1. Name and Address of the Data controller
Tel.: 07231 – 941 – 0
is the data controller as defined by the EU General Data Protection Regulation and other national data protection laws. The protection of our website’s users’ privacy is important to M+M and it would therefore like to inform the user how their data is handled in detail below.
- Data Processing – General Information
- Scope of the Processing of Personal Data
The personal data of our website users is only collected and used for the necessary provision of a functioning website as well as our content and services. The collection and usage of our users‘ personal data only takes place after the user’s consent. An exception applies in situations where the processing of this data is legally permitted or prior consent cannot be obtained for practical reasons.
- Legal basis for the Processing of Personal Data
The legal basis for the processing of personal data is derived in principle from:
- Art. 6 para. 1 a. GDPR when the data subject has given consent to the processing of his or her personal data
- Art. 6 para 1 b. GDPRfor the fulfilment of contractual obligations with a data subject, or for tasks which are necessary for the completion of pre-contractual measures.
- Art. 6 para 1 c. GDPRthe compliance with a data controller’s legal obligations
- Art. 6 para 1 d. GDPR, if the vital interests of a data subject or another individual require the processing of personal data.
- Art. 6 para 1 f. GDPR, if the processing is necessary to safeguard the legitimate interests of our company or of a third party and the interests, basic rights and freedoms of the data subject do not outweigh interests of the former.
- Data Erasure and Storage Period
The personal data of the data subject will be either deleted or blocked as soon as the specific purpose for storage expires. Continued storage can occur if provided for within European or national legislation in accordance with EU regulations, laws, or other provisions which the responsible is subject to. The blocking or erasure of data occurs when the defined standard storage period expires unless there is a need for the further storage of the data for the conclusion or fulfilment of a contract.
- The Usage of our Website – General Information
- Description and Scope of Data Processing
Whenever our website is accessed, our system automatically collects data and information from the user’s computer system. The following information is collected:
- The IP address of the user
- Data and time of access
The described data is stored in the log files of our system. This data is not stored together with other personal data of the user.
The following data will be used in the CRM system (SugarCRM) for contact purposes. This personal data is stored by Meyle + Müller GmbH+Co KG and is used exclusively for acquisition or the approved purpose of services commissioned by the customer:
- Company address
- Name of contact person
- Purpose and Legal Basis for Data Processing
Our system’s temporary storage of an IP address is necessary for the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the visit.
Storage in log files takes place to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.
The collection of your personal data for our online presence and the storage of data in log files is absolutely necessary for the operation of the website. As a result, the user can have no grounds for objection.
The legal basis for the temporary storage of data and log files is Art. 6 para 1 f. GDPR.
- Storage Duration
Your data will be deleted as soon as the purpose of its collection has been achieved. If your data is collected to facilitate the delivery of the website, the data will be deleted when the respective session is finished.
If your data is stored in log files, it will be deleted after seven days at the latest. Continued storage is possible, in which case the user’s IP address is deleted or encrypted. It is therefore no longer possible to connect this data to the visiting client.
III. Your Rights / Rights of the Person Concerned
According to the EU GDPR you have the following rights as a data subject:
- The Right of Access to Information
You have the right to obtain information from us as the data controller as to whether we are processing personal data pertaining to you.
In addition, you could request information about the following:
(1) The purpose of the data processing;
(2) The types of personal data processed;
(3) The recipient or type of recipient to whom your personal data has been or will be disclosed;
(4) The expected duration of the storage of your personal data or, if specific details are not possible, criteria for determining the storage duration;
(5) The existence of a right to the correction or erasure of your personal data, a right to have the processing limited by the data controller or a right to object to such processing;
(6) The existence of the right of appeal to a regulatory body;
(7) Any available information as to the source of the data if the data isn’t collected directly from the data subject;
(8) The existence of automated decision-making, including profiling in accordance with Art. 22 para 1 and 4 GDPR and, at least these cases, meaningful information on the rationale involved, and the scope and intended consequences of such processing on the data subject.
Finally, you also have the right to request information as to whether your personal data will be transferred to a third country or to an international organization. In this case, you may request information on the appropriate safeguards in connection with the transfer in accordance with Art. 46 GDPR.
You are entitled to exercise your right to information at: firstname.lastname@example.org
2. Right to Correction
Should the data we collect relevant to you be incorrect or incomplete you have the right to ask us to correct and / or complete it. This correction will be carried out immediately.
