Privacy policy
Version 1.0 ∣ 16.07.2024
All information about privacy, terms of use and the cookie policy
Since May 25, 2018, the provisions of the EU General Data Protection Regulation (hereinafter: GDPR) have applied throughout Europe. In the following, we would like to inform you about the processing of personal data carried out by MÄHREN AG in accordance with this new regulation (see Article 13 GDPR). Please read our data protection information carefully. If you have any questions or comments about this data protection information, you can send them at any time to the e-mail address given in section 2.
Contents
- 1. Overview
2. Name and contact details of the data controller and the company data protection officer - 3. Purposes of data processing, legal basis and legitimate interests pursued by MÄHREN AG or a third party as well as categories of recipients
- 3.1. How and on what legal basis do we process your data when you visit our website?
- 3.2. Conclusion, execution or termination of a contract
- 3.3. Data processing for advertising purposes
- 3.4. Online presence and website optimization
- 3.5. Job advertisements / applicant data
- 4. Transfer to recipients outside the EU
- 5. Your rights
- 6. Duration of storage of personal data
- 7. Data security measures
1. Overview
The following Privacy Policy informs you about the type and scope of the processing of so-called personal data by MÄHREN AG. Personal data is information that can be directly or indirectly assigned to you or can be assigned to you.
Data processing by MÄHREN AG can essentially be divided into two categories:
For the purpose of contract processing, all data required for the execution of a contract with MÄHREN AG is processed. If external service providers are also involved in the processing of the contract, e.g. logistics companies or payment service providers, your data will be passed on to them to the extent necessary in each case. When you access the MÄHREN AG website, various pieces of information are exchanged between your terminal device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your end device.
In accordance with the provisions of the GDPR, you have various rights that you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes. The option to object is highlighted in print.
If you have any questions about our data protection information, you are welcome to contact our company data protection officer at any time. You will find the contact details below.
2. Name and contact details of the controller and the company data protection officer
This Privacy Policy applies to data processing by MÄHREN AG, Kurfürstendamm 185, 10707 Berlin (“responsible party”), and to the following websites: www.maehren.ag/en. The data protection office of MÄHREN AG, heyData, can be reached at the above address, Attn. Data Protection Department, or at datenschutz@maehren.ag.
3. Purposes of data processing, legal bases and legitimate interests pursued by MÄHREN AG or a third party, as well as categories of recipients
3.1. How and on what legal basis do we process your data when you visit our website?
When you visit our website, the browser on your end device automatically sends information to the server of our website and temporarily stores it in a so-called log file. We have no influence on this. The following information is collected without your intervention and stored until automatic deletion:
the IP address of the requesting internet-capable device the date and time of access the name and URL of the file accessed the website from which the access was made (referrer URL) the browser you use and, if applicable, the operating system of your Internet-enabled computer, as well as the name of your access provider
The legal basis for the processing of the IP address is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that we are not able to draw any conclusions about your identity from the collected data and that we will not do so.
The IP address of your terminal device and the other data listed above are used by us for the following purposes:
Ensuring a smooth connection setup Ensuring a comfortable use of our website, evaluation of system security and stability as well as other administrative purposes
The data is stored for a period of 90 days and then automatically deleted. Furthermore, we use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website. The exact procedures involved and how your data is used for this purpose are explained in more detail below in section 3.4.
If you have consented to geolocation in your browser or operating system or other settings on your end device, we use this function to offer you individual services based on your current location (e.g., the location of the nearest store). We process your location data processed in this way exclusively for this function. If you terminate the use, the data will be deleted.
3.2. Conclusion, execution of termination of a contract
3.2.1. Data processing upon conclusion of a contract
The object of activity of MÄHREN AG is the purchase and sale as well as the management of real estate – in particular the activity of a housing company. In this context, we process the data required for the conclusion, execution or termination of a contract. This includes:
First name, last name Billing address Email address Invoice and payment data Date of birth, if applicable Telephone number, if applicable
The legal basis for this is Article 6(1)(b) GDPR. Insofar as we do not use your contact data for advertising purposes (see 3.3. below), we store the data collected for contract processing until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiration of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (regularly ten years from the conclusion of the contract), the data is processed again solely in the event of an audit by the tax authorities.
