Privacy Statement

1. Introduction

The following information is intended to give you, as a data subject, an overview of the processing of your personalized data by us and your rights originating from current data protection regulation. It is generally possible to use or websites without entering personal data. Should you want to use particular services of our company via our websites, the processing of personal data might be required. If the processing of personal data is required and if there are no legal grounds for such processing, we generally ask for your consent.

The processing of personal data, for example your name, address or e-mail address, is always done in accordance with the General Data Protection Regulation (GDPR) and consistent with the country-specific data protection regulations applicable to proMX GmbH. With this privacy statement, we want to inform you about the scope and purpose of the personal data collected, used and processed by us.

As the controller responsible for processing, we have implemented numerous technical and organizational measures to ensure as complete a protection of the personal data processed via this website as possible. However, since internet based data transfer may always include security gaps, absolute protection cannot be guaranteed. It is for this reason that you are free to transfer your personal data to us through alternative means, for example by phone or mail.

2. Controller

Controller in accordance with GDPR:

proMX GmbH, Nordring 100, 90409 Nuremberg, Germany
Phone: +49 911 815230
E-mail: Kontakt@proMX.net
Web: www.proMX.net

Manager of the controller: Peter Linke

3. Data Protection Officer

Your contact person regarding data protection issues:

Frank Sommerfeld
Actus-IT, Obere Str. 28a, 32108 Bad Salzuflen
Phone: +49 5222 921315
E-mail: info@actus-IT.de

4. Definitions

This privacy statement is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy statement should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this privacy statement, we use, inter alia, the following terms:

Personal Data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject
Data subject means an identified or identifiable natural person whose personal data is processed by the controller of data (our company).

Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of Processing
Restriction of Processing means the marking of stored personal data with the aim of limiting their processing in the future.

Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third Party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.

Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR.

This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if you are a client of our company. (Recital 47 Sentence 2 GDPR).

6. Cookies

6.1 General information about cookies

We use cookies on our website. Cookies are small files which your browser generates automatically and which are stored on your IT system (laptop, tablet, smartphone or the like) when you visit our website. Cookies do not cause any damage to your device, and do not contain any viruses, trojans or other malware.

Information is stored in the cookie which arises in connection with the specific device used. This does not, however, mean that we obtain direct knowledge of your identity.

We use cookies to make our website user-friendlier. For instance, we use so-called session cookies to detect that you have visited individual pages of our website before. These are automatically erased after you leave our site.

To optimize usability, we also use temporary cookies, which are stored on your device for a defined period of time. When you visit our site again to use our services, it is automatically detected that you have visited before and which settings you make so that you do not have to enter them again.

We also use cookies to record usage statistics of our website and to analyze these in order to improve our services for you. These cookies enable us to automatically recognize a return visit to our site. These cookies are automatically deleted after an individually defined time period.

The data processed by cookies is necessary for the purposes mentioned in order to safeguard our legitimate interests and the interests of third parties under Art. 6(1) sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your computer or that a notification always appears before a new cookie is created. As a result of completely disabling cookies, you may not use all functions of our website.

7. Content of our website

7.1 Registration as a user

You can register on our website with your personal data.

Which personal data is transmitted to us is arises out of the specific entry mask used for registration. The personal data entered by you is collected and stored exclusively for internal use and for internal purposes. We may instigate disclosure to one or more processors, such as a package service provider, who will also only use the personal data for internal use attributable to us.

By registering on our website, the IP address assigned by your Internet service provider (ISP), the date and the time of the registration are stored. This data is stored against the backdrop that this is the only way to prevent misuse of our services, and that this data makes it possible, where required, to investigate any crimes committed. The storage of this data is necessary in this regard for our protection. No disclosure of this data is made to third parties, unless there is a legal obligation for disclosure or if disclosure serves criminal prosecution.