3. Right of Restriction
The right to limit the processing of your personal data may be exercised in the following cases:
(1) The accuracy of the personal data is being contested for a period of time which enables the data controller to verify the accuracy of the personal data;
(2) The processing is unlawful and the erasure of the personal data is denied, requiring the restriction of the use of the personal data instead;
(3) The data controller no longer needs the personal data for the specific purposes of the processing, but the data subject needs them in order to exercise or defend their rights; or
(4) The data subject has lodged an objection to the processing in accordance with Art. 21 para 1 GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh those of the data subject.
If the processing of your personal data has been restricted such data may be processed – apart from its storage – only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal entity or on the basis of an important public interest for the EU or a member state.
Should there be a restriction in place on processing which meets the aforementioned criteria, you will be informed by us before the restriction is lifted.
4. Right to Erasure
Should the reasons set out below be applicable to you, you may request that your personal data be immediately deleted. The data controller is obliged to delete this data immediately. The reasons are:
(1) Your personal data is no longer necessary for the purpose of its collection or otherwise processed.
(2) The processing is subject to consent in accordance with Art. 6 para 1 a. or Art. 9 para 2 a. and you revoke the consent. A further condition is that there is no other legal basis for the processing.
(3) You submit an objection to the processing (Art. 21 para 1 GDPR) and there are no overriding legitimate reasons for the processing. A further possibility is that you submit an objection to the processing in accordance with Art. 21 para 2 GDPR.
(4) The processing of your personal data is unlawful.
(5) The erasure of personal data relating to you is necessary to comply with legal requirement under EU law or the law of the member state(s) to which the data controller is subject.
(6) Your personal data has been collected in relation to offered information society services in accordance with Art. 8 para 1 GDPR.
If we have made your personal data public and we are obliged to delete it in accordance with Art. 17 (1) GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and its implementation cost to inform data controllers processing your personal data that you, the data subject, have requested the erasure of all links to this personal data or of copies or replication of this personal data.
We would like to inform you that the right to erasure does not exist where the processing is necessary
(1) to exercise the right to free speech and information;
(2) to comply with a legal obligation requiring the processing of data under EU law or national law to which the data controller is subject or to perform a task being carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points h. and i. of Art. 9 para 2 as well as Art. 9 para 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para 1 GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to Information
Should you have asserted your right to correction, erasure or restriction of processing, we are obliged to notify all recipients to whom your personal data has been disclosed of this correction, erasure or restriction of data processing, unless this proves impossible or involves a disproportionate amount of effort. You also have the right to be informed about the recipients.
6. Right to Data Portability
According to the GDPR you have the right to receive your personal data which you have provided to a data controller in a structure, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided where:
- the processing is based on consent in accordance with Art. 6 para 1 a. GDPRor Art. 9 para 2 a. GDPR or in a contract in accordance with Art. 6 para 1 b. GDPR and
- the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have your personal data transmitted directly from one data controller to another, where technically feasible, and as long as the freedoms and rights of another person are not adversely affected.
The right to data transferability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Revoke the Consent Agreement in Accordance with GDPR
You have the right to revoke your consent at any time. We would like to point out that the revocation does not affect the legality of the processing that has taken place on the basis of your original consent until revocation.
8. Right to Object
Furthermore, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 para. 1 e. or f. GDPR, including profiling based on those provisions. The data controller shall no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Should your personal data be processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Should you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Regarding the use of information society services and notwithstanding Directive 2002/58/EC, you have the right to object by automated means using technical specifications.
9. Automated Individual Decision Making, including Profiling
In accordance with the GDPR you have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect or similar on you. However, there is an exception to this principle should the decision be:
(1) necessary for the completion or performance of a contract between you and the data controller;
(2) is authorised by Union or Member State law to which the data controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
In the cases referred to in points (1) and (3), the data controller shall implement suitable means to safeguard your rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
The decisions based on (1) – (3) shall not be based on special categories of personal data referred to in Art. 9 para 1 GDPR unless Art. 9 para 2 a. or g. apply and suitable measures to safeguard your rights, freedoms and legitimate interests are in place.
10. Right of Appeal to a Regulatory Body
If you believe that the processing of your personal data is in breach of the GDPR, you have the right to complain to a regulatory body, specifically in the Member State in which you are a resident, your place of work, or the place where the alleged breach took place.
