Privacy policy

We at MLL Münchner Leukämielabor GmbH provide a website that can be reached at www.mll.com. MLL Münchner Leukämielabor GmbH and the Munich Hematol-ogy Practice process personal data in connection with the website and managing applications.

The management team at Münchner Leukämielabor GmbH takes data privacy very seriously. We only process personal data in a manner that complies with the appli-cable data protection requirements, in particular those set out in the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act [Bun-desdatenschutzgesetz, BDSG]. You generally do not need to provide any personal information to use the Münchner Leukämielabor website. However, if you wish to use our website to access the company's special services, the processing of personal data may be required. If personal data processing is required and there is no legal basis for this processing, we generally ask for consent from the affected party.

Personal information, for example your name, address, e-mail address or telephone number, is always processed in accordance with the General Data Protection Regulation (pursuant to Article 4(1) EU GDPR) and in compliance with the domestic data privacy laws applicable to Münchner Leukämielabor GmbH (Sec. 46 BDSG-new). We are publishing our data privacy policy to inform the public about the nature, scope and purpose of the personal data collected, used and processed by us. Furthermore, we also inform you of your rights under this data privacy policy.

Münchner Leukämielabor GmbH, as the controller, has implemented numerous technical and organizational measures to ensure the most complete protection of all personal data processed via this website. Nevertheless, transmitting data via the internet can be insecure, so we cannot guarantee absolute protection. For this rea-son, every data subject is free to submit her or his personal information to us by other means, such as by telephone.

Section A of this privacy policy contains information about the controller responsible for the processing of your personal data and the data protection officer of the controller.

Section B provides information about the processing of your personal data.

Section C contains detailed information about the use of cookies and comparable technologies.

Section D provides information about your rights in relation to the processing of your personal data.

The technical terms relating to data protection that are featured in this privacy policy take their meaning from the General Data Protection Regulation. More de-tailed information is available in Section E.

A. Information about the controller

I.    Name and contact details of the controller

Responsible for the operation of the website www.mll.com:
MLL Münchner Leukämielabor GmbH
Max-Lebsche-Platz 31
D-81377 München
Email: info@mll.com
Tel: +49 (0)89 99017-0

Responsible for managing applications and the online application form:
Münchner Hämatologie Praxis
Max-Lebsche-Platz 31
D-81377 München
Email: info@mll.com
Tel: +49 (0)89 99017-0

II.    Contact details of the data protection officer of the controller

Dr. med. Christian Dornes
MLL Münchner Leukämielabor GmbH
Max-Lebsche-Platz 31
D-81377 München
Email: christian.dornes@mll.com
Tel.: +49 (0)89 99017-170

B. Information about the processing of personal data

I. Use of the website for information purposes

When using the website purely for information purposes, certain information (such as your IP address) is sent for technical reasons to the server of our website by the browser used on your device. We process this information to make the website content you have requested available.

In order to ensure the security of the IT infrastructure used to provide the website, this information is also stored temporarily in what is known as a web server log file.

In order to provide the search functionality on our website, data that you enter into our search tools is temporarily processed on our web server.

In order to provide the functionality for managing cookie consent for the website, data from cookies that are strictly necessary (Section C) is temporarily processed on our web server to determine whether you have already given your consent when you revisit the website.

More detailed information is available below:

1. Details about the personal data processed

Categories of personal data processedPersonal data included in the categoriesSources of the dataObligation to provide the dataRetention period
HTTP data.

Protocol data generated for technical rea-sons when accessing the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)).

 

This includes the IP address, type and ver-sion of your internet browser, the operat-ing system used, the page accessed, the previously visited page (referrer URL), and the date and time of access.

 

 

Website users.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the data is not made available, we cannot make the requested website content available.

 

Data is stored for a maximum period of 7 days in server log files in a form that allows for the identification of data subjects, un-less a security-related incident occurs (e.g., a DDoS attack).

 

In the event of a security-related incident, server log files are stored until the security-related incident is eliminated and com-pletely resolved.

 

 

Search tool data.

Data that you enter into the search tools on our website.
This includes all the information that you enter as search terms in the relevant search form on the website.

 

Website users.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

If the data is not made available, we cannot provide the requested website functionality.

 

We process this data only briefly while the website is being used.

 

Once you give your consent to web analysis (see Section B.II in this regard), search terms are also entered into the “Matomo HTTP data” and thus into the web analysis.

