Privacy statement – as of 16 May 2019
1. Name and contact details of the controller
This privacy statement informs you about the processing of personal data on our website.
Controller within the meaning of Article 4 (7) of the General Data Protection Regulation (GDPR):
MINDACT Gesellschaft für Kommunikation mbH & Co. KG
Tel.: +49 202 747 14 50
FAX +49 202 747 14 60
Contact details of the data protection officer:
The company’s data protection officer can be reached using the contact details below:
Steinbecker Meile 1
2. Scope and purpose of the processing of personal data
2.1 Accessing the website
When this website (http://www.mindact.de) is accessed, the visitor’s internet browser automatically sends data to the website’s server and stores it in a log file for a limited period of time. Until its automatic erasure, the following data is stored without further input by the visitor:
- IP address of the visitor’s terminal device
- Date and time of access by the visitor
- Name and URL of the page accessed by the visitor
- Website from which the visitor reaches the company website (‘referrer URL’)
- Access status/http status code
- Amount of data transferred in each case
- Language, browser and operating system of the visitor’s terminal device and the name of the access provider used by the visitor
The processing of this personal data is justified in accordance with Article 6 (1) (f) GDPR. The company has a legitimate interest in processing data for the following purposes:
- to quickly establish a connection to the company’s website,
- to enable user-friendly utilisation of the website,
- to recognise and ensure the security and stability of the systems, and
- to facilitate and improve the administration of the website.
Processing expressly does not take place for the purpose of gaining knowledge about personal details of the website visitor.
2.2 Contacting us
If you contact us by e-mail or via a contact form, the data that you have disclosed (your e-mail address and possibly your name and telephone number) will be stored by us so that we can respond to your queries. We will erase the data generated in this context once storage is no longer required, or will restrict processing if it is subject to statutory retention requirements.
3. Disclosure of data
Personal data will be transferred to third parties if
- the data subject has expressly consented under Article 6 (1) (a) GDPR,
- disclosure under Article 6 (1) (f) GDPR is necessary to assert, exercise, or defend legal claims and there is no reason to assume that the data subject has an overriding legitimate interest in the non-disclosure of his/her data,
- there is a legal obligation for the data transfer under Article 6 (1) (c) GDPR, and/or
- this is necessary for the fulfilment of a contractual relationship with the data subject under Article 6 (1) (b) GDPR.
In no other cases will personal data be passed on to third parties.
Cookies are used on this website. These are data packets that are exchanged between the server of the company’s website and the visitor’s browser. During visits to the website, they are stored by the devices used (PC, notebook, tablet, smartphone, etc.). In this respect, cookies cannot cause any damage to the devices used. Specifically, they do not contain viruses or other malware. The cookies store information that is produced in connection with the specific terminal device used. Under no circumstances can the company use this information to obtain direct knowledge of the identity of the visitor to the website.
Cookies are used to make the use of the company’s website more convenient. For example, session cookies (transient cookies) can be used to track whether the visitor has already visited individual pages of the website. After the visitor leaves the website, these session cookies are automatically deleted.
Temporary cookies are used to improve user-friendliness. They are stored on the visitor’s device for a limited period of time. If the visitor visits the website again, the fact that he/she has already visited the page and the entries and settings made during previous visits are automatically detected so that the visitor does not have to repeat them.
Cookies are also used to analyse website visits for statistical purposes and to improve service. These cookies make it possible to automatically detect that the website has been previously accessed by the visitor when he/she visits it again. Here, the cookies are automatically deleted after a specified period of time.
The processing of data by cookies is justified for the above-mentioned purposes in order to safeguard the legitimate interests of the company under Article 6 (1) (f) GDPR.
Cookies are mostly accepted in accordance with basic browser settings. Browser settings can be configured not to accept cookies on the devices used or to display a special notification before a new cookie is created. However, it should be noted that deactivating cookies may mean that not all functions of the website can be used as effectively as possible.
5. Google Maps
This website uses Google Maps to display interactive maps and create directions. Google Maps is a mapping service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you use Google Maps, information about your use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA.
If you access a web page on our website that contains Google Maps, your browser will establish a direct connection with Google’s servers. Google will transmit the map content directly to your browser, which will then integrate it into the website. We therefore have no influence on the scope of the data collected by Google in this way. To the best of our knowledge, this includes at least the following data:
- Date and time of your visit to the website in question
- Internet address or URL of the website accessed
- IP address
- (Start) address entered as part of route planning
We have no influence on Google’s further processing and use of the data and can therefore accept no responsibility for this.
