Section 1: Information Regarding the Collection of Personal Data
(1) The following information describes our collection of your personal data. Personal data are any and all data that can specifically identify you, such as name, address, email addresses, user behaviour.
(2) Controller (“Verantwortlicher”) pursuant to Art. 4 (7) EU General Data Protection Regulation (GDPR) is MTH Marine Technik Hamburg GmbH & Co. KG, Tycho-Brahe-Kehre 13, 22844 Norderstedt (please see Legal Information). You can contact our data protection officer at [sabine.niebuhr[at]gthamburg.de] or at our postal address (please add “Attn.: Data Protection Officer” to the address).
(3) Whenever you contact us by email, we store the data you provide at this time (your email address, possibly name and phone number) so that we can answer your questions or process your queries, perform the contracts concluded with you and for technical administration. We transfer or otherwise disclose personal data to third parties solely if and when this is required for the purposes of performing the contract or billing or you have given your prior consent. We erase any data acquired at this time when the storage is no longer required or restrict processing of the data if erasure is prohibited by statutory retention obligations. You have the right to withdraw at any time any consent you have given, effective for the future.
(4) If we engage commissioned service providers to perform certain functions of our services and products or want to use your data for advertising purposes, you will find detailed information about these uses below. We will also specify the defined criteria for duration of the storage.
Section 2: Your Rights
(1) You have the following rights with respect to us concerning your personal data:
- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
(2) Furthermore, you have the right to lodge a complaint regarding the processing of your personal data with a supervisory authority.
Section 3: Collection of Personal Data for Applications
If you apply for a job with us, the personal data provided by you with your application (this may also be data acc. to Art. 9 DS-GVO) will be collected and stored for the purpose of carrying out the application process and safeguarding our legitimate interests in potential AGG-procedures. Data will be made available to the staff involved in the application process and, if necessary, to external consultants. After completing the application process by filling the position and expiry of the deadlines in accordance with §§ 15 (4) AGG, 61b ArbGG, your data will be deleted, unless you have expressly consented to further storage. The legal ground is point (f) of Art. 6 (1) first sentence, 88 GDPR, § 26 BDSG.
Section 4: Collection of Personal Data During Visit to Our Website
(1) Every access to our internet site and every access to a file placed on this website is recorded. The storage of these data serves internal system-related and statistical purposes.
(2) If you use the website solely to obtain information, i.e. you do not register or send any information for other reasons, we collect solely the personal data that your browser transmits to our server. If you want to view our website, we collect the following data; this is technically necessary for us so that we can display our website to you and guarantee its stability and security (legal ground is point (f) of Art. 6 (1), first sentence GDPR):
- IP addres
- Date and time of the query
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the access (exact page)
- Report of successful access
- Access status/HTTP status code
- Transmitted data quantity for each visit
- Website from which access is referred
- Browser and accessing domain
- Operating system and its user interface
- Language and release of browser software
(3) More extensive personal data are collected solely if and when you provide the data voluntarily, e.g. when submitting a query or registration, for the conclusion of a contract or through the settings of your browser.
(4) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and attributed to the browser you are using; they send certain information to the operator setting the cookie (us in this case). Cookies cannot execute any programs or transfer viruses to your computer. They are used to make the internet site more user-friendly and effective overall.
a) This website uses the following types of cookies; their scope and functionality are explained below:
- Transient cookies (see b)
- Persistent cookies (see c)
b) Transient cookies are automatically erased when you close your browser. They include in par-ticular the session cookies. These cookies store a so-called session ID that is used to attribute various queries from your browser to the joint session. Your computer can be recognised when you return to a website. The session cookies are erased when you log out or close the browser.
c) Persistent cookies are erased automatically after a set period of time that can differ from one cookie to the next. You can erase cookies at any time by using the security settings of your browser.
d) You can configure your browser settings as you wish; for instance, you can block third-party cookies or all cookies. We want to point out that this may prevent you from using all the func-tionalities of this website.
f) The Flash cookies that are used are recorded by your Flash plugin, not by your browser. In ad-dition, we use HTML5 storage objects that are placed on your device. These objects store the required data independently of the browser you use and do not have an automatic expiration date. If you do not want to allow the processing of Flash cookies, you must install a suitable add-on or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by utilising your browser in private browsing mode. In addition, we recommend that you regularly delete your cookies and browser history manually.
Section 5: Additional Functions and Services of Our Website
(1) We offer various services in addition to the information-only use of our website that you can use if you are interested. As a rule, you must provide additional personal data in this case so that we can perform the requested service; the aforementioned principles for data processing apply here as well.