3.2.2. Identity, creditworthiness and transmission to credit agencies
If necessary, we verify your identity by using information from service providers. The legal basis for this is Article 6 (1) (b) and (f) GDPR. The authorization for this results from the protection of your identity and the prevention of fraud attempts at our expense. The circumstance and the result of our inquiry will be added to your customer account or your guest account for the duration of the contractual relationship.
In the event of a delay in payment, we transmit the necessary data to a company commissioned to enforce the claim if the other legal requirements are met. The legal basis for this is both Article 6(1)(b) and Article 6(1)(f) GDPR. The assertion of a contractual claim is considered a legitimate interest within the meaning of the second-mentioned provision. We also transmit information about the delay in payment or any bad debt to credit agencies cooperating with us if the other legal requirements are met. The legal basis for this is Article 6 (1) (f) GDPR. The legitimate interest required here results from our interest, as well as the interest of third parties in reducing contractual risks for future contracts.
3.2.3. Contact form
The website of the MÄHREN AG contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
3.3. Data processing for advertising purposes
The following statements relate to the processing of personal data for advertising purposes. The GDPR declares such data processing on the basis of Article 6(1)(f) as conceivable in principle and as a legitimate interest. The duration of data storage for advertising purposes does not follow any rigid principles and is based on the question of whether storage is necessary for advertising purposes. Please refer to section 3.3.3 for information on how to proceed in the event of your objection.
3.3.1. Advertising purposes of MÄHREN AG and third parties
Insofar as you have concluded a contract with us, we manage you as an existing customer. In this case, we process your postal contact data outside of the existence of a specific consent in order to send you information about new products and services in this way. From time to time, we may send your postal contact information to carefully selected contractual partners from the retail and telecommunications sectors so that they can also inform you about their products. We process your e-mail address in order to send you information on our own similar products, unless you have given your specific consent.
3.3.2. Interest-based advertising
To ensure that you only receive information that is of supposed interest to you, we categorize and add further information to your customer profile. Statistical information as well as information about you (e.g. basic data of your customer profile) is used for this purpose. The aim is to send you advertising that is geared solely to your actual or perceived needs and accordingly not to bother you with useless advertising.
The legal basis for the aforementioned processing is in each case Article 6(1)(f) GDPR. The processing of existing customer data in this way for our own advertising purposes or for the advertising purposes of third parties is to be regarded as a legitimate interest.
3.3.3. Right of objection
You may object to data processing for the aforementioned purposes at any time, free of charge, separately for the respective communication channel and with effect for the future. For this purpose, it is sufficient to send an e-mail or a postal letter to the contact data mentioned under 1.
If you object, the contact address concerned will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent after receipt of your objection. This is due to technical reasons and does not mean that we will not implement your objection. Thank you for your understanding.
3.3.4. Newsletter dispatch
On our website, we may offer you the possibility to subscribe to our newsletter. In order to be able to ensure that no mistakes have been made when entering the email address, we use the so-called double opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your e-mail address be added to our distribution list. You can revoke your consent at any time with effect for the future. For this purpose, it is sufficient to send a short note by e-mail to the e-mail address given under section 2.
3.4. Online presence and website optimization
3.4.1. Cookies – general information
We use so-called cookies on our website. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that is related to the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. The use of cookies helps us to make our offer more convenient for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website or that you have already logged into your customer account. These are automatically deleted after you leave our site. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you as well as to display information tailored specifically to you. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website. The storage period of cookies depends on their intended use and is not the same for everyone.
If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
On our website, we use the cookies listed in the following table, with the functions also specified there. The storage period of the respective cookies can also be found below.
Cookie name: _gid
Function/purpuse: This cookie is set by Google Analytics to store a unique user ID
Storage duration: 1 day
—
Cookie name: _gat
Function/Purpose: This cookie is set by Google Analytics to count and track page views.