Your registration by entering personal data on a voluntary basis helps us to offer certain content or services that may only be offered to registered users owing to the nature of the issues involved. Registered persons may change the personal data used to register at any time or have it deleted entirely from our database.

Upon your request, we will tell you at any time which of your personal data we have stored. We will also correct or delete personal data on request unless there are statutory storage obligations. The data protection officer named in this privacy statement and all other employees are available as contact persons to the data subject in this regard.

The processing of data is done to in the interest of a comfortable and easy use of our website. This constitutes a legitimate interest according to Art. 6(1) sentence 1 lit. f GDPR.

7.2 Data processing when opening a customer account and for contract processing

In accordance with Art. 6(1) lit. a GDPR personal data is collected and processed when you inform us of it to execute a contract or open a customer account. Which data is collected is clear from the entry forms in question. Deletion of your customer account is possible at any time and can be ordered via a message to the address of the controller named above. We store and process the data provided by you for the purpose of contract execution. We store and use the data you provided for contract processing. After a contract has been completely processed or a customer account deleted, your data is deleted considering commercial and tax law obligations to retain data and following the expiry of these deadlines, unless you explicitly consented to the continued use of your data or we have retained legal continued data use, of which we inform you below.

7.3 Conclusion of contract for online shop, trader and commercial shipment

We transmit personal data to third parties only when it is necessary within the framework of contract processing, for example to companies tasked with delivering the goods or the credit institute charged with payment processing. No further transfer of the data takes place or other than in cases in which you have expressly consented to such a transfer. Your personal data is not transferred to third parties, for instance for purposes of advertising, without your express consent.

The legal basis for the processing of data is Art. 6(1) lit. b of the GDPR, which permits the processing of data for the performance of a contract or prior to entering into a contract.

7.4 Application management / Job portal

We collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents to us by e-mail or through a web form on the website. If we conclude an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant, the application documents shall be automatically erased six months after notification of the refusal decision, provided that no other legitimate interests of ours are opposed to the erasure. Other legitimate interest in this relation is, e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG).

Data processing is made solely on the basis of our legitimate interest according to Art. 6(1) lit. f GDPR.

7.5 Contacting / Contact form

When you contact us (e.g. via contact form or e-mail) we collect personal data. Which data is stored when contacting us via a contact form is evident from the contact form in question. The data is stored and used only for the purpose of answering your request or to contact you and the technical administration therein involved. Legal ground for processing your data is our legitimate interest in answering your request pursuant to Art. 6(1) lit. f GDPR. If you contact us with the objective of forming a contract, the additional legal ground for processing is Art. 6(1) lit. b GDPR. Your data is deleted once your request has conclusively been answered, which is the case if it can be derived from the circumstances that the issue in question has been conclusively resolved with and where there are no legal obligations to retain data.

7.6 Facebook Connect

You recognize the social plug-ins of „Facebook Content“ on our website by the blue button with the Facebook logo and the label “Sign-in with Facebook” or “Connect with Facebook” or “Log in with Facebook”.

If you visit a page on our website which contains such a plug-in, your browser creates a direct connection to the servers of Facebook. The content of the plug-in is transferred directly from Facebook to your browser and integrated into the page. Through this integration, Facebook obtains the information that your browser has called up the relevant page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is directly transmitted by your browser to a server of Facebook in the USA and stored there. These data processing operations are made pursuant to Art. 6(1) lit. f GDPR on the grounds of a legitimate interest of Facebook in displaying personalized advertising on the basis of the surfing behavior.

By using these „Facebook Connect“ buttons on our website, you can also log into or register for the Facebook website with your Facebook user data. Only when you give your express consent pursuant to Art. 6(1) lit. a GDPR prior to the signing-in on the basis of a corresponding note the exchange of data with Facebook, do we obtain, dependent on your personal data protection settings at Facebook, the general and publicly accessible information stored in your profile when you use the “Facebook Connect” button. This information includes user ID, name, profile picture, age and sex.

