Privacy Statement

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. You will find detailed information on the subject of data protection in our privacy policy set out below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Information on the data controller" in this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you give it to us. For example, this could be data that you enter into a contact form. Other data is collected by our IT systems when you visit the website, automatically or after you give your consent. This is mainly technical data (e.g. Internet browser, operating system or time the page was accessed). This data is collected automatically as soon as you visit this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data at any time. You also have the right to demand the rectification or erasure of this data. If you have given your consent to data processing, you can revoke this consent for the future at any time. You also have the right to request restriction of the processing of your personal data under certain circumstances. You also have a right to lodge a complaint with the relevant supervisory authority. You can contact us at any time regarding this and should you have any further questions on the subject of data protection.

Analytical tools and third-party tools

When you visit this website, your browsing behaviour may be analysed statistically. This is mainly done with analysis programs. Detailed information on these analysis programs can be found in the following privacy policy.

This website is hosted by an external service provider (web host). The personal data collected on this website is stored on the web host's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The web host is used for the purpose of fulfilling contracts with our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Article 6(1)(f) GDPR).

Our web host will only process your data to the extent necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data. We use the following web host:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Phone: +49 (0) 9831 / 505-0
Fax: +49 (0) 9831 / 505-3
E-mail: info@hetzner.com

We have concluded a data processing contract with the above provider. This is a contract required by data protection law that ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data in confidence and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is any data by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how this is done and for what purpose.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) may have security gaps. It is not possible to completely protect data from access by third parties.

Note on the data controller

The controller for data processing on this website is:

MUNK GmbH
Rudolf-Diesel-Strasse 23
D-89312 Günzburg
Germany
Phone: +49 8221 3616 01
Fax: +49 8221 3616 80
E-mail: info@munk-group.com

The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Storage period

Unless a more specific storage period is specified within this privacy policy, we will retain your personal data until the purpose for its processing no longer applies. If you assert a justified request for erasure or if you revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

Data Protection Officer

We have appointed a Data Protection Officer for our company.

machCon Deutschland GmbH
Robert-Bosch-Strasse 1
78234 Engen
Germany
Data Protection Officer: Stefan Keller
E-mail: stefan.keller@machcon.com
Phone: +49 7733 360 35 40

Information on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are enabled, your personal data may be transferred to these third countries and processed there. It is not possible to guarantee a level of data protection comparable to that in the EU in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as data subject being able to take legal action against this. It therefore cannot be ruled out that US authorities (e.g. intelligence services) process, analyse and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw already given consent at any time. The legality of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.

Right to object to data collection in special cases and to direct marketing
(Article 21 GDPR)

If data processing is carried out on the basis of Article 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to any profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the processing serves the purpose of establishing, exercising or defending legal claims (objection under Article 21(1) GDPR). If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection under Article 21(2) GDPR).

Right lo lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have the data which we process automatically on the basis of your consent or in fulfilment of a contract provided to you or to a third party in a conventional, machine-readable format. If you request direct transfer of the data to another controller, this will only take place as far as it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as site operator.

You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, erasure and rectification

Under the applicable legislation, you have the right to free disclosure about your stored personal data, its origin and recipients and the purpose of data processing as well as a right to rectification or erasure of this data at any time. You can contact us at any time should you have any further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data held by us, we usually need time to check this. You have the right to request the restriction of the processing of your personal data for the time this check takes.

If your personal data was/is being processed unlawfully, you can request the restriction of data processing instead of erasure.

If we no longer need your personal data, but you need it to exercise, defend or establish legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.

If you have lodged an objection pursuant to Article 21(1) GDPR, it is necessary to balance your interests and our own. You have the right to request the restriction of the processing of your personal data until such time as it is determined whose interests prevail.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Objection to marketing e-mails

The use of contact details published under the requirement to display the publisher's details, for the purpose of sending unsolicited advertising and information material is hereby prohibited. The website operators expressly reserve the right to legal action in case of unsolicited promotional information such as by spam e-mails.

