Data protection policy
The responsible entity as defined by the General Data Protection Regulation, other national data protection laws of member states and other data protection provisions is:
Name and address of the data protection officer
If you have questions about data protection, please email us or contact our data protection officer directly:
The contact data of the data protection officer is:
W+ST Data Security GmbH Rechtsanwaltsgesellschaft
Münchener Straße 1
Tel: +49 (0) 6831 – 762 132
Fax: +49 (0) 6831 - 73040
Any affected person can contact our data protection officer at any time with questions and suggestions on data protection.
Recording general data and information
If you access our website, we automatically record general information. This general information is stored in the server's log files. We may record the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from where an accessing system came to our website (so-called referrer), (4) the sub-websites that are controlled via an accessing system on our website, (5) the date and time of the access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used to defend against risks in the event of attacks on our information technology systems.
This information does not allow us to draw conclusions about you as an individual. This information is technically required to correctly deliver the requested website content and is compulsory when using the internet. Anonymous information of this kind is analysed by us statistically to optimise our website and the technology behind it.
Like many other websites, we also use so-called “cookies”. Cookies are small text files that are transferred from a website server to your hard drive. We therefore automatically receive certain data, such as the IP address, browser used, your computer's operating system and connection to the internet.
Cookies cannot be used to start programs or transfer viruses to a computer. Using the information contained in cookies we can facilitate the navigation and enable the correct display of our websites.
Under no circumstances is the data we collect passed on to third parties or linked with personal data without your consent.
In order to protect the security of your data during transmission, we use encryption processes that match the current state of technology (e.g. SSL) via HTTPS.
Users of the www.meiser.de website have the opportunity to subscribe to our company’s newsletter. Only your email address is required to send the newsletter. The provision of other, specially marked data is voluntary and is used to address you personally.
In the newsletter we inform our customers and business partners about company offers at regular intervals. The newsletter from our company can only be received by the affected person if (1) the affected person has a valid email address and (2) has registered to receive the newsletter. A confirmation using the double opt-in process is sent to the email address registered by an affected person to receive the newsletter. This confirmation email is used to check whether the owner of the email address has authorised the receipt of the newsletter as the affected person.
When registering for the newsletter, we also save the IP address assigned by the internet service provider (ISP) at the time of the registration, the computer system used as well as the date and time of the registration. The collection of this data is required to track the (potential) abuse of the email address of an affected person at a later time and is therefore used to legally protect the person responsible for processing.
The personal data collected when registering for the newsletter is only used to send our newsletter. In addition, subscribers to the newsletter are informed by email, if this is required to operate the newsletter service or a corresponding registration is required in the event of changes to the newsletter offering or changes to the technical issues. The personal data collected as part of the newsletter service is not passed on to third parties. The subscription to our newsletter can be terminated at any time by the affected person. The consent to the storage of personal data that the affected person provided to send the newsletter can be revoked at any time. Each newsletter contains an appropriate link to revoke the consent. There is also the option to unsubscribe directly on the website by contacting the person responsible for sending the newsletter or inform this person by other means.
As a result of statutory requirements, we offer quick electronic contacts on our website to the company via email and contact forms. If an affected person makes contact with the person responsible for processing by email or contact form, the personal data provided by the affected person is stored automatically. Such personal data provided voluntarily by an affected person to the person responsible for processing is stored for the purposes of processing or contacting the affected person. This personal data is not passed on to third parties.
Deletion or blocking of data
We keep to the principles of data avoidance and economy. We therefore only store your personal data for as long as it is required to achieve the storage purposes stated here. After the end of the relevant purpose or end of these periods, the relevant data is blocked or deleted routinely and in line with the statutory requirements.
Your rights to information, correction, blocking, deletion and objection
You have the following rights relating to the affected personal data:
- Right to information,
- Right to correction or deletion,
- Right to restriction on processing,
- Right to oppose the processing,
- Right to data transfer.
If you have issued consent to processing your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have expressed it to us.
