WE TAKE THE PROTECTION OF YOUR DATA VERY SERIOUSLY
I. CONTROLLER WITHIN THE MEANING OF THE GENERAL DATA PROTECTION REGULATION
Marabu GmbH & Co. KG
Asperger Straße 4, 71732 Tamm, Germany
Telephone: +49 7141 / 691-0, e-mail: email@example.com
II. HOW TO CONTACT OUR DATA PROTECTION OFFICER
By e-mail: Datenschutz@marabu.com
By post: Data protection officer, Marabu GmbH & Co. KG, Asperger Straße 4, 71732 Tamm, Germany
III. PURPOSES, LEGAL BASIS OF PROCESSING, ERASURE
Use of our website
You can visit our website without identifying yourself or logging in. We then process log data at the technical level and thereby collect the following information:
IP address, date and time, page accessed/name of the retrieved file, volume of data transferred, HTTP referrer, size in bytes of server response, browser and browser version used, operating system and version used, time zone difference from Greenwich Mean Time (GMT), report on whether access/retrieval was successful.
Data are stored for a limited period of seven days in log files in order to ensure the functionality of the website. The data are also used to optimise the website and to guarantee the security of our information technology systems. Server logs are stored for up to three months.
The data are not assessed for marketing or other purposes in this connection.
Legal basis: Article 6 (1) (b) GDPR is the legal basis for the performance of a contract or steps taken prior to entering into a contract when you visit our website to find out about our products or services; Article 6 (1) (f) GDPR is the legal basis of our technical ability to provide the website. We have a legitimate interest in being able to provide you with an attractive, technically functioning and user-friendly website and in taking measures to protect our website and third parties using our website against cyber risks.
Offers and information by telephone, post or e-mail
You can ask us for information about our products, events, campaigns or our company regardless of whether you are registered or have ordered goods from us. We will provide you with information by the channels you have indicated: by e-mail, post or telephone. If you have opted to have information sent to you by e-mail, you will first receive an e-mail confirming your request to receive the newsletter; the purpose of this confirmation e-mail is to ensure that the request actually originated from you. We will send you the newsletter after we receive confirmation from you. You may unsubscribe at no cost from the newsletter at any time on our website or by sending an e-mail to firstname.lastname@example.org. You will also, of course, find an unsubscribe link in every newsletter. If you unsubscribe from the newsletter we will usually erase your e-mail address from our distribution list immediately, but within 24 hours at the latest.
We aim to make our advertising materials, such as our newsletter, and all visits to our websites, as user-friendly and tailored as possible for individual users. Information which is automatically generated and information provided by you helps us to provide you with individualised and tailored information. The relevant information includes the “technical data” on our MARABU website (e.g. IP address, the operating system, browser), date and time of the visit to our website and “data on your (purchasing) behaviour” (service history, products you have looked at).
If you have subscribed to our MARABU newsletter, we will automatically receive “technical information” which then enables us, for example, to evaluate how often the newsletter has been opened and which contents have been clicked on and how often (e.g. opening rate and click rate). By analysing this information we are also able to optimise our digital services, such as our newsletter, and to communicate with you as individually as possible. Our aim is that you only receive contents that you are really interested in.
Legal basis: Article 6 (1) (a) GDPR, your consent.
Please do not hesitate to use the contact form to ask questions about our products or other topics. We will process your name and e-mail address, as well as any other information you have sent us, in order to answer your questions. If you contact us by telephone or fax, we will also store and process your query and all the personal data arising from it (name, enquiry) to enable us to respond to your request. We store your data in compliance with the retention periods stipulated by law; in tax and commercial law these are usually ten years. If your request is not subject to any legal retention periods, we store your data until the purpose of the contact has been achieved (end of the conversation). The conversation is ended when it can be inferred from the circumstances that the issue in question has been conclusively clarified.
Legal basis: Article 6 (1) (f) GDPR is the legal basis upon which the data which must be provided here is used for the purpose of answering your enquiry and thus in your and our common interest. The legal basis for the processing of the data is Article 6 (1) (b) GDPR to the extent that your enquiry concerns performance of a contract or requires that steps are taken prior to entering into a contract. In all other cases, data are only processed if your consent has been asked for and given (Article 6 (1) (a) GDPR).
Attendance at our training centre for a fee
If you pay to take part in sessions at our training centre we will need to process your personal data in order to perform the contract made with you.
Legal basis: Article 6 (1) (b) GDPR is the legal basis for the processing of data for the performance of a contract; Article 6 (1) (c) GDPR is the legal basis for the processing of your personal data for the purpose of meeting our legal obligations (e.g. storing data).
