Data Protection

Purpose of the Data Processing/Legal Basis:

We will, of course, treat any personal information that you provide us with by e-mail, telephone, post, or via a contact form as confidential. We will exclusively use your data for the purpose of processing your request. The legal basis for the processing of your data is provided by point (f) of Article 6 (1) GDPR [German Data Protection Regulation]. The respective legitimate interest on the part of Mercoline results from our interest to respond to requests of our customers, business partners, and interested parties and, thus, maintain and improve customer satisfaction.

We use telephony features of Microsoft Teams. The explanations regarding Teams in this data protection statement shall apply accordingly to the telephony features.

Recipients/Categories of Recipients:

We generally exclude any transfer of the data to third parties outside of Mercoline. By way of exception, data shall be processed by processors on our behalf. These processors will be carefully selected in each case, audited by us and contractually obligated pursuant to Art. 28 GDPR.

Furthermore, it may be necessary to pass on requests to other companies within the group of companies DATAGROUP to the extent that this is necessary for their processing.

Storage Period/Criteria for Determining the Storage Period:

All personal data sent by you within the framework of requests will be deleted or securely rendered anonymous by us no later than 90 days after the final response to you. The 90-day retention period results from the fact that it may happen from time to time that you need to be able to contact us again on the same matter after a reply and refer to the previous correspondence. Experience has shown that, as a rule, we do not receive any further inquiries regarding our answers after 90 days.

Voice messages on answering machines remain stored until the called party deletes them.

Purpose of the Data Processing/Legal Basis:

We process the contact details of contact persons of customers, interested parties, suppliers and other business partners for communication by e-mail, telephone, fax, and mail. The legal basis for the processing of the data is provided by point (f) of Article 6 (1) GDPR. The respective legitimate interest on the part of Mercoline results from our interest to conduct or establish business relations with customers, interested parties, suppliers, and other business partners and to maintain personal contact with contact persons.

Recipients/Categories of Recipients:

We generally exclude any transfer of the data to third parties outside of Mercoline. Within Mercoline, your data will be passed on, inter alia, for conducting or establishing business relations. By way of exception, data shall be processed by processors on our behalf. These processors will be carefully selected in each case, audited by us and contractually obligated pursuant to Art. 28 GDPR.

Storage Period/Criteria for Determining the Storage Period:

Personal data will be stored for the purpose of conducting business relations as long as a respective legitimate interest exists.

Purpose of the Data Processing/Legal Basis:

You can subscribe to our newsletter through various channels (this website, at trade fairs). The legal basis for the data processing within the framework of sending newsletters is your consent pursuant to point (a) of Art. 6 (1) GDPR and section 7 (2) UWG (Law against unfair competition). The purpose of the data processing within the framework of the Mercoline newsletter subscription is to provide newsletter subscribers with information about Mercoline offers, promotions, products, events, and services.

If you sign up for the cost-free Mercoline newsletter, we need your e-mail address as mandatory information. If you voluntarily provide additional personal information during the subscription process (last name, first name, company, position, and choice of topic), we will only use this data for target group analysis and internal evaluation purposes.

After sending the subscription form you will receive an e-mail from us with a confirmation link. If you click on the link contained in the e-mail, you are subscribed to the newsletter. This will be communicated to you by another e-mail. By confirming your subscription, you confirm your consent to the processing of your e-mail address and your optional details for the purposes stated herein. For the purpose of subsequent evidence, we will save the time and the IP address used during the newsletter subscription process.

You can declare your revocation by clicking on the link provided in every newsletter e-mail, through the use of this form of the website, by sending an e-mail to kontakt@mercoline.de or by sending a message to the contact details given in the corporate info.

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons, also known as tracking pixels. These are single-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in Section 8 and the web beacons with your e-mail address and an individual ID. With the data obtained in this way, we create a user profile to customize the newsletter in accordance with your individual interests. While doing so, we record when you read our newsletters, which links you click on in them and draw conclusions regarding your personal interests. We link this data to your activities on our website. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via other contact channels. The information will be stored for as long as you have subscribed to the newsletter. After you have unsubscribed from the newsletter, we will store the data anonymously and merely for statistical purposes. The legal basis for such data processing is the consent given by you during the newsletter subscription process.

Recipients/Categories of Recipients:

We generally exclude any transfer of the data to third parties outside of Mercoline. The service provider CleverReach GmbH & Co. KG was assigned by us to send the newsletter. This service provider was carefully selected and audited by us and contractually obligated pursuant to Art. 28 GDPR.

