1. Controller
2. Contact details of data protection officer
3. Data collection on our website
4. General information on the use of cookies and other technologies
5. Applied technologies and providers
6. Contact requests and enquiries, forwarding to third parties
7. Newsletters
8. How we handle applicant data
9. Participation in webinars
10. Processing of customer and supplier data in the context of business communications
11. Video surveillance
12. Social plugins
13. Use of various social networks
14. Data subject rights
15. Further information
As the owner of the website, Melos GmbH (hereinafter: “We”) is the Controller for the processing of personal data pertaining to users of the website. Our contact information is provided below, in the “Controller” section.
We take the protection of your privacy and your personal data very seriously. We shall only collect, save and use your personal data in accordance with the contents of this Privacy Policy and applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and national regulations on data protection.
The purpose of this Privacy Policy is to inform you as to the scope and purpose of the personal data processing we conduct in conjunction with the use of our website.
The Controller for the processing of data on this website is:
Melos GmbH
Bismarckstrasse 4–10
49324 Melle, Germany
Telephone: +49 54 22 94 47-0
Email: info(at)melos-gmbh.com
The Controller is the natural or legal person that, alone or jointly with others, determines the purposes and means of the processing of personal data (names, email addresses, etc.).
We have appointed a data protection officer for our company.
pco GmbH & Co. KG
Michael Herzig
Hafenstraße 11
49090 Osnabrück
Telephone: +49 541 605 1500
Email: datenschutz(at)melos-gmbh.com
Nature and purpose of the processing: When you access our website, general information will be collected automatically. This information (which is stored in server log files) includes details such as the kind of browser and operating system you are using, your browser type and the version used, the domain name of your internet service provider, the host name of the computer you are using to access the website, your IP address, the website from which you were directed to our website, websites accessed from our website, the date and time of your visit, details of whether you were able to load the website successfully, and the amount of data transmitted.
In particular, this data shall be processed for the following purposes:
• To ensure proper connection to the website
• To ensure a smooth user experience on our website
• To analyse the security and stability of our systems
• Other administrative purposes
These purposes represent a legitimate interest on our part in processing this data. We will not use your data to determine any details relating to you as a person. Where necessary, we shall statistically analyse this type of information to optimise our website and the technology we use to provide it.
Legal basis: This processing is conducted in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
Recipients: The recipients of this data are technical service providers who, in their role as Processors, are responsible for the operation and maintenance of our website.
Retention period: The data shall be erased as soon as it is no longer required for the purpose for which it was originally collected. For data used to provide the website, this generally occurs once the session in question ends.
Legal grounds or requirements for providing your data: You are neither legally nor contractually obliged to provide us with the aforementioned personal data. However, if you do not provide us with your IP address, we cannot guarantee that you will be able to use our website and enjoy the full range of its functions. Furthermore, certain services may not be available or may be restricted. As such, it is not possible for you to object to the collection of this data.
Type and purpose of processing: Cookies may be used when visiting our websites. Cookies are text files that are created by the browser when a page is accessed in order to store data about a browser during and after a page visit. As a rule, unique character strings are stored in the cookie for this purpose, by means of which a server can recognize a browser. Cookies can also contain personal data.
We use cookies, among other things, to ensure the technical functionality of the website (technically necessary cookies) and to integrate additional online services from third-party providers on our website (technically unnecessary cookies). Cookies can be stored by the visited site (first-party) or by online services of a third-party provider (third-party), if you have enabled a third-party service.
To enable us to use cookies and third-party services in a privacy-compliant manner and to give you control over the use of cookies, we use a Consent Banner on our website. The Consent Banner is used to monitor the user's decision, to document it and to transfer it to other systems. The Consent Banner is displayed the first time you visit our website and you can make your cookie settings, i.e. declare your consent to the respective use of cookies.
Whether and which cookies are used when you visit our websites depends on which areas and functions of our websites you use and whether you consent to the use of cookies that are not technically necessary in our Consent Management System.
Legal basis:
Technically necessary cookies:
The legal basis for the use of technically necessary cookies is our predominantly legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO in conjunction with. § Section 25 (2) no. 2 TTDSG.
