A. Data Controller
The data controller as defined in respective data protection laws, in particular in Art. 4 Sect. 7 of the EU General Data Protection Regulation (GDPR), is:
MGR Integration Solutions GmbH
40219 Düsseldorf, Germany
Phone: (+49) 211 300 34 65
Telefax: (+49) 211 300 32 00
B. Data Protection Officer
The data protection officer of the data controller is:
Mr Stefan Palm
MGR Integration Solutions GmbH
40219 Düsseldorf, Germany
Phone: (+49) 211 300 34 65
Telefax: (+49) 211 300 32 00
C. General Information About Data Processing
“Personal data“ is all information that refers to an identified or identifiable natural person. A natural person is considered identifiable if it can be identified directly or indirectly, in particular by allocating this person’s data to an identifying factor, such as a name, identification number, location data, online identification (e.g. cookie) or to one or several special characteristics that are expressions of the physical, physiological, economic, cultural or social identity of this natural person.
1. Scope of the Processing of Personal Data
Principally, we process personal data of website users only if this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of users is regularly subject to the prior consent of the user. One exception applies to cases where the prior procurement of consent is not possible for factual reasons and the processing of the data is permitted by law.
2. Legal Grounds for the Processing of Personal Data
The processing of personal data required for the fulfillment of a contract that the data subject is a party to occurs on the basis of Art. 6 Sect. 1 lit. b GDPR. This also includes processing transactions that are necessary for the performance of pre-contractual measures.
The legal basis for processing for the fulfillment of our legal obligations is Art. 6 Sect. 1 lit. c GDPR.
Art. 6 Sect. 1 lit. d GDPR serves as the legal basis in the event that interests of the data subject or another natural person that are life sustaining make the processing of personal data necessary.
If the processing of data is necessary to protect a legitimate interest of our company or any third party and these rights do not outweigh the interests, fundamental rights and freedoms of the data subject, Art. 6 Sect. 1 lit. f GDPR shall be the legal basis.
3. Archiving/Deletion of Data
The personal data of the data subject will be deleted and removed as soon as the purpose of its archiving no longer exists. Data is stored beyond that point in time only if this is mandated by European or domestic laws in European Union statutes, laws or other provisions we are subject to. The deletion of the personal data will also occur if the mandated retention period stipulated in the named standard has expired, unless a requirement to continue to archive the data exists for the execution of a contract or the fulfillment of a contract.
D. Recording of General Information During Visits to Our Website (Server Logfiles)
1. Type and Scope of Data Processing
Any time our website is accessed, our system automatically records data and information from the computer system of the accessing computer/device (so-called server log files). The following data is collected
- Information on the type of browser used and the deployed version
- The operating system the user uses
- The domain name of the user’s Internet service provider
- The user’s IP address
- The date and time our website was accessed
- Websites, from which the user’s system accesses our website (referrer URL)
- Websites users visit after visiting our website (by clicking on third party links on our website)
- Pages and files users access on our website
The collected data is also automatically archived in the logfiles of our system. It is not stored with other personal data of the users.
2. Legal Basis for the Processing of Data
The legal basis for this temporary archiving of the abovementioned data and logfiles is Art. 6 Sect. 1 lit. f GDPR.
3. Purpose of Processing Data
The temporary storage of the mentioned data, in particular the IP address, is technically necessary to ensure the correct delivery of the website to the user’s computer. To be able to do this, the IP address of users must be stored for the duration of the session.
Logfiles are archived to ensure the functionality of the website. Moreover, the data is used to optimize the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not occur in this context.
The above mentioned purposes establish our legitimate interest in processing the data pursuant to Art. 6 Sect. 1 lit. f GDPR. We do not use the data to arrive at conclusions with regard to the person of the user. The recipients of such data are only the data controller and possibly contract data processors.
We may statistically analyze anonymous information to optimize our Internet presence and the technology behind it.
4. Duration of the Archiving of Data
The collected data will be deleted as soon as it is no longer required for the purpose it has been generated for. In the event that the data should be recorded for the provision of the website, this will be the case as soon as the respective session ends.
Data that is stored in logfiles will be deleted at the latest seven days after its collection. Longer storage is possible. In this case, the IP address of the user is deleted or anonymized so that an allocation of the accessing user is no longer possible.
5. Right to Object
The recording of the data for the provision of the website and the storage of data in logfiles are absolutely necessary for the operation of the website. Hence, a right to object does not apply.
