MAE takes very seriously the protection of your personal data. These we treat confidentially and in compliance with the statutory data protection regulations and the information provided herein.

1 Responsibilities and competences for data protection

1.1 Responsibility

The responsibility for data processing lies with:

MAE Maschinen- und Apparatebau Götzen GmbH
Steinhof, 65, 40699 Erkrath
P.O. Box 1362, 40673 Erkrath
Tel: +49 211 89093-0
Fax: +49 211 89093-52
Email: datenschutz@mae-group.com

1.2 Data protection officer

We have designated the following data protection officer:

Boris Nicolaj Willm
Resilien[i]T GmbH
Monschauer Straße 12
40549 Düsseldorf
Tel: +49 211 695289 92
E-Mail: dsb.mae-group@resilienit.de

1.3 Assigned supervisory authority

We have been assigned the following supervisory authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Tel.: +49 211 38424-0
Fax: +49 211 38424-999
Email: poststelle@ldi.nrw.de

2 Your rights as the data subject

You may exercise at any time the right to receive, free of charge, information on the origin, recipients, and purpose of your stored personal data. You are also accorded the right to demand the rectification or erasure of these data. After granting your consent to the processing of your data, you may revoke this consent at any time thereafter. In addition, you may exercise your right, under certain circumstances, to restrict the processing of your personal data. Furthermore, you have the right to lodge a complaint before the assigned supervisory authority.

Feel free to consult us at any time on any questions you may have on these and other data protection aspects.

2.1 Revoking your consent to the processing of your data

In many cases, your data may be processed only with your explicit consent. The consent you grant you may revoke at any time. This revocation does not affect the lawfulness of processing concluded beforehand.

2.2 Your right to object to the collection of your data in special cases

IF PROCESSING HAS BECOME NECESSARY FOR THE REASONS SET DOWN IN POINT (e) OR (f) OF ART 6(1) GDPR, YOU HAVE THE RIGHT AT ALL TIMES ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION TO OBJECT TO THIS PROCESSING OF YOUR PERSONAL DATA. THIS APPLIES LIKEWISE TO ANY PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS UNDERLYING A SPECIFIC PROCESSING ACT CAN BE TAKEN FROM THE INFORMATION HEREIN. ON RECEIVING YOUR OBJECTION, WE SHALL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE, OR DEFENCE OF LEGAL CLAIMS (ART 21[1] GDPR).

WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THIS PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. ON RECEIVING YOUR OBJECTION TO THEIR PROCESSING, WE NO LONGER USE YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES (ART 21[2] GDPR).

2.3 Right to data portability

With respect to the data we subject to our automated processing based on your consent or in fulfilment of a contract, you have the right to have these data, converted into a commonly used, machine-readable format, transmitted to yourself or to a third party you nominate. Your request to have your data transmitted directly to another controller is fulfilled only when technically feasible.

2.4 Information, rectification, and erasure

The legal provisions currently in force accord you the right at all times to receive, free of charge, information on your stored personal data; on their origin and recipients; and on the purpose of their processing, and where applicable the right to rectify or erase these data. Feel free to consult us at any time on any questions you may have on these and other aspects of personal data.

2.5 Right to restriction of processing

You have the right to restrict the processing of your personal data. Feel free to consult us at any time on this right. You have the right to restrict processing when:

After pointing out to us that your personal data stored on our facilities are not correct, please allow us some time to investigate this. During this investigation, you have the right to restrict the processing of your personal data.

Should your personal data be or have been processed unlawfully, you may restrict their processing in lieu of requesting their erasure.

When we no longer need your personal data, yet you must continue accessing them for the exercise, defence, or establishment of legal claims, you have the right to restrict their processing in lieu of requesting their erasure.

On receiving from you an objection based on Art 21(1) GDPR, we must draw a balance between your and our interests. Until the overriding interests have been determined, you have the right to restrict the processing of your personal data.

