Privacy policy

Privacy policy

This privacy policy provides you with information about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Deutsche MTM-Gesellschaft Industrie- und Wirtschaftsberatung mbH (hereinafter referred to as “we” or “us”) is the data controller.

Content

  1. General Information

    1. Contact
    2. Legal basis
    3. Duration of storage
    4. Categories of recipients of the data
    5. Data transfer to third countries
    6. Processing if you exercise your rights
    7. Your rights
    8. Right to object
    9. Data protection officer
  2. Data processing on our website

    1. Processing of server logfiles
    2. Cookies
    3. Consent management tool
    4. Contact form
    5. Registration
    6. Google Tag Manager
    7. Online store
      1. Data processing for purchase transactions
      2. Payment by credit card
      3. Payment by PayPal
      4. Analysis of our website
    8. Google Analytics
      1. New Relic
      2. Tracking & retargeting
    9. Google Ads
      1. Facebook pixel
      2. LinkedIn Marketing Solutions
    10. YouTube
  3. Data processing on our social media pages

    1. Visiting a social media page
      1. Facebook and Instagram page
      2. LinkedIn company page
      3. Xing
      4. YouTube
    2. Comments and direct messages
  4. Other data processing

    1. Contacting us by email or phone
    2. Customer and prospective customer data
    3. Use of the email address for marketing purposes
    4. Applications

I. General information

1.    Contact

If you have any questions or suggestions about this information or would like to contact us to assert your rights, please submit your request to

Deutsche MTM-Gesellschaft Industrie- und Wirtschaftsberatung mbH
Elbchaussee 352
22609 Hamburg
Telephone: +49 40 822 779 0
Email: contact@mtm.org

2.    Legal basis

Under data protection law, the term “personal data” refers to any information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Our data processing is carried out only on the basis of legal permission. We process personal data only with your consent (Section 25 TTDSG of the German Telemedia Act and Art. 6(1) point (a) GDPR), for the performance of a contract to which you are a party or at your request to take steps prior to entering into a contract (Art. 6(1) point (b) GDPR), to fulfil a legal obligation (Art. 6(1) point (c) GDPR) or if the processing is necessary for the pursuit of our legitimate interests or the legitimate interests of a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6(1) point (f) GDPR).

If you apply for a vacant position in our company, we also process your personal data for the purpose of deciding whether to establish an employment relationship with you (Section 26(1) sentence 1 BDSG).

3.    Duration of storage

Unless otherwise stated in the information below, we store the data only as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention requirements may arise in particular from commercial or tax regulations. From the end of the calendar year in which the data were collected, we shall retain personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we shall retain data in connection with the demonstration of consent and with complaints and claims for the duration of the statutory limitation periods. We shall erase data stored for marketing purposes if you object to processing for this purpose.

4.    Categories of recipients of the data

We use commissioned data processors to process your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support for IT systems, customer and order management, order processing, accounting and billing, marketing measures and file and data carrier destruction. A commissioned data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but perform data processing exclusively for the controller and are contractually obliged to ensure appropriate technical and organizational data protection measures are in place. In addition, we may transfer your personal data to bodies such as postal and delivery services, our bank, our tax advisor/auditor or the tax authorities. Transmission to the appropriate health department may be carried out for infection tracking purposes. Other recipients may result from the following information.

5.    Data transfer to third countries

Visiting our website may involve transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. In the absence of such an adequacy decision by the European Commission, a transfer of personal data to a third country shall only take place if appropriate safeguards are in place pursuant to Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.

Unless stated otherwise below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32010D0087. If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49(1) point (a) GDPR.

6.    Processing if you exercise your rights

If you exercise your rights under Art. 15 to 22 GDPR, we process the personal data provided for the purpose of implementing those rights and to demonstrate that we have done so. We shall process data stored for the purpose of providing information and preparing it only for that purpose and for data protection control purposes, and otherwise restrict processing in accordance with Art. 18 GDPR. This processing takes place on the legal basis of Art. 6(1) point (c) GDPR in conjunction with Art. 15 to 22 GDPR and Section 34(2) BDSG.

