Thank you for your interest in MKCL Deutschland GmbH (hereinafter referred to as “MKCL”, we and/or us). Our executive team considers data protection to be very important, which means that the protection of your private sphere during the processing of personal data and the use of our web pages are of particular importance to us.
You can generally use our website without providing any personal data. However, if make use of particular services offered by our company via our website or wish to contact us, the processing of personal data may be necessary. If it is necessary to process personal data and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, for example the name, address, email address or telephone number of a data subject, always takes place in accordance with the requirements of the EU General Data Protection Regulation (EU GDPR) and in compliance with the country-specific data protection provisions applicable in Germany.
1. Contact details of the Data Controller
According to the EU GDPR and the national data protection regulations, the Data Controller is:
Managing Directors: Andreas Mayer, Sören Dehnbostel
Local Court of Lübeck HRB 1832 OD
2. Contact details of the Data Protection Officer
The Data Protection Officer of MKCL is:
Oscar Nissen (NNW Consulting GmbH)
23843 Bad Oldesloe
If you have any queries and suggestions concerning data protection, you may consult our Data Protection Officer directly.
3. Use of website/collection of general data and information
The website of MKCL collects a range of general data and information with every access to the website by you or an automated system. This general data and information are stored in the log files of our server.
They comprise the name of the visited web page, the file, the date and time of access, the transferred volume of data, the notification of successful access, the browser type including the version, the user’s operating system, the referrer URL (the previously visited web page), the IP address and the internet service provider as well as other similar data and information that serve risk prevention in the event of attacks on our information technology systems.
When using this general data and information, MKCL does not draw any conclusions on the identity of the data subject. This information is rather required to correctly display the contents of our website, to optimise the contents of our website, to guarantee the permanent functionality of our information technology systems and the technology of our website, and to provide law enforcement authorities with the information necessary for prosecution in case of a cyber attack. This data and information, which is collected on an anonymous basis, will therefore be evaluated by us for statistical purposes on the one hand, and furthermore, to improve data protection and data security in our company with the final aim of providing an ideal level of protection for the personal data processed by us. The data from the server log files will be stored separately from all of the personal data provided by a data subject.
By means of cookies, the information and offers on our website can be optimised for the benefit of the user. Cookies allow us to recognise the users of our website on a pseudonymised basis. The purpose of this recognition is to make the use of our website easier and to save the technical settings of the user. The data subject can prevent the placement of cookies by our website at any time by correspondingly setting the internet browser used and thus permanently object to the placement of cookies. Furthermore, cookies which have already been placed can be erased at any time via an internet browser or other software programmes. This is possible in all conventional browsers. If the data subject disables the placement of cookies in the web browser used, it may not be possible to use all features of our website to their full extent in some circumstances.
Other cookies used by MKCL serve the purpose of user-friendly experience and are deleted at the end of the browser session (session cookies).
3.2 Use of Google Analytics
On our website we use Google Analytics, a web analysis service of Google LLC (“Google”).The use is made on the basis of Art. 6 para. 1 lit. a EU-DSGVO or § 25 para. 1 TTDSG [German Telemedia Act]. Google Analytics uses “cookies”, text files stored on your computer which help to analyse how you use our website. The information regarding your use of the website which is generated by the cookie, including
- the browser type/version,
- the operating system used,
- the referrer URL (previously visited web page),
- the host name of the accessing computer (IP address),
- the time of the server query,
will usually be transferred to a Google server in the USA and stored there. The IP address transmitted by your browser in the context of Google Analytics will not be associated with any other data from Google. Additionally, we have extended Google Analytics with the code “anonymizeIP” on this website. This means that your IP address is abbreviated by Google within European Union member states or other states which are part of the European Economic Area before it is transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On our behalf, Google will use this information to analyse your use of the website, to compile reports about the website activities and to provide further services which are connected to the use of both this website and the internet towards us. By changing your browser settings accordingly, you can prevent cookies from being stored; please note, however, that you may not have full access to all website functions in this case.
Data sent by us and data linked to cookies, user IDs or advertising IDs are automatically erased after 14 months. Data that have reached their retention period are automatically erased once a month. For more information on the terms of service and data protection, please visit https://www.google.com/analytics/terms/de.html and/or https://policies.google.com/?hl=de.
You can also prevent the data generated by the cookie and relating to the use of the website on your part (including your IP address) from being gathered and processed by Google by downloading and installing the browser plug-in which is available at the link below: tools.google.com/dlpage/gaoptout. As an alternative to this browser add-on, especially with browsers on mobile end devices, you can also prevent the collection of data by Google Analytics by clicking on this link Disallow Google Analytics to track me. An opt-out cookie will be placed which prevents the future collection of your data when visiting this website. The opt-out cookie applies to this browser and to our website only, and will be placed on your device. If you delete the cookies in this browser, it will be necessary for you to place the opt-out cookie again.
4. Social media presences
We maintain online presences within various social networks and platforms in order to be able to communicate with the customers, interested parties and users and to be able to inform them about our services there.