Technically unnecessary cookies:
The legal basis for the use of technically unnecessary cookies is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with. § Section 25 (1) TTDSG.
Recipients or categories of recipients: Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our website. For further recipients, please refer to the information below on the display, tracking, remarketing and web analysis technologies used.
Storage duration: Please refer to our Consent banner for the storage duration of the individual cookies.
Provision mandatory or required: Of course, you can also view our website without cookies. Web browsers are regularly set to accept cookies. In general, you can stop the use of cookies at any time via your browser settings. Please note that individual functions of our website may not work if you have disabled the use of cookies.
Google Analytics
Nature and purpose of the processing: This website uses Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: “Google”). Google Analytics uses “cookies”, which are text files saved on your computer to facilitate an analysis of how you use the website. The information generated by the cookie about your use of this website is generally transmitted to and stored by Google on a server in the USA. Since IP anonymisation has been activated on these websites, your IP address will, however, first be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted by Google to a server in the USA, and shortened there. Google will use this information on behalf of the operator of this website to analyse your use of the website, compile reports on website activities and to render additional services associated with website use and internet use for the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data by Google. The data is processed to analyse the use of the website and to compile reports about activities on the website. Further related services are then to be provided based on use of the website and the internet.
Legal basis: The data is processed based on consent by the user (Article 6(1)(a) GDPR).
Recipients: Google is the recipient of the data.
Retention period: The data is erased as soon as it is no longer required for the purposes of our records, generally after six months.
Legal grounds or requirements for providing your data: The decision on whether to provide us with your personal data is voluntary, based entirely on your consent. If you prevent access, this may restrict certain functions on the website. You can of course visit our website without using cookies. Internet browsers are routinely set up to accept cookies. You can generally deactivate the use of cookies at any time in the settings of your browser (see withdrawal of consent). Please note that individual functions of our website may not work if you have deactivated the use of cookies.
Withdrawal of consent: You can change your consent to the use of Google Analytics in our cookie settings here. Furthermore, you can prevent the capture of data (including your IP address) generated by the cookie and related to your use of the website by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: Browser add-on to deactivate Google Analytics.
Profiling: By using the Google Analytics tracking tool the behaviour of visitors to the website can be assessed and their interests analysed. To this end we generate a pseudonymised user profile.
Facebook Pixel
Nature and purpose of the processing: On our website we use the “Facebook pixel” of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Using the Facebook pixel, Facebook is able to define the visitors to our website as a target group for the display of advertisements (Facebook Ads). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to Facebook users that have also shown an interest in our website, or who exhibit certain characteristics (e.g. interest in certain topics or products determined based on the visited website) that we transmit to Facebook (“custom audiences”). By using the Facebook pixel we can also track the efficiency of Facebook ads for statistical and market research purposes, by seeing whether website visitors were directed to our website after clicking on a Facebook ad (“conversion”). The Facebook pixel is integrated directly by Facebook upon accessing our websites, and saves a cookie on your device. When you then log into Facebook, or visit Facebook while logged in, the visit to our website will be noted in your profile. We can draw no conclusions about the identity of website visitors based on the captured data. However, the data is saved and processed by Facebook so that it can be linked to the given user profile and used by Facebook for its own market research and advertising purposes.
Legal basis: The data is processed based on consent by the user (Article 6(1)(a) GDPR).
Data recipients or categories of data recipients: The recipient of the data is Facebook. You can find further information on data processing by Facebook at:
www.facebook.com/policy.php
www.facebook.com/help/186325668085084
Withdrawal of consent: You can object to the use of the Facebook pixel at any time by changing your cookie settings here.
LinkedIn Insight Tag
Nature and purpose of the processing: On this website we use the Insight Tag of the social network LinkedIn. This is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter: “LinkedIn”). The LinkedIn Insight Tag facilitates the collection of data on visits to our website, including the URL, referrer URL, IP address, device and browser properties, time stamp and page views. With the help of this technology, visitors to this website can be played personalised ads on LinkedIn. It is also possible to generate anonymous reports on the performance of the ads and information on website interaction. The LinkedIn Insight Tag is integrated into this website for this purpose, creating a link to the LinkedIn server if you visit this website and are also logged into your LinkedIn account.
