By using our website, you agree to the collection, processing and use of data according to the following description. Our website can be used without the need for registration. In this case, data such as visited pages, names of downloaded files, dates and times are saved on our servers for statistical purposes without being linked to the specific user. Personal data such as name, address or email address is only collected voluntarily where possible. Your data will not be passed on to third parties without your permission.
Hosting and email dispatch
We use hosting services so we can provide the following services: infrastructure and platform services, computing capacity, storage space and data bank services, email dispatch, security services and technical maintenance services which we use to operate our online content.
We, or our hosting providers, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to the online content based on our entitled interests of providing this online content efficiently and securely in accordance with Art. 6 Par. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (completion of order processing contract).
Content-Delivery-Network from Amazon Web Services
We use a so called "Content Delivery Network" (CDN) provided by Amazon Web Services.
A CDN is a service with which online content, particularly large media files such as images or scripts can be delivered quickly with the help of regionally distributed servers which are connected to the internet. The processing of user data occurs only for the above-mentioned purposes and to ensure the security and functionality of the CDN.
The usage is based on our entitled interest, i.e. our interests in providing, analyzing and optimizing secure and efficient online content in accordance with Art. 6 Par. 1 lit. f. DSGVO.
In order to protect your data, the website operators use SSL-encryption. You can recognize connections that use this encryption by the prefix “https://” of the page address in the address bar of your browser. Unencrypted pages are marked with “http://”.
Various data that is transferred to this website – e.g. during enquiries or log in – cannot be read by third parties due to the SSL-encryption.
If you contact us (e.g. via contact form, email, telephone or social media), your data is processed according to the DSGVO Art. 6 Par. 1 lit. b) to process your contact request. User data may be stored in a Customer-Relationship-Management System ("CRM System") or comparable contact request system. We delete this data when it is no longer needed. We check which data is no longer needed every two years; legal archive duties also apply.
Data Protection during Application Processes
We process applicants’ data only for the purpose of and within the scope of the application process in accordance with the legal requirements. Applicants’ data is processed to fulfill our (pre)contractual obligation within the scope of the application process in accordance with Art. 6 Par. 1 lit. b. DSGVO Art. 6 Par. 1 lit. f. DSGVO in so far as data processing is required of us, e.g. in case of legal proceedings (for Germany § 26 BDSG also applies).
The application process presupposes that applicants provide us with their applicant data. If an online application form is available, the required applicant data is clearly marked. Otherwise, the required data is compiled from the application. The required data includes personal data, post and contact information and the documents required for the application, such as cover letter, curriculum vitae and certificates. In addition to this, applicants can voluntarily supply us with additional information.
If additional personal data is voluntarily shared during the application process in accordance with Art. 9 Par. 1 DSGVO, this data will be processed additionally in accordance with Art. 9 Par. 2 lit. b DSGVO (e.g. health data, disabilities or ethnicity). If additional categories of personal data are requested from applicants in the course of the application process in accordance with Art. 9 Par. 1 DSGVO, these will be processed additionally in accordance with Art. 9 Par. 2 lit. a DSGVO (e.g. health data if necessary for performing the occupation).
In addition, applicants can submit their application via email. In this case we wish to clarify that emails are not encrypted and that applicants must ensure encryption themselves. Therefore, we cannot assume responsibility for the transmission of the application from the sender to the delivery on our server and recommend that applicants use the online form or send their application by post, as postal applications remain an option in addition to online or email application.
The data that is provided by the applicant can be, in the case of subsequent employment, be further processed by us for the purpose of the employment relationship. If the application is not successful and does not result in subsequent employment, the applicant’s data will be deleted. The applicant’s data will also be deleted is the applicant revokes their application, which the applicant may do at any time.
The data is deleted, subject to the entitled repeal of the applicant, after a period of six months to allow for possible follow-up questions regarding the application and to meet obligations to produce proof as laid out in the General Act on Equal Treatment (Gleichbehandlungsgesetz). Receipts of compensation for any travel expenses will be archived according to tax guidelines.
With the following information we inform you about the contents of our newsletter as well as the registration, mailing and statistical evaluation procedure and your rights of revocation. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the subscriber or with legal permission. If the contents of the Newsletter are specifically described in the course of registration, they are decisive for the consent of the users. Apart from that, our newsletters contain information about our services and us.
Double opt-in and documentation: The registration for our newsletter is based on a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so no one else's email address can be used to register. The registrations for the newsletter are documented to be able to track the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the newsletter service provider are also documented.
