Skip to main content

Data Protection

The protection of your personal is of utmost importance to us. We treat your personal data as confidential and in accordance with the respective statutory data protection rules and this data protection statement.

The use of our website is generally possible without the provision of any personal data. If any personal data (e.g. name, address or email addresses) are collected on our pages, this shall always be done on a voluntary basis where possible. These data will not be passed on to third parties without your express consent.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security flaws. A complete protection of the data against access by third parties is not possible.

1. Controller pursuant to Art. 4 (7) GDPR

The controller pursuant to Art. 4 (7) GDPR is:

Mercoline GmbH

Wittestr. 30 L

13509 Berlin,

Telephone: +49 30 436589 0

E-mail: kontakt@mercoline.de

2. Communication by E-mail/Telephone/via a Contact Form

Purpose of the Data Processing/Legal Basis:

We will, of course, treat any personal information that you provide us with by e-mail, telephone, post, or via a contact form as confidential. We will exclusively use your data for the purpose of processing your request. The legal basis for the processing of your data is provided by point (f) of Article 6 (1) GDPR [German Data Protection Regulation]. The respective legitimate interest on the part of Mercoline results from our interest to respond to requests of our customers, business partners, and interested parties and, thus, maintain and improve customer satisfaction.

We use telephony features of Microsoft Teams. The explanations regarding Teams in this data protection statement shall apply accordingly to the telephony features.

Recipients/Categories of Recipients:

We generally exclude any transfer of the data to third parties outside of Mercoline. By way of exception, data shall be processed by processors on our behalf. These processors will be carefully selected in each case, audited by us and contractually obligated pursuant to Art. 28 GDPR.

Furthermore, it may be necessary to pass on requests to other companies within the group of companies DATAGROUP to the extent that this is necessary for their processing.

Storage Period/Criteria for Determining the Storage Period:

All personal data sent by you within the framework of requests will be deleted or securely rendered anonymous by us no later than 90 days after the final response to you. The 90-day retention period results from the fact that it may happen from time to time that you need to be able to contact us again on the same matter after a reply and refer to the previous correspondence. Experience has shown that, as a rule, we do not receive any further inquiries regarding our answers after 90 days.

Voice messages on answering machines remain stored until the called party deletes them.

3. Processing of Data of Contact Persons

Purpose of the Data Processing/Legal Basis:

We process the contact details of contact persons of customers, interested parties, suppliers and other business partners for communication by e-mail, telephone, fax, and mail. The legal basis for the processing of the data is provided by point (f) of Article 6 (1) GDPR. The respective legitimate interest on the part of Mercoline results from our interest to conduct or establish business relations with customers, interested parties, suppliers, and other business partners and to maintain personal contact with contact persons.

Recipients/Categories of Recipients:

We generally exclude any transfer of the data to third parties outside of Mercoline. Within Mercoline, your data will be passed on, inter alia, for conducting or establishing business relations. By way of exception, data shall be processed by processors on our behalf. These processors will be carefully selected in each case, audited by us and contractually obligated pursuant to Art. 28 GDPR.

Storage Period/Criteria for Determining the Storage Period:

Personal data will be stored for the purpose of conducting business relations as long as a respective legitimate interest exists.

4. Newsletter Subscription

Purpose of the Data Processing/Legal Basis:

You can subscribe to our newsletter through various channels (this website, at trade fairs). The legal basis for the data processing within the framework of sending newsletters is your consent pursuant to point (a) of Art. 6 (1) GDPR and section 7 (2) UWG (Law against unfair competition). The purpose of the data processing within the framework of the Mercoline newsletter subscription is to provide newsletter subscribers with information about Mercoline offers, promotions, products, events, and services.

If you sign up for the cost-free Mercoline newsletter, we need your e-mail address as mandatory information. If you voluntarily provide additional personal information during the subscription process (last name, first name, company, position, and choice of topic), we will only use this data for target group analysis and internal evaluation purposes.

After sending the subscription form you will receive an e-mail from us with a confirmation link. If you click on the link contained in the e-mail, you are subscribed to the newsletter. This will be communicated to you by another e-mail. By confirming your subscription, you confirm your consent to the processing of your e-mail address and your optional details for the purposes stated herein. For the purpose of subsequent evidence, we will save the time and the IP address used during the newsletter subscription process.