You are not required by law or contract to provide any personal data. However, you will need to provide your personal data if you wish to take part in paid sessions at our training centre. If you do not provide your personal data, you may not be able to take part.
Applications / Job portal
We will collect, process and store your personal data if you apply for a job with us in Germany or at one of our worldwide locations. We will read your application documents as soon as we have them and will send you a response. We will respond to your application using the contact details you have provided us. We may, for example, invite you to a group or telephone interview or send you a job offer or rejection letter.
If you apply to us for a job with a Marabu Group company outside of Germany, we will read your application documents and pass them on if appropriate to the relevant location for consideration.
Legal basis: The legal basis for the decision to hire is Section 26 BDSG.
We process the following data relating to your application:
If the applicant is selected, our human resources department, employees from the specialist departments and the works council will have access to the personal data required for the performance of their tasks. Applications made to other locations are sent to such locations.
Your documents will be erased automatically six months after a rejection letter has been sent. If you have made applications for several positions, your documents will be erased automatically six months after a rejection letter has been sent in response to the last outstanding application. If we recruit you, we will store your application documents and any data which is required for the purpose of performing the contract of employment until the time at which such contract of employment terminates.
Embedding of YouTube videos
Content from YouTube is embedded on this website. YouTube is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The extended privacy setting is activated for YouTube videos which are embedded on our website. This means that YouTube only collects and stores data on visitors to the website if they watch the YouTube video.
You can change your browser settings to prevent tracking cookies from being stored when you play the video; however, we draw your attention to the fact that, in these circumstances, you may find that you are unable to make full use of all the functions on the website.
Legal basis: Article 6 (1) (f) GDPR is the legal basis for considering the underlying advertising purpose to be a legitimate interest within the meaning of the GDPR.
We use the reCAPTCHA function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The main purpose of this service is to predict whether data are being entered by a human or abusively by an automated processing robot. The service includes sending to Google the IP address and any other data required by Google for the reCAPTCHA service. It is possible that the use of Google reCAPTCHA results in personal data being sent to the Google LLC. server in the USA.
Legal basis: Article 6 (1) (f) GDPR is the legal of basis of our legitimate interest in establishing individual responsibility on the Internet and avoiding abuse and spam.
We use the Google Maps (API) function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for the display of interactive (geographical) maps. If you use this service you will be shown the locations of our dealers around the world which will make it easier for you to find them.
As soon as you go to any subpages in which the map of Google Maps is embedded, information about your use of our website (such as your IP address) is transmitted to and stored on Google servers from where it may be transmitted to Google LLC. servers in the USA. This is done regardless of whether Google has provided a user account for you to log in with or whether you have a user account. If you are logged in to Google, your data are assigned directly to your account. You must log out before activating the button if you do not wish Google to identify you with your profile. Google stores your data (even if you are not logged in) in the form of user profiles, which it subsequently evaluates.
Legal basis: Article 6 (1) (f) GDPR is the legal basis of Google’s legitimate interest in displaying tailored advertising, market research and/or the design of websites to meet Google’s requirements. You are entitled to object to the creation of this user profile: this right must be asserted against Google directly.
Google Tag Manager
We use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain which does not record any personal data. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access these data. If tracking tags are disabled at the domain or cookie level, this remains in place for all tracking tags which are implemented with Google Tag Manager.
Legal basis: Article 6 (1) (f) GDPR is the legal basis for processing data in order to safeguard the legitimate interests of data controllers.
We use the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (referred to in the following as “Facebook”) for the web services provided within the social network “Facebook”.
We would like to point out that you are responsible yourself for the use of this Facebook page and its functions. This applies in particular to the use of interactive functions (e.g. commenting, sharing, liking).
When you visit our Facebook page, Facebook collects information such as your IP address and other information that is on your PC in the form of cookies. This information is used to provide us, as the operators of the Facebook pages, statistical information about the use of the Facebook page. More information is available from Facebook at: http://de-de.facebook.com/help/pages/insights.
The data collected on you in this connection are processed by Facebook Ltd. and transmitted as applicable to countries outside the European Union. The information received by Facebook and the use it makes of it is described by Facebook in general terms in its data usage guidelines. These guidelines provide information about how to contact Facebook and about your advertising settings. The data usage guidelines are available at: https://de-de.facebook.com/help/238318146535333?helpref=hc_global_nav.
General data protection information about Facebook is available at: https://de-de.facebook.com/about/privacy#.
Facebook does not conclusively and clearly state how it uses the data obtained from visits to Facebook pages for its own purposes, to what extent activities on Facebook pages are assigned to individual users, for how long Facebook stores such data and whether data obtained from a visit to the Facebook page are disclosed to third parties.