When you have restricted processing, these data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

2.6 Contact details for exercising your rights

You may declare the exercise of your rights and may file your objections in an informal communication sent by post or email to:

MAE. Maschinen- und Apparatebau Götzen GmbH
Bereich: Datenschutz
Steinhof, 65, 40699 Erkrath
P.O. Box 1362, 40673 Erkrath
Email: datenschutz@mae-group.com

3 General information on data protection

3.1 To whom do we transmit your data?

Companies, representatives, and partners of the MAE Group

When necessary for the establishment, implementation, or termination of an actual or quasi contract, we basically transmit your personal data to our affiliated companies or partners and representatives. Specifically, these partners and representatives are independent sales agents marketing our commodities and services both at home and abroad. When you contact us, we communicate the details you provide us, for instance, to the competent member of the MAE Group in your locality, which can then offer you those of our products and services best meeting your needs and environment.

The member companies of the MAE Group:

• MAE-Eitel Inc. (USA)
• MAE Machine (Beijing) Co. (China)

Processor

For the purpose of processing your data we also commission external service providers to whom we transmit your personal data. These they process only on our behalf as stipulated by contract. These contract stipulations also oblige these processors, for example, either to erase or return these data on conclusion of their commission.

3.2 What are your data we process?

The personal data we collect and process vary from situation to situation.

3.3 For what purpose do we process your data, and what is the underlying legal basis?

Your personal data we process exclusively in compliance with the specifications of the General Data Protection Regulation (referred to hereinafter as “the GDPR”) and Germany’s federal data protection act BDSG. In certain situations we also process your personal data for the purpose of fulfilling other legal obligations or on the basis of your explicit consent.

For the fulfilment of contractual obligations

We process your personal data for the purpose of fulfilling contractual or quasi contractual obligations, of establishing a contract, e.g. for CRM, or for responding to enquiries.

On receiving from you by post or digitally an application containing your personal data, we process these exclusively for the purpose of preparing your future employment with us.

On the grounds of legitimate interests

We also process your personal data for the maintenance of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of your personal data.

Subject to a final decision on the balance of interests, we assume in each case that our legitimate reasons override all others in the following processing situations (list incomplete):

• CRM;
• information on service and product quotes when you have provided us with your name, email address, or postal address that we need to provide our services and sell our products;
• optimisation of our quotes and services;
• safeguarded confidentiality and integrity of our IT systems;

On the grounds of your consent

On receiving from you your separate consent to the processing of your personal data, we process these within the constraints and on the grounds of this consent. The consent you grant in each and every case may affect, for example, the transmission of data to our partners, the analysis of your data for targeted advertising measures, or the sending of newsletters.

Your consent is voluntary without exception. Refusing or revoking your consent involves no negative consequences for you.

3.4 Information on the transmission of data to the USA and other third countries

The tools we employ include those provided by companies based in the USA or other third countries where data protection is not observed with equal severity. When enabled, these tools may transmit your personal data to these third countries where they are processed. We point out that these countries do not consistently maintain a standard of data protection comparable with that in the EU. For instance, US companies are obliged to communicate personal data to security agencies against which procedure you can take no legal action here. It cannot, therefore, be ruled out that US authorities (e.g. secret services) process, evaluate, and commit to permanent storage your personal data transmitted to US servers. These processing activities are outside of our influence.

3.5 Duration of storage

When the information herein does not specify a particular duration of storage, your personal data remain in our storage systems until the purpose for which they are processed has been fulfilled. When you file a legitimate request for erasure or revoke your consent to the processing of your data, your data are erased unless we can provide other reasons, permissible by law, for retaining your personal data in storage (e.g. retention periods stipulated under the tax or trade laws). In the latter case, your data are erased as soon as these reasons become inapplicable.