We would like to point out that user data can be processed outside the EU. This can result in risks for users, for example because it could make it more difficult to enforce user rights. With regard to the US operators Facebook and LinkedIn, we would like to point out that they submit to the standard contractual clauses approved by the EU Commission (= Article 46 EU GDPR) and thus commit to comply with the data protection standards of the EU. You can find the implementation decision and the clauses here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en
We operate on the social media platforms
- Facebook: https://de-de.facebook.com/MKCLDeutschland/
- XING: https://www.xing.com/pages/mkcldeutschlandgmbh
- LinkedIn: https://de.linkedin.com/company/mkcl-deutschland-gmbh
a social media page (“fan page”, “channel” etc.).
In addition to us, there is the operator of the social media platform itself. This is also another controller responsible who does data processing over which we have only limited influence. At the points where we can influence and parameterize the data processing, we work towards the data protection-compliant handling by the operator of the social media platform within the scope of the possibilities available to us. In many places, however, we cannot influence the data processing by the operator of the social media platform and we do not know exactly which data they are processing.
Data processing by MKCL
The data you enter on our social media pages, e.g. comments, videos, pictures, likes, public messages etc. are published through the social media platform and are never used or processed by us for any other purpose. We only reserve the right to delete content if this should be necessary. We may share your content on our site if this is a feature of the social media platform and communicate with you through the social media platform.
If you wish to object to a specific data processing over which we have an influence, please use the contact details given in this statement.
If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the required response. You always have the option of sending us confidential inquiries to our address given here.
Wherever the operator of the social media platform gives us the opportunity, we make sure that our pages are as data protection compliant as possible. With regard to statistics provided to us by the operator of the social media platform, we can only influence them to a very limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.
The processing of users’ personal data is based on our legitimate interests in our public relations work, effective information for users and communication with users in accordance with Article 6 (1) (f) EU GDPR. If the users are asked by the respective operators of the platforms for consent to the data processing described above, the legal basis for the processing is Article 6 (1) (a), Article 7 EU GDPR.
For a detailed description of the respective processing and the possibility of objection (opt-out), we refer to the following linked information from the operators.
Also in the case of requests for information and the assertion of user rights, we would like to point out that these can be asserted most effectively with the operators of the platforms. Only the operators have access to the data of the users and can directly take appropriate measures and provide information.
Data processing by the operators of the social media platforms
The operators of the social media platforms usually use web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered on the social media platform. As already explained, we unfortunately have little influence on the web tracking methods of the social media platform. We cannot switch this off in particular.
Please be aware: It cannot be ruled out that the operator of the social media platform uses your profile and behavioral data, for example to evaluate your habits, personal relationships, preferences, likes, etc. In this respect, we have no influence on the processing of your data by the operators of the social media platforms.
You can find more information on data processing by the operator of the social media platform and other options for objection in the data protection declarations of the operators:
- Facebook: https://www.facebook.com/privacy/explanation
- Xing: https://privacy.xing.com/de/datenschutzerklaerung
- LinkedIn: https://linkedin.com/legal/privacy-policy
The information generated by the cookies about your use of the fan page, e.g. number of page activities (actions performed on the page), number of page views, number of “likes”, number of people reached, number of post interactions, data on video views, The number of page subscribers, the percentage distribution of gender, age structure, country, city and language of the people reached and interacting are usually transmitted to Facebook servers in the USA and stored there.
Since we use the “Facebook Insights” analysis function, there is joint responsibility (joint controllership) with Facebook according to the case law of the ECJ. To this end, we have concluded an agreement with Facebook in accordance with Article 26 EU-GDPR.
Facebook processes user data for the following purposes:
- Advertising, analysis, creation of personalized advertising
- Creation of user profiles
- market research
When you visit the site, Facebook automatically saves information in a log file that your browser transmits to Facebook.
We expressly point out that we have no knowledge of the scope and content of the data determined by Facebook and how it is processed and used or, if necessary, transmitted to third parties by Facebook.
The information on Page Insights from Facebook describes which data is processed as part of the joint controllership and contains the “Page Insights Supplement” in which Facebook and MKCL have contractually defined which of them fulfills which obligations under the GDPR.
5. Data protection in applications and in the application process
MKCL will only collect and process the personal data of applicants for the purpose of the implementation of the application process. The processing can also take place electronically. In particular, this is the case when an applicant transfers the corresponding application documents to us electronically; by email, for instance. If an employment contract is entered into with the applicant, the data transferred will be stored and processed for the purpose of the implementation of the employment relationship in compliance with the applicable statutory provisions.
The processing takes place on the basis point (b) of Article 6(1) EU GDPR in connection with Article 26 BDSG [German Data Protection Act].
If no employment contract arises, the application documents will be erased six months after the notification of the decision of rejection, if there are no other legitimate interests of MKCL to the contrary. Other legitimate interests in this context include, for example, burden of proof in a process under the General Equal Treatment Act (AGG).
The processing takes place on the basis of point (f) of Article 6(1) EU GDPR.