Cookies

Our Internet pages use 'cookies'. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your device when you access our site (third-party cookies). These allow us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are necessary for technical reasons, as certain website functions would not work without them (e.g. the shopping basket function or displaying videos). Other cookies are used to analyse user behaviour or to display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions requested by you (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. If consent to store cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Article 6(1)(a) GDPR); consent can be revoked at any time.

You can configure your browser so that you are informed about the use of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when you close your browser. Disabling cookies may restrict the functionality of this website.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately under this privacy policy and, if necessary, request your consent.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form including the contact details you provide will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We shall not pass on this data without your consent. The processing of this data is based on Article 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if this has been requested. We will retain the data you enter in the contact form until you ask us to delete it, withdraw your consent for storage, or the purpose for which the data was stored no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we will store and process your enquiry including all personal data resulting therefrom (name, enquiry) for the purpose of dealing with your enquiry. We shall not pass on this data without your consent. The processing of this data is based on Article 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if this has been requested. We will retain the data you sent to us in contact enquiries until you ask us to delete it, withdraw your consent for storage, or the purpose for which the data was stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular legal retention periods – remain unaffected.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool by means of which we can integrate tracking or statistical tools and other technologies into our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It is only used to manage and load the tools integrated via it. However, the Google Tag Manager does record your IP address, which may also be transmitted to Google's parent company in the United States.

The use of the Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and simple integration and management of various tools on its website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; consent can be revoked at any time.

Google Analytics

Insofar as you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by the cookies about your use of this website is usually sent to a Google server in the USA and stored there.

We use Google Signals. This allows Google Analytics to collect additional information about users who have enabled personalised ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

We use the 'anonymizeIP' function (known as IP masking): Due to IP anonymisation in use on this website, your IP address will be truncated by Google within Member States of the European Union or other states that are part of the European Economic Area. The full IP address is only sent to a Google server in the US and truncated there in exceptional cases. The IP address sent by your browser as part of Google Analytics is not merged with other Google data.

During your visit to the website, some of the data collected includes:

• the pages you visit, your "click path"
• achievement of "website goals" (conversions, e.g. newsletter sign-ups, downloads, purchases)
• your user behaviour (e.g. clicks, dwell time, bounce rates)
• your approximate location (region)
• your IP address (truncated)
• technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• your internet service provider
• the referrer URL (via which website/advertising medium you came to this website)

On behalf of the operator of this website, Google will use this information to evaluate your (anonymised) use of the website and to compile reports on website activities. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as processor. We have concluded a processing agreement with Google for this purpose. Google LLC, based in California, USA, and, where applicable, US authorities may access the data stored by Google. A transfer of data to the USA cannot be ruled out.

The data sent by us and linked to cookies is automatically deleted after 14 months. Data that has reached its retention period is deleted automatically once a month.

You can also prevent the collection by Google of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by
a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics from [HERE].

You can also prevent cookies from being stored by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, you may experience reduced functionality on this and other websites.

The legal basis and option to withdraw for this data processing is your consent, Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by opening the cookie settings (accessible via the fingerprint icon in the bottom left corner of the screen) and changing your selection there.

For further information about the terms of use of Google Analytics and data protection at Google, please see https://marketingplatform.google.com/about/analytics/terms/gb/ and https://policies.google.com/?hl=de.

Leadinfo

We utilise the lead generation service of Leadinfo B.V., Rotterdam, Netherlands. This service recognises visits from companies to our website by using IP addresses and displays publicly available information, such as company names and addresses. Additionally, Leadinfo places two first-party cookies to evaluate user behaviour on our website and processes domains from form inputs (e.g., “leadinfo.com”) to correlate IP addresses with companies and enhance the services. Further information can be found at www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out, you have an opt-out option. In the event of an opt-out, your data will no longer be captured by Leadinfo.

Clarity

This website uses Clarity. The provider is the Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (hereinafter referred to as “Clarity”).