 

Opt-in data.

Data that you make available for managing cookie consent for this website and data assigned to your device when using the functionality for managing cookie consent.

 

This includes your consent and, if applicable, your individual selection regarding the use of cookies on your device.

 

(We use cookies that are strictly necessary in order to manage cookie consent. More detailed information about the content of the cookies used is available in Section C.III.)

 

Website users.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the data is not made available, we cannot take any consent to the use of cookies on this website into account.

 

 

Name of the cookie: cookie_consent

 

The cookies used for managing cookie consent are stored on the user’s device. Information about the validity period of the cookies used is available in Section C.III.)

 

 

 

2. Details about the processing of personal data

Purpose of the processing of personal dataCategories of per-sonal data processedAutomated decision-makingLegal basis and, if applicable, legitimate interestsRecipient

To make the website content requested by the user available:

 

To this end, data is temporarily processed on our web server.

 

HTTP dataNo automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to make the website content requested by the user available.

 

Hosting provider.

To make the website content requested by the user available:

 

To this end, data is temporarily processed on our web server.

 

To provide the search functionality on our website:

 

To this end, data that you enter into our search tools is temporarily processed on our web server.

 

Search tool data.No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to provide the search tools accessed by the user on the website.

 

Hosting provider.

To provide the functionality for managing cookie consent for the website and to document cookie consent:

 

When you revisit the website, we determine whether you have already given your consent and enable cookies together with related analysis and tracking tools in accordance with the consent you have given.

 

(To this end, data from cookies that are strictly necessary is also processed temporarily on our web server. More detailed information about the content and purposes of the cookies used is available in Section C.III.)

 

Otp-in data.No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to manage the consent given by the user to the use of cookies for this website.

 

Hosting provider.

To ensure the security of the IT infrastructure used to provide the website, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks):

 

To this end, data is temporarily stored and ana-lyzed in log files on our web server.

 

HTTP data,


Search tool data.

 

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to ensure the security of the IT infrastructure used to provide the web-site, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks).

 

Hosting provider.

 

3. Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations

RecipientRole of the recipientRegistered office of the recipientAdequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations

Hosting provider.

 

 

currently: datamints GmbH,
Im Thal 1, 82377 Penzberg, Germany

 

and its subcontractor:
Hetzner Online GmbH, Industri-estr. 25, 91710 Gunzenhausen, Germany)

 

Processor.EU.-

 

II. Use of web analysis technologies

If you give us your consent to do so, we use web analysis technologies to record and analyze usage patterns on our website in order to improve the website and better achieve website goals (e.g., increasing page views).

Your consent to this web analysis remains valid for 12 months. After this time, no further web analysis will take place unless you renew your consent. Naturally, you have the option of withdrawing your consent at any earlier time under “Data protection and cookie settings” (or by deleting the “opt-in cookies”).

For this purpose, we make use of cookies (Section C).

More detailed information is available below:

 

1. Details about the personal data processed
Categories of personal data processedPersonal data included in the cat-egoriesSources of the dataObligation to provide the dataRetention period
Matomo HTTP data.

Protocol data generated for tech-nical reasons when using the web analysis tool Matomo used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)).

 

This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the pre-viously visited page (referrer URL), and the date and time of access.

 

Website users.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the data is not made available, we cannot carry out web analysis using Matomo.

 

IP anonymization is activated on this website for the use of the web analysis tool Matomo. This means that the IP address transmitted by the browser for technical reasons is anonymized prior to storage by truncating the IP address (by de-leting the last octet of the IP ad-dress).

 

We store the remaining data for 12 months.

 

Matomo device data.

Data assigned to your device by the web analysis tool Matomo.

 

This includes a unique ID for recognizing repeat visitors.

 

(We use cookies in connection with the web analysis tool Matomo. More detailed information about the content of the cookies used is available in Section C.III.)

 

Website users.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the data is not made available, we cannot carry out web analysis using Matomo.

 

We process this data only for a short time for the duration of the use of the website.

 

(The cookies used in connection with the web analysis tool Matomo are stored on the user’s device. Information about the validity pe-riod of the cookies used is availa-ble in Section C.III.)

 

Matomo profile data.

Data generated by the web analy-sis tool Matomo and stored in pseudonymous usage profiles.