Storage Period/Criteria for Determining the Storage Period:

If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. If you withdraw your consent to receive the Mercoline newsletter, the data collected for this purpose will be deleted immediately, unless it is also required for another purpose.

Purpose of the Data Processing/Legal Basis

We use personal data for marketing purposes, including but not limited to advertisements by e-mail, telephone, and mail. The purpose of the data processing within the framework of marketing measures is to provide the data subjects with information about Mercoline’s products and services. The legal basis for sending advertisements by mail is provided by point (f) of Art. 6 (1) GDPR. The respective legitimate interest on the part of Mercoline results from the interest to send information about products and services to customers and interested parties. As a general rule, the legal basis for marketing measures conducted by e-mail or telephone is the consent given by you. For marketing measure aimed at existing customers, section 7 UWG might be also applicable.

You can object to the receipt of advertisements at any time with effect for the future by sending a message to kontakt@mercoline.de.

If you declare an objection to advertising, we will store your data in an advertising ban file based on point (f) of Art. 6 (1) GDPR. The respective legitimate interest on the part of Mercoline results from the interest to ensure the compliance with the objection that was declared.

Recipients/Categories of Recipients:

Your data will, on principle, not be passed on to external parties. If external processors are engaged for sending the advertisements, they are contractually obligated in accordance with Art. 28 GDPR and have been checked accordingly to ensure that suitable organizational and technical security measures are in place. Your data can be passed on to other companies within the DATAGROUP for marketing purposes.

Storage Period/Criteria for Determining the Storage Period:
If you object to the receipt of advertisements, your data will be blocked immediately and then erased, unless they are not stored for other purposes, too.

Purpose of data processing/legal basis:

When applications are received, data is collected that is required to carry out the application process and to initiate an employment relationship. In addition, data associated with the use of the applicant management system is also collected, so-called usage data. Usage data is data that is required to operate our websites, such as information about the start, end and scope of use of our website, including login data. This processing complies with the provisions of data protection and telemedia law.

As part of the application process and/or the use of the system, processing activities may also take place that are carried out either on the basis of legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR or on the basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR. Processing activities for which there is a legal obligation to process or a public interest, Art. 6 para. 1 lit. c) and e) GDPR, such as in the context of criminal prosecution or investigation by state authorities, also come into consideration. You can determine and control the scope of processing yourself through individual settings in your web browser, the configuration of the corresponding cookie settings and your user behaviour.

Visiting the website

For operational and maintenance purposes and in accordance with the provisions of telemedia law, interaction is recorded ("system logs"), which are necessary for the operation of the career portal or are processed for system security purposes, for example to analyse attack patterns or illegal usage behaviour ("evidence function"). Your internet browser automatically transmits the following data when you access the career portal:

• Date and time of access,
• Browser type and version,
• operating system used,
• Amount of data sent.
• IP address of the access

This data is not used for direct allocation in the context of applicant management and is deleted again after 52 days in accordance with the legitimate retention periods, unless longer retention is required for legal or factual reasons, such as for evidence purposes. In individual cases, storage for the aforementioned purposes may be considered. The legal basis is Art. 6 para. 1 lit. f) GDPR and telemedia law.

Session cookies

We store so-called "cookies" in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. "Cookies" are small files that are stored on your computer with the help of your internet browser. If you do not wish cookies to be used, you can prevent them from being stored on your computer by making the appropriate settings in your Internet browser. Please note that the functionality and range of functions of our website may be restricted as a result.

We set the JSESSIONID cookie on the careers page as a technically necessary session cookie. This stores a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. This session cookie is deleted when you log out or close the browser. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR and § 25 para. 2 no. 2 TTDSG.

Application process

As part of the application process, you can set up and manage an account in the career portal after configuring your user name and password. In addition to the individual application, you can use further options in the softgarden applicant management system and make your individual settings (e.g. inclusion in a talent pool).

For an efficient and promising application, you can provide the following information as part of your application to us:

• Contact details (address, telephone number)
• CV data e.g. school education, vocational training, work experience, language skills
• Profiles in social networks (e.g. XING, LinkedIn, Facebook)
• Documents in connection with applications (application photos, cover letters, certificates, references, work samples, etc.)

The legal basis for processing for the purposes of carrying out the application process and initiating an employment relationship is Section 26 (1) sentence 1 BDSG and Art. 6 (1) (b) GDPR. In addition, the use of the applicant management system by the controller is in the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. If consent within the meaning of Art. 6 para. 1 lit. a) is required for a specific processing activity, this will be obtained separately and transparently from you by the controller, unless it results from conclusive and voluntary behaviour on your part in accordance with the transparency requirement, such as voluntary participation in a video interview.