We point out that as a consequence of changes to the data protection conditions and user conditions of Facebook, it may come to a transferring of profile pictures, user ID of your friends, and the list of friends upon granting consent if these are set to “public in Facebook”. The data transmitted by Facebook is stored and processed by us for the setting up of a customer account with the necessary data if those have been shared by you on Facebook for this purpose (salutation, first name, last name, address data, country, e-mail address, date of birth).  Conversely, on the basis of you consent, data (e.g. information about your surfing or buying behavior) can be transmitted by us to your Facebook profile.

The consent granted can be withdrawn at any time via a message to the controller mention at the beginning of this statement.

Facebook Inc., located in the USA, is certified for the US-EU data protection agreement “Privacy Shield”, which ensures adherence to the data protection level applicable in the EU.

Please refer to Facebook’s privacy statements for purpose and scope of its data collection and its further processing and use of data by Facebook and your rights in this regard and setting options to protect your privacy at https://www.facebook.com/policy.php.

If you do not want Facebook to allocate the collected data via our website to your Facebook profile, you must log out of Facebook before visiting our website.  You can completely avoid the loading of the Facebook plug-in through add-ons for your browser, e.g. with “Adblock Plus” (https://adblockplus.org/).

8. Newsletters

8.1 Newsletters to existing customers

If you provided us with your e-mail address when buying goods or services, we retain the right to regularly send you offers for similar goods or services we offer, similar to the ones you have already bought, via e-mail. According to Art. 7(3) UWG no separate consent is required for this purpose. The sole legal basis for the data processing is thus our legitimate interest in personalized direct marketing pursuant to Art. 6(1) lit f. GDPR. If you initially objected to the use of your e-mail address for this purpose, there will be no mailing done by us. You are entitled to revoke the use of your e-mail address for the aforementioned marketing purpose with effect for the future at any time by sending a message to the controller mentioned above. This only occurs transmission costs according to the basic rates. Upon receipt of your objection, we immediately cease the use of your e-mail address for marketing purposes.

8.2 Advertising newsletter

On our website you have the option to subscribe to our company’s newsletter. Which personal data is transferred to us when subscribing to the newsletter is evident from the entry mask used.

We inform our customers and partners in regular intervals via newsletter about our offers. Our company’s newsletter can generally be received by you, if you have a valid e-mail address and signed up for the newsletter.

When signing up for the newsletter, we also store the IP address of the IT system used at the time of sign-up issued by your internet service provider (ISP) and the date and time of your registration. The registration of this data is necessary to retrace the (possible) abuse of your e-mail address at a later date and thus serves as legal protection.

The personal data collected while signing up for the newsletter is only used to send the newsletter. Further, subscribers to the newsletter may be informed via e-mail insofar as this is necessary for the operation of the newsletter service or if a registration concerning this matter is necessary, which may happen in case of changes to the newsletter offering or changes to the technical circumstances. Personal data collected in connection with the newsletter service is not passed on to third parties. You can cancel your subscription to our newsletter at any time. You can revoke your consent to the storing of personal data which you granted us for sending the newsletter at any time. You find a link in each newsletter to revoke consent. You can also unsubscribe from our newsletter directly on our website or inform us in another way.

The legal basis for data processing for the purpose of sending newsletters is Art. 6 (1) Section 1 lit. a of the GDPR.

9 Web Analytics

9.1 Google Analytics

Our websites use Google analytics, a web analytics tool of Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereafter “Google”). In this context, pseudonymized user profiles are created and cookies are used (see section 4). Information generated by the cookie about your use of this website, such as

·         type/version of browser,

·         operating system in use

·         referrer URL (the site visited prior),

·         host name of the accessing computer (IP address),

·         time of the server request

are transmitted to a Google server in the USA and stored there. The information is used to analyze use of the website, to compile reports about website activity and to provide other services concerning use of the website and of the internet for the purpose of market research and demand-oriented design of these websites. This information may be transferred to third parties if it is legally required or if the third party processes this information on our behalf. Your IP address will in no event be associated with other data held by Google. IP addresses are anonymized so that an associating is not possible (IP masking).