You can declare your revocation by clicking on the link provided in every newsletter e-mail, through the use of this form of the website, by sending an e-mail to kontakt@mercoline.de or by sending a message to the contact details given in the corporate info.

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons, also known as tracking pixels. These are single-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in Section 8 and the web beacons with your e-mail address and an individual ID. With the data obtained in this way, we create a user profile to customize the newsletter in accordance with your individual interests. While doing so, we record when you read our newsletters, which links you click on in them and draw conclusions regarding your personal interests. We link this data to your activities on our website. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via other contact channels. The information will be stored for as long as you have subscribed to the newsletter. After you have unsubscribed from the newsletter, we will store the data anonymously and merely for statistical purposes. The legal basis for such data processing is the consent given by you during the newsletter subscription process.

Recipients/Categories of Recipients:

We generally exclude any transfer of the data to third parties outside of Mercoline. The service provider CleverReach GmbH & Co. KG was assigned by us to send the newsletter. This service provider was carefully selected and audited by us and contractually obligated pursuant to Art. 28 GDPR.

Storage Period/Criteria for Determining the Storage Period:

If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. If you withdraw your consent to receive the Mercoline newsletter, the data collected for this purpose will be deleted immediately, unless it is also required for another purpose.

5. Data Processing for Marketing Purposes

Purpose of the Data Processing/Legal Basis

We use personal data for marketing purposes, including but not limited to advertisements by e-mail, telephone, and mail. The purpose of the data processing within the framework of marketing measures is to provide the data subjects with information about Mercoline’s products and services. The legal basis for sending advertisements by mail is provided by point (f) of Art. 6 (1) GDPR. The respective legitimate interest on the part of Mercoline results from the interest to send information about products and services to customers and interested parties. As a general rule, the legal basis for marketing measures conducted by e-mail or telephone is the consent given by you. For marketing measure aimed at existing customers, section 7 UWG might be also applicable.

You can object to the receipt of advertisements at any time with effect for the future by sending a message to kontakt@mercoline.de.

If you declare an objection to advertising, we will store your data in an advertising ban file based on point (f) of Art. 6 (1) GDPR. The respective legitimate interest on the part of Mercoline results from the interest to ensure the compliance with the objection that was declared.

Recipients/Categories of Recipients:

Your data will, on principle, not be passed on to external parties. If external processors are engaged for sending the advertisements, they are contractually obligated in accordance with Art. 28 GDPR and have been checked accordingly to ensure that suitable organizational and technical security measures are in place. Your data can be passed on to other companies within the DATAGROUP for marketing purposes.

Storage Period/Criteria for Determining the Storage Period:
If you object to the receipt of advertisements, your data will be blocked immediately and then erased, unless they are not stored for other purposes, too.

6. Receipt of Applications

Purpose of the Data Processing/Legal Basis:

In addition to sending your application by mail, you can also send us your application documents by e-mail or via an application form for fast and convenient application. Any application documents sent to us will exclusively be used for the execution of the application procedure. Please note that applications that you send to us by e-mail are transmitted to us in an unencrypted form and that the data might be read or even falsified by unauthorized persons. You are welcome to send your documents by mail.

The purpose of processing your personal data is the execution of the application procedure in our company and the possible establishment of a new employment relationship.

The legal basis for such processing is provided by Art. 88 (1) GDPR in conjunction with section 26 (1) BDSG-NEU (New Federal Data Protection Act).

Recipients/Categories of Recipients:

Your data will, on principle, not be passed on to external parties. Within the company, only those persons will have access to your personal data who are involved in the decision-making process. Other DATAGROUP companies support MERCOLINE with the execution of the application procedure. Any data shall only be passed on to other companies within DATAGROUP for the purpose of filling their job vacancies upon your consent.

Storage Period/Criteria for Determining the Storage Period:

In case of a successful application, your personal data will be stored for the duration of your employment. In addition to that, your tax-relevant data will be archived for a period of up to 10 years after the termination of your employment within the framework of the legal retention period pursuant to sections 257 (1) no. 1, (4) HGB (German Commercial Code), 147 AO (German Fiscal Code). In the event of an unsuccessful application, your personal data will be erased after three months following the rejection. A longer storage period despite of a rejection shall require your consent.