The IP address assigned to your terminal device is transmitted to Facebook whenever you visit a Facebook page. According to Facebook, German IP addresses are made anonymous and erased after 90 days. Facebook also stores information about its users’ terminal devices (e.g. in connection with the “login notification”); this may enable Facebook to assign IP addresses to individual users. Facebook may also attempt to store cookies on the computer being used.
If you are currently logged in to Facebook, a cookie with your Facebook ID is on your terminal device. This enables Facebook to determine that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook can use Facebook buttons which are integrated in websites to record your visits to such websites and to assign them to your Facebook profile. These data can be used to tailor the contents or advertisements presented to you.
If you wish to avoid this, you should log out of Facebook or deactivate the “keep me logged in” function, delete the cookies on your device and shut and restart your browser. Facebook information which can be used to identify you directly will then be erased. This will enable you to use our Facebook page without disclosing your Facebook ID. A Facebook login screen will appear if you use interactive functions on the website (like, comment, share, news, etc.). After you log in, Facebook will again be able to identify you as a particular user.
Information about how to manage or erase information about you is available on the following Facebook support pages: https://de-de.facebook.com/about/privacy#.
Certain data that are available on or via your Facebook user account, such as your name, your profile picture, your country, your hometown, your e-mail address, your date of birth, your sex and/or any other information may be available to other Facebook users if you use certain of our web service functions or if these are used, stored or verified for specific Facebook services. The details in your Facebook profile which are visible to third parties are determined in particular by the profile settings for your Facebook account.
We run a fan page on the “Instagram.com” platform operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) (Instagram data policy). Every time our fan page is visited and every interaction on it result in data being processed, regardless of whether you have an account with Instagram or Facebook or not. If you are logged in to your account, the operators of Instagram and/or their affiliated undertakings collate the information about the visit to the fan page and may combine this with information about your account and use it to develop profiles. If you do not wish to be profiled in this way, you should log out before visiting our fan page. We use “Instagram Insights” to process statistical data on our fan page, such as sex, age range, location, pages visited, interactions and information on paid activities, reach, accounts reached, impressions and impressions per day.
You have the right to information about your data, to have your data erased or corrected, to have its processing restricted, to object to its processing, to data portability and to lodge complaints with the supervisory authority. You can assert these rights against Facebook Ireland Ltd.: https://help.instagram.com/contact/186020218683230. Alternatively, you can also assert these rights against us by writing to email@example.com; we will then pass on your request to Facebook according to our agreement with that company. As we share responsibility for the processing of your data, we have agreed a page controller addendum with Facebook.
We have a profile on LinkedIn, which is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. The data recorded by us directly via the social media presence are erased from our systems as soon as the purpose for which they have been stored no longer applies and they are no longer subject to retention periods, you ask us to erase them, you revoke your consent to their storage or the purpose of data storage no longer applies. We have no influence over the length of time for which the operators of social media store your data for their own purposes.
Contact and support via social media
You can send any general questions or requests through our social media channels to us at any time via the “Facebook”, “YouTube”, “Twitter”, “Pinterest”, “Instagram”, “LinkedIn”, or “XING” social networks referred to above. These social networks are operated exclusively by their providers.
When you contact us via our social media channels you decide what data you wish to send to us. However, without certain data in specific cases we may not always be able to respond to your request. We use your personal data exclusively for the purpose of answering your enquiries to your satisfaction.
Legal basis: Article 6 (1) (b) GDPR is the legal basis for the processing of data for the performance of a contract or for taking steps prior to entering into a contract, whereby, on the basis of Article 6 (1) (f) GDPR, we use the data which is required for this purpose to answer your enquiry in our common interest. Article 6 (1) (a) also applies on the basis of your consent.
In this respect we draw your attention to the fact that the websites for our social media channels are operated exclusively by the provider of the applicable social network. For this reason, the personal data obtained by us when you contact us may also be used by the operator of such websites; we have no influence over such use. The scope and purpose of data collection by the relevant service providers and their further processing and use of your data are detailed in the privacy policies on the websites of each of these providers: www.facebook.com/about/privacy/; https://www.youtube.com/static?template=privacy_guidelines; https://developers.google.com/+/web/policies; https://twitter.com/privacy; https://pinterest.com/about/privacy; https://instagram.com/about/legal/privacy/. This also provides further information about your data privacy rights in this regard and about the settings options to protect your privacy.
