Data Privacy Policy
- General information and data controller
This privacy policy clarifies the nature, scope and purpose of the processing (including collection, processing and use, and obtaining consent) of personal data within our online and offline offer and our websites, functions and content (hereinafter collectively referred to as "mah-ATN Offer") in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), as well as the processing of personal data of employees of our business partners that we process in the ordinary course of business.
Provider of the mah-ATN Offer and the data controller is:
mah-ATN GmbH
Isarstr. 1
D-82065 Baierbrunn
Germany
Phone: +49-89-74 48 24 82
(hereinafter referred to as "mah-ATN GmbH", "we" or "us").
The term "user" or "data subject" includes all customers and visitors to our mah-ATN Offer as well as all natural persons whose personal data we process in the normal course of business.
The privacy policy is also available digitally:
https://www.mah.de/en_/privacy
- Data Protection Officer:
Herr Robert Winkler
c/o ROWIDAT GmbH
E-Mail: dsb-mahatn@rowidat.de
- Basic information on data processing
We process personal data of the data subjects only in compliance with the relevant data protection provisions in accordance with the principles of data economy and data avoidance. This means that the user's data will only be processed if there is a legal basis for the processing, in particular if the processing is necessary for the provision of our contractual services or is required by law, if we have legitimate interests or if we have the consent of the person concerned.
- Categories of data subjects, categories of personal data and legal basis of processing
We process the following personal data for the following purposes:
Category of the data subjects |
Category of personal data |
Purpose and legal basis of processing |
Website visitors |
Person-related technical data, such as IP addresses, click behavior, etc. This data is usually processed via our cookies and tracking tools. You can find more information in our Cookie Policy as integrated in our cookie banner: |
Art. 6 (1) lit. f) DSGVO (legitimate interests), insofar as data is collected from cookies and tracking tools that are necessary for the operation of the website. Art. 6 (1) lit. a) DSGVO (consent), for all other cookies and tracking tools for statistical, analytical and promotional purposes. The consent also covers § 25 TTDSG. |
Contact details, surname, first name and any other personal data that a website visitor may send us when contacting us via our contact options. |
Art. 6 (1) lit. b) or lit. f) DSGVO, depending on whether the contact is made to initiate a contract or has another purpose. In the latter case, we have a legitimate interest in processing the request and, if necessary, answering it. |
|
People who contact us offline |
Contact details, surname, first name and any other personal data that a data subject may send us when contacting us via our offline contact options. |
Art. 6 (1) lit. b) or lit. f) DSGVO, depending on whether the contact is made to initiate a contract or has another purpose. In the latter case, we have a legitimate interest in processing the request and, if necessary, answering it. |
Business partners (natural persons) |
All personal data that are necessary for the implementation of the business relationship (ordering goods, setting up the customer account, etc.). Since the data is collected directly from the business partner, Art. 12 (4) DSGVO applies. |
Art. 6 (1) lit. b) DSGVO (fulfillment of the contract, implementation of pre-contractual measures required at the request of the data subject). |
Employees of the business partner (company) |
Business contact information of the employee, position in the company, business address. |
Art. 6 (1) lit. f) DSGVO (our legitimate interest in cooperating with the data subject's employer in the ordinary course of business). |
Applicant |
Application documents, as far as they are sent to us. |
§ 26 German Federal Data Protection Act in conjunction with Art.88 DSGVO. |
- Other legal bases and purposes of processing
In addition, we process personal data for the following purposes:
-
Fulfillment of a legal obligation (Art. 6 (1) lit. c) DSGVO)
-
Safeguarding our legitimate interests (Art. 6 (1) lit. f) DSGVO):
-
Fraud prevention
-
Risk Management
-
Marketing/advertising to the extent permitted by law
-
Group-internal data transfer in the context of project management, administration, etc.
-
Legal defense and enforcement of legal claims
-
Performance evaluation
-
- Duration of the processing of personal data
Personal data is deleted if it has fulfilled its intended purpose and if there are no retention obligations or retention rights that conflict with the deletion.