4 General information on data processing via this website

4.1 Information on the legal bases of data processing

On receiving your consent to the processing of your data, we process these pursuant to point (a) of Art 6(1) GDPR and point (a) of Art 9(2) GDPR, the latter when the special categories of data under Art 9(1) GDPR are processed. When you grant your explicit consent to the transmission of your personal data to third countries, these are processed in addition pursuant to point (a) of Art 49(1) GDPR. When you consent to the storage of cookies or to access to the information on your terminal (e.g. device fingerprint), your data are processed in addition pursuant to § 25(1) of Germany’s Telecommunications-Telemedia Data Protection Act (referred to hereinafter as “the TTDSG”). This consent you may revoke at any time. When we need your data to fulfil or prepare a contract, we process these pursuant to point (b) of Art 6(1) GDPR. In all other cases, we process your data only when this is necessary to fulfil a legal obligation, and this pursuant to point (c) of Art 6(1) GDPR. Your data we may also process for the maintenance of our legitimate interests as set down in point (f) of Art 6(1) GDPR. The following paragraphs present the legal bases applying in each and every case.

4.2 Who is responsible for collecting data?

The site operator collects data on this website. The contact details can be taken from § 1 “Responsibilities” hereof.

4.3 How do we collect your data?

The data we collect you provide us yourself. These may include, for example, the entries you make in a contact form.

Other data are collected by our IT systems, either automatically or following your consent when visiting our website. These data are predominantly of a technical nature, e.g. your browser, operating system, and the time you landed on a webpage. These data are collected automatically as soon as you enter our website.

4.4 What do we use your data for?

Some of the data collected are used to maintain the error-free availability of our website. Other data can be consulted to analyse user behaviour.

4.5 What rights do you have respecting your data?

You may exercise at any time the right to receive, free of charge, information on the origin, recipients, and purpose of your stored personal data. You are also accorded the right to demand the rectification or erasure of these data. After granting your consent to the processing of your data, you may revoke this consent at any time thereafter. In addition, you may exercise your right, under certain circumstances, to restrict the processing of your personal data. Furthermore, you have the right to lodge a complaint before the assigned supervisory authority.

Feel free to consult us at any time on any questions you may have on these and other data protection aspects.

4.6 Analytics and third-party tools

Your visit to this website may subject your surfing behaviour to statistical analysis. This is performed predominantly by so called analytics programs.

Details on these analytics programs can be found in the following.

4.7 SSL/TLS encryption

For security reasons, this site makes use of SSL and TLS encryption to protect the transmission of confidential content, e.g. the orders or requests you submit to us as the site operator. An encrypted connection can be recognised by the image of a padlock preceding “https://” (instead of “http://”) in your browser’s address bar.

When SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

5 Data processing on this website

In detail, your data are processed as follows:

5.1 Hosting (Espelkamp-Mittwald)

Our website is hosted near Espelkamp-Mittwald. The provider is Mittwald CM Service GmbH & Co. KG of Königsberger Str. 4–6 in 32339 Espelkamp (referred to hereinafter as “Mittwald”).

Details can be taken from the Mittwald privacy statement at https://www.mittwald.de/datenschutz.

The use of Mittwald is based on point (f) of Art 6(1) GDPR. We have a legitimate interest in the highest possible availability of our website. Once you have granted your consent thereto, your data are processed exclusively pursuant to point (a) of Art 6(1) GDPR and § 25(1) TTDSG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TTDSG. This consent you may revoke at any time.

Job processing

We have concluded a data processing agreement (DPA) with the above provider. This is an agreement stipulated under the data protection laws to safeguard the processing of personal data provided by our website visitors only in accordance with our instructions and in compliance with the GDPR.

5.2 Consent (Borlabs Cookie)

Our website makes use of Borlabs Cookie Consent Technology, which retrieves your consent to the storage of particular cookies in your browser or to the use of certain technologies and to document these in compliance with data protection. This technology is provided by Borlabs GmbH at Rübenkamp 32 in 22305 Hamburg (referred to hereinafter as “Borlabs”).

When you enter our website, your browser accepts a Borlabs Cookie that lists the consents you have granted or the revocation thereof. These data are not communicated to the provider of the Borlabs Cookie.