Legal basis: We process your data because you have given your consent, Article 6(1)(a) GDPR. Retention period: We store your data for as long we need it for the given purpose (campaign assessment) or until you object to the storing of your data or withdraw your consent. The collected data is encrypted.
Withdrawal of consent: You can object to the use of the Insight Tag at any time by changing your cookie settings here. You can also prevent the execution of the JavaScript code necessary for the tool by making an appropriate setting in your browser software. By making a change to the settings of your internet browser you can deactivate or restrict the execution of JavaScript, and therefore also prevent storage. Important: If the execution of JavaScript is deactivated, it is possible that not all of the website’s functions will be fully available any more. In LinkedIn’s privacy policy at www.linkedin.com/legal/privacy-policy you can find further information on data collection and data use as well as options and rights with regard to protection of your privacy. If you are logged into LinkedIn, you can deactivate data collection at any time at the following link: https://www.linkedin.com/psettings/enhanced-advertising.
Vimeo
We use Vimeo components on our website to embed videos on our web pages. This video website is run by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. If you access a page on our website that has an embedded Vimeo video, your browser will connect to the servers of Vimeo. This will trigger a data transfer. Regardless of whether you have a Vimeo account or not, Vimeo will collect data on you. This includes your IP address, technical information about your browser type, your operating system, or very basic device information. Furthermore, Vimeo stores information about the websites you use the Vimeo service on, and what actions (web activities) you carry out on our website. More information: https://vimeo.com/privacy.
Legal basis: Your consent is required to use Vimeo, which you can give via our consent banner or two-click solution. Your consent forms the legal basis for processing in accordance with Article 6 (1) 1 a) of the GDPR. Please note that in the opinion of the European Court of Justice, the level of protection for data transfer to the USA is currently inadequate. Data is largely processed by Vimeo. This can mean that data might not be processed and stored anonymously. Moreover, US government authorities may gain access to individual data. Furthermore, this data might be linked to other services of Vimeo for which you have a user account.
Retention period: The data is stored at Vimeo until the company no longer has any economic reason to do so. Then the data shall be erased or anonymised.
Withdrawal of consent: You can change your consent to the use of Google Analytics in our cookie settings here. If you are a registered member of Vimeo, you can also manage cookies in your Vimeo settings.
Google Maps
Nature and purpose of the processing: We use Google Maps on this website. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: “Google”). This enables us to display interactive maps directly on the website, and enables you to use the maps function comfortably.
More information on the processing of data by Google can be found in the Google Privacy Policy. You can also change your personal privacy settings there in the Safety Center.
Legal basis: The legal basis for integrating Google Maps and the associated data transfer to Google is your consent (Article 6(1)(a) GDPR). This only happens when you start Google Maps with a “click”.
Recipients: By visiting the website, Google receives information that you have accessed the given page on our website. This takes place regardless of whether Google has provided a user account through which you logged in, or whether there is no user account. If you are logged into Google, your data is assigned directly to your account.
If you do not want this link to your Google profile, you have to log out from Google before activating the button. Google stores your data as a user profile, and uses it for purposes of advertising, market research and/or tailoring its website to user needs. Such an analysis takes place in particular (even for users not logged in) to provide tailored advertisements and to inform other users of the social network about your activities on our website. You can object to the creation of this user profile, but you must contact Google in order to do so.
Retention period: We do not capture any data by integrating Google Maps.
Withdrawal of consent: If you do not want Google to collect, process or use data on you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you cannot use our website, or only with restrictions. Furthermore, in our cookie settings here you can also revoke the data transfer to Google.
Legal grounds or requirements for providing your data: The decision on whether to provide us with your personal data is voluntary, based entirely on your consent. If you prevent access, this may restrict certain functions on the website.
Nature and purpose of the processing: The data you enter shall be stored for the purpose of allowing us to communicate with you individually. In order for us to be able to do this, you will need to provide us with your name, country of origin and a valid email address. This data enables us to determine where the enquiry has come from and subsequently respond to it. Depending on the nature of your enquiry, you can also provide us with additional, optional information on a voluntary basis.
