Information on data protection at MAE
MAE takes very seriously the protection of your personal data. These we treat confidentially and in compliance with the statutory data protection regulations and the information provided herein.
1 Responsibilities and competences for data protection
1.1 Responsibility
The responsibility for data processing lies with:
MAE Maschinen- und Apparatebau Götzen GmbH
Steinhof 65, 40699 Erkrath
P.O. Box 1362, 40673 Erkrath
Tel: +49 211 89093-0
Fax: +49 211 89093-52
Email: datenschutz@mae-group.com
1.2 Data protection officer
We have designated the following data protection officer:
Boris Nicolaj Willm
Resilien[i]T GmbH
Monschauer Straße 12
40549 Düsseldorf
Tel: +49 211 695289 92
E-Mail: dsb.mae-group@resilienit.de
1.3 Assigned supervisory authority
We have been assigned the following supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Tel.: +49 211 38424-0
Fax: +49 211 38424-999
Email: poststelle@ldi.nrw.de
2 Your rights as the data subject
You may exercise at any time the right to receive, free of charge, information on the origin, recipients, and purpose of your stored personal data. You are also accorded the right to demand the rectification or erasure of these data. After granting your consent to the processing of your data, you may revoke this consent at any time thereafter. In addition, you may exercise your right, under certain circumstances, to restrict the processing of your personal data. Furthermore, you have the right to lodge a complaint before the assigned supervisory authority.
Feel free to consult us at any time on any questions you may have on these and other data protection aspects.
2.1 Revoking your consent to the processing of your data
In many cases, your data may be processed only with your explicit consent. The consent you grant you may revoke at any time. This revocation does not affect the lawfulness of processing concluded beforehand.
2.2 Your right to object to the collection of your data in special cases
IF PROCESSING HAS BECOME NECESSARY FOR THE REASONS SET DOWN IN POINT (e) OR (f) OF ART 6(1) GDPR, YOU HAVE THE RIGHT AT ALL TIMES ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION TO OBJECT TO THIS PROCESSING OF YOUR PERSONAL DATA. THIS APPLIES LIKEWISE TO ANY PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS UNDERLYING A SPECIFIC PROCESSING ACT CAN BE TAKEN FROM THE INFORMATION HEREIN. ON RECEIVING YOUR OBJECTION, WE SHALL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE, OR DEFENCE OF LEGAL CLAIMS (ART 21[1] GDPR).
WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THIS PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. ON RECEIVING YOUR OBJECTION TO THEIR PROCESSING, WE NO LONGER USE YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES (ART 21[2] GDPR).
2.3 Right to data portability
With respect to the data we subject to our automated processing based on your consent or in fulfilment of a contract, you have the right to have these data, converted into a commonly used, machine-readable format, transmitted to yourself or to a third party you nominate. Your request to have your data transmitted directly to another controller is fulfilled only when technically feasible.
2.4 Information, rectification, and erasure
The legal provisions currently in force accord you the right at all times to receive, free of charge, information on your stored personal data; on their origin and recipients; and on the purpose of their processing, and where applicable the right to rectify or erase these data. Feel free to consult us at any time on any questions you may have on these and other aspects of personal data.
2.5 Right to restriction of processing
You have the right to restrict the processing of your personal data. Feel free to consult us at any time on this right. You have the right to restrict processing when:
After pointing out to us that your personal data stored on our facilities are not correct, please allow us some time to investigate this. During this investigation, you have the right to restrict the processing of your personal data.
Should your personal data be or have been processed unlawfully, you may restrict their processing in lieu of requesting their erasure.
When we no longer need your personal data, yet you must continue accessing them for the exercise, defence, or establishment of legal claims, you have the right to restrict their processing in lieu of requesting their erasure.
On receiving from you an objection based on Art 21(1) GDPR, we must draw a balance between your and our interests. Until the overriding interests have been determined, you have the right to restrict the processing of your personal data.