 

This includes information about the use of the website, in particu-lar page views, frequency of visits, and duration of visits to pages, that is attributed to the respective us-er’s unique visitor ID contained in the Matomo device data.

 

Independently generated.-We store the remaining data for 12 months.

 

2. Details about the processing of personal data
Purpose of the processing of personal data

Categories of personal data processed

Automated decision-making

Legal basis and, if applicable, legitimate interests

Recipient

To improve the website and bet-ter achieve website goals (e.g., increasing page views).

 

To this end, the behavior of users on our website is recorded and analyzed in pseudonymized form. Website users are marked in pseudonymous form so that they can be recognized on the web-site. Pseudonymous usage pro-files are created from this infor-mation. The pseudonymous usage profiles are not merged with data about the person behind the pseudonym.

 

The aim of the procedure is to investigate where users come from, which areas of the website are visited, and how often and for how long which subpages and categories are viewed.

 

To this end, we make use of the web analysis tool Matomo pro-vided by Innocraft.

 

(To this end, data from cookies is also processed temporarily on our web server. More detailed information about the content and purposes of the cookies used is available in Section C.III.)

 

Matomo HTTP data,


Matomo device data,


Matomo profile data.

 

No automated decision-making takes place.

Article 6(1)(a) of the General Da-ta Protection Regulation (con-sent).

 

Your consent to this web analysis remains valid for 12 months. Af-ter this time, no further web analysis will take place unless you renew your consent. Naturally, you have the option of withdraw-ing your consent at any earlier time under “Data protection and cookie settings” (or by deleting the “opt-in cookies”).

 

Hosting provider.

 

3. Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient

Role of the recipient

Registered office of the recipient

Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations

Matomo

Hosting provider.

 

(currently: datamints GmbH,
Im Thal 1, 82377 Penzberg, Germany

 

and its subcontractor:
Hetzner Online GmbH, Indus-triestr. 25, 91710 Gunzen-hausen, Germany)

 

Processor.EU.-

 

III. Use of the personalized email newsletter

We offer you the opportunity on the website to subscribe to our personalized email newsletter. When subscribing to our newsletter, certain information (such as your email address) is collected. We process this information to confirm your subscription and provide the personalized email newsletter. We also store this in-formation for evidentiary purposes in order to establish, exercise, or defend any legal claims.

When using the form on the website for subscribing to and unsubscribing from our newsletter, certain information (such as your IP address) is sent for technical reasons to the server of our website by the browser used on your device. We process this information to provide the form on the website for subscribing to and unsubscribing from our newsletter.

If you give us your consent to do so, we also analyze the usage patterns of newsletter subscribers in our newsletter in a pseudonymized fashion.

If you give us your consent to do so, we also analyze the usage patterns of newsletter subscribers in relation to our newsletter and create usage profiles using pseudonyms for the purpose of personalizing the newsletter.

More detailed information is available below:

 

1. Details about the personal data processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation to provide the data

Retention period

Newsletter form HTTP data.

Protocol data generated for technical reasons when accessing the form on the website for subscribing to and unsubscribing from our newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)).

 

This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access.

Website users.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the data is not made available, we cannot make the requested website content available.

Data is stored for a maximum period of 7 days in server log files in a form that allows for the identification of data subjects, unless a security-related incident occurs (e.g., a DDoS attack).

 

In the event of a security-related incident, server log files are stored until the security-related incident is eliminated and completely resolved.

 

The IP address also merges with the “newsletter opt-in data” described below.

Newsletter subscription data.

Data recorded when subscribing to the newsletter.

 

This includes the following mandatory information: Email address.

 

This also includes the following optional information: Title/salutation, first name, last name.

Newsletter subscribers.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the mandatory information is not provided, you cannot receive our newsletter.

We store this data for as long as you subscribe to our newsletter.

 

In addition, we also store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you unsubscribed from the newsletter, and until any legal disputes that may arise have been settled.

Newsletter opt-in data.

Protocol data generated for technical reasons when subscribing to or unsubscribing from the newsletter.

 

This includes the date and time of the subscription to the newsletter, date and time the subscription notification was sent as part of the double opt-in process, date and time of the confirmation of the subscription as part of the double opt-in process, IP address(es) of the device used to subscribe and confirm the subscription, and the date and time of any unsubscription from the newsletter.