Storage duration: 1 minute
—
Cookie name: _ga
Function/Purpose: This cookie is used to distinguish users.
Storage duration: 730 days
3.4.2. Google Analytics
For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analytics service offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), on the basis of your consent (see Article 6(1) lit. a) GDPR). Furthermore, the use of Google Analytics for the purpose of demand-oriented design and continuous optimization of our pages constitutes a legitimate interest within the meaning of Article 6(1) lit. f) GDPR.
Google Analytics uses cookies with a validity of 14 months to record your access data when you visit our website. The access data is compiled by Google on our behalf into pseudonymous usage profiles and transferred to a Google server in the USA. Your IP address is anonymized beforehand. We are therefore unable to determine which usage profiles belong to a particular user. Based on the data collected by Google, we can therefore neither identify you nor determine how you use our website.
The information generated by the cookie about your use of this website such as..
Browser type/version operating system used Referrer URL (the previously visited page) host name of the accessing computer (IP address) time of the server requests
are transferred to a Google server in the USA and stored there.
In the event that, exceptionally, personal data is transferred to the USA, Google has integrated the EU Standard Contractual Clauses into its terms and conditions and thus offers a guarantee that the European data protection principles and the local data protection level are also guaranteed in the context of data processing taking place in the USA.
Google will use the information obtained through the cookies on our behalf to evaluate the use of our website, to compile reports on website activities and to provide us with further services related to website and Internet use. Further information on this can also be found in the privacy policy of Google Analytics. Google Analytics sets the following three cookies for the specified purpose with the respective storage period: “_ga” for 2 years, “_gid” for 24 hours (both to distinguish the website visitors) and “_gat” for 1 minute (to reduce requests to the Google servers).
You can object to web analysis by Google at any time. You have several options to do so:
You can set your browser to block cookies from Google Analytics. You can adjust your settings for advertising with Google with this link: https://support.google.com/ads/answer/7395996. You can set a deactivation cookie. You can install the deactivation plug-in provided by Google at the following link in your Firefox, Internetexplorer or Chrome browsers (this variant does not work on mobile devices): https://support.google.com/ads/answer/7395996.
For more information about Google Analytics, please see Google’s privacy policy.
3.4.3. Google Ads Remarketing
We use the remarketing function within the Google Ads service. With the remarketing function, we can present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called “Google Ads” or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers a user was interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google display network. These cookies are used to record the visits of these users. The cookies are used to uniquely identify a web browser on a specific end device and not to identify a person.
Receiving:
For more information about Google’s privacy practices, please see here: https://policies.google.com/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.
Transfers to third countries are possible. So-called standard contractual clauses pursuant to Art. 46 GDPR have been concluded as suitable guarantees. Further information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection.
Cancellation/Revocation:
You can prevent participation in this tracking process in various ways: a) by adjusting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; b) by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin, e) by means of the corresponding cookie setting. We would like to point out that in this case you may not be able to use all functions of this offer in full.
Legal basis:
Art. 6 (1) a GDPR (consent).
3.4.4. Use of Google Maps
This website uses Google Maps to display interactive maps and to create directions. Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA If you call up a web page of our website that contains Google Maps, your browser establishes a direct connection with Google’s servers. The map content is transmitted by Google directly to your browser, which then integrates it into the website. Therefore, we have no influence on the scope of the data collected by Google in this way. According to our knowledge, this is at least the following data:
- Date and time of the visit to the website in question,
- Internet address or URL of the website accessed,
- IP address,
- (start) address entered as part of route planning
We have no influence on the further processing and use of the data by Google and therefore cannot accept any responsibility for this.
If you do not want Google to collect, process or use data about you via our website, you can disable JavaScript in your browser settings. In this case, however, you will not be able to use the map display.
The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and settings options for protecting your privacy can be found in Google’s privacy policy. There you can also change your settings in the Privacy Center so that you can manage and protect your data.