When you have restricted processing, these data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
2.6 Contact details for exercising your rights
You may declare the exercise of your rights and may file your objections in an informal communication sent by post or email to:
MAE. Maschinen- und Apparatebau Götzen GmbH
Bereich: Datenschutz
Steinhof, 65, 40699 Erkrath
P.O. Box 1362, 40673 Erkrath
Email: datenschutz@mae-group.com
3 General information on data protection
3.1 To whom do we transmit your data?
Companies, representatives, and partners of the MAE Group
When necessary for the establishment, implementation, or termination of an actual or quasi contract, we basically transmit your personal data to our affiliated companies or partners and representatives. Specifically, these partners and representatives are independent sales agents marketing our commodities and services both at home and abroad. When you contact us, we communicate the details you provide us, for instance, to the competent member of the MAE Group in your locality, which can then offer you those of our products and services best meeting your needs and environment.
The member companies of the MAE Group:
- MAE-Eitel Inc. (USA)
- MAE Machine (Beijing) Co. (China)
Processor
For the purpose of processing your data we also commission external service providers to whom we transmit your personal data. These they process only on our behalf as stipulated by contract. These contract stipulations also oblige these processors, for example, either to erase or return these data on conclusion of their commission.
3.2 What are your data we process?
The personal data we collect and process vary from situation to situation.
3.3 For what purpose do we process your data, and what is the underlying legal basis?
Your personal data we process exclusively in compliance with the specifications of the General Data Protection Regulation (referred to hereinafter as “the GDPR”) and Germany’s federal data protection act BDSG. In certain situations we also process your personal data for the purpose of fulfilling other legal obligations or on the basis of your explicit consent.
For the fulfilment of contractual obligations
We process your personal data for the purpose of fulfilling contractual or quasi contractual obligations, of establishing a contract, e.g. for CRM, or for responding to enquiries.
On receiving from you by post or digitally an application containing your personal data, we process these exclusively for the purpose of preparing your future employment with us.
On the grounds of legitimate interests
We also process your personal data for the maintenance of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of your personal data.
Subject to a final decision on the balance of interests, we assume in each case that our legitimate reasons override all others in the following processing situations (list incomplete):
- CRM;
- information on service and product quotes when you have provided us with your name, email address, or postal address that we need to provide our services and sell our products;
- optimisation of our quotes and services;
- safeguarded confidentiality and integrity of our IT systems;
On the grounds of your consent
On receiving from you your separate consent to the processing of your personal data, we process these within the constraints and on the grounds of this consent. The consent you grant in each and every case may affect, for example, the transmission of data to our partners, the analysis of your data for targeted advertising measures, or the sending of newsletters.
Your consent is voluntary without exception. Refusing or revoking your consent involves no negative consequences for you.
3.4 Information on the transmission of data to the USA and other third countries
The tools we employ include those provided by companies based in the USA or other third countries where data protection is not observed with equal severity. When enabled, these tools may transmit your personal data to these third countries where they are processed. We point out that these countries do not consistently maintain a standard of data protection comparable with that in the EU. For instance, US companies are obliged to communicate personal data to security agencies against which procedure you can take no legal action here. It cannot, therefore, be ruled out that US authorities (e.g. secret services) process, evaluate, and commit to permanent storage your personal data transmitted to US servers. These processing activities are outside of our influence.
3.5 Duration of storage
When the information herein does not specify a particular duration of storage, your personal data remain in our storage systems until the purpose for which they are processed has been fulfilled. When you file a legitimate request for erasure or revoke your consent to the processing of your data, your data are erased unless we can provide other reasons, permissible by law, for retaining your personal data in storage (e.g. retention periods stipulated under the tax or trade laws). In the latter case, your data are erased as soon as these reasons become inapplicable.
