We are very happy about your interest in our company. The protection of data is extremely important to MainTech’s management. In principle, MainTech’s web pages can be accessed without the provision of personal data. If a person would like to access our company’s special services through our Internet site, personal data may need to be processed to provide such services.
If processing personal is required and there is no legal basis for such processing, we will request the person’s approval as a rule. Personal data (such as a person’s names, addresses, email addresses or phone numbers) will always be processed in accordance with the General Data Protection Regulation and with the privacy policies applicable by country for MainTech Systems GmbH. By means of this legal disclosure, our company would like to inform the public about the nature, scope and purpose of the personal data acquired, used and processed by us. Furthermore, this legal disclosure will explain the rights available to the affected people. As the responsible company, MainTech has implemented numerous technical and organisational measures for processing such data in order to ensure the most seamless protection of the personal data processed through this Internet site. However, the transfer of data using Internet methods can exhibit security loopholes in principle, such that absolute protection cannot be guaranteed. For that reason, people can chose to provide personal data to us through alternate methods, such as by telephone.
1. GLOSSARY OF TERMS
A) PERSONAL DATA
Personal data is any information relevant to an identified or identifiable natural person (hereafter Affected Person). A natural will be considered identifiable if they can be identified directly or indirectly by means of a label assigned to them, such as a name, a number location information, online alias or one or several special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
B) AFFECTED PERSON
An Affected Person is any identified or identifiable natural person whose personal data will be processed by the party responsible for processing.
Processing is any procedure performed with or without automated assistance or any such process in connection with personal data, such as the acquisition, entry, organisation, filing, storage, adjustment or modification, exporting, enquiry, usage, publication through transfer, distribution or other form of provision, comparison or linkage, restriction, deletion or destruction of such data.
D) LIMITATION OF PROCESSING
Limitation of processing is the indication of stored personal data with the objective of limiting/restricting its future processing. E) PROFILING Profiling is any type of automated processing of personal data that uses this personal data in order to evaluate, analyse or predict personal aspects wtih regard to work performance, financial standing, health, personal preferences, interests, reliability, behaviour, places of residence or moves by said natural perosn that are relevant to a natural person.
Pseudonymisation is the processing of personal data in a such a manner that the personal data cannot be associated to a specific person without reference to additional information as long as this additional information is stored in a special manner and subject to technical and organisational measures that ensure that the personal data will not be associated with an identified or identifiable natural person.
G) RESPONSIBLE PARTY OR PARTY RESPONSIBLE FOR PROCESSING
The responsible party or party responsible person for processing is the natural person or legal entity, authority, establishment or other office that makes decisions about the purpose and means of processing the personal data. If the purpose and means of this processing is proscribed by the laws of the European Union or the member states, the specific criteria named by them can be arranged in accordance with laws of the European Union or the member states for the responsible parties.
H) DATA PROCESSOR
The data processor is a natural person or legal entity, authority, establishment or other office that the responsible party has contracted with processing the personal data.
The recipient is a natural person or a legal entity, authority, establishment or other office who will publish personal data regardless of whether a third party is involved or not. Authorities who potentially receive personal data as part of a specific search warrant in accordance with the laws of the European Union or the member states are however not considered recipients.
J) THIRD PARTIES
A third party is a natural person or legal entity, authority, establishment or other office, other than the Affected Person, the Responsible Party, the Data Processor and those people who have been authorised under the responsibility of the Responsible Party or the Data Processor, to process the personal data.
Approval is anyone from the Affected Person who freely gives approval for the specific case in an informed manner and gives clearly provided approval in the form of an explanation or other clear confirmation with the understanding of the Affected Person who gives approval for the processing of the personal data.
2. NAME AND ADDRESS OF THE PARTIES RESPONSIBLE FOR PROCESSING
The following party will be responsible in the sense of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with a data protection nature.