Joint recruiting process

If two or more companies carry out a joint recruiting process, the companies involved are joint controllers under data protection law. In these cases, the data protection rights of the applicants can be asserted at both companies involved. The legal basis for the transfer of applicant data between the participating companies is Art. 6 para. 1 lit. b) GDPR.

Feedback module

In addition to your application, we may ask you to submit your feedback after an interview and 3 months after your recruitment. We will send you an invitation link that will take you to the rating system to submit your feedback. The purpose of the processing is to further develop and optimise our recruiting and application processes as well as the company image. The following data is processed automatically for this purpose

• Contact details (name, e-mail)
• Position title of the job for which you have applied
• Location of the position
• Job category
• Applicant identifier

The feedback itself is anonymised and stored in the database. No personal reference is made. In addition to a star rating for individual questions, you have the opportunity to leave comments here. We expressly ask you not to leave any personal data in the comments. The information collected in this way can be displayed together with your feedback on our review page or transmitted to external partners such as kununu. Participation is purely voluntary and only takes place with your consent, without which the submission of feedback is not possible. The legal basis is Art. 6 para. 1 lit. a) GDPR.

Subscription to job adverts "Job subscription"

To be informed about new job vacancies, you can subscribe to the job newsletter or have suitable vacancies displayed on our career board (RSS feed). You can define your subscription in more detail by specifying the desired job and location. Your e-mail address is also required for the subscription. The legal basis for this is your consent to receive the newsletter in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter (opt-out). No personal data is processed via the RSS feed itself to inform you about new job advertisements.

Talent pool

As part of your application or via the "Get in touch" button, you have the opportunity to recommend yourself for our talent pool. This processing is necessary in order to be automatically considered for further job advertisements, i.e. for similar or other suitable positions. If you register for the talent pool using the "Get in touch" button, the following information will be requested:

• Salutation, academic title (optional)
• First name, surname, email address
• Job fields of interest
• Current career level
• Preferred location(s)
• XING profile or CV

Inclusion in the talent pool is completely voluntary with your consent and by using an opt-in link. The legal basis is Art. 6 para. 1 lit. a) GDPR. Your data will remain in the talent pool for 24 months. After this period has expired, we will ask you whether you wish to consent to your data being stored for a further 24 months. If you do not give your consent, your data will be deleted from the talent pool after 2 weeks.

Employee recruitment campaign

If you have been recruited as an applicant by an active employee of the DATAGROUP Group and you are hired, the employee who recruited you will be informed about the hiring and will receive a bonus. The recruiting employee may also be employed by another company. If necessary, this other company will also be informed of your recruitment. The legal basis for this data processing is § 26 para. 1 sentence 1 BDSG or Art. 6 para. 1 lit. b) GDPR, as the information is required in the context of the performance of the employment relationship of the recruiter.

Recipients/categories of recipients:

Your data will not be passed on to unauthorised third parties as part of applicant management and will only be processed for the purposes stated in this privacy policy. Inspection by internal departments and specialist managers of the controller is in the legitimate interest, insofar as knowledge of the information from the application process is required and permitted for the selection of applicants or internal administrative purposes of the company. For this purpose, your data may be forwarded by e-mail or within the management system to third parties in the company (including works councils) and group companies. The legal basis may be § 26 para. 1 BDSG, Art. 6 para. 1 lit. b), Art. 6 para. 1 lit. f) and a) GDPR.

softgarden e-Recruiting GmbH

We use an applicant management system from softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin (contact: datenschutz@softgarden.de), which operates the applicant management system as a processor within the meaning of Art. 4 No. 8 GDPR. A contract for order processing in accordance with Art. 28 GDPR has been concluded with the provider, which ensures compliance with data protection regulations. We remain your first point of contact for exercising your data subject rights and handling the application process.

Cloudflare:

We use the service of the ISO 27001-certified provider Cloudflare Inc, 101 Townsend St, San Francisco, USA or its subsidiary Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany ("Cloudflare") to increase the security of our recruiting platform, in particular to protect against DDoS attacks, and to improve the speed of delivery. Cloudflare provides a network of servers capable of delivering optimised content to the end user and intercepting virus-laden traffic.

The services provided by Cloudflare include the product "Data Localisation Suite" with the components "Regional Services" and "Metadata Boundary for Customers". Both components ensure that the transfer of personal data when using our platform takes place exclusively within the EU.