Clarity is a tool to analyze user patterns on this website. Clarity records in particular cursor movements and compiles graphics that show on which parts of the website users are scrolling with great frequency (heatmaps). Clarity can also record sessions so that we can watch the use of the site in the form of videos. Moreover, we receive information on the general user conduct within our website.

Clarity uses technologies that make it possible to recognize users for the purpose of analyzing user patterns (e.g., cookies or use of device fingerprinting). Your personal data will be archived on Microsoft servers (Microsoft Azure Cloud Service) in the United States.

If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6(1)(a) GDPR and § 25 TDDDG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of Art. 6(1)(f) GDPR; the website operator has a legitimate interest in the effective analysis of user patterns.

For more details on Clarity’s data privacy policy, please see: https://docs.microsoft.com/en-us/clarity/faq.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/6474.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

YouTube

This website integrates videos from the website YouTube. The operator of the YouTube website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our pages on which YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

Furthermore, YouTube may store various cookies on your device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

If you are logged into your YouTube account, you allow YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; consent can be revoked at any time.

Further information on the handling of user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=en.

Google Maps

This site uses the Google Maps service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform font display. When you access Google Maps, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.

Google Maps is used in the interest of an appealing presentation of our website

and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; consent can be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission.

For details please see: https://business.safety.google/gdprcontrollerterms/ and https://business.safety.google/gdprcontrollerterms/sccs/.

Further information on the handling of user data can be found in Google's privacy policy at: https://policies.google.com/privacy?hl=en.

Use of WhatsApp

If you have consented, we process your provided or available personal data (e.g., name, phone number, email address, messenger ID, profile picture, messages) for communication regarding the preparation and execution of potential orders as well as for sending promotional information (e.g., offers, newsletters) using the instant messaging service "WhatsApp" by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

An existing messaging account is required to use this service.

We point out that WhatsApp Ireland Limited may also transfer personal data (particularly communication metadata) to WhatsApp Inc., which is also processed on servers in countries outside the EU (e.g., USA), where there is no adequate level of data protection. WhatsApp may transfer this data to other companies within and outside the Facebook group of companies. Further information can be found in the WhatsApp Business Privacy Policy (https://www.whatsapp.com/legal/business-policy/) and WhatsApp Privacy Policy (https://www.whatsapp.com/legal/#privacy-policy). We have neither precise knowledge nor influence over the data processing by WhatsApp Ireland Limited or WhatsApp Inc., which is responsible under data protection law.

In addition to the recipients specifically named above, we use other service providers (processors) to fulfill our obligations.

We point out that you can revoke your consent at any time without providing reasons for the future by informing us of your revocation via WhatsApp with a message stating "REVOKE" or by email to the email address mentioned in this privacy policy or our imprint regarding the corresponding processing of your personal data.

The above-mentioned data will be deleted by us in accordance with legal requirements as soon as the consent allowed for processing is revoked or if the purpose of processing this data no longer applies or they are no longer necessary for the purpose.

If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted to these purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person.

Webchat

We use a web chat on our website. The web chat serves as another communication option on our website and enables online conversations with {CompanyName}. The conversation is conducted using a chatbot (virtual assistant, software) that answers user questions, assists with your request, or provides you with information.

What personal data is processed?

When using the web chat, the following personal data is processed and stored:

• Date and time of the call,
• IP address,
• URL of the previously visited website,
• First name, last name
• Email address
• Chat ID and user token (stored in the browser's local storage)

Depending on the conversation with our chatbot, we process further data from you if you provide it during the conversation depending on your request or the problem you describe.
Using the web chat is voluntary, and your data will only be processed in this case.

For what purposes and on what legal basis are the data processed?

We use the above-mentioned data to offer the web chat, to address users personally, to respond to user inquiries, and to provide users with information and/or content.

Legal basis: Our legitimate interest in providing a web chat (Art. 6 para. 1 sentence 1 lit. f GDPR).

How long is personal data stored?

12 months

To whom is the data disclosed?