To register for the newsletter, it is necessary to enter your e-mail address. Optionally, we ask you to enter a name for the purpose of personalisation in the newsletter.
Legal basis for documentation of the registration process: The protocol of the registration process is based on our legitimate interests in accordance with Art. 6 Para. 1 lit. f of the German Data Protection Regulation (GDPR). Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users and furthermore allows us to document consent.
Cancellation/revocation - You can cancel the subscription to our newsletter at any time, i.e. cancel your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may save unsubscribed email addresses for up to three years based on our legitimate interests before deleting them for newsletter sending purposes to be able to verify consent previously given. The processing of this data is limited to the purpose of a possible defence against claims.
An individual deletion request is possible at any time if the former existence of consent is confirmed at the same time.
Newsletter - service provider
The newsletter is sent by means of the newsletter service provider [inxmail, Wentzingerstr. 17, D-79106 Freiburg/GERMANY]. You can view the data protection provisions of the Newsletter service provider here: [https://www.inxmail.de/datenschutz].
We have concluded an order processing agreement with the newsletter service provider in accordance with Art. 28 Para. 3 S. 1 GDPR. The newsletter service provider is used based on our legitimate interests according to Art. 6 Para. 1 lit. f GDPR.
The newsletter service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. to technically optimise the mailing and presentation of the newsletter or for statistical purposes. However, the newsletter service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
Newsletter - performance tracking
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or if we use a newsletter service provider, from their server.
The following data is processed:
- When and which mailings has a subscriber received?
For each mailing, each start and end time is stored, as well as for each subscriber that they were contacted and whether the email was delivered. This log is kept for two years. If the mailing is deleted beforehand, the log is also deleted 30 days after deletion.
- When did the subscriber open which mailing?
This data is stored anonymously, but can be distinguished. However, it is then not possible to conclude on the subscriber data record due to the anonymised collection.
- When did the subscriber click on which link in which mailing?
In principle, Inxmail Professional stores every click on a tracked link, as well as every call-up of a tracked image (opening pixel). In particular, the following is recorded
o the date and time of the click
o the so-called user agent string of the browser/mail client from which the click was made
o which link from which mailing and which mailing was opened.
This data is stored anonymously but can be distinguished, which means that it is not possible to identify subscribers. If the subscriber is deleted from the system, neither the recipient data nor the click information can be identified.
This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their access locations (which can be determined with the help of the IP address) or the access times. The evaluations serve us to recognise the reading behaviour of our users and to adapt our content to them or to send different content according to the interests of our users.
Third-party content and services
We use content are services from third-party providers as part of our online content according to our entitled interests (i.e. interest in analysis, optimization and economic operation of our online content in accordance with art. 6 par. 1 lit. f. DSGVO) in order to incorporate their content and services, for example videos or fonts (hereafter referred to as “content”). This always implies that the third-party providers of this content register the IP-address of the user, as they need the IP-address to send the content to the user’s browser. Therefore, the IP-address is always necessary to display this content. We try to only use third-party content which only needs the IP-address to display. Third parties can also use so-called pixel tags (invisible images, also called web beacons) for statistical or marketing purposes. Pixel tags make it possible to analyze information such as visitor traffic on certain website pages. Pseudonym information can also be save das cookies on the user’s device and may contain technical information about the browser or operating system, visited websites, visiting times, as well as information about use of our online services, and may be connected to information from other sources.
This service or script is technically necessary.
Information on the processing of employee data in the event of reports in the whistleblowing system in accordance with Art. 13 GDPR
We, motan holding gmbh, are obliged under the German Whistleblower Protection Act (HinSchG) to set up and maintain an internal reporting centre in accordance with Sections 12-18 HinSchG.
The task of the internal reporting office is to operate so-called reporting channels through which employees and temporary workers assigned to the employer can contact the internal reporting offices to report information about violations.
These reports are then processed by the internal reporting centre in accordance with a legally prescribed procedure and, if necessary, follow-up measures are taken by the internal reporting centre. We welcome reports via our internal reporting centre, even if an external reporting centre (set up by the federal government or an authority) can of course also be contacted.
In the course of a report to our internal reporting centre, we may receive personal data about the person making the report or about a person whose personal data is processed in the course of the report. At this point, we provide the relevant information on how we process personal data in the course of processing reports submitted via the whistleblower system. According to Art. 4 No. 1 GDPR, this personal data includes all information that relates or can be related to the person of the whistleblower, in particular by means of assignment to an identifier such as a name or to an organisational or personnel number with which a person can be identified.