The "Regional Services" ensure that the customer content traffic, in this case the end customer traffic, is securely transferred to Cloudflare PoPs within the region we have selected and is checked within a Point of Presence (PoP) in this defined region.

We have chosen Germany as the selected region, so all traffic is checked exclusively on servers in Germany. Metadata Boundary ensures that Cloudflare does not transmit any customer logs originating from the services used outside the European Union.

The personal data processed by Cloudflare includes all content transmitted by our applicants, i.e. beyond the IP address, all files (application documents) and multimedia images, graphics, audio or video, as well as any interaction of their browser with our system.

Cloudflare sets technically necessary cookies, which are necessary for security purposes and for the secure provision of the service, § 25 para. 2 no. 2 TDDDG.

Your personal data will be stored by Cloudflare for as long as is necessary for the purposes described, usually 124 calendar days.

Storage period/criteria for determining the storage period:

Your data will be stored for the duration of the application process and in accordance with the legitimate probationary periods after completion of the application process. In the event of a rejection, the data will be kept for 4 months. After the retention period has expired, the data will be completely anonymised. The processing of anonymised data records is not subject to the material scope of the data protection regulations, so that for statistical and

anonymised data may be processed for statistical and analytical purposes, for the creation of market studies or for product development.

Purpose of the Data Processing/Legal Basis

If you would like to book seminars or register for events via our website, we need the information that is marked as mandatory in the booking screen. The input fields that are not marked can be filled out optionally. As part of the booking process, you will receive an e-mail from us to confirm your registration. The booking process will only be completed after you have activated the link contained in this e-mail. Your booking data will be processed by us for the execution of the booking process and the seminar or for the registration for events. The legal basis for such processing of your data is provided by point (b) of Article 6 (1) GDPR.

If you give us your consent to do so, we will also use your details to send you marketing information about the respective seminar/event by e-mail, mail, or telephone after the seminar/the event. You can withdraw the consent at any time with effect for the future by clicking on the respective unsubscribe link in one of the e-mails or send an e-mail to [kontakt@mercoline.de]. The legal basis for the data processing within the framework of sending information is your consent pursuant to point (a) of Art. 6 (1) GDPR and section 7 (2) UWG.

Recipients/Categories of Recipients:

We pass on the names of those who register for a seminar on our homepage in part to our training partner who conducts the training. The training partner needs these data for the organizational processing of its training courses and then reports the data to the examination institute.  There, the data is stored in a database, from which the examination form and the final certificate will be generated. Data of applicants for events will not be passed on.

Storage Period/Criteria for Determining the Storage Period:

We will store the data of participants in any seminars and events to the extent that this is required for the duration of the statutory retention obligations. After this period and for the rest, the data shall, on principle, be erased. If you have given your consent to receive information, we will store your data for this purpose until you withdraw this consent.

General information:

This website uses the following types of cookies, the scope and functionality of which are explained hereinafter:

• Transient cookies (see a),
• Persistent cookies (see b).

a) Transient cookies are automatically deleted when you close your browser. They include without limitation session cookies. Such session cookies store a so-called session ID, with which different requests of your browser can be attributed to a specific session. Thus, your computer can be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

b) Persistent cookies are automatically deleted after a given period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

You can configure your browser settings in accordance with your wishes and, for example, reject any third-party cookies or all cookies. Please note that you may not be able to use all features of this website.

We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would need to log in each time you visit our website.

You can change your cookie settings here: Enabling/disabling cookies

The legal basis for the processing of your data by so called “strictly necessary cookies” is provided by point (f) of Article 6 (1) GDPR. Strictly necessary cookies enable basic features and are required for the proper functioning of the website. We have a legitimate interest in making the website as user-friendly as possible.

The following cookies placed by the website are considered to be so-called “strictly necessary cookies”:

Google Ads Conversion:

We use the offer of Google Ads to draw attention to our attractive offers by means of advertising material (so-called Google Ads) on external websites. Based on the data of the advertising campaigns, we can determine how successful the individual advertising measures are. Our goal is to display advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

These advertising media are delivered by Google via so-called "Ad Servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the impression of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually expire after 30 days and are not meant to identify you personally. For this cookie, the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and the opt-out information (a mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not expired, Google and the customer can see that the user has clicked on the ad and has been redirected to this page. A different cookie is allocated to each Ads customer. Thus, cookies cannot be traced via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We are only provided with statistical evaluations from Google. On the basis of these evaluations, we can understand which of the advertising measures implemented are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify any users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you in accordance with our level of knowledge: Through Google Ads conversion tracking, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are signed in to a Google service, Google is able to attribute your visit to your account. Even if you have not signed or logged in to Google, your IP address might be obtained and stored by the provider.