Legal basis: The data entered in the contact form is processed on the basis of a legitimate interest (Article 6(1)(f) GDPR). We have provided the contact form with the aim of making it easy for you to contact us. The information you provide will be stored for the purpose of processing your enquiry and dealing with any follow-up questions. If you contact us in order to request a quotation or enter into a contract with us, the data entered in the contact form will be processed for the purpose of taking the necessary steps prior to entering into a contract (Article 6(1)(b) GDPR).
Recipients: Depending on the nature of your request, we may share your information with our distributors, trading partners or manufacturers, each of whom operates in the region where you are located or to which you are requesting a supply or service, in order to fulfil the request.
Data transfers to third countries: The recipients of the data can be IT service providers. In some cases, our IT service providers may be based in third countries outside the EU for which there is no adequacy decision from the European Commission. Where necessary, we shall enter into agreements with these service providers based on standard contractual clauses provided by the European Commission, and adopt additional guarantees to protect your data, and comply with the level ensured in the European Union by ECJ Decision C-311/18 (Schrems II Decision). If you wish to view the applicable documents, please contact our Data Protection Officer. This data will not be forwarded to third parties.
Retention period: We shall store the data you have provided until the purpose of the data retention no longer applies. If you enter into a contractual relationship with us, we will be subject to the statutory retention periods as defined in the German Commercial Code (Handelsgesetzbuch; HGB), and will erase your data once said retention periods expire.
Legal grounds or requirements for providing your data: The decision as to whether to provide us with your personal data is entirely voluntary. However, we can only process your enquiry if you provide us with your name, your email address and the reason for your enquiry.
Nature and purpose of the processing: When you subscribe to our newsletter, your email address will be used for our advertising purposes until you unsubscribe. You will receive regular information by email on current topics as well as emails about particular events, such as special offers. Based on our information about you, these emails can be personalised and tailored. You need to provide your email address to receive the newsletter. Unless you have given us your consent in writing, to subscribe to our newsletter we apply the “double opt-in” procedure, which means we will only send you a newsletter by email if you have previously confirmed to us expressly in writing that we should activate the sending of the newsletters. We will then send you a notification email, and ask you to click on a link in the email to confirm that you want to receive our newsletter. If you do not confirm your subscription within 24 hours, your information will be blocked and after one month automatically erased.
Legal basis: Based on your express consent (Article 6(1)(a) GDPR), we regularly send you our newsletter and comparable information by email to the email address you provided.
Recipients: The recipients of the data are processors, in this case Sendinblue GmbH (Newsletter2Go).
Retention period: The data is only processed in this context as long as the corresponding consent is available. Thereafter it is erased. Evaluations of newsletter statistics are erased after one month.
Legal grounds or requirements for providing your data: The decision on whether to provide us with your personal data is voluntary, based entirely on your consent. Without consent, we regrettably cannot send you our newsletters.
Objection and elimination: You can withdraw your consent to the storage of your personal data and the use thereof for sending newsletters at any time, with effect for the future. Every newsletter has a corresponding link for this. You can also contact us using the details in this privacy policy to withdraw your consent.
Nature and purposes of the processing: We will process your application data in order to assess whether you are suitable, capable and possess the technical skills required for the position for which you are applying.
Legal basis for the processing: The legal basis for the data processing as part of the selection process for establishing an employee relationship is provided by Section 26 (1) of the German Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG) in conjunction with Article 6(1)(b) GDPR.
Data recipients or categories of data recipients: The internal recipients of the personal data contained in your application documents shall be the Human Resources staff responsible for processing your application.
We also use a recruiting tool that is provided by Prescreen (Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna, Austria) and operates under the domain *.jobbase.io. Jobbase.io is the central platform we use for our applicant management processes. If you use our online form, your personal data will be collected directly in jobbase.io. Your data may also be transferred to this electronic recruiting system if you apply for a position with us by post or email. In carrying out these tasks for us, Prescreen processes personal data on our behalf and thus acts as a Processor for Melos GmbH in accordance with Article 28 of the GDPR.
We use cookies to make your online application process on our website as user-friendly as possible. These cookies are technically required, and are used for your application process on the basis of our legitimate interest (Article 6(1)(f) GDPR). They are also used to ensure that you can later continue your application from where you left off, if your application process is interrupted for any reason. The cookies ensure that any documents you upload prior to such an interruption do not need uploading again when you return, that your application is marked as incomplete, and that the data you have provided up until this point is only visible to our company with restrictions.