7. Registration for Seminars and Events

Purpose of the Data Processing/Legal Basis

If you would like to book seminars or register for events via our website, we need the information that is marked as mandatory in the booking screen. The input fields that are not marked can be filled out optionally. As part of the booking process, you will receive an e-mail from us to confirm your registration. The booking process will only be completed after you have activated the link contained in this e-mail. Your booking data will be processed by us for the execution of the booking process and the seminar or for the registration for events. The legal basis for such processing of your data is provided by point (b) of Article 6 (1) GDPR.

If you give us your consent to do so, we will also use your details to send you marketing information about the respective seminar/event by e-mail, mail, or telephone after the seminar/the event. You can withdraw the consent at any time with effect for the future by clicking on the respective unsubscribe link in one of the e-mails or send an e-mail to [kontakt@mercoline.de]. The legal basis for the data processing within the framework of sending information is your consent pursuant to point (a) of Art. 6 (1) GDPR and section 7 (2) UWG.

Recipients/Categories of Recipients:

We pass on the names of those who register for a seminar on our homepage in part to our training partner who conducts the training. The training partner needs these data for the organizational processing of its training courses and then reports the data to the examination institute.  There, the data is stored in a database, from which the examination form and the final certificate will be generated. Data of applicants for events will not be passed on.

Storage Period/Criteria for Determining the Storage Period:

We will store the data of participants in any seminars and events to the extent that this is required for the duration of the statutory retention obligations. After this period and for the rest, the data shall, on principle, be erased. If you have given your consent to receive information, we will store your data for this purpose until you withdraw this consent.

8. Cookies

General information:

This website uses the following types of cookies, the scope and functionality of which are explained hereinafter:

  • Transient cookies (see a),
  • Persistent cookies (see b).

a) Transient cookies are automatically deleted when you close your browser. They include without limitation session cookies. Such session cookies store a so-called session ID, with which different requests of your browser can be attributed to a specific session. Thus, your computer can be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

b) Persistent cookies are automatically deleted after a given period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

You can configure your browser settings in accordance with your wishes and, for example, reject any third-party cookies or all cookies. Please note that you may not be able to use all features of this website.

We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would need to log in each time you visit our website.

You can change your cookie settings here: Enabling/disabling cookies

The legal basis for the processing of your data by so called “strictly necessary cookies” is provided by point (f) of Article 6 (1) GDPR. Strictly necessary cookies enable basic features and are required for the proper functioning of the website. We have a legitimate interest in making the website as user-friendly as possible.

The following cookies placed by the website are considered to be so-called “strictly necessary cookies”:

Name of the cookie

Storage period for the cookie

fe_typo_user

End of browser session

usercentrics

3 years

Google Ads Conversion:

We use the offer of Google Ads to draw attention to our attractive offers by means of advertising material (so-called Google Ads) on external websites. Based on the data of the advertising campaigns, we can determine how successful the individual advertising measures are. Our goal is to display advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

These advertising media are delivered by Google via so-called "Ad Servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the impression of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually expire after 30 days and are not meant to identify you personally. For this cookie, the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and the opt-out information (a mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not expired, Google and the customer can see that the user has clicked on the ad and has been redirected to this page. A different cookie is allocated to each Ads customer. Thus, cookies cannot be traced via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We are only provided with statistical evaluations from Google. On the basis of these evaluations, we can understand which of the advertising measures implemented are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify any users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you in accordance with our level of knowledge: Through Google Ads conversion tracking, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are signed in to a Google service, Google is able to attribute your visit to your account. Even if you have not signed or logged in to Google, your IP address might be obtained and stored by the provider.

You can prevent participation in this tracking procedure in different ways:

a) by adjusting the settings of your browser software, in particular by disabling any third-party cookies, which means that you will not receive any ads from third-party providers;

b) by disabling cookies for conversion tracking by setting your browser so that cookies from the domain "www.googleadservices.com are blocked, https://www.google.de/settings/ads, however, deleting your cookies will delete these settings;

c) by disabling the interest-related advertisements of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, however, deleting your cookies will delete these settings;

d) by permanently disabling in your browsers Firefox, the Internet Explorer, or Google Chrome via the link www.google.com/settings/ads/plugin. Please note that if you do so you may not be able to use all features of this offer.