These collected data are retained in storage until you request us to erase them, you erase the Borlabs Cookie yourself, or the purpose of this data storage has been fulfilled. This does not affect the mandatory legal retention periods. Details on data processing via Borlabs Cookies can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

Borlabs Cookie Consent Technology is applied to retrieve the consent, stipulated by law, to the use of cookies. The legal basis is provided by point (c) of Art 6(1) GDPR.

5.3 Server logfiles

The site provider collects and stores automatically in so called server logfiles the information your browser transmits to us automatically. This includes:

• browser type and version
• active operating system
• referrer URL
• host name of the accessing computer
• time when the server request was sent
• IP address

These data are not collated with other data sources.

These data are collected pursuant to point (f) of Art 6(1) GDPR. The site operator has a legitimate interest in the error-free presentation and the optimisation of its website – and server logfiles are needed for this purpose.

5.4 Contact form

When you use our contact form to submit a request, all the entries you make, including your contact details, are extracted from the form and stored on our systems for the purpose of handling your request and generating any follow-up questions. These data we do not communicate to others without your consent.

These data are processed pursuant to point (b) of Art 6(1) GDPR provided your request involves the fulfilment of or is needed to prepare a contract. In all other cases, processing is based on our legitimate interest in the effectual handling of requests submitted to us (point [f] of Art 6[1] GDPR) or on your consent (point [a] of Art 6[1] GDPR), when this has been granted. This consent you may revoke at any time.

The data you enter in our contact form are retained in our storage systems until you request us to erase them, you revoke your consent to their storage, or the purpose of their storage has been fulfilled (e.g. when your request has come to a conclusion). This does not affect the mandatory legal provisions, specifically the retention periods.

5.5 Request by email, phone, or fax

When you contact us by email, phone, or fax, your request, including all personal data you provide with it (name, address), is committed to our storage systems and processed for handling purposes. These data we do not communicate to others without your consent.

These data are processed pursuant to point (b) of Art 6(1) GDPR provided your request involves the fulfilment of or is needed to prepare a contract. In all other cases, processing is based on our legitimate interest in the effectual handling of requests submitted to us (point [f] of Art 6[1] GDPR) or on your consent (point [a] of Art 6[1] GDPR), when this has been granted. This consent you may revoke at any time.

The data you submit to us via contact requests are retained in our storage systems until you request us to erase them, you revoke your consent to their storage, or the purpose of their storage has been fulfilled (e.g. when your request has come to a conclusion). This does not affect the mandatory legal provisions, specifically the retention periods.

5.6 Analytics tools and ads (Google Tag Manager)

We make use of Google Tag Manager. This is provided by Google Ireland Limited of Gordon House, Barrow Street in Dublin 4, Ireland.

Google Tag Manager is a tool we use to integrate tracking, statistics, and other tools and technologies in our website. Google Tag Manager itself does not generate user profiles, nor does it accept cookies or perform any analyses. It serves solely to manage and control the tools linked with it. Yet Google Tag Manager does collect your IP address, which may be transmitted to the Google parent company in the USA.

Google Tag Manager is used following your consent thereto pursuant to point (a) of Art 6(1) GDPR and § 25(1) TTDSG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TTDSG. This consent you may revoke at any time.

5.7 Analytics tools and ads (Google Analytics)

This website applies functions provided by Google Analytics. This is provided by Google Ireland Limited (referred to hereinafter as “Google”) of Gordon House, Barrow Street in Dublin 4, Ireland.

The site operator can use Google Analytics to analyse the behaviour of visitors to the website. The site operator then receives a variety of usage data, e.g. pageviews, session duration, active operating systems, and the user’s origin. These data are assigned to the user’s calling terminal. There is no assignment to a user ID. There is no assignment to a user ID.

In addition, Google Analytics lets us record, for instance, your mouse movements, scrolls, and clicks. Another feature is a set of modelling approaches and machine learning technologies that Google Analytics applies to supplement and analyse the records it collects.

Its technologies include user recognition (e.g. in the form of cookies or device fingerprints) for the purpose of analysing user behaviour. The information Google collects respecting the use of this website is generally transmitted to a Google server sited in the USA where it is stored.