4 General information on data processing via this website
4.1 Information on the legal bases of data processing
On receiving your consent to the processing of your data, we process these pursuant to point (a) of Art 6(1) GDPR and point (a) of Art 9(2) GDPR, the latter when the special categories of data under Art 9(1) GDPR are processed. When you grant your explicit consent to the transmission of your personal data to third countries, these are processed in addition pursuant to point (a) of Art 49(1) GDPR. When you consent to the storage of cookies or to access to the information on your terminal (e.g. device fingerprint), your data are processed in addition pursuant to § 25(1) of Germany’s Telecommunications-Telemedia Data Protection Act (referred to hereinafter as “the TDDDG”). This consent you may revoke at any time. When we need your data to fulfil or prepare a contract, we process these pursuant to point (b) of Art 6(1) GDPR. In all other cases, we process your data only when this is necessary to fulfil a legal obligation, and this pursuant to point (c) of Art 6(1) GDPR. Your data we may also process for the maintenance of our legitimate interests as set down in point (f) of Art 6(1) GDPR. The following paragraphs present the legal bases applying in each and every case.
4.2 Who is responsible for collecting data?
The site operator collects data on this website. The contact details can be taken from § 1 “Responsibilities” hereof.
4.3 How do we collect your data?
The data we collect you provide us yourself. These may include, for example, the entries you make in a contact form.
Other data are collected by our IT systems, either automatically or following your consent when visiting our website. These data are predominantly of a technical nature, e.g. your browser, operating system, and the time you landed on a webpage. These data are collected automatically as soon as you enter our website.
4.4 What do we use your data for?
Some of the data collected are used to maintain the error-free availability of our website. Other data can be consulted to analyse user behaviour.
4.5 What rights do you have respecting your data?
You may exercise at any time the right to receive, free of charge, information on the origin, recipients, and purpose of your stored personal data. You are also accorded the right to demand the rectification or erasure of these data. After granting your consent to the processing of your data, you may revoke this consent at any time thereafter. In addition, you may exercise your right, under certain circumstances, to restrict the processing of your personal data. Furthermore, you have the right to lodge a complaint before the assigned supervisory authority.
Feel free to consult us at any time on any questions you may have on these and other data protection aspects.
4.6 Analytics and third-party tools
Your visit to this website may subject your surfing behaviour to statistical analysis. This is performed predominantly by so called analytics programs.
Details on these analytics programs can be found in the following.
4.7 SSL/TLS encryption
For security reasons, this site makes use of SSL and TLS encryption to protect the transmission of confidential content, e.g. the orders or requests you submit to us as the site operator. An encrypted connection can be recognised by the image of a padlock preceding “https://” (instead of “http://”) in your browser’s address bar.
When SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.
5 Data processing on this website
In detail, your data are processed as follows:
5.1 Hosting (Espelkamp-Mittwald)
Our website is hosted near Espelkamp-Mittwald. The provider is Mittwald CM Service GmbH & Co. KG of Königsberger Str. 4–6 in 32339 Espelkamp (referred to hereinafter as “Mittwald”).
Details can be taken from the Mittwald privacy statement at https://www.mittwald.de/datenschutz.
The use of Mittwald is based on point (f) of Art 6(1) GDPR. We have a legitimate interest in the highest possible availability of our website. Once you have granted your consent thereto, your data are processed exclusively pursuant to point (a) of Art 6(1) GDPR and § 25(1) TDDDG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TDDDG. This consent you may revoke at any time.
Job processing
We have concluded a data processing agreement (DPA) with the above provider. This is an agreement stipulated under the data protection laws to safeguard the processing of personal data provided by our website visitors only in accordance with our instructions and in compliance with the GDPR.
5.2 Cookies
Our Internet pages use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can find out which cookies and services are used on this website in this privacy policy.
5.3 Consent (Borlabs Cookie)
Our website makes use of Borlabs Cookie Consent Technology, which retrieves your consent to the storage of particular cookies in your browser or to the use of certain technologies and to document these in compliance with data protection. This technology is provided by Borlabs GmbH at Rübenkamp 32 in 22305 Hamburg (referred to hereinafter as “Borlabs”).
When you enter our website, your browser accepts a Borlabs Cookie that lists the consents you have granted or the revocation thereof. These data are not communicated to the provider of the Borlabs Cookie.