Data is only disclosed to third parties within the scope of fulfilling business operations to process and respond to your request. For this purpose, your data is transferred to Inbox Solutions GmbH (Pretzfelder Straße 7 – 11, 90425 Nuremberg, Germany) as the technical operator of the web chat and Sellwerk GmbH & Co. KG (Pretzfelder Straße 7 – 11, 90425 Nuremberg, Germany) as an intermediary to the company and the company you contacted via the web chat.

We use Google Cloud to store your data and chat logs. The data is transferred and stored on servers located in Frankfurt. Google does not use this data for its own purposes.

We use Google Cloud services based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR to provide our services using the technical infrastructure. We have concluded a data processing agreement with Google (https://cloud.google.com/terms/data-processing-terms). If personal data is transferred to the USA, we have concluded EU standard contractual clauses with Google (https://cloud.google.com/terms/data-processing-terms). The EU standard contractual clauses are a generally recognized mechanism for lawful cross-border transfer of personal data to countries outside the European Economic Area (EEA).

Further information on the use of the web chat

By visiting the website, the chat widget is loaded in the form of a JavaScript file. No data is transferred before you open the chat.

You have two options to open the web chat:

1. Manual click on the button in the directory entry
2. Manual click on the chat icon at the bottom right of the website

At the moment you open the web chat, your chat is created as an object in the background, and chat ID and a token are stored in the browser's local storage. The ID and token are unique identifiers to recognize your chat (chat ID) and you as a user (token) upon a return visit and display the previously conducted communication history. When you return to our website, the chat history is restored with the data stored in the local storage. You need to manually open the chat.

In addition, the web chat history is saved. Every message you send is stored. This serves the purpose of displaying your chat history even when continuing the initiated communication, for example, if a company responds to you with a delay.

If you are contacted by the company and are no longer online, you will receive a link via email that will take you back to the chat so you can continue communicating with the company. When you open the link in your email, the chat opens automatically. You can interrupt the chat at any time, but your data will not be automatically deleted in this case. If you no longer wish to receive messages from the company (opt-out), simply send "Stop" as a message in the web chat. After that, you will no longer receive messages from the company in the chat and will not be informed via email. Your chat history and data will be automatically deleted 6 months after the stop message.

For immediate deletion of your data, send an email to support@chatwerk.de. Your data and stored chat logs will then be deleted immediately.

Facebook Messenger

Responsible provider of the Facebook Messenger service: Facebook Messenger, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; the privacy policy can be found at facebook.com/about/privacy

WhatsApp

Responsible provider of the WhatsApp Messenger service: WhatsApp Messenger, WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA; the privacy policy can be found at whatsapp.com/legal/business-policy/

Apple

Responsible provider of the Apple Messenger service: Apple Business Chat, Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; the privacy policy can be found at https://www.apple.com/legal/privacy/de-ww/

Instagram Direct Messages

Responsible provider of the Instagram Direct Messages service: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; the privacy policy can be found at https://help.instagram.com/519522125107875

Google Messages

Responsible provider of the Google Messages service: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; the privacy policy can be found at https://policies.google.com/privacy?hl=de

ChatWerk

Responsible provider of the ChatWerk platform/service: Inbox Solutions GmbH, Pretzfelder Straße 7 – 11, 90425 Nuremberg, Germany. The privacy policy can be found at https://chatwerk.de/datenschutzerklaerung/

The protection of your personal data is extremely important to us. Below is information on how we handle the data captured through your use of our social media presences on social networks and platforms. Your data is processed in accordance with the legal regulations.

1.1. Responsible body

In the event that the data you provide us with is also or exclusively processed by Facebook, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is, in addition to ourselves or in our place, responsible for data processing within the meaning of the GDPR. To this end, we have concluded an agreement with Facebook in accordance with Art. 26 GDPR on joint responsibility for data processing (Controller Addendum). This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. You can view this agreement via the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
If you as a visitor to the site wish to exercise your rights (information, correction, deletion, restriction, data transferability, complaint to the supervisory authority, opposition or revocation), you can contact both Facebook and us.
You can adjust your advertising settings by yourself in your user account. To do this, click on the following link and log in:
https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com 
Further details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

1.2. Data protection officer at Facebook

To contact the data protection officer at Facebook, you can use the online contact form provided by Facebook at the following link https://www.facebook.com/help/contact/540977946302970.