This service is used following your consent thereto pursuant to point (a) of Art 6(1) GDPR and § 25(1) TTDSG. This consent you may revoke at any time.

The transfer of data to the USA is based on the Standard Contractual Clauses (SCC) published by the EU Commission. Details can be found at https://privacy.google.com/businesses/controllerterms/mccs/.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin at https://tools.google.com/dlpage/gaoptout?hl=de.

Details on how Google Analytics handles user data can be found in the Google privacy statement at https://support.google.com/analytics/answer/6004245?hl=de.

Job processing

We have concluded a DPA with Google that, for the use of Google Analytics, implements to the full extent the stringent stipulations issued by Germany’s data protection authorities.

5.8 Web analytics tool (Mouseflow)

This website applies Mouseflow, a web analytics tool provided by Mouseflow ApS of Flæsketorvet 68 in 1711 København, Denmark. Data processing assists in the analysis of this website and its visitors. It involves collecting and storing data for marketing and optimisation purposes. These data may be used to generate user profiles under a pseudonym. Cookies may be used as well. The web analytics tool Mouseflow is designed to record single visits (exclusively with anonymised IP address) on a random basis. This gives rise to a record of mouse movements and clicks intended to reenact on a random basis specific visits to the website and to derive potential improvements from these. Without the consent granted specifically by the data subject, the data collected via Mouseflow are not used to identify the person of the visitor to this website, nor are they collated with the personal data carried in the pseudonym. Data are processed following your consent thereto pursuant to point (a) of Art 6(1) GDPR and § 25(1) TTDSG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TTDSG. This consent you may revoke at any time.

You can also configure your current browser to disable globally the recording of your movements on all websites using Mouseflow: https://mouseflow.de/opt-out/

Job processing We have concluded a DPA with Mouseflow ApS.

5.9 Typefaces (Google Fonts)

This site applies a number of Google services that use so called Google Fonts, a set of typefaces provided by Google that present a consistent look. On opening a page, your browser caches the fonts needed for the correct presentation of typefaces and copy.

For this purpose, the browser you use must connect to the Google servers. Google then learns that this website has been called via your IP address. Google Fonts is used following your consent thereto pursuant to point (a) of Art 6(1) GDPR and § 25(1) TTDSG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TTDSG. This consent you may revoke at any time.

If your browser does not support Google Fonts, a standard typeface available on your computer is used instead.

Details on Google Fonts can be consulted at https://developers.google.com/fonts/faq and in the Google privacy statement at https://policies.google.com/privacy?hl=de.

5.10 Map services (Google Maps)

This site makes use of Google Maps. This is provided by Google Ireland Limited (referred to hereinafter as “Google”) of Gordon House, Barrow Street in Dublin 4, Ireland.

The use of Google Maps functions requires the storage of your IP address. This information is generally transmitted to a Google server sited in the USA where it is stored. The provider of this website has no control over this data transfer. When Google Maps is enabled, Google may apply Google Fonts for the consistent presentation of typefaces. On calling Google Maps, your browser caches the web fonts needed for the correct presentation of typefaces and copy.

Google Maps is used following your explicit consent thereto pursuant to point (a) of Art 6(1) GDPR and § 25(1) TTDSG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TTDSG. This consent you may revoke at any time.

The transfer of data to the USA is based on the Standard Contractual Clauses (SCC) published by the EU Commission. Details can be consulted at https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Details on how user data are handled can be found in the Google privacy statement at https://policies.google.com/privacy?hl=de.

5.11 hCaptcha

This website makes use of hCaptcha (referred to hereinafter as “hCaptcha”). This is provided by Intuition Machines, Inc. of 2211 Selig Drive in Los Angeles, CA 90026, USA (referred to hereinafter as “IMI”).

hCaptcha is intended to verify whether the data entered on this website (e.g. in a contact form) originate from a human or an automated script (or so called bot). To this end, hCaptcha analyses the behaviour of a visitor to the website according to various characteristics.