(2) We engage at times external service providers to process your data. We carefully select and engage these providers; they are required to follow our instructions and are regularly audited.
(3) Furthermore, we may transfer your personal data to third parties if and when we offer the conclusion of contracts or similar services in collaboration with partners. You will receive more detailed information about the transfer when you enter your personal data.
(4) If and when our service provider or partner’s business is located in a country outside of the European Economic Area (EEA), we will notify you of the consequences of this fact in the description of the offer.
Section 6: Objection or Withdrawal of Consent to Processing of Your Data
(1) If you have given your consent to the processing of your data, you may withdraw this consent at any time. This withdrawal impacts the permissibility of the processing of your data after you have notified us of the withdrawal.
(2) If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is especially the case if the processing is not required for the performance of a contract with you; we explain this in the following description of each of the functions. If you lodge an objection of this type, we ask that you present the reasons why we should not process your personal data as in the past. In the event of a legitimate objection, we will review the circumstances and either cease or modify the data processing or describe to you our compelling legitimate interests for continuing the processing.
(3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can notify us of your objection to advertising via the contact data email@example.com or by sending your objection to MTH Marine Technik Hamburg GmbH & Co. KG, Tycho-Brahe-Kehre 13, 22844 Norderstedt, by mail.
Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service offered by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. As a rule, the information regarding your use of this website generated by the cookie is transmitted to a Google server in the USA and stored there. If, however, the IP anonymisation is enabled on this website, Google truncates your IP address within the member states of the European Union or in other states which are parties to the treaty on the European Economic Area before transmitting it. The full IP address is transferred to a Google server in the USA and truncated there only in exceptional cases. Acting on behalf of the operator of this website, Google uses this in-formation to analyse your use of the website, to compile reports about website activities and to perform additional services related to website use and internet use for the website operator.
(2) The IP address transmitted by your browser within the scope of Google Analytics is not associated with other Google data.
(3) You can prevent the storage of cookies by making the appropriate settings in your browser software; however, we expressly point out to you that doing so may prevent you from being able to use all of the functions on this site in their full scope. Moreover, you can prevent the disclosure of the data generated by the cookie and related to your activities on the website (including your IP address) to Google and Google’s processing of these data by downloading and installing the browser plugin from the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension “_anonymizelp()”. This truncates the IP ad-dresses before further processing, ensuring they cannot be used to identify individuals. If and when the data that have been collected about you have a personal relationship to you, this relationship is immediately excluded, immediately erasing the personal data.
(5) We use Google Analytics to analyse and continuously improve the use of our website. The statistics we obtain in this way enable us to improve our services and make them more interesting for you as a user. Google has accepted the provisions of the EU-US Privacy Shield for the exceptional cases in which personal data are transmitted to the USA (https://www.privacyshield.gov/EU-US-Framework). The legal basis for the use of Google Analytics is point (f) of Art. 6 (1) first sentence GDPR.
(7) In addition, this website uses Google Analytics for a cross-device analysis of visitor flows, carried out by means of a user ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Data”.
(8) If you use a mobile device, you can click on the following link to set an opt-out cookie that will prevent the collection of your data by Google Analytics even during future visits to this website with the browser you are currently using: Disable Google Analytics
Use of Social Media Plugins
(1) We use the following social media plugins: [Facebook, Google+, Twitter, XING, T3N, LinkedIn, Flattr]. We use the so-called two-click solution for this. This means that initially no personal data will be transferred to the providers of the plugins when you visit our site. You will recognise the provider of the plugin by the marking on the box above its initials or the logo. We provide to you the opportunity to communicate directly with the provider of the plugin by using the button. The plugin provider will receive the information that you have accessed the pertinent webpage of our online services only if you click on the marked field and activate it. In addition, the data described in Section 3 of this statement will be transmitted. In the case of Facebook and XING, the IP address is anonymised immediately after col-lection, according to information from these providers in Germany. So when you activate the plugin, personal data about you will be transmitted to that specific plugin provider and stored there (in the USA for American providers). Since the plugin provider uses in particular cookies to collect the data, we recommend that you use the security settings of your browser to erase all cookies before clicking on the greyed-out box.
(2) We do not have any control over the collected data and data processing activities, nor are we aware of the full scope of the data collection, the purposes of the processing or the storage periods. We also do not have any information about the erasure of the collected data by the plugin provider.
(3) The plugin provider stores the data it has collected about you as a use profile and uses this profile for advertising, market research and/or tailored design of its website. This type of analysis serves especially (even for users who are not logged on) to present tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile, although you must contact the specific plugin provider to exercise this right. By providing the plugins, we offer to you the opportunity to interact with the social networks and other users so that we can improve our services and design them to be of greater interest for you as a user. The legal basis for the use of the plugins is point (f) of Art. 6 (1) first sentence GDPR.