7.    Your rights

As the data subject, you are entitled to assert your rights toward us. In particular you have the following rights:

  • In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information about whether and, if so, to what extent we process personal data relating to you.
  • You have the right to demand that we correct your data in accordance with Art. 16 GDPR.
  • You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
  • You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer the data to another controller.
  • If you have given us separate consent to data processing, you may revoke that consent at any time in accordance with Art. 7(3) GDPR. Such revocation shall not affect the lawfulness of the processing that took place up to the time of revocation on the basis of the consent.
  • If you believe that processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

8.    Right to object

In accordance with Art. 21(1) GDPR, you have the right to object to processing on the legal basis of Art. 6(1) point (e) or (f) GDPR on grounds relating to your particular situation. Where personal data about you is processed for purposes of direct marketing, you may object to this processing as described in article 21 (2) and (3) GDPR.

9.    Data protection officer

You can reach our data protection officer using the following contact information:

Email datenschutz@mtm.org
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg, Germany
https://www.datenschutzkanzlei.de   

II. Data processing on our website

When you use the website, we collect the information that you have provided yourself. In addition, during your visit to the site we automatically collect specific information about your use of the site. Under data protection law, an IP address is also considered to be an item of personal data. An IP address is assigned to every internet-connected device by the ISP so that it can send and receive data.

1.    Processing of server logfiles

If you use our website purely for information purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). These include as standard: browser type/version, operating system used, page visited, the previously visited page (referrer URL), IP address, the date and time of the server request, and the HTTP status code. Processing is carried out to pursue our legitimate interests and is on the legal basis of Art. 6(1) point (f) GDPR. The purpose of this processing is the technical management and security of the website. The stored data are deleted after ten days unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the information stored. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11(2) GDPR unless, in order to exercise your rights as set out in those articles, you provide additional information that enables your identification.

Our website is hosted using the Magento Commerce service provided by Adobe Systems Software Ireland Limited (Ireland, EU). In addition, we use content delivery networks for efficient display of fonts, images and other content from the provider Fastly, Inc. (San Francisco, USA). This is done on the legal basis of Art. 6(1) point (f) GDPR and serves our legitimate interest in economical and user-friendly operation of the website.

2.    Cookies

We use cookies and similar technologies (“cookies”) on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers.

You have full control over the use of cookies through your browser. You can delete the cookies at any time by means of your browser’s security settings. You can object to the use of cookies through your browser settings in principle or in certain cases. Further information on this subject is available from the Federal Office for Information Security: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

The use of cookies is partly necessary for the technical operation of our website and is thus permissible without the consent of the user. We may also use cookies to provide special functions and content and for analytics and marketing purposes. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent, pursuant to Section 25 TTDSG or Art. 6(1) point (a) GDPR. Information about the purposes, providers, technologies used, data stored and the storage period of individual cookies can be found in the settings of our consent management tool.

3.    Consent management tool

This website uses the consent management of cookiebot by Cybot (Cybot A/S, Haynegade39, 1058 Copenhagen, Denmark). The consent banner allows users of our website to give consent to certain data processing operations or to withdraw consent that they have already given. In addition, cookiebot helps us to demonstrate that consent has been given. For this purpose, cookiebot processes information about the declaration of consent and further log data about this declaration.

By clicking on the “Allow all cookies” button, you give us your consent to process the selected cookie categories. You can view details about individual cookies under “Show details”. The legal basis is Art. 6(1) point (a) GDPR. You can withdraw your consent by clicking on the “Withdraw your consent” button provided below. Once the cookie consent banner has closed, you can delete the cookies at any time in the security settings of your browser. Please see 2.2. Cookies in this connection.

All cookies in the “Essential” category are technically necessary for the operation of our website and therefore do not require explicit consent.

4.    Contact form

Our website includes contact forms through which you can send us messages. Your data is encrypted for transfer (recognizable by the “https” in the address bar of the browser). All data fields marked as mandatory are necessary for us to process your request. Failure to provide this information will mean that we are unable to process your request. The provision of additional data to this is voluntary. Alternatively, you can send us a message via the contact email. We process the data for the purpose of responding to your inquiry. If your inquiry relates to the conclusion or performance of a contract with us, Art. 6(1) point (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who submit inquiries. The legal basis for the data processing is then Art. 6(1) point (f) GDPR.