MainTech Systems GmbH
Industrie Center Obernburg
63784 Obernburg Germany
Web site: www.maintech.pro
3. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
The Data Protection Officer for the party responsible for processing will be the following person.
Mainsite GmbH & Co. KG
Industrie Center Obernburg
63784 Obernburg Germany
Any Affected Person may contact our Data Protection Officer directly at any time with any questions and suggestion for the protection of data.
The Affected Person can prevent the storage of cookies by our web pages at any time by means of the web browser’s corresponding settings and thereby permanently reject the storage of cookies. In addition, cookies that have already been stored can be deleted by a web browser or other software programs. All popular web browsers support these features. If the Affected Person deactivates the storage of cookies in their web browser, some of the features of our web site will not be useful to their full extent under some circumstances.
5. ACQUISITION OF GENERAL DATA AND INFORMATION
The MainTech web site will acquire various general data and information every time an Affected Person accesses the web site. This general data and information will be saved in the server’s log files.
The information that can be acquired includes:
- the types and versions of the browsers used,
- the operating system used by the accessing system,
- the web site that provided access to our web page to the accessing system (a so-called Referrer),
- the web pages that linked the accessing system to our web site,
- the date and time of access to the web site,
- an Internet Protocol address (IP address),
- the Internet service provider for the accessing system and
- other similar data and information, which will serve to prevent risks in the case of attack against our IT systems.
MainTech will not consult the Affected Person about the usage of this general data and information. Moreover, this information is required to:
- transmit the contents of our web site properly,
- optimise the contents of our web site and ads for that purpose,
- make sure that the continuous operation of our IT systems and the web site technology of our web site will operate properly and
- to provide information required by penal authorities in the event of a cyber-attack.
For that reason, MainTech will evaluate this anonymously acquired data and information statistically and with the objective of increasing the data protection and security of our company, ultimately in order to ensure the ideal level of protection for the personal data that we process. The anonymous data from the server log files will be saved separately from all personal data supplied by the Affected Person.
6. ROUTINE DELETION AND LOCKING OF PERSONAL DATA
The party responsible for processing will process and store the personal data of the Affected Person only for the time when it is required for the achievement of the storage objective or the time intended by the European legislature or other legislatures in the laws and guidelines to which the responsible party is subject.
If the storage objective no longer applies or the storage period prescribed by the European legislature or another responsible legislature expires, the personal data will be locked or deleted routinely in accordance with the legal guidelines.
7. RIGHTS OF THE AFFECTED PERSON
A) RIGHT TO CONFIRMATION
Any Affected Person has the right granted by the European legislature to request confirmation from the party responsible for processing about whether the party will process the Affected Person’s personal data. If an Affected Person would like to claim this right of confirmation, they can contact an employee of the party responsible for processing for that purpose at any time.
B) RIGHT TO INFORMATION
Any Affected Person affected by the processing of personal data has the right granted by the European legislature to receive information about the personal data stored about them free of charge from the party responsible for processing and a copy of that information. Furthermore, the European legislature has granted Affected Persons the right to information about the following information.
The processing objective, the category of personal data that will be processed, the recipients or categories of recipients to whom the personal data has been, or will be, made available, in particular recipients in foreign countries or with international organisations, if possible, the intended period during which the personal data will be stored or, if not possible, the criteria for the determination of this period The existence of a right of correction or deletion of the data about the Affected Person or a right of restriction of the processing by the party responsible or a right of revocation of this processing, the existence of a right of complaint to an overseeing authority if the personal data is not acquired by the Affected Person, All available information about the source of the data, the existence of an automated decision-making process, including profiling in accordance with Article 22, Paragraph 22 and Section 4 of the GDPR and (at least in these cases) authoritative information about the logic involved as well as the consequences and desired effects of the processing for the Affected Person.
Furthermore, the Affected Person has a right of information about whether personal data has been transmitted to a foreign country or an international organisation. If this is the case, the Affected Person also has the right to receive information about the appropriate guarantees in connection with the transmission. If an Affected Person would like to claim this right of information, they can contact an employee of the party responsible for processing for that purpose at any time.