(4) The data are transferred independently of whether you have an account with the plugin provider and are logged on to your account. If you are logged on with the plugin provider, your data collected on our site will be associated directly with the account you have with the plugin provider. If you click on the activated button and link the page, for instance, the plugin provider will store this information in your user account as well and share it publicly with your contacts. We recommend that you always log out after using a social network, especially before activating the button, because in this way you can prevent the attribution to your profile with the plugin provider.
(5) You will find additional information about the purpose and scope of the collection and processing of data by the plugin provider in the privacy statements from these providers shown below. You will also find here additional information about your related rights and the possible settings for the protection of your private sphere.
(6) Addresses of the plugin providers and URL for their privacy policies:
a) [Facebook Inc., 1601 S. California Ave., Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has accepted application of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
b) Google, Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has accepted application of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
c) Twitter, Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has accepted application of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
d) Xing SE, Dammtorstrasse 30, 20354 Hamburg, DE; http://www.xing.com/privacy.
e) T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Germany; https://t3n.de/store/page/datenschutz.
f) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has accepted application of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
g) Flattr Network Ltd., office: 2nd Floor, White Bear Yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, Great Britain; https://flattr.com/privacy.]
(1) Our website also contains AddThis plugins. These plugins make it possible for you to set bookmarks or to share interesting content with other users. By providing the plugins, we offer to you the opportunity to interact with the social networks and other users so that we can improve our services and design them to be of greater interest for you as a user. The legal basis for the use of the plugins is point (f) of Art. 6 (1) first sentence GDPR.
(2) Your internet browser establishes via this plugin a direct connection with the AddThis servers and, if applicable, with the selected social network or bookmarking service. The recipients receive the infor-mation that you have accessed the corresponding website of our online service and the data specified in Section 3 of this statement. This information is processed on the AddThis servers in the USA. [We have concluded standard privacy agreements with AddThis.] If you send content from our website to social networks or bookmarking services, an association between the visit to our website and your user profile at the pertinent network can be established. We do not have any control over the collected data and data processing activities, nor are we aware of the full scope of the data collection, the purposes of the processing or the storage periods. We also do not have any information about the erasure of the collected data by the plugin provider.
(3) The plugin provider stores these data as a use profile and uses this profile for advertising, market research and/or tailored design of its website. This type of analysis serves especially (even for users who are not logged on) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile, although you must contact the specific plugin provider to exercise this right.
(4) If you do not wish to participate in this procedure, you can object to the collection and storage of data at any time, effective for the future, by setting an opt-out cookie: http://www.addthis.com/privacy/opt-out. Alternatively, you can set your browser to prevent the placement of cookies.
(5) You can obtain additional information about the purpose and scope of the collection and processing of the data by the plugin provider as well as additional information about your related rights and setting options for the protection of your private sphere from: AddThis LLC, 1595 Spring Hill Road, Suite 300, Vienna, VA 22182, USA, www.addthis.com/privacy.
Integration of YouTube Videos
(1) If we have integrated YouTube videos in our online site, they are stored on http://www.YouTube.com and can be played directly from our website. [They have all been integrated in the “extended privacy mode”, which means that no data about you as the user are transmitted to YouTube if you do not play the videos. The data specified in Subsection 2 will not be transmitted until you play the videos. We do not have any control over this data transmission, either.]
(2) When you visit this website, YouTube receives the information that you have accessed the corre-sponding sub-page of the website. In addition, the data described in Section 3 of this statement will be transmitted. This happens independently of whether YouTube provides a user account you are logged on to or you have no user account. If you are logged on to Google, your data are associated directly with your account. If you do not wish the data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as a use profile and uses this profile for advertising, market research and/or tailored design of its website. This type of analysis serves especially (even for users who are not logged on) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile, although you must contact YouTube to exercise this right.
(3) You will find additional information about the purpose and scope of the collection and processing of data by YouTube in the privacy statement. You will also find there additional information about your rights and the possible settings for the protection of your private sphere: https://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has accepted the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
Integration of Google Maps
(1) We use the Google Maps service on this website. This enables us to display interactive maps right on the website, and you can conveniently use the map function.
(2) When you visit this website, Google receives the information that you have accessed the corre-sponding sub-page of the website. In addition, the data described in Section 3 of this statement will be transmitted. This happens independently of whether Google provides a user account you are logged on to or you have no user account. If you are logged on to Google, your data are associated directly with your account. If you do not wish the data to be associated with your Google profile, you must log out before activating the button. Google stores your data as a use profile and uses this profile for adver-tising, market research and/or tailored design of its website. This type of analysis serves especially (even for users who are not logged on) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile, although you must contact Google to exercise this right.