You can prevent participation in this tracking procedure in different ways:

a) by adjusting the settings of your browser software, in particular by disabling any third-party cookies, which means that you will not receive any ads from third-party providers;

b) by disabling cookies for conversion tracking by setting your browser so that cookies from the domain "www.googleadservices.com are blocked, https://www.google.de/settings/ads, however, deleting your cookies will delete these settings;

c) by disabling the interest-related advertisements of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, however, deleting your cookies will delete these settings;

d) by permanently disabling in your browsers Firefox, the Internet Explorer, or Google Chrome via the link www.google.com/settings/ads/plugin. Please note that if you do so you may not be able to use all features of this offer.

(6) The legal basis for the processing of your data is provided by the consent given by you pursuant to point (a) of Art. 6 (1) GDPR. The transfer of personal data to parties outside the EU is based on your consent pursuant to point (a) of Art. 49 (1) GDPR. You can withdraw these consents at any time. For further information on Google’s privacy policy, click here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. 

The following cookies placed by this website are associated with Google Ads Conversion:

During your visit of this website, information that your browser automatically transmits to us is automatically stored in so-called server log files. They shall include

• The IP address
• The date and time of the request
• The time zone difference to Greenwich Mean Time (GMT)
• The content of the request (specific page)
• The access status/HTTP Status Code
• The amount of data transmitted in each case
• The website from which the request comes
• The browser
• The operating system and its user interface
• The language and version of the browser software.

This data cannot be easily related to specific persons. This data will not be merged with other data sources. We reserve the right to check this data subsequently if there are concrete indications of any illegal use.

 The legal basis for the processing of your data is provided by point (f) of Article 6 (1) GDPR. Our legitimate interest results from the data processing purposes listed above. This data shall not be transmitted to external parties. The data will be stored for a period of 365 days.

Purpose of the Processing/Legal Basis

This website uses features of the web analysis service Google Analytics. Google Analytics uses so-called “cookies”. These are text files placed on your computer allowing us to analyze how you use the website. The data processing is mainly carried out by Google. The information generated by the cookies about your use of this website is usually transmitted to and stored by a Google server in the USA. Both Google and the state authorities in the USA have access to this data. However, if IP anonymization is enabled on this website, within EU Member States or in other member states of the European Economic Area, Google will shorten your IP address before transmitting it. Your full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities and providing other services for the website operator relating to the use of the website and the internet. The IP address transmitted by your browser as part of the processing carried out by Google Analytics will be linked to other data about you, such as search history, personal accounts, usage data from other devices and all other data that Google has about you.

The legal basis for the use of Google Analytics is provided by the consent given by you pursuant to point (a) of Art. 6 (1) GDPR. The transfer of personal data to parties outside the EU is based on your consent pursuant to point (a) of Art. 49 (1) GDPR. You can withdraw these consent at any time.

For further information on the terms of use and the privacy policy, click here: http://www.google.com/analytics/terms/de.html or here: https://www.google.de/intl/de/policies/. On this website, Google Analytics was extended by the code „gat._anonymizeIp();“ to ensure the anonymous collection of IP addresses (so-called IP masking).

The following cookies placed by this website are associated with Google Analytics:

Recipients/Categories of Recipients: The provider is Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. 

Storage Period/Criteria for Determining the Storage Period:

We store user and event data for a period of 24 months.

We embed YouTube videos on some subpages of our website.

Calling up these subpages leads to a reloading of YouTube content. During this process, YouTube also receives your IP address that is technically necessary to retrieve the content. We have generally no influence on the further data processing by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043. However, when embedding the videos, we made sure to enable the Privacy-Enhanced Mode offered by YouTube. The use of YouTube and the related transmission of your IP address is based on the consent granted by you pursuant to point (a) of Art. 6 (1) GDPR. The transfer of personal data to parties outside the EU is based on your consent pursuant to point (a) of Art. 49 (1) GDPR. For further information on the treatment of user data, please see the YouTube privacy policy at: https://policies.google.com/privacy?hl=de&gl=de.

Please note: When you play a YouTube video on our website, this shall be considered consent in the sense described above, even if you have not given consent before in Consent Management.