3.4.5. Use of Google reCAPTCHA
On this website, we use “Google reCAPTCHA” (hereinafter “reCAPTCHA”). The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
This function is primarily used to distinguish whether an input is made by a natural person or is misused by machine and automated processing. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The
website operator has a legitimate interest in protecting its web offerings from abusive
automated spying and SPAM. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
For more information on Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use under the following links:
https://policies.google.com/privacy and
https://policies.google.com/terms.
3.4.6. Google Tag Manager
Our website uses the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
When Google Tag Manager is started, your browser establishes a connection to Google’s servers. Through this, Google obtains knowledge that our website has been accessed via your IP address.
The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to include code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. In doing so, the data is only forwarded by the Tag Manager, but not collected or stored. The Tag Manager itself is a cookieless domain and does not process any personal data, as it is purely used to manage other services in our online offering. The Tag Manager takes care of the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with the Tag Manager.
The legal basis here is Art. 6 para. 1 lit. a EU-GDPR. You can deactivate the additional services via the cookie settings by not agreeing to the use of Google Tag Manager. This will also automatically deactivate the additional services included in the Google Tag Manager.
We would like to point out that data transfer to the USA cannot be ruled out within the scope of this service. For more detailed information, we refer you to 4. of this privacy policy.
Further information on data protection can be found in the privacy policy and the terms of use of Google.
3.4.7. Cloudflare
On our website, we use a so-called Content Delivery Network (“CDN”) of the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA (“Cloudflare”). A content delivery network is an online service that is used in particular to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. The use of Cloudflare’s Content Delivery Network helps us to optimize the loading speeds of our website.
The processing is carried out pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in a secure and efficient provision, as well as improvement of the stability and functionality of our website.
We have concluded an order processing agreement with Cloudflare (Data Processing Addendum, viewable at https://www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf), which obliges Cloudflare to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Cloudflare refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
For more information, please see Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy
3.4.8. Social-Media-Plug-ins
We use social plug-ins from the social networks Facebook and Twitter on our website on the basis of Article 6 (1) (f) GDPR in order to make our company better known via these. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection-compliant operation is to be ensured by their respective providers. The integration of these plug-ins by us takes place by way of the so-called two-click method in order to protect visitors to our website as best as possible.
3.4.8.1. Facebook
Our website uses so-called plug-ins of the social network Facebook, which is offered by Meta Platforms, Inc, 1 Meta Way Menlo Park California 94025. We are joint controllers with Meta for this data processing in accordance with Art. 26 GDPR.
The information required with regard to joint responsibility in accordance with Art. 13 para. 1 lit. a and b GDPR can be found in Facebook’s privacy policy. You can access this via the following link https://www.facebook.com/about/privacy.
In order to determine the fulfillment of the obligation in accordance with the GDPR with regard to joint responsibility, we have concluded the addendum for controllers with Facebook. For this purpose, it was agreed that Facebook is responsible for the fulfillment of the rights of data subjects in accordance with Art. 15 – 20 GDPR with regard to the personal data stored by Facebook after joint processing.
In this context, we would like to point out that data is transferred to the USA as part of this service and that such a transfer cannot be ruled out. Meta Platforms, Inc. has certified itself for the adequacy decision for the EU-U.S. Data Privacy Framework (successor to the “Privacy Shield”), which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.dataprivacyframework.gov/list
As a user of our website, you have the option of sharing content from our site within Facebook by “LIKE” or “SHARE”. An overview of the Facebook plug-ins and their appearance can be found at the following link. In this context, we have taken precautions to ensure that such a plug-in does not cause your browser to establish a connection to the Facebook server when you visit our website. Only when you activate such a plug-in (first click) does your browser establish a direct connection to the Facebook servers.
The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
Since this process requires an active action by you, the data processing in this case is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG. You can withdraw your consent at any time with effect for the future.
If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook profile. If you interact with the plug-ins, for example by clicking the “Like” button, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
We would like to point out that Facebook may use this information for the purposes of advertising, market research and the needs-based design of Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
Further information on how Facebook processes personal data, including the legal basis on which Facebook relies and the options for exercising the rights of data subjects vis-à-vis Facebook, can be found in Facebook’s data policy at https://www.facebook.com/about/privacy.