5.    Registration

In order to use certain features of the website, registration on the website is necessary. The information required can be found on the registration screen. Provision of the information marked as mandatory is essential to complete the registration. The data provided are processed for the purpose of performing the service. Processing is on the legal basis of Art. 6(1) point (b) GDPR.

6.    Google Tag Manager

We use Google Tag Manager of Google Ireland Limited (Ireland/EU). Google Tag Manager is used to manage our website tags via an interface. Google Tag Manager is a cookie-less domain that does not collect or store any personal data. Google Tag Manager merely ensures that other tags are triggered, which in turn may collect data, without accessing those data itself. If tags have been disabled at domain or cookie level (e.g. via the consent management tool), this remains in place for all tracking tags implemented with Google Tag Manager.

7.    Online store

a.    Data processing for purchase transactions

If you order a product via our website, we process personal data exclusively for the purpose of fulfilment of the contract and to provide you with the ordered product. During the ordering process, we process only the data that you yourself have entered on the input screen and, if applicable, payment information if you pay by direct debit or invoice. In order to be able to deliver the ordered products to you, we transfer the data required for the delivery to one of our shipping service providers as specified in the order. The legal basis for the processing is Art. 6(1) point (b) GDPR in each case. All data fields marked as mandatory are required to process your order. Failure to provide this data will mean that we are not able to process your order. The provision of additional data to this is voluntary.

b.    Payment by credit card

We offer you the option to pay by credit card. Please note that the relevant payment information is collected and processed by the payment service providers concerned on their own responsibility.

c.     Payment by PayPal

You also have the option to pay by PayPal. Please note that the payment information in this regard is collected and processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., based in Luxembourg, on its own responsibility. PayPal sends the address data you have set up with PayPal to us, which we process exclusively for fulfilment of the contract. The legal basis is Art. 6(1) point (b) GDPR.

For more information about PayPal’s privacy policy, please see https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

8.    Analysis of our website

a.    Google Analytics

We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU) on our website.

Google Analytics is a web analytics service that allows us to collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.

Some of this data is information that is stored on the end device that you are using. Other information is also stored on your end device via the cookies used. Such storage of information by Google Analytics and access to information already stored on your end device takes place only with your consent.

Google Ireland will process the data collected in this way on our behalf to evaluate the use of our website by users, compile reports on the activities on our website and provide us with other services related to the use of our website and the internet. Pseudonymous user profiles can be created from the processed data in this way.

Cookies are set and further processing of personal data is carried out as described here with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Art. 6(1) point (a) GDPR. You can withdraw this consent at any time with effect from that point forward.

Personal data processed on our behalf to provide Google Analytics services may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to Art. 46(2) point (c) GDPR.

We use Google Analytics only with IP anonymization enabled. This means that the IP address of users is truncated by Google Ireland within member states of the European Union and in other states party to the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not combined with any other data.

We use the Google Universal Analytics variant. This allows us to associate interaction data from different devices and from different sessions with a unique user ID. As a result, we are able to put individual user actions in context and analyze long-term relationships.

The data about user actions are stored for a period of 14 months and then automatically erased. Data for which the storage period has expired are erased automatically once a month.

We also use the Google Analytics advertising functions (remarketing). This feature, in conjunction with Google’s cross-device functions, allows us to display ads in a more targeted way and present users with ads that are tailored to their interests. Via remarketing, users are shown ads and products for which interest has been identified on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads or Google AdSense. In this way, interest-based, personalized advertising that has been adapted to a user depending on their previous usage and surfing behavior on one end device (e.g. a cell phone) can also be displayed on another end device of the user (e.g. a tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising can be delivered to every end device on which you log in with your Google account. The aggregation of the collected data in your Google account is based solely on your consent, which you can give to or withdraw from Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users’ Google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device advertising.

You can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout. If you visit our website via a mobile device, you can disable Google Analytics by clicking on this link.

b.    New Relic

Our website uses New Relic, an analytics service provided by New Relic Inc. (USA). New Relic is a web analysis tool that collects user data from a website in order to analyze and monitor the website’s performance, in order to improve the loading times of individual parts of the website for example. The legal basis for data processing in connection with the New Relic service is your consent (Art. 6(1) point (a) GDPR). You can withdraw this consent at any time with effect from that point forward.