If the processing of your personal data is based on the balance of interests, you can object to the processing. This is the case if the processing is not required in particular to fulfil a contract with you which is the case for the functions described below. When exercising such an objection, we request that you state the reasons why we should not process your personal data. In the event of a justified objection we will check the facts and can either stop the data processing, modify it or show our binding reasons worthy of protection on the basis of which we will continue processing.
It goes without saying that you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your advertising objection using the following contact information
You also have the right to complain to a data protection supervisory authority about how we process your personal data.
Data protection for applications and filling vacancies
The person responsible for processing collects and processes personal data from applicants for the purpose of managing the application process. The process may take place electronically. This is in particular the case if an applicant provides appropriate application documents electronically, e.g. by email or via a web-based form, which are then transferred to the person responsible for processing. If the person responsible for processing concludes an employment contract with an applicant, the data provided is stored for the purposes of managing the employment relationship whilst complying with the statutory requirements. If the person responsible for processing does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after notification of the refusal decision if no other operational interests for the person responsible for processing oppose the deletion. Other justified interests in this regard are for example an evidence obligation in a lawsuit under the German General Equality Act (AGG).
Use of social media plug-ins
We currently use the following social media plug-ins: Facebook, Xing, LinkedIn, Google Maps. We use the so-called two-click solution. This means that when you visit our page, initially no personal data is transferred to the supplier of the plug-in. You can recognise the supplier of the plug-in via the marking on the box showing the initial letter or logo. We give you the opportunity to communicate directly with the plug-in’s supplier via the button. Only if you have clicked the marked field and therefore activate it, the plug-in supplier receives the information that you have called up on the relevant website from our online offering. In addition, the data stated in “recording general data and information” of this policy is transferred. In the case of Facebook and Xing, according to the relevant suppliers in Germany the IP address is made anonymous immediately after collection. By activating the plug-in all of your personal data is transferred to the relevant plug-in supplier and stored there (in the US for US suppliers). As the plug-in supplier undertakes data collection in particular via cookies, we recommend deleting all cookies in your browser’s security settings before clicking the greyed-out box.
We do not have influence on the data collected or data collection processes nor are we aware of the full extent of the data collection, purposes of processing or storage periods. We also have no information on the plug-in supplier deleting the collected data.
The plug-in supplier stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or needs-led design of the website. Such an analysis takes place in particular (even for logged in users) to show needs-led advertising and inform other users of the social network about your activities on our website. You have a right to refuse the formation of these user profiles, but you have to contact the relevant supplier of the plug-in to exercise this right. The plug-ins give you the opportunity to interact with the social networks and other users so that we can improve our offering and make it more interesting for you as the user.
Data transfer takes place independently of whether you have an account with the plug-in supplier and are logged in there. If you are logged in with the plug-in supplier the data collected by us is assigned directly to the account with the plug-in supplier. If you press the activated button and e.g. link the page, the plug-in supplier also stores this information in your user account and shares it publicly with your contacts. We recommend that after using a social network you log out regularly in particular before activating the button as this enables you to avoid assignment to your profile with the plug-in supplier.
You receive other information on the scope and purpose of data collection and its processing by the plug-in supplier in the data protection policies of these suppliers shown below. You can also receive additional information on related rights and setting options to protect your private sphere.
Addresses of the relevant plug-in suppliers and URLs with data protection advice:
- a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; other information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- c) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
- d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Integration of YouTube videos
We have integrated YouTube videos in our online offering that are stored at http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos is the data stated in Paragraph 2 transferred. We have no influence on the transfer of this data.
Through your visit to the website, YouTube receives notification that you opened up the relevant sub-page on our website. In addition, the data stated in “recording general data and information” of this policy is transferred. This occurs independently of whether you have created a YouTube user account that you are logged into or whether there is no user account. If you are logged into Google, your data is directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses these for the purposes of advertising, market research and/or needs-led design of its website. Such an analysis takes place in particular (even for users not logged in) to show needs-led advertising and inform other users of the social network about your activities on our website. You have a right to refuse the formation of these user profiles, but you have to contact YouTube to exercise this right.