6. Contractual relationships/rule regarding the forwarding of data
Within MKCL, your data (e.g. name, address, invoicing address, telephone number, email address, etc.) will be accessed by the positions, departments and employees that require such data for the fulfilment of our contractual and statutory obligations. Processors who are appointed by us (Article 28 EU GDPR) can also receive data for such purposes. In particular, this includes companies in the following categories: IT services, technical services, logistics, printing services, telecommunications, debt collection, consulting and advice as well as sales and marketing. In addition to this, data can also be forwarded to external persons (such as solicitors) if this is necessary for the enforcement of legal interests.
The forwarding of data to further recipients external to MKCL will only take place if required by the statutory provisions or you have provided your consent. On this basis, in the event of the existence of a statutory or official obligation, the recipients of personal data can, in particular, be public bodies and institutions (supervisory authorities, financial authorities, social insurance providers), or the recipients indicated by us in the scope of the provision of your consent for the transfer of data.
A transfer of data to third countries or international organisations on the part of MKCL is intended in the scope of the framework described above (e.g. Google), or if ordering parties/customers are based in third countries and this is necessary for the implementation of the contracts; the legal basis is point (b) of Article 6(1) in connection with Articles 44 and 49 EU GDPR.
7. Categories of data and legal bases
The categories of personal data that are collected include the following data in particular:
a) Personal data and contact data:
We define master data and contractual data as all the data of a customer that we collect for the establishment, content-related configuration, amendment or termination of a contractual relationship regarding the contractual services and for the necessary communication on our part. This includes, for example, the name, address, invoicing address, telephone and fax numbers, possible start of the contract, possible banking details for direct debit settlements, the email address, mandates, contract details of authorised representatives, etc. The processing takes place on the basis of point (b) of Article 6(1) EU GDPR.
b) Other obligations for processing and storage:
In the scope of the statutory storage obligations regarding tax and business law, it is furthermore necessary for the data processing to be restricted and for data to be archived. The processing takes place on the basis of point (c) of Article 6(1) EU GDPR.
c) If necessary, we process your data beyond the actual fulfilment of the contract to safeguard our and third parties’ legitimate interests.
Examples: The verification and optimisation of processes for needs analyses and directly approaching customers; advertising or market and opinion research, insofar as you have not objected to the use of your data; the assertion of legal claims and defence in the event of legal disputes, ensuring IT security and IT operations; measures for business management and the further development of services and products.
The processing takes place on the basis of Article 6(1) point (f) EU GDPR.
8. Contacting us
If you contact MKCL (using the contact form or by email, for example), we will store your data from the enquiry form including the contact data provided by you (required obligatory information and voluntary information are highlighted accordingly on the appropriate form) for the processing of the enquiry and in case follow-up questions arise. Following the conclusion of the enquiry, your data will be routinely erased unless you are one of our customers or this is prevented due to the statutory retention periods.
The further processing of the data, its use for other processes or the forwarding of this data will not occur without your consent.
9. The routine erasure and restriction of processing of personal data
MKCL will only processes and store the personal data of the data subject for the period which is necessary for achieving the purpose of its storage or insofar as this has been provided for by European or national legislation to which MKCL is subject.
Where necessary, we will process and store your personal data for the duration of our business relationship, including the initiation and execution of a contract, for example.
In addition to this, we are also subject to various retention and documentation obligations which, among others, are stipulated by the German Commercial Code (HGB) and the German Fiscal Code (AO). The stipulated periods for the retention and/or documentation may total up to 10 years.
The retention period is also determined in accordance with the statutory limitation period which, for example, is generally three years in accordance with Article 195 et seq. of the German Civil Code (BGB) but may also be up to thirty years in some cases.
If the purpose of the storage ceases to apply or if a retention period stipulated by the European or national regulations elapses, the processing of the personal data will be routinely restricted or the data will be erased according to the statutory regulations.
10. Rights of the Data Subject
You can exercise the following rights at any time:
- Right of access according to Article 15 EU GDPR
- Right to rectification according to Article 16 EU GDPR
- Right to erasure/right to be forgotten according to Article 17 EU GDPR
- Right to the restriction of processing according to Article 18 EU GDPR
- Right to data portability according to Article 20 EU GDPR
- Right to object according to Article 21 EU GDPR
Right to object: If we carry out the processing of data in order to safeguard our legitimate interests, on the basis of the reasons that arise due to your specific situation, you have the right to object to this processing at any time. In particular, this also includes the right to lodge an objection to processing for advertising purposes. The objection applies with future effect.
For the right of access and right to erasure, the restrictions according to Articles 34 and 35 BDSG (revised version) [German Data Protection Act] apply. The right to lodge a complaint with a supervisory authority for data protection also exists (Article 77 EU GDPR in connection with Article 19 BDSG [revised version]).
To exercise your rights, you can also contact our Data Protection Officer or MKCL using the aforementioned data.
11. Security of processing
MKCL applies technical and organisational security measures according to Article 32 EU GDPR in order to protect your personal data against destruction, loss or change, whether unintentional or unlawful, or the unauthorised disclosure and/or unauthorised access to personal data which has been transferred, stored or processed in any other way. In particular, this includes an encryption of the access to websites with the use of current and appropriately state of the art processes.
MKCL has furthermore implemented a procedure for the regular verification, assessment and evaluation of the technical and organisational measures that have been taken in the interests of continuously improving our security measures in accordance with the technological developments.