When using New Relic, transmission of data to New Relic Inc. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Further information about data protection and the cookies used can be found on the internet at http://newrelic.com/privacy.

9.    Tracking & retargeting

a.    Google Ads

We use the online advertising program Google Ads of Google Ireland Limited (Ireland/EU), through which we place advertisements on the Google search engine. If you access our website via a Google ad, Google sets a cookie on your end device (“conversion cookie”). A different conversion cookie is assigned to each Google Ads customer, so that the cookies cannot be tracked across the websites of different Ads customers. The information obtained with the help of the cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our Google ads. However, we do not receive any information that identifies users in person.

For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our consent management tool. Processing takes place only with your consent in accordance with Section 25 TTDSG or Art. 6(1) point (a) GDPR. You can revoke your consent via our consent management tool.

b.    Facebook pixel

On our website we use the Facebook pixel, a business tool from Meta Platforms Ireland Limited (Ireland, EU). For Meta Platforms Ireland Limited contact details and the contact details for Meta Platforms Ireland Limited data protection officer, please see Meta Platforms Ireland Limited privacy policy at https://www.facebook.com/about/privacy.

The Facebook pixel is a snippet of JavaScript code that allows us to track visitors’ activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:

  • Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
  • Specific pixel information such as the pixel ID and the Facebook cookie;
  • Information about buttons clicked on by visitors to the website;
  • Information present in the HTTP header, such as IP addresses, web browser information, page location, and referrer;
  • Information about the status of disabling/restricting ad tracking.

Some of these event data are information that is stored on the end device you are using. In addition, cookies are also used via the Facebook pixel through which information is stored on the end device you are using. Such storage of information by the Facebook pixel and access to information already stored on your end device will only occur with your consent.

Tracked conversions appear on the dashboard of our Facebook ads manager and of Facebook Analytics. We can use the tracked conversions to measure the effectiveness of our ads, to set custom audiences for ad targeting, for dynamic ad campaigns and to analyze the effectiveness of our website’s conversion funnels. The functions we use via the Facebook pixel are described in more detail below.


Processing of event data for advertising purposes

Event data collected through the Facebook pixel are used to target our ads and improve ad delivery, personalize features and content, and improve and secure Facebook products.

Event data is collected on our website by means of the Facebook pixel and transmitted to Meta Platforms Ireland Limited for these purposes. This will be done only if you have previously given your consent. The legal basis for the collection and transmission of personal data by us to Meta Platforms Ireland Limited is therefore Art. 6(1) point (a) GDPR.

This collection and transmission of event data is carried out by us and Meta Platforms Ireland Limited as joint controllers. We have entered into a joint controller agreement with Meta Platforms Ireland Limited, which sets out the allocation of data protection obligations between us and Meta Platforms Ireland Limited. In this agreement, we and Meta Platforms Ireland Limited have agreed, among other things,

  • that we are responsible for providing you with all information according to Art. 13, 14 GDPR about the joint processing of personal data;
  • that Meta Platforms Ireland Limited is responsible for facilitating the rights of data subjects under Art. 15 to 20 GDPR with respect to personal data stored by Meta Platforms Ireland Limited after joint processing.

You can access the agreement concluded between us and Meta Platforms Ireland Limited at https://www.facebook.com/legal/controller_addendum.

Meta Platforms Ireland Limited is solely responsible for subsequent processing of the transmitted event data. For more information about how Meta Platforms Ireland Limited processes personal data, including the legal basis on which Meta Platforms Ireland Limited relies and how you can exercise your rights in respect of Meta Platforms Ireland Limited, please see Meta Platforms Ireland Limited's privacy policy at https://www.facebook.com/about/privacy.

 

Processing of event data for analysis purposes

We have also engaged Meta Platforms Ireland Limited to prepare reports on the impact of our advertising campaigns and other online content based on the event data collected through the Facebook Pixel (campaign reports) and to provide analytics and insights about users and their use of our website, products and services (analytics). For this purpose, we transmit personal data contained in the event data to Meta Platforms Ireland Limited. The personal data submitted are processed by Meta Platforms Ireland Limited as our commissioned data processor to provide us with campaign reports and analytics.