1.3. Data processing for statistical purposes with page insights

Facebook provides page insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This is summarised data that provides information on how people are interacting with our page. Page insights can be based on personal data which is collected in relation to a visit or interaction with persons on or with our page and in relation to the content provided. Please be aware of what personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes even if you are not logged in to Facebook or do not own a Facebook account. User profiles, for example, can be generated from the usage behaviour and resulting interests of the user. The user profiles can then in turn be used to display advertisements within and outside the platforms that are assumed to match the users' interests. This data is captured via cookies which are stored on your device. The user profiles can also be used to store data that is independent of the devices used by the user; especially if the user is a member of the platforms concerned and is logged into them. The legal basis for processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the optimised presentation of our offer, providing effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the collection of data and its further processing by Facebook. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, which evaluations and links to the data are carried out by Facebook and to whom the data is passed on by Facebook. If you wish to avoid your data being processed by Facebook, please contact us via a different route.

2.1. Responsible body

If your personal data is processed by a provider listed below, this provider is responsible for data processing in accordance with the GDPR. For the assertion of your data subject rights, we point out that they can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you require any assistance, however, please feel free to contact us.

We have online presences on the social media platforms of the following providers:

1. Instagram Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland 
2. YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
3. LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
4. XING SE, Dammtorstrasse 29-32, 20354 Hamburg, Germany

2.2. Data protection officer

Information on how to contact the data protection officer of the other social media providers can be found here:

1. Instagram Inc.: https://www.facebook.com/help/contact/540977946302970 
2. LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO 
3. XING SE: Datenschutzbeauftragter@xing.com

To contact the data protection officer for YouTube, please contact Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

3.1. Controller

The controller for data processing within the meaning of the GDPR is the following entity, insofar as we process this data transmitted to us by you via one of the social media platforms:

MUNK GMBH
Rudolf-Diesel-Strasse 23
D-89312 Günzburg, Germany

Phone: +49 (0) 8221 / 3616-01
Fax: +49 (0) 8221 / 3616-80
E-mail: info@munk-group.com

3.2. Data Protection Officer

Data Protection Officer: Stefan Keller
E-mail: stefan.keller@machcon.com

3.3. General data processing on social media platforms

3.3.1. Data processing for market research and advertising

Generally speaking, personal data is used on the company website for market research and advertising purposes. To do this, a cookie is placed in your browser which allows the provider to recognise you if you visit a website. The collected data can be used to create usage profiles. They are used to display advertisements within and outside the platform that are presumed to match your interests. The usage profiles can also be used to store data independently of the devices you use. This is generally the case if you are a member of the platforms in question and are logged into them.

3.3.2. Data processing upon contact initiation

We collect personal data ourselves if you get in touch with us using the contact form or a messenger service, such as Facebook Messenger. Which data is collected depends on the information you provide and the contact details you specify or allow us to use. This information is used for the purposes of processing your enquiry and stored by us in case there are any follow-up enquiries. We do not, under any circumstances, share your data with third parties without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6(1)(f) GDPR and, if applicable, Art. 6(1)(b) GDPR, if your request relates to the conclusion of a contract. Your data will be deleted after the full processing of your request, provided that this does not conflict with any legal storage obligations. We assume full processing if it can be concluded from the circumstances that the matter in question has been conclusively clarified.

3.3.3. Data processing for contract handling

If your contacting us via a social network or other platform is intended to achieve the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the fulfilment of the contract or for the implementation of pre-contractual measures or for the provision of the requested services. The legal basis for the processing your data in this case is Art. 6(1)(b) of the GDPR. Your data will be deleted if it is no longer necessary for the execution of the contract or if it is clear that the pre-contractual measures will not lead to a conclusion of contract corresponding to the purpose of the contact. Please note, however, that even after conclusion of the contract, it may be necessary to store the personal data of our contractual partners to comply with contractual or legal obligations.