1. Data Processing Type and Scope
On our website we use so-called “cookies.” Cookies are small text files that are stored by the Internet browser or by web browsers on the users’ computer systems. If users access our website, a cookie can be stored on the operating system of the user. This cookie contains a characteristic sequence of characters that make it possible to clearly identify the browser when it accesses the website again.
When users visit our website for the first time, they are notified that cookies are in use. To do this, an informative text message appears at the beginning or end of the browser window (“cookie notification”). This notification remains visible until the user has agreed to or refused the use of analysis cookies.
In conjunction with the above, the following data are stored and transferred by the cookies:
- (List of the archived data, e.g. language setting?)
Besides technically necessary cookies, we do not use any other cookies, in particular not any cookies that would allow us to analyze the surfing patterns of the user.
2. Legal Grounds for Data Processing
The legal grounds for the processing of personal data using technically necessary cookies is Art. 6 Sect. 1 lit. f GDPR.
3. Purpose of the Processing of Data
The objective of the use of technically necessary cookies is to facilitate the use of the website for the user. Some functions of our website, such as XXX, cannot be offered without using cookies. For these functions it is essential that the browser can also be recognized once the user switches sites.
The user data collected by technically necessary cookies will not be used to generate user profiles.
4. Duration of Data Archiving and Option to Remove
F. Inquiries via Email mailto link), phone or fax
1. Data Processing Type and Scope
Our website does not offer a contact form. Visitors have the option to send messages to us via email using a “mailto link“ on the website. To be able to receive a response, you must, at a minimum, provide a valid email address. The provision of any other information by the individual contacting us is voluntary. If you contact us via phone or telefax, your inquiry, along with any related personal data (name, inquiry) will be archived and processed for the purpose of handling your request at our end. We will not share any of the data collected from you in conjunction with inquiries with anyone without your prior consent.
2. Legal Grounds for the Processing of Data
We process these data on the basis of Art. 6 Sect. 1 lit. b GDPR, provided your inquiry is related to the fulfillment of a contract or necessary for the performance of pre-contractual actions. In all other cases, the processing of data is based on your consent (Art. 6 Sect. 1 lit. a GDPR) and/or our legitimate interests (Art. 6 Sect. 1 lit. f GDPR), given that we have a legitimate interest inherent in the effective processing of inquiries sent to us.
3. Duration of Data Archiving/Option to Revoke
Data is processed exclusively for the purpose of handling and responding to inquiries we receive via the mailto link, via phone and fax. The personal data collected in conjunction with the use of the mailto link, calls and/or faxes will be archived until you ask us to delete them, revoke your consent to archiving or if the purpose of data archiving no longer exists (e.g. upon conclusion of the processing of your inquiry). This is without prejudice to any mandatory statutory provisions – in particularly retention periods mandated by law. You have the right to revoke your consent to the archiving of transferred personal data at any time. The revocation of your consent does not affect the legality of the processing that has occurred until the time of revocation.
G. Rights of Data Subjects
Whenever your personal data is processed, you are the data subject as defined in the GDPR and you thus are entitled to the rights of data subjects vis-à-vis the data controller. The following paragraphs describe the cornerstones of these data subject rights under the GDPR. However, we do not claim that this summary is complete as it merely addresses the fundamentals of data subject rights within the scope of the GDPR:
1. Right to Receive Information (Art. 15 Sect. 1, 2 GDPR)
You have the right to demand information from the data controller to determine whether personal data related to you is being processed at our end.
If such data processing does in fact occur, you may demand information on the following from the data controller:
• The purposes of processing your personal data
• The categories of personal data that are being processed
• The recipients and/or the categories of recipients to whom the personal data related to you are disclosed or will be disclosed
• The planned duration of archiving of the personal data related to you, or if, concrete information on the aforementioned cannot be provided, the criteria for the determination of the archiving period
• The fact that you have a right to have the personal data related to you corrected or deleted, a right to have the processing of this data by the data controller restricted or the right to object to such processing
• The fact that you have a right to file a complaint with a supervisory/regulatory agency
• All available information concerning the source of the data if the personal data were not collected from the data subject.
You have the right to demand information as to whether the personal data pertaining to you will be transferred to a non-EU country or an international organization. In this context you may also demand a briefing on the qualified guarantees pursuant to Art. 46 GDPR in connection with the data transfer.
2. Right to Rectification (Art. 16 GDPR)
You have the right to have your data corrected and/or completed by the data controller, if the personal data processed that is related to you is either incorrect or incomplete. The data controller must promptly correct the data.