The following cookies placed by this website are associated with YouTube:

We use Google Maps to display maps and to create directions. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you use the map from Google Maps, e.g. by clicking on our locations listed there, we do not collect any data from you. However, as far as we know, information about your use of Google Maps (in particular the IP address of your computer) can be transmitted to a Google LLC server in the USA and stored there. The processing of personal data while using your IP address is based on the consent granted by you pursuant to point (a) of Art. 6 (1) GDPR. The transfer of personal data to parties outside the EU is based on your consent pursuant to point (a) of Art. 49 (1) GDPR. You can withdraw these consents at any time. We have no influence on the further processing of the data by Google LCC.
Please, read also the terms of use of Google Maps if you want to use the service. Please, read the terms of use for Google Maps at: http://www.google.com/intl/de_de/help/terms_maps.html.

Detailed information on Google's privacy policy can also be found at: http://www.google.de/intl/de/policies/privacy/.
If you do not agree with the data processing by Google LLC, please refrain from using the map or disable the JavaScript function in your browser to get a limited view only.

The following cookies placed by this website are associated with Google Maps:

Purpose of the Data Processing/Legal Basis:

You have the possibility to exchange files with us via a file sharing tool operated by us. An end2end encryption is used during the transmission. So, the data is encrypted on the sending client. It is decrypted for the recipient directly on its client. The exchange requires the receipt of a link by you. If the password function is used, the password must be transmitted via a secure channel (e.g. telephone). The legal basis for the processing of the data is provided by point (f) of Article 6 (1) GDPR. We have a legitimate interest in the provision of the file sharing tool.

Recipients/Categories of Recipients:

For the operation of the tool, we use another DATAGROUP company as the service provider. This service provider was carefully selected and audited by us and contractually obligated pursuant to Art. 28 GDPR. Due to the encryption of the data to be exchanged, this other company has no possibility to access the data.

Storage Period/Criteria for Determining the Storage Period:

We have configured the tool in a manner so that the generated link is valid for a maximum of 2 days. During this time, the data must be retrieved or they will be deleted and have to be uploaded again.

General information:

If you are participating in an online meeting as an external participant, you will receive an email containing an access link from the host of the meeting. When you register for the online meeting, you will need to provide your name and possibly your email address.

If there is any data in accordance with Art. 9 GDPR that you do not want to share with us via Microsoft Teams, we will ask you to black out or otherwise make such data illegible/unrecognizable.

Microsoft Teams is a Microsoft Corporation service. You can find more information on how your data is processed when using Teams at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer.

The DATAGROUP company whose employee sent you the invitation link shall be responsible for collecting and processing your personal data in connection with the use of Microsoft Teams. For the contact details, please refer to this data protection statement or the e-mail signature of the invitation.

Purposes/Legal basis of the data processing:

We use the tool Microsoft Teams to conduct online meetings, video conferences and/or webinars, and in some cases to also exchange documents with meeting participants.

The legal basis for the data processing in relation to contact persons at external places is provided by point (f) of Art.°6 (1) GDPR. We are interested in an improved organization and communication with our contact partners and in the reduction of tools we have used so far. To the extent that our contact partner is a direct contractual partner and a natural person, the legal basis is provided by point (b) of Art. 6 (1) GDPR.

If special categories of personal data as defined by Art. 9 (1) GDPR are processed, for example, within documents that have been provided, the legal basis is provided by point (a) of Art. 9 (2) GDPR. You expressly give your consent to this.

Furthermore, in accordance with point (a) of Art. 49 (1) GDPR, you expressly give your consent that in certain circumstances data can also be transferred to places outside the EU/EEA where there is no comparable level of data protection as defined by the GDPR. You are aware of the associated risks, such as the lack of an enforcement of rights of the data subjects and the potential access to such data by official authorities.

You can withdraw these consents at any time with effect for the future.In the event of a withdrawal, the documents will be deleted from Microsoft Teams.

Recipients/Forwarding of data:

Personal data processed in connection with the storage of documents in Microsoft Teams shall generally not be forwarded to any third parties, unless they are expressly meant to be forwarded. Please note that contents from any stored documents and from personal meetings frequently serve the specific purpose of communicating information to customers, interested parties or third parties and are therefore meant to be forwarded. Additional recipients: The above-mentioned data will be necessarily disclosed to Microsoft Teams to the extent that this is provided for in our data processing agreement with Microsoft Teams.

Data processing outside the European Union:

Outside the European Union (EU), no data processing will be carried out as a matter of principle, because we have restricted our storage location to data centers within the European Union. However, we cannot rule out that the routing of data is conducted via internet servers located outside the EU or the EEA. In some countries, there is the risk that government authorities access the data for security and surveillance purposes without you being informed about this or being able to file an appeal. We have agreed upon EU standard contractual clauses with the provider of Microsoft Teams.