- Transfer to third parties and categories of recipients
We transmit the data of the respective data subjects to our service providers (e.g. if it is required for billing purposes or for shipping), to supervisory authorities, etc. Our service providers include in particular: IT, logistics, translators, lawyers, accounting, auditors, providers of data management systems and communication tools. With service providers who process personal data on our behalf, we have concluded a data processing agreement pursuant to Art. 28 of the GDPR.
Data is also disclosed if we are entitled or obliged to disclose data due to statutory provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
Insofar as your data is passed on to service providers to the extent necessary, they will only have access to your personal data to the extent necessary to fulfill their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the DSGVO.
Beyond the aforementioned circumstances, we generally do not transfer your data to third parties without your consent. In particular, we do not have any service providers or group companies in a third country outside the EU/EEA that has an insufficient level of data protection according to the EU Commission's assessment, except for the providers of cookies and tracking tools, which we explicitly name in our Cookie Policy.
- International data transfer
In the context of our business relationships, your personal data may be transferred to business partners in third countries. These may also be located outside the EU / European Economic Area (EEA), i.e. in third countries.
Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct in accordance with Chapter V of the GDPR. Please contact us if you would like to receive more detailed information on this.
- Rights of the data subjects and deletion of data
The applicable data protection law grants data subjects comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of their personal data, which we inform about below:
Right of access pursuant to Art. 15 DSGVO: In particular, data subjects have the right to obtain information about their personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom their data have been or will be disclosed, the intended storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of their data if it has not been collected by us from the data subjects, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing, as well as the right to be informed about the guarantees pursuant to Article 46 of the GDPR in case of onward transfer of their data to third countries;
Right to rectification pursuant to Art. 16 DSGVO: Data subjects have a right to immediate correction of incorrect data concerning them and/or completion of their incomplete data stored by us;
Right to erasure pursuant to Art. 17 of the GDPR: Data subjects have the right to request the erasure of their personal data if the conditions of Art. 17(1) DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
Right to restriction of processing pursuant to Art. 18 DSGVO: Data subjects have the right to request the restriction of the processing of their personal data as long as the accuracy of their data, which they dispute, is being verified, if data subjects object to the erasure of their data due to unlawful data processing and instead request the restriction of the processing of their data, if data subjects require their data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved, or if data subjects have lodged an objection on grounds relating to their particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
Right to information pursuant to Art. 19 GDPR: If data subjects have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning the data subject have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. The data subjects shall have the right to be informed about these recipients.
Right to data portability pursuant to Art. 20 DSGVO: Data subjects have the right to receive their personal data that they have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, where this is technically feasible;
Right to revoke consent granted pursuant to Art. 7 (3) DSGVO: Data subjects have the right to revoke consent to the processing of data, once given, at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
Right to lodge a complaint pursuant to Art. 77 GDPR: If data subjects consider that the processing of personal data concerning them infringes the GDPR, they have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in particular in the Member State of the respective residence, workplace or place of the alleged infringement.
RIGHT OF OBJECTION
INSOFAR AS WE PROCESS PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, USERS HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS ARISING FROM THEIR PARTICULAR SITUATION.
IF DATA SUBJECTS EXERCISE THEIR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, DATA SUBJECTS HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING THEM FOR THE PURPOSE OF SUCH MARKETING. DATA SUBJECTS MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF DATA SUBJECTS EXERCISE THEIR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
- Changes to the privacy policy
We reserve the right to change the privacy policy in order to adapt it to changed legal situations, or in the event of changes to the service as well as data processing. However, this only applies with regard to declarations on data processing. Insofar as consents of the data subjects are required or components of the data protection declaration contain regulations of the contractual relationship with the data subjects, the changes will only be made with the consent of the data subjects.
Data subjects are requested to inform themselves regularly about the content of the privacy policy.