C) RIGHT OF CORRECTION
Anyone affected by the processing of personal data has the right granted by the European legislature to demand immediate correction of incorrect personal data affecting them. Furthermore, the Affected Person has the right to demand the completion of incomplete personal data in consideration of the purpose of processing, including by means of a supplemental declaration. If an Affected Person would like to claim this right of correction, they can contact an employee of the party responsible for processing for that purpose at any time.
D) RIGHT TO DELETION (RIGHT TO BE FORGOTTEN)
Anyone affected by the processing of personal data has the right granted by the European legislature to demand that the party responsible for processing personal data affecting them delete the personal data immediately, if one of the following reasons does not apply and if the processing is not required. The personal data has been acquired for purposes, or has been processed in a different manner, for which it is no longer required.
The Affected Person has cancelled their approval , which supported processing the personal data in accordance with Article 6, Paragraph 1, Clause a of the GDPR or Article 9, Paragraph 2, Clause a of the GDPR and there is no other legal basis for processing the personal data. The Affected Person rejects processing in accordance wtih Article 21, Paragraph 1, of the GDPR and there is not an overriding, justifiable reason for processing the personal data or the Affected Person rejects processing the data in accordance with Article 21, Paragraph 2 of the GDPR. The personal data has been processed incorrectly.
The deletion of the personal data is required for the fulfilment of a legal obligation in accordance with the laws of the European Union or the member states where the responsible party is subject to such laws. The personal data has been acquired in relation to services offered by the IT company in accordance with Article 8, Paragraph 1 of the GDPR.
If one of the reasons indicated applies and an Affected Person would like to initiate the deletion of personal data stored by MainTech Systems GmbH, they can contact an employee of the party responsible for processing for that purpose at any time. The MainTech employee will immediately follow up the request for deletion. If the personal data has been published by MainTech and our company is obligated to delete the personal data as the responsible party in accordance with Article 17, Paragraph 1 of the GDPR, MainTech shall implement appropriate measures in consideration of the available technology and the implementation costs, including the technical nature, to notify other parties responsible for data processing that the Affected Person has demanded the deletion of all references to this personal data, copies and/or duplicates of the personal data from these other parties responsible for data processing, to the extent that such processing is not required. The MainTech employee will initiate the necessary measures in individual cases.
E) RIGHT TO RESTRICTION OF PROCESSING
Any Affected Person affected by the processing of personal data has the right granted by the European legislature to demand limitation of the processing by the responsible party, when the following prerequisites exist.
The correctness of the personal data is disputed by the Affected Person and has been for a period that would make it possible for the responsible party to review the correctness of the personal data. Processing is illegal and the Affected Person has rejected the deletion of the personal data and instead demanded restriction of the usage of the personal data. The responsible party no longer needs the personal data for the purpose of processing, however the Affected Person still needs the data for the enforcement, exercise or defence of legal claims. The Affected Person has rejected processing of the personal data in accordance with Article 21, Paragraph 1 of the GDPR and the priority of the responsible party’s reason for processing beyond the Affected Person’s rejection has not been determined.
If one of the prerequisites indicated above does exist and an Affected Person would like to request restriction of the personal data that has been stored by MainTech, they can contact an employee of the party responsible for processing for that purpose at any time. The MainTech employee will initiate the restriction of processing.
F) RIGHT TO THE ABILITY TO TRANSFER DATA
Any Affected Person affected by the processing of personal data has the right granted by the European legislature to obtain the personal data affecting them which has been provided to a responsible party in a structured, popular and electronic format. Beyond this, they have the right to transfer this data to another responsible party without the intervention of the responsible party who has provided the personal data, if processing of the data is based on the approval in accordance with Article 6, Paragraph 1, Clause a of the GDPR or Article 9, Paragraph 2, Clause a of the GDPR or a contract in accordance with Article 6, Paragraph 1 Clause b of the GDPR and the processing of the data with help of automated procedures, if processing of the data is not required for the exercise of a task that is in the public interest or the exercise of public authority, which was transmitted to the responsible party.