Newsletter subscribers.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the data is not made available, you cannot receive our newsletter.

We store this data for as long as you subscribe to our newsletter.

 

In addition, we also store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you unsubscribed from the newsletter, and until any legal disputes that may arise have been settled.

Newsletter tracking pixel data.

Protocol data generated for technical reasons when accessing our newsletter through the tracking pixels contained in the newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)).

 

Tracking pixels are small graphics in HTML emails that make recording and analyzing log files of email views possible.

 

This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access.

Newsletter subscribers.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the data is not made available, we cannot carry out analysis of newsletter usage patterns.

We store this data only for as long as you subscribe to our newsletter.

Newsletter profile data.

Data in usage profiles that we create by analyzing newsletter usage patterns using pseudonyms.

 

This includes data about the use of the newsletter, in particular views, frequency of views, and duration of views in relation to viewed newsletters.

Independently generated.

-

We store this data only for as long as you subscribe to our newsletter.

 

2. Details about the processing of personal data

Purpose of the processing of personal data

Categories of personal data processed

Automated decision-making

Legal basis and, if applicable, legitimate interests

Recipient

To provide the form on the website for subscribing to and unsubscribing from our newsletter:

 

To this end, HTTP data is temporarily processed on our web server.

Newsletter form HTTP data.

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to make the website content requested by the user available.

Hosting provider (for the subscription form),

 

Email newsletter provider (for the unsubscribe form).

To ensure the security of the IT infrastructure used to provide the form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks):

 

To this end, data is temporarily stored and analyzed in log files on our web server.

Newsletter form HTTP data.

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to ensure the security of the IT infrastructure used to provide the form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks).

Hosting provider,

 

Email newsletter provider.

“Double opt-in” process for confirming subscriptions:

 

To this end, we send an email message with a request for confirmation to the email address specified at the time of subscription. A subscription only becomes active if the subscriber confirms the email address by clicking on the confirmation link contained in the email.

Newsletter subscription data,

 

Newsletter opt-in data.

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

Our legitimate interest is to document your consent to receive the newsletter in a manner that is legally compliant.

Email newsletter provider.

To send the newsletter to newsletter subscribers.

 

We use the optional information provided at the time of subscription to personalize how the ad-dressee is addressed in the newsletter.

Newsletter subscription data,

 

Newsletter opt-in data.

No automated decision-making takes place.

Article 6(1)(a) of the General Data Protection Regulation (consent).

Email newsletter provider.

To store and process the data for evidentiary purposes in order to establish, exercise, or defend any legal claims.

Newsletter subscription data, Newsletter opt-in data.

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to establish, exercise, or defend legal claims.

Email newsletter provider.

To analyze the usage patterns of newsletter subscribers in relation to our newsletter and create usage profiles using pseudonyms for the purpose of personalizing the newsletter.

Newsletter subscription data,

 

Newsletter opt-in data,

 

Newsletter tracking pixel data,

 

Newsletter profile data.

No automated decision-making takes place.

Article 6(1)(a) of the General Data Protection Regulation (consent).

Email newsletter provider.

3. Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient

Role of the recipient

Registered office of the recipient

Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations

Hosting provider

(currently: datamints GmbH,

Im Thal 1, 82377 Penzberg, Germany

 

and its subcontractor:

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany)

Processor.

EU.

-

Email newsletter provider.

(currently: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede)

Processor.

EU.

-

 

IV. Use of third-party plug-ins (e.g., social media plug-ins or online map service plug-ins) and social media links

The website features what are known as third-party plug-ins that allow you to make use of features offered by third-party providers on the website. The plug-ins are embedded in the website by means of what is referred to as a “2-click solution.” With this solution, the respective plug-in is not activated directly when visit-ing the website; this only occurs if you click on the activate button for the respective plug-in.

If you activate a third-party plug-in, you are using a feature offered by the provider of the respective plug-in on its responsibility, which is only optically embed-ded in the presentation of our website. When activating the respective plug-in, the provider of the respective plug-in may receive personal data from you. In ad-dition, when the respective plug-in is activated, the provider of the respective plug-in may use cookies (Section C).

Our website also contains simple links to our social media profiles (social media links).

More detailed information is available below:

 

1. Third-party plug-ins and social media links featured on the website

The website features the following third-party plug-ins that allow you to make use of features offered by the following third-party providers on the website:

Plug-in/social media link

Third-party provider

Further information about the provider

Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations

Facebook button.

