c) EU GDPR.
XV. Declarations of Consent
You expressly submitted the following consent(s) to us and we recorded your consent. Under the Telemedia Act, we are obliged to make the content of consents available upon request at any time. You may revoke your consent(s) at any time with effect for the future.