You can prevent the setting of cookies through appropriate settings of your browser. However, we point out that in this case you may not be able to use all functions of this website fully.

We use Google Analytics in the interest of optimizing and providing a demand-oriented design of our website. This represents a legitimate interest according to Art. 6(1) lit f GDPR.

Additionally, you can prevent registration of the data generated by cookies concerning your use of this website (including your IP address) as well as processing by Google by downloading and installing a browser plug-in (http://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, you can also prevent registration by Google Analytics, in particular in browsers for mobile devices, by clicking the following link: Deactivate Google Analytics. It sets an opt-out cookie which prevents future registration of your data when visiting the website. The opt-out cookie only applies to this browser and only for our website and will be filed on your device. If you delete the cookies in this browser, you have to set the opt-out cookie again.

You can find further information about data protection concerning Google Analytics at Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

You can also object to interest-based advertising by Google. To do so, you have to call up the link www.google.com/settings/ads in every internet browser you use and make the desired settings.

Such analysis is made in particular pursuant to Art. 6(1) lit. f GDPR on the basis of our legitimate interest in the displaying of personalized advertising, market research and/or the demand-oriented design of our website.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/

10. Your rights as a data subject

10.1 Right of access Art. 15 GDPR

You have the right to obtain from us free information about personal data stored about you and a copy of this information.

10.2 Right to rectification Art. 16 GDPR

You have the right to obtain the rectification of inaccurate personal data concerning you. Further the concerned person has the right, taking into account the purposes of processing, to have incomplete personal data completed.

10.3 Right to Erasure Art. 17 GDPR

You have the right to obtain from us the erasure of your personal data without undue delay, as long as one of the statutory grounds applies and the processing is not necessary.

10.4 Right of restriction of processing Art. 18 GDPR

You have the right to obtain from us the restriction of processing if one of the statutory requirements applies.

10.5 Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which was provided to us by you, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, as long as the processing is based on consent pursuant to Art. 6(1) lit. a GDPR or Art. 9(2) lit. a GDPR or on a contract pursuant to Art. 6(1) lit. b GDPR and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out by the public interest or in the exercise of official authority vested in us.

Furthermore, in exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedom of others.

10.6 Objection Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on Art. 6(1) lit. e (data processing carried out in the public interest) or f (data processing based on balancing of interests) GDPR.

This also applies to profiling based on these provisions according to Art. 4(4) GDPR.

In the event of objection, we shall no longer process your personal data, unless we can demonstrate compelling legitimate ground for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

In individual cases, we process personal data for direct marketing purposes. You have the right to object at any time to processing of personal data for such marketing. This also applies to profiling to the extent that it is related to such marketing. If you object to us to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right on grounds relating to your particular situation, to object of personal data concerning you by us for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

You are free in the context of the use of information society services, and notwithstanding Directive 2002/58/ED, to use your right to object by automated means using technical specifications.

10.7 Right to withdraw data protection consent

You have the right to withdraw your consent to processing of personal data with effect for the future.

10.8 Complaint to a regulatory authority

You have the right to lodge a complaint to a regulatory authority responsible for data protection about our processing of personal data.

11. Routine storage, erasure and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of storage, or as far as this is granted in laws or regulations to which our company is subject.

If the storage purpose is not applicable, or if a prescribed storage period expires, the personal data are routinely blocked or erased in accordance with legal requirements.

12. Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

13. Validity and changes of this data protection statement

This privacy statement is currently valid and is the version as per May 2018.

The further development of our websites and services or changes in statutory or official requirements may make it necessary to amend this privacy statement. You can retrieve and print out the currently valid data protection privacy statement at any time on the website at www.proMX.net.

Please note: This text was translated into English. In case of any discrepancies between texts, the German language text shall prevail.