Name and address of the controller
The controller as defined by the General Data Protection Regulation and other national data privacy laws of the Member States as well as other provisions relating to data privacy legislation is:
MVI Group GmbH
Tel.: +49 89 6146970
Name and address of the Data Protection Officer
The Data Protection Officer of the controller is:
Tel.: +49 661 29698090
I. General information on data processing
1. Extent to which personal data are processed
In principle, we collect and use personal data of our users only to the extent that this is necessary in order to provide a functional website and also our content and services. Personal data of our users are generally only collected after the user has consented to this. An exception applies in those cases where it is not objectively possible to obtain prior consent and the processing of the data is permitted by statutory provisions.
2. Legal basis for the processing of personal data
Where we obtain the data subject’s consent for personal data to be processed, the legal basis for processing personal data shall be provided by Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR).
When processing personal data required for performance of a contract where the data subject is a contracting party, the legal basis shall be provided by Article 6 (1) lit. b GDPR. This shall also apply to processing activities which are necessary in order to carry out pre-contractual measures.
Where processing of personal data is required in order to fulfil a legal obligation incumbent on our company, the legal basis shall be provided by Article 6 (1) lit. c GDPR.
If vital interests of the data subject or of another natural person render the processing of personal data necessary, the legal basis shall be provided by Article 6 (1) lit. d GDPR.
If processing is necessary in order to safeguard a legitimate interest of our company or of a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not override said interest, the legal basis for the processing shall be provided by Article 6 (1) lit. f GDPR.
3. Data erasure and period of storage
The personal data of the data subject shall be erased or blocked as soon the purpose of storage ceases to apply. Data may be stored beyond this point if this is permitted by the European or national legislator in regulations, laws or other provisions under Union law to which the controller is subject. The data shall also be blocked or erased if a storage period prescribed by the specified standards expires, unless continued storage of the data is necessary for the purpose of concluding or performing a contract.
II.Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is visited, our system automatically records data and information from the computer system of the computer which accessed the website.
The following data are collected in such cases:
This section must be adapted accordingly. Data which are not applicable must be removed, and any missing data must be supplemented.
(1)Information on the browser type and the version used
(2)The user’s operating system
(3)The user’s Internet service provider
(4)The user’s IP address
(5)The date and time of access
(6)Websites from which the user’s system accessed our website
(7)Websites which were accessed by the user’s system via our website
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and log files is Article 6 (1) lit. f GDPR.
Purpose of data processing
3. The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session
Storage in log files is designed to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our IT systems. The data are not analysed for marketing purposes in this context. These purposes also include our legitimate interest in data processing pursuant to Article 6 (1) lit. f GDPR.
4. Duration of storage
The data shall be erased as soon as they are no longer required to achieve the purpose for which they were collected. If the data are collected in order to make the website available, this shall be the case when the respective session has ended. Where data are stored in log files, this shall be the case no later than after seven days. Data may be stored for a longer period. In such case, the IP addresses of users shall be erased or altered so that it is no longer possible to assign the requesting client.
5. Ability to object and have data erased
The collection of data in order to make the website available and the storage of the data in log files are essential for the operation of the website. The user shall therefore have no right of objection.
a) Description and scope of data processing
(1)non user related analysis of visited pages, clicking, actual visits
(2)frequency of visits of a page
(3)usage of website functions
The user data collected in this way are pseudonymised by means of technical measures. It is therefore no longer possible to assign the data to the user accessing the website. The data are not stored together with other personal data of users.
If the user’s consent is obtained before cookies which are technically not necessary are installed and called up:
b) Legal basis for the processing of data
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR.
c) Purpose of data processing
If cookies which are technically necessary are used:
We require cookies for the following applications:
The applications are listed below.
(1) non user related analysis of visited pages, clicking, actual visits
(2) frequency of visits of a page
(3) usage of website functions
The user data collected by technically necessary cookies are not used to create user profiles.