Personal data are processed for the creation of analytics and campaign reports only if you have given your prior consent to this. The legal basis for this processing of personal data is therefore Art. 6(1) point (a) GDPR.

Transmission of data to Meta Platforms Inc. in the USA cannot be ruled out. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section “Data transfer to third countries”.

c.     LinkedIn Marketing Solutions

On our website we use the LinkedIn Insight tag, a marketing service provided by LinkedIn Ireland Unlimited Company (Ireland/EU). The LinkedIn Insight tag is a snippet of JavaScript code that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using.

Via the LinkedIn Insight tag, we can perform various functions, which we describe in detail below.

LinkedIn conversion tracking is an analytics function powered by the LinkedIn Insight tag. The LinkedIn Insight tag allows us to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. IP addresses are truncated or hashed (if used to reach members across devices). LinkedIn does not provide us with any personally identifiable information, but only provides reports (in which you are not identified) about site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes. Members’ direct identifiers are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then erases this remaining pseudonymized data within 180 days.

We also use LinkedIn Matched Audiences to target our advertising campaigns to specific audiences. LinkedIn Matched Audiences and related data integrations allow us to target advertising to specific audiences based on data we provide to LinkedIn (e.g. company lists, hashed contact information, device identifiers and event data such as websites visited). This processing is carried out for the purpose of marketing our services via targeted display of advertising.

For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our consent management tool. LinkedIn services are used only with your consent pursuant to Section 25 TTDSG or Art. 6(1) point (a) GDPR.

In connection with LinkedIn services, transmission of data to LinkedIn Inc. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information about data protection at LinkedIn, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.

10.    YouTube

We use the YouTube service of Google Ireland Limited (Ireland/EU) on our website to integrate videos. The processing of your IP address is technically necessary to enable this integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Google, and Google may set its own cookies. We use YouTube in “privacy-enhanced mode” so that no cookies are set by YouTube to analyze user behavior.

For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our consent management tool. YouTube is used only with your consent pursuant to Art. 6(1) point (a) GDPR.

In connection with YouTube services, transmission of data to Google Inc. and YouTube LLC in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Users can find further information about data protection at Google in Google’s privacy policy at https://www.google.com/policies/privacy 

III. Data processing on our social media pages

We have a presence on several social media platforms with a company page. In this way, we want to offer further opportunities to obtain information about our company and interact with us. Our company has company pages on the following social media platforms:

  • Facebook
  • Instagram
  • LinkedIn
  • Xing
  • YouTube

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile usually constitutes personal data. This also covers messages and posts made using the profile. When you visit to a social media profile, certain information is often collected automatically, which may also constitute personal data.

1.    Visiting a social media page

a.    Facebook and Instagram page

When you visit our Facebook or Instagram page through which we present our company and individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Meta Platforms Ireland Limited (Ireland/EU – “Meta”).

For more information about Meta's processing of personal data, please visit https://www.facebook.com/privacy/explanation. Meta provides the option to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with anonymized statistics and information about our Facebook and Instagram pages that help us gain insights into the types of actions people take on our page (so-called “Page Insights”). These Page Insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings.

The legal basis for this processing is Art. 6(1) point (f) GDPR. We cannot associate the information obtained through Page Insights with individual user profiles that interact with our Facebook and Instagram page. We have entered into a joint controller agreement with Meta, which sets out the distribution of data protection obligations between us and Meta.

For details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta, please refer to https://www.facebook.com/legal/terms/information_about_page_insights_data. In relation to this data processing, you also have the option to assert your rights as a data subject in respect of Meta (see “Your rights”).

Further information about this can be found in Meta's privacy policy at https://www.facebook.com/privacy/explanation.

Please note that, according to Meta's privacy policy, user data is also processed in the USA and other third countries. Meta transfers user data only to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of appropriate safeguards in accordance with Art. 46 GDPR.

b.    LinkedIn company page

LinkedIn Ireland Unlimited Company (Ireland/EU - “LinkedIn”) is the sole controller for processing of personal data when you visit our LinkedIn page. For further information about processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit, follow or interact with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and information. This provides us with insights into the types of actions people take on our site (so-called Page Insights). For this purpose, LinkedIn processes in particular the data that you have already provided to LinkedIn via the information in your profile, such as data about your role, country, industry, seniority, company size and employment status. In addition, LinkedIn processes information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personally identifiable information about you through Page Insights. We only have access to the summarized Page Insights. It is also not possible for us to draw conclusions about individual members via the information in the Page Insights.

