1. name and address of the person responsible
Tel.: 07231 – 941 – 0
is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws
The protection of the user’s privacy is important to M+M. It would therefore like to inform the user in detail below about the handling of his or her data.
I. General information on data processing
1. Scope of the processing of personal data
Personal data of the users of our homepage is only collected and used to the extent necessary for the provision of a functional website, our contents and services.
As a matter of principle, the collection and use of our users’ personal data only takes place with their consent. An exception to this principle applies in cases where processing of the data is permitted by legal regulations or obtaining prior consent is not possible for factual reasons.
2. Legal basis for the processing of personal data
The legal bases for the processing of personal data result in principle from:
– Art. 6 para. 1 lit. a DSGVO when obtaining the consent of the data subject.
– Art. 6 para. 1 lit. b DSGVO in the case of processing operations which serve the performance of a contract to which the data subject is a party. Included here are processing operations that are necessary for the performance of pre-contractual measures.
– Art. 6 para. 1 lit. c DSGVO for processing operations necessary for compliance with a legal obligation.
– Art. 6 para. 1 lit. d DSGVO, if vital interests of the data subject or another natural person make the processing of personal data necessary.
– Art. 6 para. 1 lit. f DSGVO, if the processing is necessary for the protection of a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest.
3. Data deletion and storage duration
The users’ personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage beyond this may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
II. Use of our website, general information
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user’s computer system. The following information is collected:
(1) The user’s IP address
(2) Date and time of access
The data described are stored in the log files of our system. This data is not stored together with other personal data of the user.
The following data will be used in the CRM system (SugarCRM) in case of contact. This personal data is stored by Meyle + Müller GmbH+Co.KG and used exclusively for acquisition or the approved purpose of the service ordered by the customer:
1) Company address
2) Name of contact person
2. Purpose and legal basis for data processing
The temporary storage of the IP address by our system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The collection of your personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. The user therefore does not have the option to object.
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.
3. duration of storage
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.
If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of the users are deleted or alienated. This means that it is no longer possible to identify the calling client.
III. Your rights / rights of the data subject
Under the EU General Data Protection Regulation, you have the following rights as a data subject:
1. Right of access
You have the right to obtain from us, as data controllers, information as to whether we are processing personal data relating to you.
In addition, you could request information on the following:
(1) Purpose of the data processing;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for the determination of the storage duration;
(5) the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 of the GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Finally, you also have the right to request information on whether your personal data are transferred to a third country or to an international organisation. In this case, you can request information about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.
You could assert your right to information at: email@example.com
2. Right of rectification
If the personal data we process and which concerns you is inaccurate or incomplete, you have the right to have it corrected and/or completed. The correction will be made without delay.
3. right to restriction
The right to restrict the processing of personal data concerning you may be exercised in the following cases:
(1) the accuracy of the personal data is contested for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and erasure of the personal data is refused, requesting instead the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defence of legal claims, or
(4) the data subject has objected to the processing pursuant to Art. 21 para. 1 of the GDPRand it is not yet clear whether the legitimate grounds of the controller override the grounds of the data subject.
Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
Where there is a restriction on processing in accordance with the principles set out, we will inform you before the restriction is lifted.
4. right to erasure
If the reasons set out below apply, you may request that the personal data concerning you be deleted without delay. The controller is obliged to delete this data without delay. The reasons are:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) The processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO and you revoke the consent. Another prerequisite is that there is no other legal basis for the processing.
(3) You object to the processing (Art. 21 para. 1 DSGVO) and there are no overriding legitimate grounds for the processing. Another possibility is that you lodge an objection to the processing pursuant to Art. 21 (2) DSGVO.
(4) The processing of personal data concerning you is unlawful.
(5) The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to information society services offered in accordance with Art. 8(1) of the GDPR.
If we have made the personal data concerning you public and are obliged to erase it pursuant to Art. 17 para. 1 DSGVO, we shall take reasonable steps, including technical measures, to inform data controllers processing the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, those personal data, taking into account the available technology and the cost of implementation.
If we have made personal data concerning you public and we are obliged to erase it pursuant to Art.