IV. YOUR RIGHTS AS THE DATA SUBJECT
As the data subject you have the following rights that, where the relevant legal conditions apply, you can assert against us. Under Article 15 GDPR you have the right, as the data subject, of access to personal data concerning you. Under Article 16 GDPR, you have the right to have your personal data rectified or, if the conditions of Article 17 GDPR are met, erased. Under Article 18 GDPR, you have the right to have the processing of your personal data restricted. Under Article 21 GDPR you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you generally or in particular cases. Under Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a commonly used format.
You may withdraw at any time any consent you have given us to process your data. Please write to firstname.lastname@example.org for this purpose. Please note that you can only withdraw your consent with effect for the future and that such withdrawal does not affect the lawfulness of previous data processing.
Under Article 77 GDPR, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your workplace or the place of the suspected infringement if you are of the opinion that the processing of the personal data concerning you infringes the GDPR. This right of objection applies without prejudice to any other administrative or judicial remedy.
Right to object
You have the right to object at any time to the processing of your personal data on the legal basis of Article 6 (1) (f) GDPR (balance of interests) or Article 6 (1) (e) GDPR (public interest) on grounds relating to your particular situation. This also applies to profiling within the meaning of Article 4 No. 4 GDPR.
If you lodge an objection, we will cease to process personal data concerning you unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if such processing is carried out to establish, exercise or defend legal claims. In certain specific cases we process your personal data for direct marketing purposes. You have the right to object at any time if you do not wish to receive any advertising; this also applies to profiling which is linked to direct marketing. We will comply with such objection with effect for the future. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes. Your right to object may be exercised informally and should be communicated as soon as possible to:
Marabu GmbH & Co. KG, Asperger Straße 4, 71732 Tamm, Germany
V. AUTOMATED DECISION-MAKING / PROFILING
We do not engage in automated decision-making or profiling (an automated analysis of your personal circumstances).
VI. CATEGORIES OF RECIPIENT
Only authorised staff have access to your personal data. These may also be the authorised staff of our service providers who process the data on our behalf or who have access to these data. We limit the transfer of your personal data to what is necessary and authorised employees of our service providers are strictly bound by our instructions when handling your personal data. Some of these recipients use the data we send to them autonomously.
Categories of recipients of your personal data:
We take technical and organisational security measures to protect the data we administer against manipulation, loss, destruction or access by unauthorised persons. Our security measures are being continuously improved in line with the state of the art.
These measures are adapted in line with the best available techniques. We use the Secure Sockets Layer (SSL) standard to encrypt information entered by you.
VIII. Transfer of data to third countries
We are part of the Marabu Group, a worldwide group of companies that has databases in various countries. Some of these databases are administered by local Marabu companies based in third countries. Third countries are countries outside the European Union that do not provide the same level of data protection as the European Union. In order to comply with European data protection standards and within the meaning of Article 47 GDPR, Marabu has implemented binding corporate rules for the transfer of personal data outside the EEA and Switzerland in the form of a system of principles, rules and instruments which is consistent with European data protection law.
As a rule, our external service providers process your personal data within the European Union (EU) or the Treaty States to the Agreement on the European Economic Area (EEA). However, various tools are used to process your personal data and certain data are consequently transmitted to the USA. However, if your personal data are transmitted to a service provider based in a third country and processed there, we ensure that your personal data are protected by means of appropriate guarantees, such as with standard data protection clauses, or alternatively you have given your consent to the transfer of the data.
IX. Cookies and tracking technologies
Categories of cookies
Functional cookies:These cookies improve user friendliness when you visit our website and also control how our website is presented to you. We also use these cookies to be able to display our products and contents to you in a way that makes it as easy and convenient as possible for you to make purchases on our website.
Advertising: These cookies are used to be able to present you with website contents that are specifically tailored to you and which we assume could be particularly relevant for you. These cookies use corporate advertising networks that process your data as independent controllers.
Required cookies: Required cookies help us to make our website technically accessible and usable for you. These cookies enable essential basic functions, such as navigating on our website, the correct display in your internet browser, the retention of selected goods in the shopping basket or this consent management. Our website or webshop cannot function without these cookies.
You can either agree to the use of all cookies or select these individually.
Of course, you can also change your browser settings to not accept any cookies at all. Information about how to do this can usually be found in your browser’s help function. However, we would also like to point out that you may then only be able to use a limited number of the functions in our webshop.
Legal basis: Article 6 (1) (b) GDPR is the legal basis upon which certain cookies are used by us to process your personal data for the purpose of performing the contract. Article 6 (1) (a) GDPR is the legal basis for such processing if you have given your consent or Article 6 (1) (f) GDPR for the purpose of safeguarding our legitimate interests in the best possible functioning of the website and customer-friendly and effective management of your visit to the website.