- The provision and establishment of an internal reporting centre is required by law. We therefore process personal data in the course of a report.
- The data is used for the purpose of processing the report, including for communication.
- We comply with data protection regulations such as purpose limitation, transparency and the principle of minimisation.
- We delete your personal data as soon as there is no longer a purpose for processing it.
If you have any questions, such as about your rights, please contact our data protection officer Mr Sven Lenz or our data protection coordinator.
Controller for the processing of your personal data
The controller for the collection, processing and use of your personal data is motan holding gmbh, Stromeyersdorfstraße 12, 78467 Konstanz, Germany.
The support and processing of the reports is carried out by our processor lawcode GmbH, Universitätsstraße 3, 56070 Koblenz, with whom we have concluded corresponding contracts.
Personal information and personal data
We collect and process information in digital form when a report is submitted in the whistleblowing system. We collect, process and use your personal data exclusively for the purpose of processing and documenting reports. Your data will only be processed for purposes other than those mentioned if such processing is permitted under Art. 6 (4) GDPR and is compatible with the original purposes. We will inform you of this before processing your data in this way.
Data and purposes:
Note: it is possible to report anonymously, so it is not mandatory to provide a name.
- All personal data disclosed in the description or in the course of processing (possibly also sensitive data such as health data or personal data of a person in the course of the report) - Purpose: Processing and verification of the report.
- First name and surname of whistleblower - Purpose: Verification and for contact
- Email address - Purpose: Communication and exchange
- Telephone number - Purpose: Communication and exchange
- Whistleblower address - Purpose: Verification and for contact
- Indication of informant, whether employed person
- Files such as text content / document content / images / voice message content (voice distorted) - Purpose: Processing and verification of the message
- Minutes and transcripts of face-to-face meetings or web meetings that may contain personal data. - Purpose: Processing and proof of the report
- Recording of audio or video recordings - Purpose: Processing and verifiability (only with consent)
Legal basis for the processing of your personal data
We process your personal data in accordance with Art. 6 para. 1 lit. c GDPR (processing is necessary to fulfil a legal obligation) and use the electronic whistleblower system on the basis of Art. 6 para. 1 lit. f GDPR (the legitimate interest and implementation of a confidential, secure and, if possible, barrier-free reporting system both on the part of the person responsible, i.e. motan holding gmbh, and on the part of the employees).
According to § 10 HinSchG, the processing of special categories of personal data by a reporting office is permitted if this is necessary for the fulfilment of its tasks. In this case, the reporting centre must take specific and appropriate measures to protect the interests of the data subject; Section 22 (2) sentence 2 of the Federal Data Protection Act applies accordingly.
The storage of a detailed recording of a meeting as well as a non-anonymised audio recording of the conversation is only carried out with the consent of the data subject in accordance with Art. 6 para. 1 lit a) GDPR.
Transmission of your personal data
Your personal data will only be transmitted or disclosed to external bodies to the extent that this is required by law.
Wherever possible, data will only be passed on in an anonymous form. However, it may also be necessary or required by law for personal data to be disclosed.
This may be the case:
- To a processing internal office or department
- To an external reporting centre
- To authorities
Duration of storage
The documentation of reports is deleted three years after completion of the procedure. The documentation may be stored for longer in order to fulfil the requirements of the HinSchG or other legal provisions, as long as this is necessary and proportionate.
Your data protection rights - rights of data subjects
You have the right to obtain information from us about the data we process about you (Art. 15 GDPR). You can also request that we correct incorrect personal data about you (Art. 16 GDPR). If applicable, you can request that the personal data processed about you be erased (Art. 17 GDPR) or that the processing be restricted (Art. 18 GDPR). In certain cases, you also have the right to data portability (Art. 20 GDPR). Under certain circumstances, you can also object to the processing (Art. 21 GDPR).
If you have any questions about your rights and how to exercise your rights, please contact the data protection officer Mr Sven Lenz at email@example.com.
You can also obtain extracts or copies to exercise your right to information. Where provided for in the processing procedures, you can also view your data yourself and correct it if necessary.
Complaints about the processing of your personal data
If you have any concerns or questions about the processing of your personal data and information, you can contact the Data Protection Coordinator or the Data Protection Officer Mr Lenz using the contact details below. You can also contact a supervisory authority for data protection.
Data protection law firm Lenz GmbH & Co. KG
Bahnhofstraße 50, D-87435 Kempten
Telephone: +49 831 930653-00