(6) The legal basis for the processing of your data is provided by the consent given by you pursuant to point (a) of Art. 6 (1) GDPR. The transfer of personal data to parties outside the EU is based on your consent pursuant to point (a) of Art. 49 (1) GDPR. You can withdraw these consents at any time. For further information on Google’s privacy policy, click here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org

The following cookies placed by this website are associated with Google Ads Conversion:

Name of the cookie

Storage period for the cookie

_gat_gtag_UA_88659979_1

End of the session

IDE

A maximum of 90 days

9. Server Log Files

During your visit of this website, information that your browser automatically transmits to us is automatically stored in so-called server log files. They shall include

  • The IP address
  • The date and time of the request
  • The time zone difference to Greenwich Mean Time (GMT)
  • The content of the request (specific page)
  • The access status/HTTP Status Code
  • The amount of data transmitted in each case
  • The website from which the request comes
  • The browser
  • The operating system and its user interface
  • The language and version of the browser software.

This data cannot be easily related to specific persons. This data will not be merged with other data sources. We reserve the right to check this data subsequently if there are concrete indications of any illegal use.

 The legal basis for the processing of your data is provided by point (f) of Article 6 (1) GDPR. Our legitimate interest results from the data processing purposes listed above. This data shall not be transmitted to external parties. The data will be stored for a period of 365 days.

10. Analytics

Purpose of the Processing/Legal Basis

This website uses features of the web analysis service Google Analytics. Google Analytics uses so-called “cookies”. These are text files placed on your computer allowing us to analyze how you use the website. The data processing is mainly carried out by Google. The information generated by the cookies about your use of this website is usually transmitted to and stored by a Google server in the USA. Both Google and the state authorities in the USA have access to this data. However, if IP anonymization is enabled on this website, within EU Member States or in other member states of the European Economic Area, Google will shorten your IP address before transmitting it. Your full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities and providing other services for the website operator relating to the use of the website and the internet. The IP address transmitted by your browser as part of the processing carried out by Google Analytics will be linked to other data about you, such as search history, personal accounts, usage data from other devices and all other data that Google has about you.

The legal basis for the use of Google Analytics is provided by the consent given by you pursuant to point (a) of Art. 6 (1) GDPR. The transfer of personal data to parties outside the EU is based on your consent pursuant to point (a) of Art. 49 (1) GDPR. You can withdraw these consent at any time.

For further information on the terms of use and the privacy policy, click here: http://www.google.com/analytics/terms/de.html or here: https://www.google.de/intl/de/policies/. On this website, Google Analytics was extended by the code „gat._anonymizeIp();“ to ensure the anonymous collection of IP addresses (so-called IP masking).

The following cookies placed by this website are associated with Google Analytics:

Name of the cookie

Storage period for the cookie

_gat_gtag_UA_88659979_1

End of the session

_ga

2 years

_gid

End of the session

Recipients/Categories of Recipients: The provider is Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. 

Storage Period/Criteria for Determining the Storage Period:

We store user and event data for a period of 24 months.

11. YouTube Videos

We embed YouTube videos on some subpages of our website.

Calling up these subpages leads to a reloading of YouTube content. During this process, YouTube also receives your IP address that is technically necessary to retrieve the content. We have generally no influence on the further data processing by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043. However, when embedding the videos, we made sure to enable the Privacy-Enhanced Mode offered by YouTube. The use of YouTube and the related transmission of your IP address is based on the consent granted by you pursuant to point (a) of Art. 6 (1) GDPR. The transfer of personal data to parties outside the EU is based on your consent pursuant to point (a) of Art. 49 (1) GDPR. For further information on the treatment of user data, please see the YouTube privacy policy at: https://policies.google.com/privacy?hl=de&gl=de.

Please note: When you play a YouTube video on our website, this shall be considered consent in the sense described above, even if you have not given consent before in Consent Management.

The following cookies placed by this website are associated with YouTube:

Name of the cookie

Storage period for the cookie

NID

6 months

12. Google Maps

We use Google Maps to display maps and to create directions. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you use the map from Google Maps, e.g. by clicking on our locations listed there, we do not collect any data from you. However, as far as we know, information about your use of Google Maps (in particular the IP address of your computer) can be transmitted to a Google LLC server in the USA and stored there. The processing of personal data while using your IP address is based on the consent granted by you pursuant to point (a) of Art. 6 (1) GDPR. The transfer of personal data to parties outside the EU is based on your consent pursuant to point (a) of Art. 49 (1) GDPR. You can withdraw these consents at any time. We have no influence on the further processing of the data by Google LCC.
Please, read also the terms of use of Google Maps if you want to use the service. Please, read the terms of use for Google Maps at: http://www.google.com/intl/de_de/help/terms_maps.html.