(3) You will find additional information about the purpose and scope of the collection and processing of data by the plugin provider in the privacy statement from the provider. You will also find there additional information about your related rights and the possible settings for the protection of your private sphere: http://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has accepted the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
Further Information for Customers and Business Partners
HANDLING OF YOUR PERSONAL DATA AND THE RIGHTS OF PERSONS CONCERNED – INFORMATION ACC. TO ART. 13, 14 AND 21 GDPR
With the following Information, we would like to give you an overview of the processing of your personal data or those of your employees by us and the resulting rights. Which data is processed in detail and used in what way mainly depends on our contractual relationship. Therefore, not all of the statements contained herein will apply to you.
In addition, this privacy information may be subject to change from time to time. The latest version can be found on our Website at: www.mthamburg.de
Responsible body is:
MTH Marine Technik Hamburg GmbH & Co. KG
For any questions you can contact our company data protection officer at: firstname.lastname@example.org
Type of personal data collected
As part of our contractual relationship, you are encouraged to provide us with personal data that is required to establish, implement and terminate the contractual relationship as well as to comply with the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to enter into or execute the contractual relationship with you.
We typically process the following personal data that we receive from your side as part of our business relationship:
- Company Name with Legal Form and Address
- Titles and Names of Employees, their position
- Phone Numbers, Fax Numbers, E-mail addresses
- Bank Details
- Order Data, Project Details such as Object Address, data of technical plants/equipment, etc.
- Other personal data you provide to us that is needed to conduct the business relationship
Purpose of Data Processing and Legal Basis
We collect and process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes:
- To create an offer, to carry out our contractual relationship including billing. In order to fulfil contractual obligations and to maintain our business relationship (Article 6 (1) b. GDPR), it may also be passed on to third parties.
- Due to commercial and tax or other legal requirements (Article 6 (1) c. GDPR); in this respect, the disclosure of personal data may be necessary in the context of official/court actions and, where appropriate, for the purpose of collecting evidence, prosecuting or enforcing civil claims.
- As part of the weighing of interests (Article 6 (1) f. GDPR), where necessary, we process your data beyond the actual fulfilment of the contract in order to safeguard our or third party legitimate interests, e.g. to assert legal claims and for defense in legal disputes.
In addition to our employees, data may also be passed on to service providers who work for us for the following purposes:
- Support or Maintenance of IT or IT applications
- external Accounting
- Tax Advice, Auditing
- Processing of Payment transactions
- Data Destruction
All Service Providers are contractually bound and, in particular, obliged to treat your data confidentially. Your data will only be processed within the European Union and States within the European Economic Area (EEA).
Duration of Data Storage
We process and store your personal data as long as this is necessary to comply with our contractual and legal obligations. If the data is no longer necessary for the fulfillment of contractual or legal obligations, they are deleted on a regular basis.
Exceptions may arise,
- insofar as legal retention obligations are to be met, e.g. under the Commercial Code (HGB) and the Tax Code (AO). The time limits set there for storage or documentation usually last six to ten years;
- to preserve evidence under statutory limitation periods. Under Section 195 ff of the Civil Code (BGB), these periods can be up to 30 years, with the regular statute of limitations being 3 years.
If the data processing is done in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The mentioned exceptions apply.
Data protection rights of persons concerned
Persons concerned have the right to information under Article 15 GDPR, the right to rectify under Article 16 GDPR, the right to delete under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to contradiction from Article 21 GDPR and the right to data portability under Article 20 GDPR.
For the right of information and the right to delete, restrictions under Article 34 and 35 BDSG may apply.
In addition, there is a right to complain to a competent data protection regulator (Article 77 GDPR and §
Article 19 BDSG). The supervisory authority responsible for us is the Hamburg Commissioner for Data Protection and Freedom of Information, Kurt-Schumacher-Allee 4, 20097 Hamburg.
Information on the right to object under Article 21 GDPR
Individual right of objection
Subject to Article 6 (1) f. GDPR you are entitled to object, for reasons arising from your particular situation, at any time against the processing of your personal data.
If you object, we will no longer process your personal data unless we can prove compelling grounds for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves the purpose of assertion, exercise or defence of legal claims.
Recipient of an objection
The objection can be made without form with the subject “objection” stating your name, address and date of birth and should be addressed to: email@example.com or post to MTH Marine Technik Hamburg GmbH & Co. KG, Tycho-Brahe-Kehre 13, 22844 Norderstedt.