These collected data are retained in storage until you request us to erase them, you erase the Borlabs Cookie yourself, or the purpose of this data storage has been fulfilled. This does not affect the mandatory legal retention periods. Details on data processing via Borlabs Cookies can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs Cookie Consent Technology is applied to retrieve the consent, stipulated by law, to the use of cookies. The legal basis is provided by point (c) of Art 6(1) GDPR.
5.4 Server logfiles
The site provider collects and stores automatically in so called server logfiles the information your browser transmits to us automatically. This includes:
- browser type and version
- active operating system
- referrer URL
- host name of the accessing computer
- time when the server request was sent
- IP address
These data are not collated with other data sources.
These data are collected pursuant to point (f) of Art 6(1) GDPR. The site operator has a legitimate interest in the error-free presentation and the optimisation of its website – and server logfiles are needed for this purpose.
5.5 Contact form
When you use our contact form to submit a request, all the entries you make, including your contact details, are extracted from the form and stored on our systems for the purpose of handling your request and generating any follow-up questions. These data we do not communicate to others without your consent.
These data are processed pursuant to point (b) of Art 6(1) GDPR provided your request involves the fulfilment of or is needed to prepare a contract. In all other cases, processing is based on our legitimate interest in the effectual handling of requests submitted to us (point [f] of Art 6[1] GDPR) or on your consent (point [a] of Art 6[1] GDPR), when this has been granted. This consent you may revoke at any time.
The data you enter in our contact form are retained in our storage systems until you request us to erase them, you revoke your consent to their storage, or the purpose of their storage has been fulfilled (e.g. when your request has come to a conclusion). This does not affect the mandatory legal provisions, specifically the retention periods.
5.6 Request by email, phone, or fax
When you contact us by email, phone, or fax, your request, including all personal data you provide with it (name, address), is committed to our storage systems and processed for handling purposes. These data we do not communicate to others without your consent.
These data are processed pursuant to point (b) of Art 6(1) GDPR provided your request involves the fulfilment of or is needed to prepare a contract. In all other cases, processing is based on our legitimate interest in the effectual handling of requests submitted to us (point [f] of Art 6[1] GDPR) or on your consent (point [a] of Art 6[1] GDPR), when this has been granted. This consent you may revoke at any time.
The data you submit to us via contact requests are retained in our storage systems until you request us to erase them, you revoke your consent to their storage, or the purpose of their storage has been fulfilled (e.g. when your request has come to a conclusion). This does not affect the mandatory legal provisions, specifically the retention periods.
5.7 Analytics tools and ads (Google Tag Manager)
We make use of Google Tag Manager. This is provided by Google Ireland Limited of Gordon House, Barrow Street in Dublin 4, Ireland.
Google Tag Manager is a tool we use to integrate tracking, statistics, and other tools and technologies in our website. Google Tag Manager itself does not generate user profiles, nor does it accept cookies or perform any analyses. It serves solely to manage and control the tools linked with it. Yet Google Tag Manager does collect your IP address, which may be transmitted to the Google parent company in the USA.
Google Tag Manager is used following your consent thereto pursuant to point (a) of Art 6(1) GDPR and § 25(1) TDDDG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TDDDG. This consent you may revoke at any time. This consent you may revoke at any time.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
5.8 Analytics tools and ads (Google Analytics)
This website applies functions provided by Google Analytics. The provider is Google Google Analytics, which enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. These data are assigned to the user’s calling terminal. There is no assignment to a user ID. There is no assignment to a user ID.
We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Another feature is a set of modelling approaches and machine learning technologies that Google Analytics applies to supplement and analyse the records it collects.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent you may revoke at any time.
The transfer of data to the USA is based on the Standard Contractual Clauses (SCC) published by the EU Commission. Details can be found at https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
IP anonymization
Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google signals
We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.