These purposes also include our legitimate interest in the processing of personal data pursuant to Article 6 (1) lit. f GDPR.
e) Duration of storage, ability to object and have cookies removed
IV. Data privacy for job applications and during the application process
The controller collects and processes the personal data of applicants for the purpose of carrying out the application process. Data may also be processed by electronic means. This is in particular the case if an applicant sends corresponding application documents to the controller by electronic means, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data shall be stored for the purpose of processing the employment relationship, taking into account statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted five months after the rejection decision has been notified, provided that no other legitimate interests of the controller stand in the way of such deletion. In this context, “other legitimate interest” means, for example, a burden of proof in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz [AGG]).
V. Plug-ins and Tracker
Plug-ins of the Facebook social network, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated into our website. The Facebook plug-ins can be recognised by the Facebook logo or the “like button“ on our website. An overview of Facebook plug-ins can be found here: http://developers.facebook.com/docs/plugins/.
If you do not wish Facebook to be able to assign the visit to our website to your Facebook user account, please log out of your Facebook user account.
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is called up, a link to LinkedIn’s servers is established. LinkedIn is informed that you have visited our website using your IP address. If you click on LinkedIn’s “recommend button“ and are logged in to your LinkedIn account, it is possible for LinkedIn to assign your visit to our website to you and your user account. Please note that, as the website provider, we have no knowledge of the content of the transmitted data or of their use by LinkedIn.
This website uses the open source web analytics service Matomo. Matomo uses “cookies“, which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie on the use of this website is stored on our server. The IP address is anonymised before it is stored.
The information generated by the cookie on the use of this website is not transmitted to third parties. You can prevent cookies being stored by means of a corresponding setting in your browser software; however we would point out that in such case, you may not be able to fully use all functions of this website.
If you do not agree to your data being stored and used, you can deactivate storage and usage here. If you do this, an opt-out cookie will be stored in your browser which will prevent Matomo from collecting any usage data. If you delete your cookies, this will mean that the Piwik opt-out cookie is also deleted. The opt-out must be reactivated when you revisit our website.
Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing Xing functions is called up, a link to Xing’s servers is established. As far as we are aware, no personal data are stored during this process. In particular, no IP addresses are stored and user behaviour is not analysed.
Our website uses plug-ins of the website YouTube, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages with a YouTube plug-in, a link to YouTube’s servers will be established. In this way, the YouTube server is notified as to which of our website pages you have visited.
If you are logged in to your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
VI. SSL encryption
For security reasons and in order to protect the transmission of confidential content such as, for example, the enquiries which you send to us as website operator, this website uses SSL encryption. You can recognise an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and by the lock symbol in the browser line.
If SSL encryption is activated, the data which you transmit to us cannot be read by third parties.
VII. Use of Google Maps
This website uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. In order to use the features of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA, where it is stored. The provider of this website has no influence on this data transmission.
The following is designed to inform you about the content of our newsletter and also about the registration, dispatch and statistical analysis process, as well as your rights of objection. By subscribing to our newsletter, you declare your consent to receive the newsletter and to the described procedure.
Content of the newsletter
We only send newsletters, emails and other electronic notifications containing advertising information (hereinafter referred to as “newsletter“) with the consent of the recipients, or if we are in possession of a statutory permit. Where a newsletter registration process specifically describes the newsletter contents, these are authoritative for the users’ consent. In addition, our newsletters contain information on ...
Double opt-in and recording
Registering for our newsletter is based on a double opt-in process. This means that after registering, you will receive an email in which you are asked to confirm your registration. This confirmation is necessary to ensure that no one can register using third-party email addresses.
Newsletter registrations are recorded in order to be able to provide evidence of the registration process in accordance with legal requirements. This includes storing the time of registration and time of confirmation, as well as the IP address. Changes to your data stored at MailChimp are also recorded.