Detailed information on Google's privacy policy can also be found at: http://www.google.de/intl/de/policies/privacy/.
If you do not agree with the data processing by Google LLC, please refrain from using the map or disable the JavaScript function in your browser to get a limited view only.

The following cookies placed by this website are associated with Google Maps:

Name of the cookie

Storage period for the cookie

NID

6 months

13. File Sharing

Purpose of the Data Processing/Legal Basis:

You have the possibility to exchange files with us via a file sharing tool operated by us. An end2end encryption is used during the transmission. So, the data is encrypted on the sending client. It is decrypted for the recipient directly on its client. The exchange requires the receipt of a link by you. If the password function is used, the password must be transmitted via a secure channel (e.g. telephone). The legal basis for the processing of the data is provided by point (f) of Article 6 (1) GDPR. We have a legitimate interest in the provision of the file sharing tool.

Recipients/Categories of Recipients:

For the operation of the tool, we use another DATAGROUP company as the service provider. This service provider was carefully selected and audited by us and contractually obligated pursuant to Art. 28 GDPR. Due to the encryption of the data to be exchanged, this other company has no possibility to access the data.

Storage Period/Criteria for Determining the Storage Period:

We have configured the tool in a manner so that the generated link is valid for a maximum of 2 days. During this time, the data must be retrieved or they will be deleted and have to be uploaded again.

14. Microsoft Teams

General information:

If you are participating in an online meeting as an external participant, you will receive an email containing an access link from the host of the meeting. When you register for the online meeting, you will need to provide your name and possibly your email address.

If there is any data in accordance with Art. 9 GDPR that you do not want to share with us via Microsoft Teams, we will ask you to black out or otherwise make such data illegible/unrecognizable.

Microsoft Teams is a Microsoft Corporation service. You can find more information on how your data is processed when using Teams at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer.

The DATAGROUP company whose employee sent you the invitation link shall be responsible for collecting and processing your personal data in connection with the use of Microsoft Teams. For the contact details, please refer to this data protection statement or the e-mail signature of the invitation.

Purposes/Legal basis of the data processing:

We use the tool Microsoft Teams to conduct online meetings, video conferences and/or webinars, and in some cases to also exchange documents with meeting participants.

The legal basis for the data processing in relation to contact persons at external places is provided by point (f) of Art.°6 (1) GDPR. We are interested in an improved organization and communication with our contact partners and in the reduction of tools we have used so far. To the extent that our contact partner is a direct contractual partner and a natural person, the legal basis is provided by point (b) of Art. 6 (1) GDPR.

If special categories of personal data as defined by Art. 9 (1) GDPR are processed, for example, within documents that have been provided, the legal basis is provided by point (a) of Art. 9 (2) GDPR. You expressly give your consent to this.

Furthermore, in accordance with point (a) of Art. 49 (1) GDPR, you expressly give your consent that in certain circumstances data can also be transferred to places outside the EU/EEA where there is no comparable level of data protection as defined by the GDPR. You are aware of the associated risks, such as the lack of an enforcement of rights of the data subjects and the potential access to such data by official authorities.

You can withdraw these consents at any time with effect for the future.In the event of a withdrawal, the documents will be deleted from Microsoft Teams.

Recipients/Forwarding of data:

Personal data processed in connection with the storage of documents in Microsoft Teams shall generally not be forwarded to any third parties, unless they are expressly meant to be forwarded. Please note that contents from any stored documents and from personal meetings frequently serve the specific purpose of communicating information to customers, interested parties or third parties and are therefore meant to be forwarded. Additional recipients: The above-mentioned data will be necessarily disclosed to Microsoft Teams to the extent that this is provided for in our data processing agreement with Microsoft Teams.

