DECLARATION
This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the websites, functions, and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “personal data” or “processing,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller:
MG-Components GmbH & Co. KG
Am Mühlbach 5c
87487 Wiggensbach
Registered office: Kempten
Managing Director: Michael Grätz
Represented by:
MG-Components Verwaltungs GmbH
Managing Director: Michael Grätz
Register court: Kempten District Court
Register number: HRB 13208
Register entry:
Entered in the commercial register.
Register court: Kempten District Court
Register number: HRA 10140
VAT ID No.: DE305238140
Data Protection Officer:
Thomas Hug
IDKOM Networks GmbH
Dieselstraße 1
87437 Kempten
+49 831 59090 400
datenschutz@idkom.de
Types of Data Processed:
• Inventory data (e.g., names, addresses)
• Contact data (e.g., email, phone numbers)
• Content data (e.g., text entries, photographs, videos)
• Usage data (e.g., visited websites, interest in content, access times)
• Meta/communication data (e.g., device information, IP addresses)
Processing of Special Categories of Data (Art. 9(1) GDPR):
No special categories of data are processed.
Categories of Data Subjects:
• Customers / interested parties
• Visitors and users of the online offering
• Hereinafter, the affected persons are collectively referred to as “users”.
Purpose of Processing:
• Provision of the online offering, its content, and functions
• Responding to contact inquiries and communication with users
• Marketing, advertising, and market research
1. Relevant Legal Bases
In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not mentioned in this privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing to fulfill our services and carry out contractual measures as well as to respond to inquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
2. Changes and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.
3. Security Measures
In accordance with Art. 32 GDPR, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the differing likelihood and severity of risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data through control of physical access to the data, as well as access, input, disclosure, safeguarding of availability, and separation of data. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data, and response to data threats. In addition, we take data protection into account already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
Security measures include, in particular, the encrypted transmission of data between your browser and our server.
4. Cooperation with Processors and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer data to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transfer of data to third parties, such as payment service providers, is required for contract fulfillment pursuant to Art. 6(1)(b) GDPR), your consent, a legal obligation, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “data processing agreement,” this is done on the basis of Art. 28 GDPR.
5. Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosure or transfer of data to third parties, this only takes place if it is necessary to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we process or have data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as an officially recognized determination of an adequate level of data protection corresponding to the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “Standard Contractual Clauses”).
6. Rights of Data Subjects
You have the right to request confirmation as to whether data concerning you is being processed and to receive information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
7. Right of Withdrawal
You have the right to withdraw any consent given in accordance with Art. 7(3) GDPR with effect for the future.
8. Right to Object
You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. The objection may be made in particular against processing for direct marketing purposes.
9. Cookies and Right to Object to Direct Advertising
We use temporary and permanent cookies, i.e., small files that are stored on users’ devices (explanation of the term and function can be found in the last section of this privacy policy). Some of the cookies serve security purposes or are required for the operation of our online offering (e.g., for displaying the website) or to store the user’s decision when confirming the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which users are informed in the course of this privacy policy.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website www.aboutads.info/choices/ or the EU website www.youronlinechoices.com. Furthermore, cookies can be disabled in the browser settings. Please note that in this case, not all functions of this online offering may be available.
10. Deletion of Data
The data processed by us will be deleted or restricted in processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion. If data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements, retention is carried out in particular for 6 years pursuant to § 257(1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147(1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
11. Provision of Contractual Services
We process inventory data (e.g., names and addresses as well as contact data of users) and contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6(1)(b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
Deletion takes place after the expiration of statutory warranty and comparable obligations; the necessity of retaining the data is reviewed every three years. In the case of statutory archiving obligations, deletion takes place after their expiration (end of commercial law (6 years) and tax law (10 years) retention obligations). Information in the customer account remains until its deletion.
12. Contact
When contacting us (via contact form or email), the user’s information is processed for the purpose of handling the contact request and its processing in accordance with Art. 6(1)(b) GDPR.
User information may be stored in our customer relationship management system (“CRM system”) or comparable request organization.
We delete inquiries if they are no longer required. We review the necessity every two years; inquiries from customers who have a customer account are stored permanently and we refer to the information on the customer account regarding deletion. In the case of statutory archiving obligations, deletion takes place after their expiration (end of commercial law (6 years) and tax law (10 years) retention obligations).
13. Part of the hoster collects personal data of website visitors.
14. Collection of Access Data and Log Files
On the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of seven days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
15. Online Presences on Social Media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of the respective operators apply.
Unless otherwise stated in this privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g., by posting contributions on our online presences or sending us messages.
Cookies are information that is transmitted by our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.
We use “session cookies,” which are stored only for the duration of the current visit to our online presence (e.g., to enable the storage of your login status or wish list and thus the use of our online offering). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and storage period. These cookies cannot store any other data. Session cookies are deleted when you end the use of our online offering and, for example, log out or close the browser.
Users are informed about the use of cookies in the context of pseudonymous reach measurement within this privacy policy.
If users do not wish cookies to be stored on their computer, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional restrictions of this online offering.
On the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use Google Analytics, a web analytics service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is usually transferred to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law (www.privacyshield.gov/participant).
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering, and to provide us with further services related to the use of this online offering and internet usage. Pseudonymous user profiles may be created from the processed data.
We use Google Analytics only with IP anonymization activated. This means that users’ IP addresses are shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offering by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.
Further information on data usage by Google, setting and objection options can be found on Google’s websites: www.google.com/intl/de/policies/privacy/partners (“How Google uses data when you use our partners’ sites or apps”), policies.google.com/technologies/ads (“Advertising technologies”), adssettings.google.com/authenticate (“Manage information Google uses to show you ads”).
We may also use the “Google Tag Manager” to integrate and manage Google analytics and marketing services on our website.
Further information on data usage for marketing purposes by Google can be found on the overview page: policies.google.com/technologies/ads. Google’s privacy policy is available at policies.google.com/privacy.
If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: adssettings.google.com/authenticated.
16. Integration of Third-Party Services and Content
Within our online offering, on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use content or service offerings from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content perceive the users’ IP address, since they could not send the content to the users’ browsers without the IP address. The IP address is therefore required for the display of this content. We strive to use only content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through these pixel tags, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on users’ devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and further information about the use of our online offering, as well as be linked with such information from other sources.
The following presentation provides an overview of third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in some cases already mentioned here, objection options (so-called opt-outs):
• External fonts from Google, LLC., www.google.com/fonts (“Google Fonts”). Google Fonts are integrated via a server request to Google (usually in the USA). Privacy policy: policies.google.com/privacy, Opt-Out: adssettings.google.com/authenticated.
• Videos from the “YouTube” platform of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: policies.google.com/privacy, Opt-Out: adssettings.google.com/authenticated.
• Functions of the Instagram service are integrated within our online offering. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram. Privacy policy: instagram.com/about/legal/privacy/.
• Within our online offering, functions of the service or platform Twitter (hereinafter referred to as “Twitter”) may be integrated. Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the display of our posts within Twitter within our online offering, linking to our Twitter profile, the ability to interact with Twitter posts and functions, and the measurement of whether users reach our online offering via advertisements placed by us on Twitter (so-called conversion measurement). Twitter is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law (www.privacyshield.gov/participant). Privacy policy: twitter.com/de/privacy, Opt-Out: twitter.com/personalization.
• External code of the JavaScript framework “jQuery,” provided by the third-party provider jQuery Foundation, jquery.org.