 

(This is nothing more than a simple social media link.)

Facebook:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA.

Further information about the processing of data by the provider is available in the provider’s privacy policy:

 

http://www.facebook.com/policy.php.

Facebook is certified under the EU-U.S. Privacy Shield:

 

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

 

An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield:

 

http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250.

Google Maps.

Google:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

For more information about the feature, please see the provider’s description:

 

https://developers.google.com/maps/.

 

Further information about the processing of data by the provider is available in the provider’s privacy policy:
 

https://www.google.com/policies/privacy/.

Google is certified under the EU-U.S. Privacy Shield:
 

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

 

An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield:
 

http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250.

LinkedIn button.

 

(This is nothing more than a simple social media link.)

LinkedIn Corporation:

2029 Stierlin Court, Mountain View, CA 94043, USA.

Further information about the processing of data by the provider is available in the provider’s privacy policy:

 

https://www.linkedin.com/legal/privacy-policy

LinkedIn is certified under the EU-U.S. Privacy Shield:

 

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0

 

An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield:
 

http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250.

Xing button.

 

(This is nothing more than a simple social media link.)

Xing AG:

Dammtorstrasse 29-32, 20354 Hamburg, Germany.

Further information about the processing of data by the provider is available in the provider’s privacy policy:

 

https://privacy.xing.com/de/datenschutzerklaerung

-

Vimeo player.

Vimeo, Inc.:

555 W 18th St, New York, New York 10011, USA

For more information about the feature, please see the provider’s description:

 

https://vimeo.com/cookie_policy

 

Further information about the processing of data by the provider is available in the provider’s privacy policy:

 

https://vimeo.com/privacy

Vimeo is certified under the EU-U.S. Privacy Shield:

 

https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active

 

An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield:
 

http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250.

Twitter button.

 

(This is nothing more than a simple social media link.)

Twitter, Inc.:

1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Further information about the processing of data by the provider is available in the provider’s privacy policy:

 

https://twitter.com/de/privacy

Twitter is certified under the EU-U.S. Privacy Shield:

 

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO

 

An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield:
 

http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250.

 

2. Processing of personal data by providers of third-party plug-ins

The third-party plug-ins are embedded in the website by means of what is referred to as a “2-click solution.” With this solution, the respective plug-in is not acti-vated directly when visiting the website; this only occurs if you click on the activate button for the respective plug-in. The activate button features the name of the respective plug-in and, if applicable, a logo of the third-party provider.

The 2-click solution ensures that your internet browser does not initially connect to the server of the respective plug-in provider when visiting the website. This means that the provider of the respective plug-in cannot initially collect any personal data from you via the respective plug-in when you visit the website. It is only by clicking on the activate button for the respective plug-in that the respective plug-in is activated. Activation involves making a connection to the server of the respective plug-in provider. This allows the provider of the activated plug-in to collect personal data from you. Activating the respective plug-in is technically comparable to clicking on a link to an external website, the difference being that the content accessed does not appear in a new window/tab of your internet browser but is instead optically embedded in our website. The data exchange initiated by you through the activation and use of the plug-in takes place exclusive-ly between your internet browser and the servers of the respective plug-in provider. If you activate a third-party plug-in, you are therefore using a feature of-fered by the provider of the respective plug-in on its responsibility, which is optically embedded in the presentation of our website.

When activating the respective plug-in, the provider of the respective plug-in (comparable to accessing an external website through a link) may obtain, in par-ticular, your IP address and the address (URL) of the website from which you initiate the activation process. In addition, the provider of the activated plug-in may obtain information from any cookies of the respective provider stored in your internet browser. By simply initiating the activation process for the respective plug-in, you thus enable the provider of the respective plug-in to obtain, at a minimum, the information that our website was accessed via the IP address as-signed to you at the time of access. If you are registered as a user with the respective third-party provider, the provider of the respective plug-in is also typically able to attribute the data obtained to your user account. Please note that we have no knowledge of the specific data collected by the respective plug-in provider. Nor do we have any knowledge of the specific purposes of the processing of data collected by the provider of the respective plug-in, or of other details about the processing of data by the respective provider. In particular, we do not know whether the respective provider processes the data collected solely to provide the feature associated with the respective plug-in (e.g., sharing certain content or submitting comments) or for any other purposes (e.g., user profiling or personal-ized advertising).