In addition, settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings. Use the following link for this: https://www.facebook.com/about/privacy.
Facebook Pixel
On our website, the so-called “Facebook pixel” of the social network Facebook, which is operated by Meta Platforms, Inc, 1 Meta Way Menlo Park California 94025, is used to analyze and optimize our online presence. We are joint controllers with Meta for this data processing in accordance with Art. 26 GDPR.
The information required with regard to joint responsibility in accordance with Art. 13 para. 1 lit. a) and b GDPR can be found in Facebook’s privacy policy. You can access this via the following link https://www.facebook.com/about/privacy. In order to determine the fulfillment of the obligation in accordance with the GDPR with regard to joint responsibility, we have concluded the addendum for controllers with Facebook. For this purpose, it was agreed that Facebook is responsible for the fulfillment of the rights of data subjects in accordance with Art. 15-20 GDPR with regard to the personal data stored by Facebook after joint processing.
Facebook pixels enable Meta to determine the visitors to our website as a target group for the display of ads (so-called “Facebook ads”). For this reason, we use Facebook pixels to present the Facebook ads placed by us only to Facebook users who have also shown an interest in our online offer or who have certain characteristics (interest in certain topics or products determined by the websites visited), which are transmitted by us to Meta (so-called “Custom Audiences”). In addition, by using Facebook pixels, we want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying for them.
The legal basis for the processing of your data is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. You can revoke your consent at any time with effect for the future.
Further information on how Meta processes personal data, including the legal basis on which Meta relies and the options for exercising data subjects’ rights against Meta, can be found in Facebook’s Data Policy at https://www.facebook.com/about/privacy.
To set which types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads.
General information on the display of Facebook ads can be found at: https://www.facebook.com/policy.php . Specific information and details about the Facebook pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/742478679120153?id=1205376682832142.
3.4.8.2. YouTube
When you visit our website and give us your consent we use Youtube to make videos available. This service is provided by the YouTube LLC , 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have integrated the YouTube videos using the “extended data protection mode” of YouTube. This ensures that when you merely call up a page containing an embedded video YouTube cannot process personal data about your visit and YouTube cannot set cookies on your computer. When you click on a video, your IP address will be transmitted to YouTube which is informed that you watched the video. If you are logged into YouTube, this information is also assigned to your user account (you can prevent this by logging out of YouTube before you call up the video). We have no knowledge of and also no influence over any possible collection and use of your data by YouTube.
In order to ensure an adequate level of data protection when transferring data to the USA, we have concluded the EU standard contractual clauses with Google LLC, in the so-called “controller to controller” version.
You can find more information in the Data Protection Declaration of YouTube under www.google.de/intl/de/policies/privacy.
3.4.8.3. Xing
Our website also uses a function of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. If you click on the XING button (plug-in), you will be redirected to our offer on XING in a separate browser window and can follow us on XING – provided you are logged into your user account on XING. The plug-in establishes a direct connection between your browser and the XING server. XING thereby receives the information that you have visited our website with your IP address. We would like to point out that we have no knowledge of the content of the transmitted (personal) data or its use by XING. Further information on this can be found in XING’s privacy policy.
3.4.8.4. LinkedIn
We use the re-targeting tool LinkedIn Conversion Tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical, pseudonymous data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, this information is used to be able to show you interest-specific and relevant offers and recommendations after you have shown interest in certain products, information and offers on our website. This anonymous information is stored in a cookie. You can also find more information in the privacy policy of LinkedIn.
Our website also uses a function of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you click on the button (plug-in) of LinkedIn, you will be redirected to our offer at LinkedIn in a separate browser window and can – if you are logged into your user account at LinkedIn – follow us at LinkedIn. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn thereby receives the information that you have visited our website with your IP address. In addition, it is then possible for LinkedIn to assign your visit to our website – provided you are logged into your user account at LinkedIn – to you and your user account. We point out that we have no knowledge of the content of the transmitted (personal) data and its use by LinkedIn. For more information, please refer to the privacy policy of LinkedIn.