This analysis commences automatically when a visitor lands on a webpage with activated hCaptcha. The information analysed by hCaptcha includes e.g. IP address, session duration, and mouse movements. The data collected during this analysis are transmitted to IMI. When hCaptcha is running in invisible mode, the analyses are performed completely in the background. Visitors to the website are not informed of these running analyses.

The data are stored and analysed pursuant to point (f) of Art 6(1) GDPR. The site operator has a legitimate interest in protecting its web services from malicious bots and SPAM. Once you have granted your consent thereto, your data are processed exclusively pursuant to point (a) of Art 6(1) GDPR and § 25(1) TTDSG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TTDSG. This consent you may revoke at any time.

Data processing is based on SCC contained in the data processing supplement to the IMI Terms and Conditions (T&C) and the DPAs.

Further details on hCaptcha can be consulted in the privacy statement and conditions of use at https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.

6 Data processing by customers, service providers, and suppliers

Your data are processed as follows:

6.1 Order related communications

For the purpose of handling our business transactions, we process your name, contact details, company, and assigned responsibilities/post. These details are forwarded on request to our auditor and/or the assigned supervisory body and erased ten (10) years following termination of our business relations.

The legal provisions underlying this processing are provided by points (b), (c) of Article 6(1) of the European General Data Protection Regulation (requirement to perform contractual or other legally binding obligations).

6.2 Promotion of business relations

If you are employed by one of our business partners, we also process, for the purpose of promoting our business relations, your name, contact details, company, and assigned responsibilities/post and any communications on product details and invitations to customer/supplier satisfaction surveys and events as well as their implementation. We do not communicate these data to third parties, and we erase them one (1) year following termination of our business relations.

The legal provisions underlying this processing are provided by point (f) of Article 6(1) of the European General Data Protection Regulation (overriding, legitimate interest), viz for the promotion of our customer relations with you.

7 Data processing during audio and video conferences

The solutions we use to communicate with our customers include online conferencing tools. These are listed below. By communicating with us via a video or audio conference over the internet, you allow us and the provider of the conferencing tools involved to collect and process your personal data.

These data you provide or enter for the purpose of using the tools, e.g. your email address and/or phone number. In addition, the conferencing tools process the duration of the conference, the times you commence and end your participation in the conference, the number of participants, and other so called contextual information relating to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data needed to handle the online communication. Specifically, these include IP addresses, MAC addresses, device IDs, device types, operating system types and versions, camera types, microphones, loudspeakers, and connection types.

Also any contents that are exchanged, uploaded, or otherwise provided inside the tool are stored on the tool providers’ servers. Specifically, these contents include cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other data that are shared while the service is being used.

Please bear in mind that we have no absolute control over the scope of these tools’ data processing. Our scope of action is defined to a large extent by the corporate policy pursued by each of these providers. Further information on how these conferencing tools process data can be taken from the respective privacy statements listed below this section.

Purpose and legal bases

The conferencing tools are used to communicate with potential or existing contract partners and to offer our customers certain services (point [b] of Art 6[1] GDPR). In addition, these tools serve to simplify and accelerate the communication with us and our companies (legitimate interest as defined under point [f] of Art 6[1] GDPR). The tools are employed only when you grant your consent thereto. This consent you may revoke at any time.

Duration of storage

The data we collect via the video and conferencing tools are erased from our systems as soon as you request us to erase them, you revoke your consent to their storage, or the purpose of their storage has been fulfilled. Cookies stored on your terminal remain there until you erase them. This does not affect the mandatory legal retention periods.

The duration of storage the providers of the conferencing tools assign to your data for their own purposes lies outside of our influence. For details please consult directly the information supplied by the providers of the conferencing tools.

7.1 Conferencing tool (Microsoft Teams)

We make use of Microsoft Teams. This is provided by Microsoft Ireland Operations Limited of One Microsoft Place, South County Business Park, Leopardstown in Dublin 18, Ireland. Details on how Microsoft Teams process your data can be taken from the privacy statement at https://privacy.microsoft.com/de-de/privacystatement.