 

V. Use of order form for shipping materials

You have the opportunity to order shipping materials on our website. We process personal data of users of the order form for the following purposes:

  • To provide the ordering functionality on the website.
  • To process orders for shipping materials.
  • To retain it as evidence in order to establish, exercise, or defend any legal claims.
  • To retain it in order to fulfill legal retention obligations, especially pursuant to commercial law and tax law.
  • To ensure the security of the IT infrastructure used to provide the order form, in particular for the detection, elimination, and legally admissible docu-mentation of faults/malfunctions (e.g., DDoS attacks).

More detailed information is available below:

1. Details zu den personenbezogenen Daten, die verarbeitet werden

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation to provide the data

Retention period

HTTP data.

Protocol data generated for technical reasons when accessing the order form on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)).

 

This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access.

Users of the order form.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the data is not made available, we cannot make the requested website content available.

Data is stored for a maximum period of 7 days in server log files in a form that allows for the identification of data subjects, unless a security-related incident occurs (e.g., a DDoS attack).

 

In the event of a security-related incident, server log files are stored until the security-related incident is eliminated and completely resolved.

Contact details.

Data you provide us with as part of the order process for contact purposes related to the processing of your order.

 

This includes the name of the office/laboratory/firm, title, first name, last name, mailing address, telephone number, email address, fax number.

Users of the order form.

 

If you are logged in to your account when using the order form, this data is taken from your customer account.

 

The data is required for free shipment of shipping materials. There is no obligation to make this data available.

 

If the data is not made available, you cannot order any items using our order form.

We store the data until your order has been fully processed, i.e., until the shipping materials have been shipped.

 

In addition, we store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you provided us with the data, and until any legal disputes that may arise have been concluded.

 

We also store this data to the extent required by legal retention obligations, especially pursuant to commercial law and tax law. Depending on the type of documents, commercial and tax-related retention obligations of six or ten years may apply (Section 147 of the German Tax Code (AO), Section 257 of the German Commercial Code (HGB)).

Order data.

Information about your order.

 

This includes details relating to the items (item description, quantity), the date and time of the respective purchase, and the status of your order.

Independently generated.

-

We store the data until your order has been fully processed, i.e., until the shipping materials have been shipped.

 

In addition, we store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you provided us with the data, and until any legal disputes that may arise have been concluded.

 

We also store this data to the extent required by legal retention obligations, especially pursuant to commercial law and tax law. Depending on the type of documents, commercial and tax-related retention obligations of six or ten years may apply (Section 147 of the German Tax Code (AO), Section 257 of the German Commercial Code (HGB)).

Transactional email data.

Data from transactional emails that we send to process/reverse your order (e.g., order placement confirmation).

 

This includes the content and time of the transactional emails.

Independently generated.

-

We store the data until your order has been fully processed, i.e., until the shipping materials have been shipped.

 

In addition, we store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you provided us with the data, and until any legal disputes that may arise have been

concluded.

 

We also store this data to the extent required by legal retention obligations, especially pursuant to commercial law and tax law. Depending on the type of documents, commercial and tax-related retention obligations of six or ten years may apply (Section 147 of the German Tax Code (AO), Section 257 of the German Commercial Code (HGB)).

 

2. Details zu der Verarbeitung der personenbezogenen Daten

Purpose of the processing of personal data

Categories of personal data processed

Automated decision-making

Legal basis and, if applicable, legitimate interests

Recipient

To provide the ordering functionality on our website.

 

To this end, HTTP data is temporarily processed on our web server.

HTTP data.

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to make the website content requested by the user available.

Hosting provider.

To process orders for shipping materials.

 

This includes the shipment of shipping materials to our existing customers.

 

If an order is placed by a new customer, we start by contacting the customer and clarifying the details for commencing a business relationship.

Contact details,

 

Order data,

 

Transactional email data.

No automated decision-making takes place.

Article 6(1)(b) of the General Data Protection Regulation (fulfilling a contract to which the data subject is a party or taking steps at the request of the data subject prior to entering into a contract).

 

If the orderer is not currently a direct contracting party and not set to become one:

 

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to conclude contracts with our clients and fulfill these contracts.