3.3.4. Data processing based on consent

If you are asked by the respective platform providers for consent to processing for a specific purpose, the legal basis of the processing is Art. 6(1)(a), Art. 7 GDPR. A given consent can be revoked at any time, with effect for the future.

3.3.5. Data sharing and recipients

Please note that due to the use of social media platforms, data processing may take place outside the EU and the European Economic Area, which means that the standard of European data protection cannot necessarily be guaranteed. The specified social media providers based in the USA are certified for the "Privacy Shield" US-European data protection agreement, which guarantees compliance with the standard of data protection applicable in the EU.

We have no influence on the processing and handling of your personal data by the respective providers. We also have no information regarding this. For further information, please see the privacy policy of the provider in question:

1. Instagram privacy policy/opt-out http://instagram.com/about/legal/privacy/ 
2. YouTube/Google privacy policy: https://policies.google.com/privacy?hl=de&gl=de, opt-out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active 
3. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active 
4. XING privacy policy/opt-out: https://privacy.xing.com/de/datenschutzerklaerung

3.4 Your rights

Below you will find information on the rights of data subjects that the applicable data protection law grants you vis-à-vis the controller. You have the right to request information regarding the personal data we process about you; Art. 15 GDPR. In particular, you may request information as to the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof.

To request without delay the correction of incorrect or incomplete personal data stored by us; Article 16 GDPR.

To demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims; Article 17 GDPR.

To demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to have it deleted and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing pursuant to Article 21 GDPR; Article 18 GDPR.

 To receive your personal data, which you have provided us with, in a structured, common and machine-readable format or to request its transmission to another responsible party; Art. 20 GDPR.

To complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office mentioned above or that of your usual place of residence or work.

To revoke any consent to the processing of data once granted at any time with effect for the future; Art. 7(3) GDPR. In the case of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

3.4.1. Right to objection
If your personal data is processed by us on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data if this is done for reasons arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need for specific reasons.

If you wish to exercise your right of revocation or objection, simply send an e-mail to datenschutz@munk-group.com

3.5 Duration of storage

The personal data collected by us will be deleted from our system if it is no longer required for the purposes specified at the time of collection or if you have exercised your right of revocation or objection. Statutory retention periods remain unaffected. We have no influence on the duration of storage of your data, which is stored by social media providers for their own purposes. For details of this, please contact them directly.

In the following we inform you about our processing of your personal data and about your rights, which you can assert against us according to the GDPR.

MUNK GMBH
Rudolf-Diesel-Strasse 23
89312 Günzburg, Germany

Phone: +49 (0) 8221 / 3616-01
Fax: +49 (0) 8221 / 3616-80
E-mail: info@munk-group.com

Data Protection Officer: Stefan Keller
E-mail: stefan.keller@machcon.com

The data we receive from you will only be processed for the purposes for which you have transmitted it to us. Processing for any other purposes will only be considered if the legal requirements as specified in Article 6(4) GDPR are met. We will of course comply with the resulting information obligations under Art. 13(3) and Art. 14(4) GDPR.

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Art. 88 GDPR and Section 26 of the new BDSG, as well as Art. 6(1)(b) GDPR where appropriate on the initiation or execution of contractual relationships.

If you give us your express consent to process your personal data for specific purposes, the lawfulness of the processing is based on Art. 6(1)(a) GDPR. A given consent can be revoked at any time, with effect for the future. Should the consent also relate to the processing of special categories of personal data in accordance with Art. 9 GDPR, we will expressly inform you of this in advance. If the processing of your personal data is necessary for the defence of legal claims against us arising from the employment relationship, this processing is based on the legal principles of Art. 6(1)(f) GDPR.