Job processing

We have concluded a data processing agreement (DPA) with the above provider of this service. This is an agreement stipulated under the data protection laws to safeguard the processing of personal data provided by our website visitors only in accordance with our instructions and in compliance with the GDPR.

8 Data processing affecting applicants

By consulting our Careers page, you can send us your application by email or post. The data transmitted to us in your digital application are TLS encrypted.

Although we are able to handle noncompliant applications, we cannot safeguard a complete erasure of all documents by the stipulated deadlines.

An application process conforming to the data protection stipulations can be assured only when you please follow the instructions on our Careers page.

Scope and purpose of data collection

By sending us your application, you allow us to process the contained and related personal data (e.g. contact and communication details, application materials, notes taken during interviews, etc.) when these are needed for the decision in favour of your future employment with us. The legal basis is provided by point (b) of Art 6(1) GDPR (general initiation of contracts) and – following your consent – point (a) of Art 6(1) GDPR. This consent you may revoke at any time. Your personal data are communicated exclusively to persons inside our company who have been assigned to handle your application.

On acceptance of your application, the data you have submitted to us pursuant to point (b) of Art 6(1) GDPR are stored in our data processing systems for the purpose of preparing your employment.

Applicant interviews

Our application procedure offers candidates an opportunity to take part in interviews via a video conferencing tool. This solution eliminates the physical contacts in a face to face situation and bridges the distances posed by differing geographical locations. Neither the video nor the audio data are recorded or stored at any time. Applicants may choose to activate or deactivate their webcams before or during the interview. Applicants need not justify their decision to decline participating in the video interview. In this case, an alternative may be discussed that is acceptable to both parties.

The use of a video conferencing tool cannot rule out the possibility of data being transmitted to a third country (specifically the USA). The legal basis underlying the data processing is your consent pursuant to point (a) of Art 6(1) GDPR. This consent you may revoke at any time.

Data retention period

In the event that we are unable to offer you a post, you decline a post, or you withdraw your application, we reserve the right, based on our legitimate interest (point [f] of Art 6[1] GDPR), to retain in our storage systems your submitted data for a period not exceeding seven months following their receipt. After this period, the data are erased or anonymised, and the physical application material destroyed. This retention period serves for verification purposes in the event of legal disputes. When it is apparent that the data will be needed after this seven-month period (e.g. on the grounds of an imminent or pending legal dispute), they are not erased until the purpose of their continued retention has been fulfilled.

This retention period may also be extended when you have granted your consent thereto (point [a] of Art 6[1] GDPR) or when the legal retention periods demand this.

Inclusion in the applicant pool

In the event that we are unable to offer you a post, you may opt to be included in our applicant pool. When you are included, all of your documents and details are transferred from your application to the applicant pool for the purpose of contacting you in the event of suitable vacancies.

Your inclusion in the applicant pool for the purpose of informing you of any other posts that may interest you, including trainee and on-the-job placements, is based exclusively on your explicit consent (point [a] of Art 6[1] GDPR). Your consent is voluntary and has no effect on the ongoing application procedure. Data subjects may revoke their consent at any time. In this case, their data are erased irrecoverably from the applicant pool should this not be opposed by the legal retention periods.

The data stored in the applicant pool are erased irrecoverably at the latest two years after you have granted your consent.

9 Data processing during inhouse video surveillance

The company site in Erkrath is under video surveillance for the purpose of protecting MAE property, employees, customers, and suppliers; of preventing and investigating theft and vandalism; of identifying damage to property; and of regular inspections of operability. The duration of storage is 72 hours. Recordings serving to perpetuate evidence are retained until needed for a prosecution.

These recordings may be viewed by personnel servicing the plant and transmitted to law enforcement agencies.

The legal basis underlying this processing is provided by point (f) of Art 6(1) of the European General Data Protection Regulation (overriding, legitimate interest). This interest affects the protection of the company’s property, customers, suppliers, and company employees against burglary, theft, and vandalism; the preservation of rights on company property; and the improved establishment of claims before third parties.