Additional information on the purpose and scope of the data collection and its processing by YouTube is found in the data protection policy. You can also receive additional information on related rights and setting options to protect your private sphere:
https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Data protection provisions on the deployment and use of tawk.to
The person responsible for processing has integrated the tawk.to component on this website. Tawk.to is a live support helpdesk software that enables the establishment of real-time direct communication (so-called live chat) with visitors to the website.
Tawk.to is operated by the company tawk.to (SMS SIA), which is located at #6 - 8 Tirgoņu iela, Rīga, Latvia, LV-1050 (EU). tawk.to values your privacy. You can view the data protection provisions here https://www.tawk.to/privacy-policy/.
The tawk.to component places a cookie on the information technology system of the affected person. Cookies have already been explained above. Pseudonym usage profiles can be created via the tawk.to cookie. Such pseudonym usage profiles can be used by the person responsible for processing to analyse the visitor’s behaviour and to analyse and maintain the proper operation of the live chat system. The analysis is used to improve our offering. The data collected via the tawk-to component is not used to identify the affected person without the prior, explicit consent of the affected person. This data is not merged with personal data or other data that contains the same pseudonym.
The affected person can prevent the setting of cookies via our website as described above at any time using an appropriate setting of the internet browser used and therefore permanently oppose the setting of cookies. Use of such a setting of the internet browser would also prevent the tawk.to component from setting a cookie on the information technology system of the affected person. In addition, a cookie already set by the tawk.to component can be deleted at any time via the internet browser or other software programs.
Legal basis for processing
Art. 6 I lit. a GDPR is used by our company as the legal basis for the processing for which we require consent for a particular processing purpose. If the processing of personal data is required to fulfil a contract and the affected person is a contractual party, for example for processing required to deliver goods or provide either services or consideration, the processing is based on Art. 6 I lit. b GDPR. This also applies to such processing that is required to implement measures ahead of the contract, for example in the event of queries for our products and services. If our company is subject to a legal obligation that requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases the processing of personal data may be required to protect the vital interests of the affected person or another natural person. This would be the case for example if a visitor was injured in our business and then their name, age, health insurance company data or other vital information must be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit d GDPR. Finally, processing may be based on Art. 6 I lit f GDPR. Processing on this legal basis, which is not covered by any of the legal bases stated above, includes processing to maintain the justified interests of our company or data if it is not outweighed by the interests, basic rights and basic freedoms of the affected person. Such processing is permitted for us in particular because it is stated separately by the European legislators. It represents the opinion that a justified interest can be assumed if the affected person is a customer of the responsible person (consideration reason 47 sentence 2 GDPR).
Justified interests in the processing undertaken by the responsible person or a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, our justified interest is the implementation of our business activities in favour of the well-being of all of our employees and shareholders.
Duration for which the personal data is stored
The criterion for the duration of storage for personal data is the relevant statutory storage period. After the end of the period, the relevant data is routinely deleted if it is no longer required to fulfil or start a contract.
Statutory or contractual regulations for providing personal data; requirement for contractual conclusion; obligation of the affected person to provide the personal data; potential consequences of non-provision
We clarify that the provision of personal data is in part required by law (e.g. tax regulations) or may arise from contractual provisions (e.g. information on contractual partners). It may be necessary for concluding a contract that an affected person provides us with personal data that must then be processed by us. The affected person is obliged for example to provide personal data when they conclude a contract with our company. Non-provision of the personal data means that it is not possible to conclude the contract with the affected person. The affected person may contact our data protection officer before providing the personal data. Our data protection officer will clarify for the affected person whether the provision of personal data is required by law or contract or is required to conclude the contract, whether there is an obligation to provide the personal data and what consequences the non-provision of personal data would have.
Changes to our data protection provisions
We reserve the right to occasionally change this data protection policy so that it always complies with the current legal requirements or to implement changes to our services in the data protection policy, e.g. when introducing new services. The new data protection policy then applies to the new visit.