For the exercise of their right to data transferability in accordance with Article 20, Paragraph 1 of the GDPR, the Affected Person also has the right to request the personal data to be transferred directly from one responsible party to another, if such is technologically feasible and if the rights and freedoms of other people will not be impaired thereby.
The Affected Peson can contact an employee of MainTech at any time for the enforcement of the right of data transferability.
G) RIGHT OF REJECTION
Any Affected Person affected by the processing of personal data has the right granted by the European legislature to reject the processing of personal data affecting them that follows from Article 6, Paragraph 1, Clauses e or f of the GDPR for reasons that result from their special circumstances. This right also applies for profiling supported by these provisions.
MainTech will no longer process the personal data in the case of rejection unless we can prove reasons for the processing that are absolutely worthy of protection, which have priority over the interests, rights and freedoms of the Affected Person or processing the data serves the enforcement, exercise or defence of legal claims. If MainTech processes personal data in order to conduct direct marketing, the Affected Person has the right to reject the processing of personal data for the purpose of such marketing. This case shall also apply for profiling, if it is connection with such direct marketing. If the Affected Person rejects the right of MainTech to process the data for purposes of direct marketing, MainTech will no longer process the personal data for these purposes. In addition, the Affected Person has the right to reject the processing of personal data for reasons resulting from their special situation, when MainTech would process the personal data for purposes of scientific or historical research or statistical purposes in accordance with Article 89, Paragraph 1 of the GDPR, unless such processing is required for the fulfilment of a task in the public interest.
The Affected Person can directly contact an employee of MainTech or another employee at any time for the enforcement of the right of rejection. Furthermore, the Affected Person has the option to provide their rejection in connection with the usage of IT services with regard for the 2002/58/EG guidelines when technical specifications will be used.
H) AUTOMATED DECISION IN INDIVIDUAL CASES, INCLUDING PROFILING
Any Affected Person affected by the processing of personal data has the right granted by the European legislature to not be subject to decisions affected exclusively by fully automated process, including profiling, which develop against legal effect or significantly impair the Affected Person in a similar manner, if the decision
1) is not required for the conclusion or fulfilment of a contract between the Affected Person and the responsible party or
2) is allowed by the legal guidelines of the European Union or its member states, under whose authority they lie and these legal guidelines contain suitable measures for the preservation of the rights and freedoms of the justifiable interests of the Affected Person or
3) follows from the express approval of the Affected Person.
If the decision
1) is required for the conclusion of the contract or fulfilment of the contract between the Affected Person and responsible party or
2) follows from the express approval of the Affected Person, MainTech will take suitable measures for the preservation of the rights and freedoms of the justifiable interests of the Affected Person, which include the right to effect intervention of a person on the part of the responsible party, to presentation of their own point of view and to refute the decision. If the Affected Person would like to claim their rights with regards to automated decisions, they can contact an employee of responsible party at any time to accomplish this.
I) RIGHT TO REVOKE APPROVAL BASED ON DATA PROTECTION LAW
Any Affected Person affected by the processing of personal data has the right granted by the European legislature to revoke approval for the processing of personal data at any time.
If the Affected Person claims their right of revocation of approval, they contact an employee of responsible party at any time to accomplish this.