Use of the mail-handling service provider “MailChimp”
The newsletter is sent via “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients and also their additional data described within the framework of this information are stored on MailChimp servers in the USA. MailChimp uses this information to send and analyse the newsletter on our behalf. In addition, MailChimp can, according to its own information, use these data to optimise or improve its own services, e.g. for technical optimisation of the dispatch process and presentation of the newsletter, or for commercial purposes in order to determine the countries from which recipients originate. However, MailChimp does not use the data of our newsletter recipients in order to contact these recipients itself or to forward the data to third parties.
We have confidence in MailChimp’s reliability and in its IT and data security. MailChimp is certified according to the US-EU data privacy agreement “Privacy Shield“ and thus undertakes to comply with EU data privacy requirements. We have also concluded a “data-processing agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process said data on our behalf in accordance with its data privacy provisions and in particular not to forward the data to third parties. MailChimp’s data privacy provisions can be viewed here.
To register for the newsletter, you only need to provide your email address.
You may, if you so choose, provide your first name and surname. This information is used solely to personalise the newsletter.
Collection and analysis of statistics
The newsletters contain a “web beacon“, i.e. a pixel-sized file which is called up by MailChimp’s server when the newsletter is opened. When this web beacon is accessed, technical information such as information on the browser and on your system, as well as your IP address and time of access, are initially collected. This information is used for technical improvement of the services based on the technical data or on the target groups and their reading behaviour, according to their access locations (which can be determined using the IP address) or access times.
The statistical information collected also includes ascertaining whether the newsletters are opened, when they are opened and which links are clicked. Although this information can be assigned to the individual newsletter recipients for technical reasons, it is not our intention, or that of MailChimp, to monitor individual users. Rather, the analyses are used by us to identify reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Online access and data management
You may terminate the receipt of our newsletter at any time, i.e. revoke your consent. This will at the same time end your consent to its dispatch by MailChimp and to the statistical analyses. Unfortunately, it is not possible to revoke dispatch via MailChimp or the statistical analyses separately.
A link to cancel the newsletter is provided at the end of every newsletter.
IX. Rights of the data subject
If your personal data are processed, you are a data subject as defined by the GDPR and you have the following rights vis-à-vis the controller:
1.Right to be informed
You can ask the controller to confirm whether personal data concerning you are processed by us.
If such processing applies, you can demand the following information from the controller:
(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom personal data have been or will be disclosed;
(4) the envisaged period for which personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data concerning you or restriction of processing of personal data concerning you, or to object to such processing;
(6) the existence of the right to lodge a complaint with a supervisory authority;
(7) where personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information on whether personal data relating to you are transferred to a third party or to an international organisation. In such case you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right of rectification
You have the right to obtain from the controller the rectification of inaccurate and/or the completion of incomplete personal data concerning you. The controller must carry out the rectification without undue delay.
3. Right to restriction of processing
You have the right to demand the restriction of processing of your personal data where one of the following applies:
(1) if you contest the accuracy of the personal data relating to you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing of personal data is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
(4) you have objected to processing pursuant to Article 21(1) GDPR pending verification whether the legitimate grounds of the controller override your legitimate grounds.
Where processing of personal data relating to you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If restriction of processing was obtained pursuant to the above prerequisites, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a)Obligation to erase data
You can demand from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:
(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing was based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
(4) the personal data concerning you have been unlawfully processed;
(5) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b)Provision of information to third parties
Where the controller has made personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copies or replications of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to be notified
If you have asserted your right vis-à-vis the controller to the rectification or erasure of data or the restriction of processing, the controller shall be obliged to communicate any such rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed about those recipients.
6. Right to data portability
You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the establishment, exercise or defence of legal claims.
Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw consent under data privacy law
You have the right to withdraw your consent under data privacy law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the data controller;
(2) is authorised by Union or Member State law to which the controller is subject and such law also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Competent authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA – Bavarian Data Protection Authority)
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.