Order processing
We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
5.9 Web analytics tool (Mouseflow)
This website applies Mouseflow, a web analytics tool provided by Mouseflow ApS of Flæsketorvet 68 in 1711 København, Denmark. Data processing assists in the analysis of this website and its visitors. It involves collecting and storing data for marketing and optimisation purposes. These data may be used to generate user profiles under a pseudonym. Cookies may be used as well. The web analytics tool Mouseflow is designed to record single visits (exclusively with anonymised IP address) on a random basis. This gives rise to a record of mouse movements and clicks intended to reenact on a random basis specific visits to the website and to derive potential improvements from these. Without the consent granted specifically by the data subject, the data collected via Mouseflow are not used to identify the person of the visitor to this website, nor are they collated with the personal data carried in the pseudonym. Data are processed following your consent thereto pursuant to point (a) of Art 6(1) GDPR and § 25(1) TTDSG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TDDDG. This consent you may revoke at any time.
You can also configure your current browser to disable globally the recording of your movements on all websites using Mouseflow: https://mouseflow.de/opt-out/
Job processing We have concluded a DPA with Mouseflow ApS.
5.10 Typefaces (Google Fonts)
This site applies a number of Google services that use so called Google Fonts, a set of typefaces provided by Google that present a consistent look. On opening a page, your browser caches the fonts needed for the correct presentation of typefaces and copy.
For this purpose, the browser you use must connect to the Google servers. Google then learns that this website has been called via your IP address. Google Fonts is used following your consent thereto pursuant to point (a) of Art 6(1) GDPR and § 25(1) TDDDG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TDDDG. This consent you may revoke at any time.
If your browser does not support Google Fonts, a standard typeface available on your computer is used instead.
Details on Google Fonts can be consulted at https://developers.google.com/fonts/faq and in the Google privacy statement at https://policies.google.com/privacy?hl=de.
5.11 Map services (Google Maps)
This site makes use of Google Maps. This is provided by Google Ireland Limited (referred to hereinafter as “Google”) of Gordon House, Barrow Street in Dublin 4, Ireland.
The use of Google Maps functions requires the storage of your IP address. This information is generally transmitted to a Google server sited in the USA where it is stored. The provider of this website has no control over this data transfer. When Google Maps is enabled, Google may apply Google Fonts for the consistent presentation of typefaces. On calling Google Maps, your browser caches the web fonts needed for the correct presentation of typefaces and copy.
Google Maps is used following your explicit consent thereto pursuant to point (a) of Art 6(1) GDPR and § 25(1) TDDDG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TDDDG. This consent you may revoke at any time.
The transfer of data to the USA is based on the Standard Contractual Clauses (SCC) published by the EU Commission. Details can be consulted at https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
Details on how user data are handled can be found in the Google privacy statement at https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/participant/5780.
5.12 hCaptcha
This website makes use of hCaptcha (referred to hereinafter as “hCaptcha”). This is provided by Intuition Machines, Inc. of 2211 Selig Drive in Los Angeles, CA 90026, USA (referred to hereinafter as “IMI”).
hCaptcha is intended to verify whether the data entered on this website (e.g. in a contact form) originate from a human or an automated script (or so called bot). To this end, hCaptcha analyses the behaviour of a visitor to the website according to various characteristics.
This analysis commences automatically when a visitor lands on a webpage with activated hCaptcha. The information analysed by hCaptcha includes e.g. IP address, session duration, and mouse movements. The data collected during this analysis are transmitted to IMI. When hCaptcha is running in invisible mode, the analyses are performed completely in the background. Visitors to the website are not informed of these running analyses.
The data are stored and analysed pursuant to point (f) of Art 6(1) GDPR. The site operator has a legitimate interest in protecting its web services from malicious bots and SPAM. Once you have granted your consent thereto, your data are processed exclusively pursuant to point (a) of Art 6(1) GDPR and § 25(1) TDDDG, provided that this consent extends to the storage of cookies or access to the information on the user’s terminal (e.g. device fingerprint) as set down in the TDDDG. This consent you may revoke at any time.
Data processing is based on SCC contained in the data processing supplement to the IMI Terms and Conditions (T&C) and the DPAs.