- Use of Social Media Plug-ins
We currently use the following social media plug-ins: Facebook, Twitter, Xing
- On its website M+M uses plug-ins from the social media network facebook.com (http://www.facebook.com),Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304 USA (subsequently referred to as “Facebook“). These plug-ins can be recognised by the Facebook logo or a corresponding tag. The list and appearance of the Facebook social media plug-ins can be seen at: developers.facebook.com/plugins
1.2. When the user clicks on the icon, the Facebook plug-in establishes a direct connection between the user’s browser and the Facebook server. M+M has no influence on the data transmitted in this process and has no knowledge of this data because the transmission doesn’t take place via the M+M website but directly from the user’s computer to Facebook. The fact that the user has visited the M+M website will be initially transmitted, and the IP address of the user can also be recorded. If the user is simultaneously logged in to Facebook, the information is assigned to the user’s Facebook account and is thus connected with the user. The same applies if the user clicks on the icon and makes comments. If the user is a Facebook member and does not want Facebook to collect data on their visit to the M+M website and record it in the user’s Facebook account, or link it to the user’s Facebook membership data, the user must first log out of Facebook.
1.3 Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (“Google“). Google Analytics uses “cookies“, text files placed on your computer to help the website analyse website usage. The information generated by the cookie regarding your use of the website is normally transferred to a server in the USA and stored there. In the event of IP anonymisation on this website, your IP address will be shortened by Google within member states of the EU or in other signatory states to the agreement in the European Economic Area before this happens. The full IP address will be transmitted to a Google server and shortened there in exceptional cases only. On behalf of the operator of this website, Google will also use this information to evaluate your usage of the website, to compile reports on website activites and to provide further services to the website administrator in connection with the usage of the website and internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with any other data from Google. You may block the storage of cookies by changing the settings of your browser software; however, we would like to point out that this may result in an inability to use the functions on this website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your website usage (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: (http://tools.google.com/dlpage/gaoptout?hl=de)
As a rule, these social media plug-ins lead to the fact that every visitor to a site has their IP address immediately recorded by these networks and their further activities on the internet are tracked. This happens even if the user does not click on one of the buttons.
To prevent this on our homepage, we use the Shariff method. The social media buttons establish direct contact between the social media network and the visitor only when the user actively clicks on the share button. If the user is already logged into a social network, Facebook and Google+ will do this without another window. On Twitter, a pop-up window appears in which the tweet text can still be edited.
As a result, you can post on social media networks without the networks being able to create a complete surfing profile of you. The Shariff method is already widely used to protect users. The starting point was an initiative from www.heise.de and you can find out more by clicking on this link.
In addition, the data referred to in point IV of this declaration will be transmitted. In the case of Facebook and Xing, the IP address is immediately anonymised upon collection, according to the respective providers in Germany. By activating the plug-in, you are transmitting your personal data to the respective plug-in provider and storing it there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings by clicking on the greyed-out box.
We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of the data collection, the reasons for its processing or storage periods. We also have no information about the erasure of the collected data by the plug-in provider.
The plug-in provider stores the data collected about as user profilers and uses them for the purpose of advertising, market research and / or demand-oriented design of its website. Such an evaluation is carried out in particular (also for non-logged in users) in order to display needs-based advertising and to inform other users of the social media network about your activities on these websites. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. These plugs offer you the possibility to interact with the social media networks and other users so that we can improve our website and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para 1 f. GDPR.
The data is transmitted regardless of whether you have an account with the plug-in provider or not. If you are logged in with the plug-in provider, the data collected will be directly linked to your existing account with the plug-in provider. If you click the icon and, for example, link the page, the plug-in provider stores this information in your user account and publicly shares it with your contacts. We recommend logging out after using a social media network as a matter of course, but especially before activating an icon as you can then avoid having this connected to your profile by the plug-in provider.
Further information regarding the purpose and scope of data collection and processing by the plug-in provider can be found in the Privacy Policies of these providers which are given below. These policies contain further information on your rights and setting options to protect your privacy.
The addresses of the respective plug-in providers and URL with their Privacy Policies:
- a)Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; facebook.com/policy.php; further information on data processing: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-otheras well as www.facebook.com/about/privacy/your-info. Facebook complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- b)Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- c)Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
- e)T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Germany; https://t3n.de/store/page/datenschutz.
- f) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; linkedin.com/legal/privacy-policy. LinkedIn complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- g) Flattr Network Ltd. mit Sitz in 2 nd Floor, White bear yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, Great Britain; https://flattr. com/privacy
- h)Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA,
- Integration of YouTube videos
We have embedded YouTube videos on our website which are stored at www.YouTube.com and can be played directly from our website.