This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these findings. The legal basis for this processing is Art. 6(1) point (f) GDPR. We have entered into a joint controller agreement with LinkedIn, which sets out the allocation of data protection obligations between us and LinkedIn. The agreement can be accessed at: https://legal.linkedin.com/pages-joint-controller-addendum. According to the agreement, the following applies:

  • We and LinkedIn have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn about this via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en) online or contact LinkedIn using the contact information in the privacy policy. You can contact the data protection officer at LinkedIn Ireland via the following link https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at the contact details we have provided regarding exercising your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.

  • We and LinkedIn have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see under dataprotection.ie) or with any other supervisory authority.

Please note that according to LinkedIn’s privacy policy, personal data may also be processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR or on the basis of appropriate safeguards pursuant to Art. 46 GDPR.

c.     Xing

New Work SE (Germany/EU) is the sole controller for the processing of personal data when visiting our Xing profile. For further information about the processing of personal data by New Work SE, please see https://privacy.xing.com/en/privacy-policy.

d.    YouTube

Google Ireland Limited (Ireland/EU) is the sole controller for the processing of personal data when visiting our YouTube channel. Further information about the processing of personal data by YouTube or Google Ireland Limited can be found at https://policies.google.com/privacy.

2.    Comments and direct messages

We also process information that you have provided to us via our company page on any social media platform. Such information may include the username, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data based on our legitimate interest in contacting persons who make inquiries to us. The legal basis for the data processing is Art. 6(1) point (f) GDPR. Further data processing may take place if you have consented (Art. 6(1) point (a) GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6(1) point (c) GDPR).

We use software to manage our company pages. If a user asks a question which is dealt with in more detail in the software via the comment function on one of our company pages, the text is displayed via the software together with the user’s username. In the process, this data is also transmitted to the provider of the software. The text and username transmitted are erased as soon as the request is answered.

IV. Other data processing

1.    Contacting us by email or phone

If you send us a message via the contact email provided or contact us by telephone, we will process the data transmitted for the purpose of responding to your inquiry. We process this data based on our legitimate interest in contacting persons who make inquiries to us. The legal basis for the data processing is Art. 6(1) point (f) GDPR.

2.    Customer and prospective customer data

If you contact our company as a customer or potential customer, we process your data to the extent necessary to establish or implement the contractual relationship. This usually includes processing of personal master data, contract data and payment data provided to us and contact and communication data for our contacts at commercial customers and business partners. The legal basis for this processing is Art. 6(1) point (f) GDPR. We also process customer and prospective customer data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6(1) point (f) GDPR and serves our interest in further developing our service and informing you specifically about our services. Further data processing may take place if you have consented (Art. 6(1) point (a) GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6(1) point (c) GDPR).

3.    Use of the email address for marketing purposes

We may use the email address you provide when you register or place an order to contact you about similar products and services that we offer. The legal basis is Art. 6(1) point (f) GDPR in conjunction with Section 7(3) of the German Act Against Unfair Competition (UWG). You may object to this at any time without incurring any costs other than the transmission costs at the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link included in each mailshot or by sending an email to contact@mtm.org.

4.    Applications

If you apply to our company, we process your application data exclusively for purposes related to your interest in current or future employment with us and processing of your application. Your application will only be processed and examined by the relevant contact persons. All employees involved in processing the data are obliged to protect the confidentiality of your information. If we are unable to offer you employment, we will retain the information you have provided for up to six months following any rejection for the purpose of answering questions related to your application and rejection. This does not apply if statutory provisions preclude deletion, if further storage is necessary for purposes of providing evidence or if you have expressly consented to a longer storage period. The legal basis for the data processing is section 26 (1) sentence 1 BDSG. If we retain your applicant data for longer than six months and you have expressly consented to this, we wish to point out that this consent can be withdrawn at any time in accordance with Art. 7(3) GDPR. Such revocation shall not affect the lawfulness of the processing that took place up to the time of revocation on the basis of the consent.