-

To retain it as evidence in order to establish, exercise, or defend any legal claims.

Contact details,

 

Order data,

 

Transactional email data.

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to establish, exercise, or defend legal claims.

-

To retain it in order to fulfill legal retention obligations, especially pursuant to commercial law and tax law.

 

Depending on the type of documents, commercial and tax-related retention obligations of six or ten years may apply (Section 147 of the German Tax Code (AO), Section 257 of the German Commercial Code (HGB)).

Contact details,

 

Order data,

 

Transactional email data.

No automated decision-making takes place.

Article 6(1)(c) of the General Data Protection Regulation (compliance with a legal obligation).

-

To ensure the security of the IT infrastructure used to provide the order form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks):

 

To this end, data is temporarily stored and analyzed in log files on our web server.

HTTP data

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to ensure the security of the IT infrastructure used to provide the form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks).

Hosting provider.

 

3. Details zu den Empfängern personenbezogener Daten und der Übermittlung personenbezogener Daten in Drittländer und / oder an internationale Organisationen

Recipient

Role of the recipient

Registered office of the recipient

Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations

Hosting provider.
(currently: datamints GmbH,
Im Thal 1, 82377 Penzberg, Germany

 

and its subcontractor:
Hetzner Online GmbH, Industriestr. 25, 91710 Gun-zenhausen, Germany)

 

Processor.EU.-

 

VI. Processing of our applicants’ personal data, including use of the online application form

We process our applicants’ personal data in connection with our business activities, irrespective of whether the respective application is submitted via our online application form or other communication channels.
We process our applicants’ personal data for the following purposes:

  • To conduct the application process, in particular to review applications, contact the applicant, and conduct interviews to assess and select suitable candi-dates.
  • If the applicant is not recruited: Where appropriate, to consider the applicant for future vacancies, in particular to retain personal data accumulated as part of the application process, review suitability for future vacancies, and contact the applicant to begin an application process.
  • To retain it as evidence in order to establish, exercise, or defend any legal claims.
  • When using the online application form: To provide the application form on our website.
  • When using the online application form: To ensure the security of the IT infrastructure used to provide the order form, in particular for the detection, elim-ination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks).

More detailed information is available below:

1. Details about the personal data processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation to provide the data

Retention period

Master data.

Data that you provide us with in the application form.

 

In particular: title/salutation, last name, first name, date of birth.

Applicants or recruitment agencies commissioned by applicants.

It is not legally or contractually stipulated that data must be made available. The data subject is not obligated to make data available.

 

However, if it is not made available, the application process cannot be conducted and recruitment may not be possible.

If the applicant is recruited, the data is added to the personnel file. For information about the retention period, please see the information about the processing of our employees’ personal data.

 

If the respective applicant gives us their consent to do so, the data is stored for the purpose of considering the applicant for future vacancies if the applicant is not recruited, for a period of 12 months (or a shorter time frame if, and until, consent is withdrawn) following the conclusion of the application process.

 

Otherwise, the data is only stored for evidentiary purposes in order to establish, exercise, or defend any legal claims, for a period of 6 months following the conclusion of the application process. After six months have passed, the data is subject to automatic erasure.

Contact details.

Personal address, email address, telephone number.

Applicants or recruitment agencies commissioned by applicants.

It is not legally or contractually stipulated that data must be made available. The data subject is not obligated to make data available.

 

However, if it is not made available, the application process cannot be conducted and recruitment may not be possible.

If the applicant is recruited, the data is added to the personnel file. For information about the retention period, please see the information about the processing of our employees’ personal data.

 

If the respective applicant gives us their consent to do so, the data is stored for the purpose of considering the applicant for future vacancies if the applicant is not recruited, for a period of 12 months (or a shorter time frame if, and until, consent is withdrawn) following the conclusion of the application process.

 

Otherwise, the data is only stored for evidentiary purposes in order to establish, exercise, or defend any legal claims, for a period of 6 months following the conclusion of the application process. After six months have passed, the data is subject to automatic erasure.

Application data.

Content of application documents, in particular cover letter, photo, resume, and testimonials/references,

 

Content of written (including electronic) correspondence related to the application.

Applicants or recruitment agencies commissioned by applicants.

It is not legally or contractually stipulated that data must be made available. The data subject is not obligated to make data available.

 

However, if it is not made available, the application process cannot be conducted and recruitment may not be possible.