Data processing outside the European Union:

Outside the European Union (EU), no data processing will be carried out as a matter of principle, because we have restricted our storage location to data centers within the European Union. However, we cannot rule out that the routing of data is conducted via internet servers located outside the EU or the EEA. In some countries, there is the risk that government authorities access the data for security and surveillance purposes without you being informed about this or being able to file an appeal. We have agreed upon EU standard contractual clauses with the provider of Microsoft Teams.

You are not obligated to communicate with us via Microsoft Teams. If you wish, communication can take place via other means (such as email or telephone, for instance).

Storage Period/Criteria for Determining the Storage Period:

We generally delete any personal data when a continued storage is not required. Such requirement can occur, in particular if the data are still needed to fulfill contractual obligations, or to examine and, where necessary, grant or refuse warranty and, where applicable, guarantee claims. In the event of legal retention periods, erasure can only be considered after the respective legal retention period has expired.

To the extent that it is relevant - Special information on recordings in Microsoft Teams:

We would like to make digital audio and visual recordings of the meeting ("recordings") for their use in the context of our DATAGROUP Academy and in webinars for external parties/customers or for other purposes communicated in individual cases. The topic will be clear from the subject of the invitation. The recording will be stored digitally by the host of the meeting. This may include audio recordings, video recordings, and public chat content of the participants of the meeting. (“Details”).

The digital recordings will be made available to the participants of the meeting and on DATAPEDIA, our Intranet, for information and training purposes. All DATAGROUP companies (recipients) have access to DATAPEDIA.

The legal basis for the processing of your data is provided by the consent given by you pursuant to point (a) of Art. 6 (1) and point (a) of Art. 9 (2) GDPR. You can withdraw such consent with effect for the future. The provision of your data is neither contractually stipulated nor prescribed by law. Failure to give your consent or the withdrawal thereof will not affect your contractual relationship with us. The notice of withdrawal is to be addressed to the company communications: marketing@datagroup.de. The recordings will be deleted immediately with the discontinuation of the stated purpose after the expiry of the period stated in the invitation, unless you have already withdrawn this consent before. Personal data may be transferred to third countries under certain circumstances; this is done on the basis of standard contractual clauses.

15. Your Rights as a Data Subject

Pursuant to Art. 15 (1) GDPR, you shall have the right to request information free of charge about the personal data stored by Mercoline.

If the legal requirements are met, you shall also have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of the processing (Art. 18 GDPR) of your personal data.

Where data processing is based on points (e) or (f) of Art. 6 (1) GDPR, you shall have the right to object pursuant to Art. 21 GDPR. If you object to data processing, such processing will not be carried out in the future, unless the controller can demonstrate compelling legitimate grounds for the further processing which override the interest of the data subject in objecting.

If you yourself have provided the processed data, you have a right to data transmission pursuant to Art. 20 GDPR.

Where the data processing is based on a consent given pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR, you can withdraw the consent at any time with effect for the future, without affecting the lawfulness of processing in the past.

Please contact the data protection officer in writing or by e-mail in the cases mentioned above, in the case of any open questions or complaints.

Furthermore, you shall have the right to file a complaint with a data protection supervisory authority. The data protection supervisory authority of the German Federal Land in which you live or in which the controller is based shall be responsible.

When joint parties are responsible for data processing, you will receive the relevant information from the party with which you are seeking out or participating in a business relationship.

16. No Obligation to Provide Personal Data

Unless otherwise stated in the previous sections, the provision of personal data is not stipulated by law or contract or necessary for the conclusion of a contract. You are not obligated to provide the personal data unless otherwise stated before. Failure to provide your personal data might result in us being unable to answer your contact request or you being unable to participate in the application process or attend an event.

17. Data Protection Officer

Our company data protection officer will be happy to provide you with the information or suggestions on the subject of data protection:

Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Wörthstraße 15
97082 Würzburg
office@datenschutz-sued.de

 

18. Data Protection Statement for Social Media Web Pages

Hereinafter, we would like to inform you about how we treat your data pursuant to Art. 14 of the General Data Protection Regulation (GDPR).

Controller

We, as Mercoline GmbH, operate the following Social Media Web Pages/Sites:

You will find our contact details in our corporate info.

Apart from us, there is also the operator of the Social Media Platform itself. In this respect, the operator is also another controller who carries out data processing on which we have only limited influence. Where we can influence and parameterize the data processing, we will, within the scope of the possibilities available to us, work towards ensuring that the operator of the social media platform treats the data in a manner that is accordance with the data protection law. However, there are many points where we cannot influence the data processing by the operator of the social media platform and we do not know exactly which data is processed by the operator. The operator will inform you about this in its respective data protection declaration.