Further details on hCaptcha can be consulted in the privacy statement and conditions of use at https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
6 Data processing by customers, service providers, and suppliers
Your data are processed as follows:
6.1 Order related communications
For the purpose of handling our business transactions, we process your name, contact details, company, and assigned responsibilities/post. These details are forwarded on request to our auditor and/or the assigned supervisory body and erased ten (10) years following termination of our business relations.
The legal provisions underlying this processing are provided by points (b), (c) of Article 6(1) of the European General Data Protection Regulation (requirement to perform contractual or other legally binding obligations).
6.2 Promotion of business relations
If you are employed by one of our business partners, we also process, for the purpose of promoting our business relations, your name, contact details, company, and assigned responsibilities/post and any communications on product details and invitations to customer/supplier satisfaction surveys and events as well as their implementation. We do not communicate these data to third parties, and we erase them one (1) year following termination of our business relations.
The legal provisions underlying this processing are provided by point (f) of Article 6(1) of the European General Data Protection Regulation (overriding, legitimate interest), viz for the promotion of our customer relations with you.
6.3 Sending newsletters to existing customers
If you order goods or services from us and provide us with your e-mail address, this e-mail address may subsequently be used by us to send you newsletters, provided we inform you of this in advance. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. You can unsubscribe from this newsletter at any time. There is a corresponding link in every newsletter for this purpose. In this case, the legal basis for sending the newsletter is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG.
After you unsubscribe from the newsletter distribution list, we may store your e-mail address in a blacklist to prevent future mailings to you. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest
7 Data processing during audio and video conferences
The solutions we use to communicate with our customers include online conferencing tools. These are listed below. By communicating with us via a video or audio conference over the internet, you allow us and the provider of the conferencing tools involved to collect and process your personal data.
These data you provide or enter for the purpose of using the tools, e.g. your email address and/or phone number. In addition, the conferencing tools process the duration of the conference, the times you commence and end your participation in the conference, the number of participants, and other so called contextual information relating to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data needed to handle the online communication. Specifically, these include IP addresses, MAC addresses, device IDs, device types, operating system types and versions, camera types, microphones, loudspeakers, and connection types.
Also any contents that are exchanged, uploaded, or otherwise provided inside the tool are stored on the tool providers’ servers. Specifically, these contents include cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other data that are shared while the service is being used.
Please bear in mind that we have no absolute control over the scope of these tools’ data processing. Our scope of action is defined to a large extent by the corporate policy pursued by each of these providers. Further information on how these conferencing tools process data can be taken from the respective privacy statements listed below this section.
Purpose and legal bases
The conferencing tools are used to communicate with potential or existing contract partners and to offer our customers certain services (point [b] of Art 6[1] GDPR). In addition, these tools serve to simplify and accelerate the communication with us and our companies (legitimate interest as defined under point [f] of Art 6[1] GDPR). The tools are employed only when you grant your consent thereto. This consent you may revoke at any time.
Duration of storage
The data we collect via the video and conferencing tools are erased from our systems as soon as you request us to erase them, you revoke your consent to their storage, or the purpose of their storage has been fulfilled. Cookies stored on your terminal remain there until you erase them. This does not affect the mandatory legal retention periods.
The duration of storage the providers of the conferencing tools assign to your data for their own purposes lies outside of our influence. For details please consult directly the information supplied by the providers of the conferencing tools.
7.1 Conferencing tool (Microsoft Teams)
We make use of Microsoft Teams. This is provided by Microsoft Ireland Operations Limited of One Microsoft Place, South County Business Park, Leopardstown in Dublin 18, Ireland. Details on how Microsoft Teams process your data can be taken from the privacy statement at https://privacy.microsoft.com/de-de/privacystatement.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with EU data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active
Job processing
We have concluded a data processing agreement (DPA) with the above provider of this service. This is an agreement stipulated under the data protection laws to safeguard the processing of personal data provided by our website visitors only in accordance with our instructions and in compliance with the GDPR.