3. Right to Restricted Processing (Art. 18 GDPR)
You may demand the restriction of the processing of personal data related to you under the following conditions:
• If you dispute the correctness of the personal data related to you for a time period that enables the data controller to verify the correctness of the personal data
• If the processing of your data is illegal and you refuse to have the personal data deleted and instead demand the restriction of the use of your personal data
• If the data controller no longer requires the personal data for the purpose of processing, while you need it for the claiming, exercising or defense of legal entitlements, or
• If you have objected to the processing of your data pursuant to Art. 21 Sect. 1 GDPR and it has not yet been determined whether the legitimate grounds of the data controller outweigh your grounds.
If the processing of the personal data related to you has been restricted, these data – with the exception of their archiving – must only be processed subject to your consent or for the claiming, exercising or defense of legal entitlements or for the protection of another natural or legal entity or based on grounds such as important public interests within the European Union of another member state of the European Union.
If the processing has been restricted in compliance with the above conditions, you will be notified by the data controller before the restriction is abolished.
4. Right to Eradication (Art. 17 GDPR)
You have the right to demand that the data controller promptly deletes the personal data related to you and the data controller will be required to promptly delete these data, provided one of the following grounds applies:
• The personal data related to you are no longer required for the purposes for which they have been collected or processed in any other way.
• You revoke you consent, which was based on processing pursuant to Art. 6 Sect. 1 lit. a or Art. 9 Sect. 2 lit. a GDPR and no other legal grounds for the processing of the data exist.
• You file a complaint against the processing of the data pursuant to Art. 21 Sect. 1 GDPR and priority grounds that entitle the data controller to process the data do not exist, or you file an objection against the processing pursuant to Art. 21 Sect. 2 GDPR.
• The personal data related to you has been processed in an illegal manner.
• The deletion of the personal data related to you is necessary for the fulfillment of a legal obligation according to European Union law or the laws of the member states of the European Union by which the data controller is governed.
• The personal data related to you has been collected in conjunction with offered services of the information society pursuant to Art. 8 Sect. 1 GDPR.
5. Right to be Notified
If you have asserted your right to rectification, eradication or restriction of processing vis-à-vis the data controller, the latter is required to notify any and all recipients to whom the personal data related to you have been disclosed, of the rectification, eradication or restriction of processing, unless this proves to be impossible or is affiliated with unreasonable complications or costs.
You are entitled to the disclosure of these recipients by the data controller.
6. Right to Data Transferability (Art. 20 GDPR)
You have the right to receive the personal data related to you that you have provided to the data controller in a structured, commonly used and machine readable format. Moreover, you have the right to transfer these data to another data controller without any obstructions by the data controller to whom you have provided the personal data if
• The processing of the data is based on consent pursuant to Art. 6 Sect. 1 lit. a GDPR or Art. 9 Sect. 2 lit. a GDPR or a contract pursuant to Art. 6 Sect. 1 lit. b GDPR and
• Processing occurs with the assistance of automated processes.
In conjunction with the exercising of this right, you are also entitled to ask the data controller to directly transfer the personal data related to you to a different data controller, if this is technically feasible. This must not infringe on the freedoms and rights of other persons.
The right to data transferability does not apply to the processing of personal data that are required to fulfill an assignment that is in the public interest or exercised by government powers that have been assigned to the data controller.
7. Right to Object (Art. 21 GDPR)
For reasons arising from your special personal situation, you have the right to at any time object to the processing of the personal data related to you based on Art. 6 Sect. 1 lit. e or f GDPR; this also applies to any profiling based on these provisions.
The data controller will no longer process the personal data related to you, unless the data controller is in a position to document compelling grounds that are worthy of protection for such data processing that outweigh your interests, rights and freedoms, or if the processing aims at the claiming, exercising or defense of legal entitlements.
8. Right to Rescind the Data Protection Law Related Declaration of Consent (Art. 7 Sect. 3 GDPR)
You have the right to revoke your data protection law related declaration of consent at any time. This revocation shall not affect the legality of the processing based on this consent that has occurred until the revocation.
9. Right to File a Complaint with a Supervisory Agency (Art. 77 GDPR)
Any other administrative or court stipulated legal remedies notwithstanding, you have the right to file a complaint with a supervisory agency if you are of the opinion that the processing of the personal data related to you violates the GDPR, in particular in the EU member state you or your workplace are located or at the venue where the respective violation has occurred. The competent supervisory agency in the Federal Republic of Germany is the respective data protection officer in the respective federal state.
The supervisory agency with which the complaint was filed will notify the complainant of the status and the results, including the option to take legal action pursuant to Art. 78 GDPR.