Data Processing by us

The data you enter on our social media pages such as comments, videos, pictures, likes, public messages etc. are published by the social media platform and will not be used or processed by us at any time for other purposes. We only reserve the right to delete content if this should be necessary. We may share your content on our site if this is a feature of the social media platform and communicate with you via the social media platform. The legal basis is provided by point (f) of sentence Article 6 (1) GDPR. The data will be processed in the interest of our public relations and communication.

On our Facebook Page, we use the feature Page Insights.  Page Insights provides summarized data that help us to understand how people interact with our Facebook Page.  Page Insights can be based on personal data that was collected when people visited or interacted with our Facebook Page and its contents. The legal basis is provided by point (f) of sentence Article 6 (1) GDPR. The data will be processed in the interest of our public relations and communication.

If you would like to object to a certain data processing on which we have an influence, please contact us by using the contact details given in the corporate info. We will then check your objection or, if required, forward it to the social media platform.

If you send us an inquiry via the social media platform, we might also refer you to other, secure communication channels that guarantee confidentiality. Such reference shall depend on the type of the answer that is required. You always have the possibility to send us confidential inquiries to our address specified in the corporate info.

As already mentioned, we ensure the highest possible conformity of our social media pages to the data protection regulations where the provider of the social media platform gives us the opportunity to do so. In particular, we do not use any demographic, interest-, behavioral- or location-based target group definitions for advertising that the operator of the social media platform might provide us with. In general, we do not use the social media platform for advertising purposes. With regard to statistics provided to us by the social media platform provider, we can only influence them to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

Data Processing by the Operator of the Social Media Platform

The operator of the Social Media Platform uses web tracking methods. The web tracking can also be carried out independently of whether you are signed up for or registered with the social media platform. As already described, we, unfortunately, have hardly any influence on the web tracking methods of the social media platform. For example, we cannot switch them off.

Please be aware of the following: It cannot be excluded that the provider of the social media platform uses your profile and behavioral data to evaluate your habits, personal relationships, preferences, etc. In this respect, we have no influence on the processing of your data carried out by the provider of the social media platform.

Further information on the data processing carried out by the provider of the social media platform and other possibilities to object can be found in the provider's data policy/data privacy statement:

In cases where we together with the social media platform are responsible for the processing, you will find the essential contents of the joint processing of your data here:

Facebook: [https://www.facebook.com/legal/terms/page_controller_addendum]

Your Rights as a User

When your personal data is processed, you as the website user have the following rights pursuant to GDPR:

1.) Right of Access to Personal Data (Art. 15 GDPR):

You shall have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, you shall have the right of access to such personal data and the information listed in Art. 15 GDPR in detail:

2.) Right to Rectification and Erasure (Art. 16 and 17 GDPR):

You shall have the right to obtain the rectification of inaccurate personal data concerning you without undue delay and, if necessary, to have incomplete personal data completed.

You shall also have the right to obtain the erasure of any personal data concerning you without undue delay where one of the following grounds stipulated in detail in Art. 17 GDPR applies, e.g. where the data is no longer necessary for the intended purposes.

3.) Right to Restriction of Processing (Art. 18 GDPR):

You shall have the right to obtain the restriction of processing where one of the requirements as specified in Art. 18 GDPR applies, e.g. if you have objected to the processing for the time of any verification.

4.) Right to Data Portability (Art. 20 GDPR):

In certain cases, as specified in detail in Art. 20 GDPR, you shall have the right to receive any personal data concerning you in a structured, commonly used and machine-readable format, or to request the transmission of such data to a third party.

5.) Right to Object (Art. 21 GDPR):

If personal data are collected on the basis of point (f) of Art. 6 (1) (data processing for the protection of legitimate interests), you shall have the right to object to their processing at any time on grounds relating to your particular situation. We shall no longer process the personal data unless there are provable compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or the processing serves the establishment, exercise, or defense of legal claims.

The Right to Lodge a Complaint with a Supervisory Authority

Pursuant to Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data concerning you infringes any provisions of the data protection law. The right can be exercised by lodging a complaint with a supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.