3.4.9. Taboola
We use the native advertising technology of Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin (hereinafter referred to as Taboola). Taboola’s native advertising technology presents relevant advertising content in a seamless and native design. Data is collected and stored anonymously to control which content is displayed and to analyze access. This primarily includes history data, device information and cookies. Personal data is generally not collected.
You can find more information about Taboola’s data protection on their website. If you wish to object to the use of cookies to optimize the content shown, you can set this for Taboola at their website at any time.
3.5. Job advertisements / applicant data
From time to time, we post job openings on our website, on our social media channels or through dedicated application portals for you to apply.
We process the data you have sent us in connection with your application in order to assess your suitability for the job (or other open positions in our companies, if applicable) and to carry out the application process.
The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG or Article 6 (1) b) GDPR. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
Should the data be required for legal prosecution after the conclusion of the application process, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 (1) f) GDPR. Our interest then consists in the assertion or defense of claims.
Your applicant data will be sifted by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who require it for the proper conduct of our application process.
In the event of a rejection, applicants’ data will be deleted after 6 months from receipt of the rejection.
In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years at the latest.
If you have been awarded a position during the application process, the data will be transferred from the applicant data system to our personnel information system.
4. Recipients outside the European Union
Your personal data will only be transmitted if this is permitted by law or you gave your consent beforehand. For example, we may transmit data to other companies in the Mähren Group if this is necessary to answer a question which you raised. We will only pass on your personal data in accordance with legal obligations or on the basis of an official decree or a court decision. Data will only be transmitted to recipients outside the EU if it is ensured that the recipients of the data guarantee an adequate level of data protection and there are no other legitimate interests preventing transmission of the data.
The data transfers to the USA outside the Mähren Group are based on so-called standard contractual clauses of the EU Commission.
We would like to point out that the USA is not a safe third country in terms of EU data protection law. US companies are obligated to disclose personal data to security authorities without the possibility of legal action against you as the data subject. Therefore, it cannot be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
5. Your rights
5.1. Overview
In addition to the right to revoke your consent given to us, you have the following additional rights if the respective legal requirements are met:
Right to information about your personal data stored by us pursuant to Art. 15 GDPR; in particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, if it has not been collected directly from you Right to have incorrect data corrected or correct data completed in accordance with Art. 16 GDPR Right to delete your data stored by us in accordance with Art. 17 GDPR insofar as no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed Right to restrict the processing of your data pursuant to Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure; the controller no longer requires the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR Right to data portability pursuant to Art. 20 GDPR, i.e. the right to have selected data stored by us about you transferred in a common, machine-readable format, or to request that it be transferred to another controller. Right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
5.2. Right of objection
Under the conditions of Art. 21 (1) GDPR, data processing may be objected to for reasons arising from the particular situation of the data subject.
The above general right to object applies to all processing purposes described in this Privacy Notice, which are processed on the basis of Article 6(1)(f) GDPR. Unlike the specific right of objection directed at data processing for advertising purposes (compare above 3.3.3.), we are only obliged under the GDPR to implement such a general objection if you provide us with reasons of overriding importance for doing so (e.g. a possible risk to life or health). In addition, you have the option of contacting the supervisory authority responsible for MÄHREN AG, the Berlin Commissioner for Data Protection and Freedom of Information.
6. Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal retention period (e.g. retention periods under commercial and tax law). As a rule, this period is 3 years (e.g. in the case of the regular limitation period for contractual claims) or 10 years (e.g. in the case of retention periods under tax law). After expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract and/or there is no continued legitimate interest on our part in its storage.
7. Data security
All data transmitted by you personally, including your payment data, are transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure SSL connection, among other things, by the appended s at the http (i.e. https://…) in the address bar of your browser or by the lock symbol in the lower area of your browser.
Status: July 2024