Generally speaking, you can view, edit, update or delete the data you have provided as part of your online application at any time in your candidate profile. If you wish to delete this data, we will notify you of the exact date on which the data will be erased, and the data will be erased automatically in accordance with the conditions defined in this Privacy Policy.
For some aspects of processing your personal data, we will use our external IT service providers to help us with data processing tasks. We take great care when selecting these service providers, and they are always commissioned in accordance with a written contract that legally requires them to comply with our instructions. In some cases, our service providers may be based in third countries outside the EU for which there is no adequacy decision from the European Commission. Where necessary, we shall enter into written agreements with these service providers based on standard contractual clauses provided by the EU Commission. If you wish to view the applicable documents, please contact our Data Protection Officer. This data will not be forwarded to third parties.
Retention period/criteria for determining the retention period: Your personal data/application documents shall be erased or destroyed after no more than six months following receipt of the decision regarding your application (acceptance or rejection), except in cases where a longer retention period is required in order to defend against potential legal claims. Your data shall only be stored beyond this period in our “applicant pool” if you have expressly consented to this retention of your data (Article 6(1)(a) GDPR). If your application is accepted and you end up being employed, your application documents shall be transferred to your personnel file.
Legal grounds or requirements for providing your data: We require you to provide your personal data in order for us to conduct the selection process in accordance with the legal requirements. If your application does not contain all the personal data required for us to reach a decision, we hereby notify you in advance that this may lead to you not being considered for the position in question.
Nature and purpose of the processing: We offer webinars on a regular basis. Webinars are designed for us to communicate with a group of people who register for these digital conferences online for the purpose of acquiring information. By registering on our website you enter into a contract with us, or in the case of free webinars then at least a quasi contract, for the performance of the webinar. For the registration we need your name, your company and your contact details (email and telephone). Furthermore, the IP address issued by the Internet Service Provider (ISP) of the data subject is stored along with the date and time of the registration. The provision of further personal data, e.g. by approving the use of a camera or microphone, is not required and is a voluntary decision by the participant. If you give your consent (opt in) when registering, we can use your personal data to contact you later on and notify you about our products and services. This form of contact is made electronically, but sometimes also by telephone. Legal basis: If the registration is necessary to execute a contract to which the data subject is party, or in order to take steps prior to entering into a contract, the legal basis for the processing of the data is Article 6(1)(b) GDPR. We process your data for the purposes of subsequently making contact with you based on your consent in accordance with Article 6(1)(a) GDPR. Recipients: To conduct the webinars we use “Microsoft Teams” from Microsoft or the streaming service “Vimeo”. In some cases, our IT service providers may be based in third countries outside the EU for which there is no adequacy decision from the European Commission. Where necessary, we shall enter into agreements with these service providers based on standard contractual clauses provided by the European Commission, and adopt additional guarantees to protect your data, and comply with the level ensured in the European Union by ECJ Decision C-311/18 (Schrems II Decision). This data will not be forwarded to third parties. Retention period: The data shall be erased as soon as it is no longer needed to achieve the purpose for which it was collected. For example, this applies if you have not consented to the processing of your data for advertising purposes or if you have cancelled your registration. Furthermore, your data may be retained in accordance with the retention periods stipulated in commercial and tax law (usually six or ten years), or to defend against potential legal claims. Legal grounds or requirements for providing your data: The client must give the provider personal data if he or she wants to enter into a contract with the provider on the use of the webinars. This contract for use cannot be concluded if the data is not provided. Objection and elimination: Registered users also have the opportunity to change or delete the data given during their registration at any time as needed, unless contractual or legal obligations prevent such deletion. You can withdraw your consent to the use of your personal data for advertising purposes at any time with effect for the future. You can also unregister at any time via this website, or send us your withdrawal intention using the contact details given at the end of this privacy policy.
Nature and purpose of the processing: We shall collect and process your data in order to communicate with you for business purposes. This may include for the purposes of entering into business with you or for fulfilling contractual and legal obligations, offering products and services, and strengthening our customer relationship with you, all of which constitutes a legitimate interest on our part in the processing of your data. If you do not provide us with your personal data, we will often be unable to fulfil the aforementioned purposes.