If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfil legal obligations in accordance with Art. 6(1)()c GDPR. In addition, processing may be carried out to protect our legitimate interests or the legitimate interests of third parties in accordance with Art. 6(1)(f) GDPR. We shall inform you separately of this stating the legitimate interest, if this is required by law. If the processing of your personal data is carried out on the basis of Art. 6(1)(f) GDPR in order to safeguard legitimate interests, you have the right, pursuant to Art. 21 GDPR, to object to the processing of such data at any time for reasons arising from your particular situation. In this case we will no longer process this data, unless we can prove compelling reasons for processing worthy of protection. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims.

In the event that an employment relationship is established between you and us, in accordance with Art. 88 GDPR in conjunction with Section 26 of the new BDSG, we may process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the representation of the interests of the employees resulting from a law or a collective agreement, a works or service agreement.

We process your data as long as this is necessary for the decision on your application. The personal data or application documents provided by you will be deleted at most six months after the end of the application procedure, unless longer storage is legally required or permitted.

Storage of your data beyond the mentioned purposes is only carried out in those cases in which we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The time limits for storage or documentation prescribed therein are two to ten years.

Ultimately, the period of storage is also based on the statutory periods of limitation, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), generally amount to three years, but can be up to thirty years in certain cases.

In principle, we carry out an examination of data towards the end of a calendar year with regard to the need for further processing. Given the volume of data, this check is carried out with regard to specific types of data or purposes of processing.

If you have agreed to a longer storage of your personal data, we will store it according to your consent.

If you are employed after the application procedure, your data will continue to be stored as far as this is necessary and permissible, and then transferred to the personnel file.

Under certain circumstances, you may receive an invitation to join our talent pool after the application process. This will also enable us to consider you for suitable positions in the future. If we have your consent, we will store your data in our talent pool in accordance with this consent.

We pass on your personal data within our company exclusively to those areas and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interests.

Furthermore, your personal data will be processed on our behalf on the basis of contracted data processing agreements in accordance with Art. 28 GDPR. In this case, we guarantee that the processing of personal data shall occur in accordance with the provisions of the GDPR.

In this case, the categories of recipients are: Bite GmbH, Magirus-Deutz-Str.16, 89077 Ulm, Germany

Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information.

We only process personal data which you have submitted to us in connection with your application. This can be general data about your person, such as name, address, contact data or similar, but also information about your professional qualifications, school education, professional further education, as well as other data which you have transmitted to us.

Every data subject has the following rights:

• Right of access pursuant to Article 15 GDPR
• Right to rectification pursuant to Article 16 GDPR
• Right to erasure pursuant to Article 17 GDPR
• Right to restriction of processing pursuant to Article 18 GDPR
• Right to notification pursuant to Article 19 GDPR
• Right to data portability pursuant to Article 20 GDPR

To exercise these rights, please contact: datenschutz@munk-group.com or write to MUNK GmbH, Rudolf-Diesel-Str. 23, 89312 Günzburg, Germany.

According to Article 77 GDPR, you also have the right to lodge a complaint with the data protection supervisory authority. This right is without prejudice to any other administrative or judicial recourse.

In particular, you have a right of objection under Art. 21 (1) and (2) GDPR against the processing of your data in connection with a direct advertising campaign, if this is based on a balancing of interests.

Only personal data will be processed which you have transmitted to us verbally, in writing, by e-mail or fax for the purpose of contacting us or applying for a job, or which you have entered in our BITE applicant management system from BITE GmbH, Magirus Deutz-Str. 16, 89077 Ulm, Germany.

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary or legally required for the execution of the contractual relationship or if you have given us your consent. We do not currently transfer your personal data to any service provider outside the European Economic Area.

The provision of personal data to establish, perform or fulfil a contract or to carry out pre-contractual measures is generally neither statutorily nor contractually stipulated. You are therefore not obliged to provide information regarding personal data. Please be aware, however, that this information is generally required for reaching a decision concerning conclusion of a contract, for fulfilment of a contract or for pre-contractual measures. If you do not provide us with any personal data, we may not be able to make a decision for the purposes of pre-contractual measures.

The decision on your application is not based solely on automated processing. There is therefore no automated individual decision-making within the meaning of Article 22 GDPR.