8. DATA PROTECTION FOR EMPLOYMENT APPLICATIONS AND IN EMPLOYMENT PROCEDURES
The party responsible for processing personal data will acquire and process the personal data from employment applications for the purposes of developing employment processes. The personal data can be processed in an electronic manner. Such processing will be the case in particular when a potential employer transfers application materials through electronic means, such as by email or a web form located on a web page to the party responsible for processing. If the party responsible for processing concludes an employment contract with the applicant, the data transferred for purposes of developing the employment relationship will be stored in consideration of the legal guidelines. If an employment contract is not concluded with the applicant, the application materials will automatically be deleted two months after confirmation of that decision, if deletion does not contradict other justifiable interests of the party responsible for processing. Miscellaneous justifiable interests in this sense include an obligation of proof in a process against the General Equal Treatment Act (German Allgemeinen Gleichbehandlungsgesetz or hereafter AGG).
9. LEGAL FOUNDATION FOR PROCESSING
Article 6, I, Sub-clause a of the GDPR serves our company as the legal foundation for processing procedures, according to which the company can obtain approval for a specific processing procedure. If the processing of personal data is required for the fulfilment of a contract whose contractual parties include the Affected Person, as is the case for processing procedures for example, which is necessary for the delivery of goods or provision of services, the processing will rely on Article 6, I, sub-clause a of the GDPR. The same shall apply for those processing procedures that are required for the performance of pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligations that requires processing personal data, such as for the fulfilment of tax obligations, processing of the personal data will be based on Article 6, I, Sub-clause c of the GDPR. In unusual cases, processing personal data could be required in order to protect the vital interests of the Affected Person or another natural person. Such would be the case if a guest at our operation were to be injured and would have to provide their name, age, health insurance policy information or other vital information to a doctor, hospital or other third party. Processing of such personal data would be based on Article 6, I, Sub-clause d of the GDPR . Finally, processing procedures could be based on Article 6, I, Sub-clause f of the GDPR. Processing procedures that will not be acquired from any of the preceding legal foundations are based on this legal foundation when the processing is required for the preservation of our company’s justifiable interests or those of a third party, if the interests, basic laws and freedoms of the Affected Person do not supersede such. We are allowed to exercise such processing procedures because the European legislature has specifically noted such. The legislature advocated the opinion that a justifiable interest could be assumed when the Affected Person is a customer of the responsible party (Notation 47, Clause 2 of the GDPR).
10. JUSTIFIABLE INTERESTS IN PROCESSING PERSONAL DATA THAT WILL BE TRACKED BY THE RESPONSIBLE PARTY OR A THRID PARTY
If the processing of personal data is based on Article 6, I, Sub-clause f of the GDPR, our justifiable interest is the performance of our business activities to the benefit of the prosperity of all of our employees and our shareholders.
11. STORAGE DURATION FOR PERSONAL DATA
The criterion for the storage duration of personal data is the legal deadline for storage. Upon expiration of the deadline, the corresponding data will be routinely deleted, if it is no longer required for fulfilment or initiation of a contract.
12. LEGAL OR CONTRACTUAL GUIDELINES FOR THE PROVISION OF PERSONAL DATA, NECESSITY FOR CONCLUSION OF THE CONTRACT, OBLIGATION OF THE AFFECTED PERSON TO PROVIDE PERSONAL DATA, POTENTIAL CONSEQUENCES OF NON-PROVISION
We will clarify that the provision of personal data is prescribed in part (such as tax guidelines) or can result from contractual regulations (such as information about contractual partners). In consideration of this, an Affected Person may provide personal data to us that must be processed as a consequence of the conclusion of a contract. The Affected Person is obligated to provide us with personal data when they conclude a contract with our company. Non-provision of the personal data would have the consequence that the contract with the Affected Person could not be concluded. The Affected Person must contact one of our employees before provision of personal data. Our employee will clarify for the Affected Person if the provision of personal data is legally or contractually required or is required for the conclusion of the contract in individual cases and if an obligation exists for the provision of the personal data and the consequences of non-provision of the personal data.
13. EXISTENCE OF AUTOMATED DECISION-MAKING PROCEDURE
As a conscientious company, we renounce automated decision-making procedures and profiling.
Obernburg, Germany, 25th of May, 2018
Data Protection Officer