Legal basis: Depending on which phase we are in with regard to our contact with you, the following legal bases for the processing of your data may apply:
Recipients: Within our company, we ensure that only those individuals receive your data who need it to fulfill contractual and legal obligations. In some cases, we use other service providers to process business transactions. These can be, for example, parcel services, banks, Internet service providers, manufacturers, distributors, trading partners, IT service providers and tax consultants.
Data transfers to third countries: It may happen that our IT service providers process data in third countries outside the EU for which an adequacy decision of the EU Commission is missing. Where necessary, we conclude EU Commission standard contractual clauses with these service providers and take additional safeguards to protect your data in order to comply with the level granted in the European Union in accordance with ECJ decision C-311/18 (Schrems II decision). You can obtain access to relevant documents via our data protection officer. The data will not be passed on to third parties.
Retention period for your personal data: Generally speaking, your personal data will be erased or blocked as soon as the purpose for which it was originally stored no longer applies. Where continuing obligations exist, your personal data will need to be stored until the contract in question expires. Warranty periods may also need to be observed. Furthermore, your data shall be retained in accordance with the retention periods stipulated in commercial and tax law (usually six or ten years), except in cases where a longer retention period is required in order to defend against potential legal claims.
Legal grounds or requirements for providing your data: The terms of the contract in question may require you to provide your personal data.
Nature and purpose of the processing: Parts of our business premises are kept under video surveillance in line with the markings on the approach roads and at the respective entrances. This is for the following purposes:
Legal basis: The video surveillance takes place on the basis of Article 6(1)(f) of the GDPR, and the processing is required to safeguard the legitimate interests of the controller. Such include the identification of possible liability claims, the prevention and detection of vandalism and theft, the control of unauthorised access to the business premises and the implementation of the facility rules set by Melos GmbH.
Retention period: The recordings are erased if they are no longer required to meet the given purpose, or if the data subjects have legitimate interests against further retention. Recordings are generally erased after 5 days. If there is a concrete suspicion of a crime, the recordings shall be retained until they are no longer required to clarify the situation.
Data recipients or categories of data recipients: The video data will not be forwarded to third parties.
Nature and purpose of the processing: On our website we offer the option of using “social media buttons”. To protect your data, these buttons are only placed on the website as graphics that contain a hyperlink to the corresponding website of the button provider. By clicking on the given graphic you are this directed to the services of the provider in question. Only then is your data sent to the given provider. If you do not click on the graphics, no data is transferred between you and the provider of the social media buttons. You can find information about the collection and use of your data in the social networks in the terms of use of the various providers.
We have integrated the social media buttons of the following companies on our website:
Facebook, LinkedIn, Xing, YouTube
General note on the processing of your data: We maintain company profiles on a variety of social media sites and similar platforms, i.e. Facebook, LinkedIn and XING. These pages are used to market the company and establish contact with potential and existing customers. We regularly insert links to these pages on our website.
If you use our profiles on social media to contact us (e.g. by creating your own posts, reacting to our posts or sending us direct messages), we shall use the data you provide to us in these contexts exclusively for the purpose of contacting you in order to handle your enquiry.
However, please note that when you visit our profiles on the aforementioned networks, your personal data will also be collected, used and stored by the owners of the particular social network. This will happen even if you do not have a profile of your own in the social network in question. The individual data processing activities and their scope will vary depending on the owner of the given social media site, and are not necessarily known to us. As such, we cannot rule out the possibility of your data being processed for market research and marketing purposes by the providers of the platforms in question. For example, your user behaviour and the interests it indicates may be used to create usage profiles. Such usage profiles can in turn be used, for example, to display advertising both on and off the platforms in question that presumably correspond to users’ interests. Furthermore, usage profiles may also contain data on the devices used by users, location data, and what is known as metadata. To this end, cookies and similar files are often saved on users’ computers in order to log their user behaviour and interests. In addition to this, most such platforms also use “tracking pixels”.
For a more detailed breakdown of how social media sites process your data and the options available to you for opting out of this, follow the linked information from the respective providers below.