6. Your rights as a data subject
If your personal data is processed when you visit our website, you have the following rights as a “data subject” within the meaning of the GDPR:
Under Article 15 GDPR, you can request information from us as to whether we are processing your personal data. This right to obtain information will not apply if the data is only stored because its erasure is prohibited due to legal or statutory retention periods or if it is used exclusively for the purposes of data security or data protection control, provided that the provision of information would require a disproportionately large effort and appropriate technical and organisational measures prevent it from being processed for other purposes. If the right to obtain information is applicable in your case and your personal data is processed by us, you can request information from us about the following:
- Purpose of the processing
- Categories of your personal data processed
- Recipients or categories of recipients to whom your personal data is disclosed, especially in the case of recipients in third countries
- If possible, the duration for which your personal data is stored, or if this is impossible, the criteria for establishing the storage period
- The existence of a right to rectify or erase or restrict the processing of personal data concerning you or a right to object to such processing
- The existence of a right of appeal to a data protection supervisory authority
- If the personal data has not been collected from you as the data subject, the available information on the origin of the data
- Where applicable, the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the scope and intended effects of automated decision-making
- If applicable, in the case of transfer to recipients in third countries, provided that there is no decision by the EU Commission on the adequacy of the level of protection under Article 45 (3) GDPR, information on which appropriate safeguards are provided for the protection of the personal data under Article 46 (2) GDPR
6.2 Correction and completion
If you discover that we have inaccurate personal data about you, you can request that we correct this inaccurate data without delay in accordance with Article 16 GDPR. If your personal data is incomplete, you may request that it be completed.
Under Article 17 GDPR, you have the right to deletion (“right to be forgotten”), unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, or for the performance of a task carried out in the public interest, and one of the following grounds applies:
- The personal data is no longer required for the purposes for which it was processed.
- The justification for the processing was solely your consent, which you have revoked.
- You have objected to the processing of your personal data that we have made public.
- You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing.
- Your personal data was processed unlawfully.
- The deletion of personal data is necessary to comply with a legal obligation to which we are subject.
There is no entitlement to deletion if, in the case of lawful non-automated data processing, deletion is not possible or is only possible with disproportionate effort due to the special nature of the storage and your interest in deletion is low. In this case, restriction of processing takes the place of deletion.
6.4 Restricting of processing
Under Article 18 GDPR, you may ask us to restrict processing if one of the following reasons applies:
- You contest the accuracy of the personal data. In this case, restriction may be requested for a length of time that enables us to verify the accuracy of the data.
- The processing is unlawful, and instead of deletion, you request the restriction of the use of your personal data.
- Your personal data is no longer required by us for the purposes of processing, but you need it to assert, exercise or defend legal claims.
- You have lodged an objection under Article 21 (1) GDPR. The restriction of processing can be requested as long as it has not yet been determined whether our legitimate reasons outweigh your reasons.
Restriction of processing means that the personal data will only be processed with your consent, for the assertion, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest. Before we lift the restriction, we have a duty to inform you.
6.5 Data portability
Under Article 20 GDPR, you have the right to data portability if the processing is based on your consent (Article 6 (1) (a) or Article 9 (2) (a) GDPR) or on a contract to which you are a party, and the processing is carried out using automated procedures. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of other persons: You may request that we provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. Where technically feasible, you may request that we transfer your personal data directly to another controller.
If the processing is based on Article 6 (1) (e) GDPR (performance of a task in the public interest or in the exercise of official authority) or on Article 6 (1) (f) GDPR (legitimate interest of the controller or a third party), you have the right under Article 21 GDPR to object at any time to the processing of personal data relating to you on grounds relating to your particular situation. This also applies to profiling based on Article 6 (1) (e) or (f) GDPR. After the right to object has been exercised, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.
You may object at any time to the processing of personal data concerning you for direct marketing purposes. This also applies to profiling associated with such direct advertising. After this right to object has been exercised, we will no longer use the personal data in question for direct marketing purposes.
You can inform us of your objection informally by telephone, e-mail, fax, or by writing to the postal address listed for our company at the beginning of this privacy statement.
6.7 Revocation of consent
Under Article 7 (3) GDPR, you have the right to revoke your consent at any time with effect for the future. The revocation of consent can be communicated informally by telephone, e-mail, fax, or by writing to our postal address. The lawfulness of the data processing that took place on the basis of the consent until receipt of the revocation is not affected by the revocation. After receipt of the revocation, data processing based exclusively on your consent will be discontinued.
If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with a data protection supervisory authority with jurisdiction over your place of residence, place of work, or the place of the alleged infringement, in accordance with Article 77 GDPR.
7. Data security
Within the framework of website visits, we use the widespread SSL (Secure Sockets Layer) protocol in conjunction with the highest applicable encryption level supported by your browser. As a rule, this will be 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the ‘closed’ depiction of the key or lock symbol in the lower status bar of your browser.
In other respects, we use the appropriate technical and organisational security measures to protect your data from accidental or deliberate tampering, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
8. Current status and updating of this privacy statement
This privacy statement was last updated on 16 May 2019.
It may become necessary to amend this privacy statement as our website and the services offered on it are further developed or due to changes in legal or official requirements. The latest version of the privacy statement can be accessed at any time on our website at https://www.mindact.de/datenschutz and printed out.