We point out that the right to erasure does not exist insofar as the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i as well as Art. 9 (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) of the GDPR. Art. 89(1) of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
(5)to assert, exercise or defend legal claims.
5. Right to information
If you have exercised the right to rectification, erasure or restriction of processing, we will be obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
6. Right to data portability
Under the GDPR, you also have the right to receive the personal data relating to you that has been provided to us in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, provided that
– the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and
– the processing is carried out with the aid of automated procedures.
Fin the context of exercising the right to data portability, you finally have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible and does not adversely affect the freedoms and rights of other persons.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. We would like to point out that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
8. Right to object
Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) DSGVO. The right of objection also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If the personal data concerning you is processed for the purpose of advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct advertising. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You also have the possibility, in connection with the use of information society services (notwithstanding Directive 2002/58/EC), to exercise your right to object by means of automated procedures using technical specifications
9. automated decision-making in individual cases, including profiling
Under the EU General Data Protection Regulation, you still have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, there is an exception to this principle if the decision
(1) is necessary for the conclusion or performance of a contract between you and the responsible person,
(2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and legitimate interests or
(3) is done with your express consent.
Where processing takes place within the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms of, and the legitimate interests of, the data subject. This includes at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
The decision referred to in (1) – (3) must not be based on special categories of personal data pursuant to Art. 9 (1) of the GDPR , unless Art. 9 (2) lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
10. Right to complain to a supervisory authority
Finally, if you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement.
IV. Use of social media plug-ins
We currently use the following social media plug-ins: Facebook, Twitter, Xing,
1. M+M uses plugins of the social network facebook.com (http://www.facebook.com), Facebook Inc. on its own website, 1601 S California Ave, Palo Alto, CA 94304 USA (hereinafter “Facebook”). These plugins are recognisable by the Facebook logo or a corresponding addition. The list and appearance of the Facebook social plugins can be viewed at developers.facebook.com/plugins.
1.2. When the user clicks on the button, the Facebook plugin creates a direct connection between his browser and the Facebook servers. M+M has no influence on the data transmitted in this process and receives no knowledge of this data, as the transmission does not take place via the M+M website, but directly from the user’s computer to Facebook. First of all, the fact that the user has called up the M+M website is transmitted, whereby the IP address of the user can also be recorded. If the user is logged into Facebook at the same time, this information is assigned to the user’s Facebook account and is thus associated with the user. The same applies if the user clicks on the button and makes comments. If the user is a Facebook member and does not want Faceebook to collect data about his or her visit to the M+M website and record it in the user’s Facebook account or link it to the user’s Facebook membership data, the user must log out of Facebook beforehand.
2. Integration of YouTube videos
We have integrated YouTube videos into our online offer, which are stored on www.YouTube.com and can be played directly from our website.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
3. integration of Google Maps
On this website we use the Google Maps service. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.
By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under Item IV of this declaration will be transmitted to Google. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and to exercise this right you must contact Google.
4. newsletter data
To send our newsletter, we need an e-mail address from you as well as your name. Verification of the e-mail address provided is necessary and you must consent to receiving the newsletter. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
The data provided when registering for the newsletter will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent at any time. For the revocation, an informal message by e-mail or you unsubscribe via the “unsubscribe” link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.
Data entered to set up the subscription will be deleted in the event of unsubscription. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
This website uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service with which, among other things, the sending of newsletters can be organised and analysed. If you enter data for the purpose of receiving newsletters (e.g. email address), this data is stored on MailChimp’s servers in the USA.
With the help of MailChimp, we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (known as a web beacon) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe directly on the website.
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.
Conclusion of a Data Processing Agreement
We have concluded a so-called “Data Processing Agreement” with MailChimp, in which we oblige MailChimp to protect our customers’ data and not to pass it on to third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/data-processing-addendum/
V. Sage Applicant Management
Sage is an HR software and is offered by our partner “FZP”. An AV contract for data processing has been agreed with our partner.
For more information on Sage’s or FZP’s privacy policies, please visit:
Questions about data protection at Meyle+Müller can be answered by our data protection officer:
Current status: 06.10.2021