More details on our Facebook fan page: As the owner of a Facebook fan page, we can only see the information saved in your public Facebook profile, and only if you actually have such a profile and are logged into it while viewing our fan page. In addition to this, Facebook provides us with anonymous usage statistics that we can use to improve the user experience for visitors to our fan page. However, we do not have access to the individual user data on the visitor that is used by Facebook to produce these statistics. Likewise, we do not make any decisions with regard to the processing of Insights data or any other form of information obtained in accordance with Article 13 of the GDPR, including legal basis, Controller identity, or retention periods for cookies placed on user devices. Facebook has agreed to assume the primary responsibility for the processing of this data in accordance with the GDPR, to fulfil all the obligations pertaining to this data in accordance with the GDPR, and to make the essence of this arrangement available to the Data Subjects (see www.facebook.com/legal/terms/page_controller_addendum).
Facebook
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Privacy policy: www.facebook.com/about/privacy/
Information on Insights data:
www.facebook.com/legal/terms/information_about_page_insights_data
Instagram
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy policy: instagram.com/about/legal/privacy/
Linkedin
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy policy: www.linkedin.com/legal/privacy-policy
XING
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy: privacy.xing.com/de/datenschutzerklaerung
Google/YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Privacy policy: policies.google.com/privacy
Legal basis: Communication data: Depending on which phase we are in with regard to our contact with you, the following legal bases for the processing of your data may apply:
Other processing activities: The data processing activities we utilise on our social media pages serve our legitimate interests and those of the providers in question with regard to improving the user experience for visitors to our company profiles in order to tailor these profiles to suit our target audience. As such, the legal basis for these data processing activities is Article 6(1)(f) of the GDPR. In cases where the users are asked by the providers of the platforms in question to consent to the aforementioned data processing activities, the legal basis for the processing is Article 6(1)(a) of the GDPR.
Retention period: We erase stored data as soon as you ask us to do so or our need to retain it ceases to exist; where statutory retention periods apply (usually six or ten years), we shall restrict the processing of the stored data accordingly, except in cases where a longer retention period is required in order to defend against potential legal claims.
Recipients: We do not forward the data collected from you to third parties. However, we cannot rule out the forwarding of this data to third parties (e.g. business partners, advertising companies) by the owners of the social media websites in question, nor do we have any influence over whether or to what extent they do so.
Third country transfers: We hereby notify you that data collected on visitors to social media websites may also be processed outside of the European Union. This can result in risks for users, as it could, for example, make it more difficult for them to assert their rights.
Your rights as a data subject: As a supplement to the “Data subject rights” section of this Privacy Policy, please note that the most effective way of asserting your rights, especially requests for information, is to contact the providers directly. Only the providers have access to user data and are able to take direct action and provide information. Nevertheless, please feel free to contact us if you require assistance.
You can use the contact information provided for our data protection officer at any time to assert the following rights with regard to all the data processing activities detailed above:
Any consent you give us can be revoked at any time with effect for the future. You can lodge a complaint with a supervisory authority at any time, e.g. with the state supervisory authority for your place of residence or the supervisory authority responsible for us in our role as a Controller. You can find a list of supervisory authorities (for the German non-public sector) and their addresses here:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Opt-out for advertising emails
We hereby object to the use of the contact information published as part of our obligation under German law to provide a “Legal Notice” (legal information for our company) to deliver any advertising or information materials that we have not expressly requested. The owners of the webpages expressly reserve the right to take legal action in response to the receipt of any unsolicited advertising information, e.g. in the form of spam emails.
SSL/TLS encryption
For security reasons and in order to ensure that confidential information, such as orders or enquiries sent by you to us as the owner of this website, is protected when it is being transmitted, we use SSL and TLS encryption. When a connection is encrypted, the “http://” in the address bar in your browser will change to “https://”, and a padlock symbol will appear next to it.
When SSL or TLS encryption is active, third parties will not be able to read the data you send to us.
No automated decision-making will take place based on the personal data you provide in conjunction with your use of our website.
Parts of this Privacy Policy have been drafted with the help of activeMind AG, the experts for external Data Protection Officers (Version #2019-04-10), and other tools.