On your visit to the site, YouTube receives information that you have visited the relevant page on our website. This occurs regardless of whether you are logged in with a YouTube user account or no account exists. If you are logged into Google, your information will be connected directly with your account. If you don’t want this link on your YouTube profile, then you need to log before activating the icon. YouTube stores your data as a user profile and uses it for advertising purposes, market research and / or demand-focused website design. The evaluation of your data is carried out especially for the purpose of providing needs-based advertising and to inform other users on the social media network about your activities on our website (even for users who are not logged in). You have the right to object to the creation of these user profiles, however you must contact YouTube to exercise this right.
- Integration of Google Maps
We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables the convenient use of the map function. By visiting the website, Google receives the information that you have visited the corresponding page on our website. In addition, the data mentioned in section IV of this declaration is sent to Google. This occurs regardless of whether you are logged in through an existing Google account or no user account exists. If you are logged in to Google, your data will be connected directly with your account. If you do not want the data to be connected to your Google profile, then you need to log out before activating the icon. Google stores your data as user profiles and uses them for advertising purposes, market research and / or the demand -focused design of its website. The evaluation of your data is carried out especially for the purpose of providing needs-based advertising and to inform other users on the social media network about your activities on our website (even for users who are not logged in). You have the right to object to the creation of these user profiles, however you must contact Google to exercise this right.
With your consent you can subscribe to our newsletter which informs you about our interesting current events and offers. The advertised goods and services named are in the consent agreement.
To register for our newsletter we use the so-called double opt in procedure. This means that after registering you receive an email at the address you provided in which we ask you to confirm that you wish to receive the newsletter. If registration isn’t confirmed within 24 hours, your information will be blocked and automatically deleted after one month.
The only mandatory piece of information we need to send the newsletter is your email address. The submission of further, separately highlighted data is voluntary and is used to address you personally. After your confirmation we will save your email address for the purpose of sending the newsletter. The legal basis is Art. 6 para 1 a. GDPR.
You may revoke your consent to the sending of the newsletter at any time and unsubscribe from it. Consent can be revoked by clicking on the link in each newsletter email, by sending an email to email@example.com or by sending a message to the contact details given in the Legal Notice.
This newsletter is sent to you by Inxmail GmbH. The email addresses of its recipients as well as any other collected data described in this policy are stored on Inxmail’s servers in Germany. Inxmail uses this data to send and evaluate the newsletters on our behalf. We have entered into a data processing agreement with Inxmail for this purpose. According to its own policy, Inxmail may use this data to improve its own services, for example to technically optimise the dispatch and presentation of the newsletter or for commercial purposes to determine the country from which the recipients come. However, Inxmail does not use this data to contact them directly or pass it on to third parties. Further information on data processing can be found here:
We would like to inform you that we evaluate your user behaviour when sending the newsletter. The newsletters contain a so-called Web Beacon, i.e. a pixel-sized file that is retrieved from the server of Inxmail GmbH when the newsletter is opened. As a result of this, technical information such as data on the browser and your system as well as your IP address and the time of retrieval are collected. This information is used for the technical improvement of services based on the technical data received or the target groups or your reading behaviour.
Statistical data collection also includes determining whether the newsletters were opened, when they were opened, and which links were clicked on. This information is not linked to individual newsletter recipients but is processed anonymously. This analysis serves to identify the reading habits of our users and to adapt our content for you.
There are cases in which we forward newsletter recipients to an Inxmail website. For example, our newsletters are sent with a link with which the recipient can call up the newsletter online (for example, in the event of display problems in the email programme).
You can cancel receipt of our newsletter at any time by simply revoking your consent. To do this, you will find a link for cancellation at the end of each newsletter. Your consent to receiving the newsletter from Inxmail and the statistical analysis expire simultaneously. It is not possible to cancel receipt of the newsletter or the statistical analysis separately.
12. Newsletter Data
To send our Newsletter we need an email address and your name. Verification of this email address is required and you have to agree to receive the newsletter. Additional data is not collected or is submitted voluntarily. The data is used exclusively for sending the newsletter.
Data submitted when registering for the newsletter is processed exclusively on the basis of your consent (Art. 6 para 1 a. GDPR). Revocation of your consent is possible at any time. To revoke your consent, notification by email or clicking on the “unsubscribe” link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.
When cancelled, the data required for the subscription will be erased. If this data has been submitted to us for other purposes and at other points, it will remain with us.
If you have any questions about data protection at Meyle+Müller, please contact our data protection officer at: