This privacy notice is intended to inform users of this website as to the nature, extent and purpose of the collection and use of personal data by the website operator, M&N Datenverarbeitung Informationssysteme GmbH (M&N DVI GmbH).
We take data protection seriously and treat your personal data confidentially, in compliance with the statutory provisions of the General Data Protection Regulation (GDPR) and the newly revised German Federal Data Protection Act (BDSG), as well as this privacy notice. As new technologies and the ongoing enhancement of this website may result in amendments being made to this privacy notice, we recommend that you consult the privacy notice at regular intervals.
Definition of terms
The M&N DVI GmbH privacy notice is based on terminology used at the time the General Data Protection Regulation was passed. Definitions of the terms can be found in Article 4 GDPR.
Name, address and contact details of the controller
The controller within the meaning of the General Data Protection Regulation is:
M&N Datenverarbeitung Informationssysteme GmbH
Neue Ramtelstrasse 4/3
Data protection officer
A data protection officer is not legally required under the terms of Section 38 BDSG. All data protection matters at our company are handled by Mr Jürgen Laurich (Dipl.-Kfm.), who can be reached at the aforementioned contact details.
Collection and processing of personal data
It is possible to use this website without divulging any personal data. To the extent that personal data, such as those contained in the contact form, are processed this will always occur on the basis of information voluntarily provided. These data will not be forwarded to third parties without your express consent.
When you visit our website, data on such visits to the website will be collected based on our legitimate interest (Point (f) of Article 6(1) GDPR). The following data are documented:
- Website page visited
- Time the website is accessed
- Volume of transmitted data in bytes
- Source/link used to access our site
- Browser used
- Operating system used
- IP address used
The server log files are stored for no more than seven (7) days and are then erased. The storage of data occurs for security reasons, e.g. in order to resolve any cases of abuse. Should the data need to be retained as evidence, they will be exempt from being erased until the incident has been resolved once and for all. Data are anonymised to prevent any personal association with you.
We process the aforementioned data for the following purposes:
- To ensure that the connection to the website is smooth
- To ensure comfortable use of our website
- To evaluate system security and stability
- For administrative purposes
Should we become aware of specific evidence of any illicit use, we reserve the right to review the data.
Contacting us via our website
You have the option of contacting us via a form we have made available on our website. In order to respond to inquiries, we require a title, first and last name, e-mail address and optionally a phone number.
The processing of data for the purpose of contacting us always occurs on the basis of your voluntary consent, pursuant to Point (a) of Article 6(1)(1) GDPR.
The personal data that we collect when you use our contact form are automatically erased once your query or inquiry has been resolved.
Disclosure of your data
Your personal data are not transferred to third parties for any other purposes than those defined below. We only forward your personal data to third parties if
- you expressly consent to our doing so pursuant to Point (a) of Article 6(1)(1) GDPR;
- the forwarding of such data is required pursuant to Point (f) of Article 6(1)(1) GDPR in order to establish, exercise or defend legal claims and no grounds exist to assume that you have an overriding legitimate interest in your data not being forwarded;
- in the event that a legal obligation exists to forward the data pursuant to Point (c) of Article 6(1)(1) GDPR;
- this is lawful and that, pursuant to Point (b) of Article 6(1)(1) GDPR, it is necessary for the performance of a contract concluded with you.
Data protection for job applicants
The controller collects and processes personal data concerning job applicants for the purpose of carrying out the application process. The processing may occur electronically. This is especially the case if an applicant transmits the corresponding application documents to the controller by electronic means, e.g. via e-mail or our contact form. In the event that the controller should conclude a contract of employment with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with the statutory provisions. Should the controller not conclude a contract of employment with an applicant, the application documents will be erased automatically two (2) months after the notice of rejection has been issued, provided that the erasure of such data does not conflict with any other legitimate interests on the part of the controller. In this context, other legitimate interests can, for example, refer to any burden of proof required in court proceedings under the General Act on Equal Treatment (AGG).
Rights of the data subject
As the data subject, the effective GDPR grants you comprehensive rights in your dealings with the controller (right of access to information, to rectification, erasure, restriction, data portability, to withdraw consent and to lodge a complaint), as outlined below:
- Pursuant to Article 15 GDPR, you have the right to obtain access to the personal data concerning you that are processed by us. In particular, you may obtain access to information concerning the purposes of the processing; the categories of personal data concerned; the categories of recipient to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored; the existence of the right to request the rectification or erasure of personal data or the restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint; where the personal data are not collected by us, information as to the source of the data; and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the details concerned.
- Pursuant to Article 16 GDPR, you have the right to obtain, without undue delay, the rectification of inaccurate personal data saved by us concerning you or to have incomplete personal data completed.
- Pursuant to Article 17 GDPR, you have the right to obtain the erasure of personal data saved by us concerning you provided that the processing is not required for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims.
- Pursuant to Article 18 GDPR, you have the right to obtain from us the restriction of processing of your personal data if and to the extent that the accuracy of the personal data is contested by you; if the processing is unlawful but you oppose the erasure of the personal data; and if we no longer need them but you require the data for the establishment, exercise or defence of legal claims; or if you have objected to the processing pursuant to Article 21 GDPR.
- Pursuant to Article 20 GDPR, you have the right to require that we make your personal data available to you in a structured, commonly used and machine-readable format or that we transmit such data to another controller.
- Pursuant to Article 7(3) GDPR, you have the right to withdraw your consent at any time. This will result in our ceasing, in the future, to process the data for which you gave us your consent.
- Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. As a rule, you can contact the supervisory authority responsible for your habitual residence, your place of work, or our registered office.
Right to object
Provided that your personal data are processed on the basis of legitimate interests pursuant to Point (f) of Article 6(1)(1) GDPR, you have the right, pursuant to Article 21 GDPR, to object to your personal data being processed, provided that there are grounds to do so in your particular situation or the objection relates to direct marketing. In the latter case, you have a general right to object, which we will implement without you needing to specify a particular situation.
Should you wish to exercise your right to object or to withdraw your consent, simply send a corresponding e-mail to info(at)mun-dvi.de
Our website uses the widespread SSL (Secure Socket Layer) system together with the highest possible encryption level supported by your browser. This is typically 256-bit encryption. Should your bowser not support 256-bit encryption, we will revert to 128-bit v3 technology instead. You can see which encrypted transfer our website uses by the key or lock icon displayed in the address bar of your browser.
We also employ appropriate technical and organisational security measures in order to protect your data from accidental or intentional manipulation, partial or full loss, destruction, or unauthorised third-party access. Our security measures are enhanced on an ongoing basis in keeping with technological changes.
Current version of this privacy notice and amendments
This privacy notice represents the currently valid version as of May 2018.
Enhancements or the further development of our website and the offers provided there, or changes in legislation and/or regulations may make it necessary for us to amend this privacy notice. The most recent, valid privacy notice, as amended from time to time, can be retrieved at www.medas-info.de/en/data-protection/ and printed.