You are not obligated to communicate with us via Microsoft Teams. If you wish, communication can take place via other means (such as email or telephone, for instance).

Storage Period/Criteria for Determining the Storage Period:

We generally delete any personal data when a continued storage is not required. Such requirement can occur, in particular if the data are still needed to fulfill contractual obligations, or to examine and, where necessary, grant or refuse warranty and, where applicable, guarantee claims. In the event of legal retention periods, erasure can only be considered after the respective legal retention period has expired.

To the extent that it is relevant - Special information on recordings in Microsoft Teams:

We would like to make digital audio and visual recordings of the meeting ("recordings") for their use in the context of our DATAGROUP Academy and in webinars for external parties/customers or for other purposes communicated in individual cases. The topic will be clear from the subject of the invitation. The recording will be stored digitally by the host of the meeting. This may include audio recordings, video recordings, and public chat content of the participants of the meeting. (“Details”).

The digital recordings will be made available to the participants of the meeting and on DATAPEDIA, our Intranet, for information and training purposes. All DATAGROUP companies (recipients) have access to DATAPEDIA.

The legal basis for the processing of your data is provided by the consent given by you pursuant to point (a) of Art. 6 (1) and point (a) of Art. 9 (2) GDPR. You can withdraw such consent with effect for the future. The provision of your data is neither contractually stipulated nor prescribed by law. Failure to give your consent or the withdrawal thereof will not affect your contractual relationship with us. The notice of withdrawal is to be addressed to the company communications: marketing@datagroup.de. The recordings will be deleted immediately with the discontinuation of the stated purpose after the expiry of the period stated in the invitation, unless you have already withdrawn this consent before. Personal data may be transferred to third countries under certain circumstances; this is done on the basis of standard contractual clauses.

Pursuant to Art. 15 (1) GDPR, you shall have the right to request information free of charge about the personal data stored by Mercoline.

If the legal requirements are met, you shall also have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of the processing (Art. 18 GDPR) of your personal data.

Where data processing is based on points (e) or (f) of Art. 6 (1) GDPR, you shall have the right to object pursuant to Art. 21 GDPR. If you object to data processing, such processing will not be carried out in the future, unless the controller can demonstrate compelling legitimate grounds for the further processing which override the interest of the data subject in objecting.

If you yourself have provided the processed data, you have a right to data transmission pursuant to Art. 20 GDPR.

Where the data processing is based on a consent given pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR, you can withdraw the consent at any time with effect for the future, without affecting the lawfulness of processing in the past.

Please contact the data protection officer in writing or by e-mail in the cases mentioned above, in the case of any open questions or complaints.

Furthermore, you shall have the right to file a complaint with a data protection supervisory authority. The data protection supervisory authority of the German Federal Land in which you live or in which the controller is based shall be responsible.

When joint parties are responsible for data processing, you will receive the relevant information from the party with which you are seeking out or participating in a business relationship.

Unless otherwise stated in the previous sections, the provision of personal data is not stipulated by law or contract or necessary for the conclusion of a contract. You are not obligated to provide the personal data unless otherwise stated before. Failure to provide your personal data might result in us being unable to answer your contact request or you being unable to participate in the application process or attend an event.

Our company data protection officer will be happy to provide you with the information or suggestions on the subject of data protection:

Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Wörthstraße 15
97082 Würzburg
office@datenschutz-sued.de

Hereinafter, we would like to inform you about how we treat your data pursuant to Art. 14 of the General Data Protection Regulation (GDPR).

Controller

We, as Mercoline GmbH, operate the following Social Media Web Pages/Sites:

• Facebook: www.facebook.com/pg/mercoline
• YouTube: www.youtube.com/user/MercolineGmbH
• XING: www.xing.com/companies/mercolinegmbh
• kununu: www.kununu.com/de/mercoline2
• LinkedIn: www.linkedin.com/company/6952076/
• Twitter: twitter.com/_mercoline
• Instagram: https://www.instagram.com/mercoline_berlin/

You will find our contact details in our corporate info.

Apart from us, there is also the operator of the Social Media Platform itself. In this respect, the operator is also another controller who carries out data processing on which we have only limited influence. Where we can influence and parameterize the data processing, we will, within the scope of the possibilities available to us, work towards ensuring that the operator of the social media platform treats the data in a manner that is accordance with the data protection law. However, there are many points where we cannot influence the data processing by the operator of the social media platform and we do not know exactly which data is processed by the operator. The operator will inform you about this in its respective data protection declaration.