8 Data processing affecting applicants
We offer you the opportunity to apply using our application form on our careers page. The data transmitted to us in your digital application are TLS encrypted.
Although we are able to handle noncompliant applications, we cannot safeguard a complete erasure of all documents by the stipulated deadlines.
To ensure compliance with data protection regulations, we kindly request that you apply exclusively through our application form on our careers page.
Scope and purpose of data collection
By sending us your application, you allow us to process the contained and related personal data (e.g. contact and communication details, application materials, notes taken during interviews, etc.) when these are needed for the decision in favour of your future employment with us. The legal basis is provided by point (b) of Art 6(1) GDPR (general initiation of contracts) and – following your consent – point (a) of Art 6(1) GDPR. This consent you may revoke at any time. Your personal data are communicated exclusively to persons inside our company who have been assigned to handle your application.
On acceptance of your application, the data you have submitted to us pursuant to point (b) of Art 6(1) GDPR are stored in our data processing systems for the purpose of preparing your employment.
Applicant interviews
Our application procedure offers candidates an opportunity to take part in interviews via a video conferencing tool. This solution eliminates the physical contacts in a face to face situation and bridges the distances posed by differing geographical locations. Neither the video nor the audio data are recorded or stored at any time. Applicants may choose to activate or deactivate their webcams before or during the interview. Applicants need not justify their decision to decline participating in the video interview. In this case, an alternative may be discussed that is acceptable to both parties.
The use of a video conferencing tool cannot rule out the possibility of data being transmitted to a third country (specifically the USA). The legal basis underlying the data processing is your consent pursuant to point (a) of Art 6(1) GDPR. This consent you may revoke at any time.
Data retention period
In the event that we are unable to offer you a post, you decline a post, or you withdraw your application, we reserve the right, based on our legitimate interest (point [f] of Art 6[1] GDPR), to retain in our storage systems your submitted data for a period not exceeding seven months following their receipt. After this period, the data are erased or anonymised, and the physical application material destroyed. This retention period serves for verification purposes in the event of legal disputes. When it is apparent that the data will be needed after this seven-month period (e.g. on the grounds of an imminent or pending legal dispute), they are not erased until the purpose of their continued retention has been fulfilled.
This retention period may also be extended when you have granted your consent thereto (point [a] of Art 6[1] GDPR) or when the legal retention periods demand this.
Inclusion in the talent pool
In the event that we are unable to offer you a post, you may opt to be included in our talent pool. When you are included, all of your documents and details are transferred from your application to the talent pool for the purpose of contacting you in the event of suitable vacancies.
Your inclusion in the talent pool for the purpose of informing you of any other posts that may interest you, including trainee and on-the-job placements, is based exclusively on your explicit consent (point [a] of Art 6[1] GDPR). Your consent is voluntary and has no effect on the ongoing application procedure. Data subjects may revoke their consent at any time. In this case, their data are erased irrecoverably from the talent pool should this not be opposed by the legal retention periods.
The data stored in the talent pool are erased irrecoverably at the latest two years after you have granted your consent.
9 Data processing during inhouse video surveillance
The company site in Erkrath is under video surveillance for the purpose of protecting MAE property, employees, customers, and suppliers; of preventing and investigating theft and vandalism; of identifying damage to property; and of regular inspections of operability. The duration of storage is 72 hours. Recordings serving to perpetuate evidence are retained until needed for a prosecution.
These recordings may be viewed by personnel servicing the plant and transmitted to law enforcement agencies.
The legal basis underlying this processing is provided by point (f) of Art 6(1) of the European General Data Protection Regulation (overriding, legitimate interest). Insofar as special categories of personal data are processed, this is done on the basis of Art. 9 para. 2 lit. f) in conjunction with Art. 6 para. 1 lit. f) GDPR. Art. 6 para. 1 lit. f) GDPR. This interest affects the protection of the company’s property, customers, suppliers, and company employees against burglary, theft, and vandalism; the preservation of rights on company property; and the improved establishment of claims before third parties.