Data Processing by us

The data you enter on our social media pages such as comments, videos, pictures, likes, public messages etc. are published by the social media platform and will not be used or processed by us at any time for other purposes. We only reserve the right to delete content if this should be necessary. We may share your content on our site if this is a feature of the social media platform and communicate with you via the social media platform. The legal basis is provided by point (f) of sentence Article 6 (1) GDPR. The data will be processed in the interest of our public relations and communication.

On our Facebook Page, we use the feature Page Insights.  Page Insights provides summarized data that help us to understand how people interact with our Facebook Page.  Page Insights can be based on personal data that was collected when people visited or interacted with our Facebook Page and its contents. The legal basis is provided by point (f) of sentence Article 6 (1) GDPR. The data will be processed in the interest of our public relations and communication.

If you would like to object to a certain data processing on which we have an influence, please contact us by using the contact details given in the corporate info. We will then check your objection or, if required, forward it to the social media platform.

If you send us an inquiry via the social media platform, we might also refer you to other, secure communication channels that guarantee confidentiality. Such reference shall depend on the type of the answer that is required. You always have the possibility to send us confidential inquiries to our address specified in the corporate info.

As already mentioned, we ensure the highest possible conformity of our social media pages to the data protection regulations where the provider of the social media platform gives us the opportunity to do so. In particular, we do not use any demographic, interest-, behavioral- or location-based target group definitions for advertising that the operator of the social media platform might provide us with. In general, we do not use the social media platform for advertising purposes. With regard to statistics provided to us by the social media platform provider, we can only influence them to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

Data Processing by the Operator of the Social Media Platform

The operator of the Social Media Platform uses web tracking methods. The web tracking can also be carried out independently of whether you are signed up for or registered with the social media platform. As already described, we, unfortunately, have hardly any influence on the web tracking methods of the social media platform. For example, we cannot switch them off.

Please be aware of the following: It cannot be excluded that the provider of the social media platform uses your profile and behavioral data to evaluate your habits, personal relationships, preferences, etc. In this respect, we have no influence on the processing of your data carried out by the provider of the social media platform.

Further information on the data processing carried out by the provider of the social media platform and other possibilities to object can be found in the provider's data policy/data privacy statement:

• Facebook: www.facebook.com/policy.php
• YouTube: www.so-geht-youtube.de/datenschutzerklaerung/
• XING: privacy.xing.com/de/datenschutzerklaerung
• kununu: www.kununu.com/de/info/disclaimer
• LinkedIn: www.linkedin.com/legal/privacy-policy]
• Twitter: twitter.com/de/privacy

In cases where we together with the social media platform are responsible for the processing, you will find the essential contents of the joint processing of your data here:

Facebook: [https://www.facebook.com/legal/terms/page_controller_addendum]

Your Rights as a User

When your personal data is processed, you as the website user have the following rights pursuant to GDPR:

1.) Right of Access to Personal Data (Art. 15 GDPR):

You shall have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, you shall have the right of access to such personal data and the information listed in Art. 15 GDPR in detail:

2.) Right to Rectification and Erasure (Art. 16 and 17 GDPR):

You shall have the right to obtain the rectification of inaccurate personal data concerning you without undue delay and, if necessary, to have incomplete personal data completed.

You shall also have the right to obtain the erasure of any personal data concerning you without undue delay where one of the following grounds stipulated in detail in Art. 17 GDPR applies, e.g. where the data is no longer necessary for the intended purposes.

3.) Right to Restriction of Processing (Art. 18 GDPR):

You shall have the right to obtain the restriction of processing where one of the requirements as specified in Art. 18 GDPR applies, e.g. if you have objected to the processing for the time of any verification.

4.) Right to Data Portability (Art. 20 GDPR):

In certain cases, as specified in detail in Art. 20 GDPR, you shall have the right to receive any personal data concerning you in a structured, commonly used and machine-readable format, or to request the transmission of such data to a third party.

5.) Right to Object (Art. 21 GDPR):

If personal data are collected on the basis of point (f) of Art. 6 (1) (data processing for the protection of legitimate interests), you shall have the right to object to their processing at any time on grounds relating to your particular situation. We shall no longer process the personal data unless there are provable compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or the processing serves the establishment, exercise, or defense of legal claims.

The Right to Lodge a Complaint with a Supervisory Authority

Pursuant to Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data concerning you infringes any provisions of the data protection law. The right can be exercised by lodging a complaint with a supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.