If the applicant is recruited, the data is added to the personnel file. For information about the retention period, please see the information about the processing of our employees’ personal data.

 

If the respective applicant gives us their consent to do so, the data is stored for the purpose of considering the applicant for future vacancies if the applicant is not recruited, for a period of 12 months (or a shorter time frame if, and until, consent is withdrawn) following the conclusion of the application process.

 

Otherwise, the data is only stored for evidentiary purposes in order to establish, exercise, or defend any legal claims, for a period of 6 months following the conclusion of the application process. After six months have passed, the data is subject to automatic erasure.

Content of review notes, impressions from interviews, feedback, and evaluations.

 

Documentation relating to any consent given by the applicant to retain personal data accumulated as part of the application process for the purpose of considering the applicant for future vacancies if the applicant is not recruited, in particular at the time of consent and any withdrawal thereof.

Generated by us.

-

When using the online application form:

HTTP data.

Protocol data generated for technical reasons when accessing the application form on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)).

 

This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access.

Users of the application form.

It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available.

 

If the data is not provided, we cannot make the application form available.

Data is stored for a maximum period of 7 days in server log files in a form that allows for the identification of data subjects, unless a security-related incident occurs (e.g., a DDoS attack).

 

In the event of a security-related incident, server log files are stored until the security-related incident is eliminated and completely resolved.

 

2. Details about the processing of personal data

Purpose of the processing of personal data

Categories of personal data processed

Automated decision-making

Legal basis and, if applicable, legitimate interests

Recipient

To conduct the application process, in particular to review applications, contact the applicant, and conduct interviews to assess and select suitable candidates.

Master data,

 

Contact details,

 

Application data.

No automated decision-making takes place.

Article 88(1) of the General Data Protection Regulation, Section 26(1) of the German Federal Data Protection Act (decision to establish an employment relationship).

 

Article 6(1)(b) of the General Data Protection Regulation (fulfilling a contract to which the data subject is a party or taking steps at the request of the data subject prior to entering into a contract).

In individual cases via remote access for support and maintenance purposes: software provider

If the applicant is not recruited but consents to being considered for future vacancies:

 

To consider the applicant for future vacancies, in particular to retain personal data accumulated as part of the application process, review suitability for future vacancies, and contact the applicant to begin an application process.

Master data,

 

Contact details,

 

Application data.

No automated decision-making takes place.

Article 6(1)(a) of the General Data Protection Regulation (consent).

 

In individual cases via remote access for support and maintenance purposes: software provider

If the applicant is not recruited:

 

To store reduced information about rejected applicants for a maximum period of 3 years from the rejection of the application in order to verify whether the applicant has already applied for jobs with us in the past.

Reduced master data (first name and date of birth only)

 

Reduced contact details (zip code and place of residence only)

 

Reduced application data (job title of previous application(s) only)

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to verify whether an applicant has already applied for a job with us in the past (max. 3 years).

In individual cases via remote access for support and maintenance purposes: software provider

To retain it as evidence in order to establish, exercise, or defend any legal claims.

Master data,

 

Contact details,

 

Application data.

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to establish, exercise, or defend legal claims.

In individual cases via remote access for support and maintenance purposes: software provider

When using the online application form:

 

To provide the application form on the website.

HTTP data.

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to make the website content requested by the user available.

-

When using the online application form:

 

To ensure the security of the IT infrastructure used to provide the application form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks):

 

To this end, data is temporarily stored and analyzed in log files on our web server.

HTTP data.

No automated decision-making takes place.

Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests).

 

Our legitimate interest is to ensure the security of the IT infrastructure used to provide the form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks).

-

 

3. Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations

Recipient

Role of the recipient

Registered office of the recipient

Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations

Software provider

rexx systems GmbH

Processor.EU.-

 

C. Information about the use of cookies

We use cookies in connection with providing the website https://www.mll.com/. In doing so, we make use of the processing and storage functionality of your de-vice’s browser and collect information from the memory of your device’s browser.

More detailed information is available below.

I. General information about cookies

Cookies are small text files containing information that can be placed on the user’s device via the browser when visiting a website. When you revisit the website using the same device, the cookie and the information it contains may be retrieved.

1. First- und third-party cookies

Depending on the origin of a cookie, it is possible to distinguish between what are known as first-party cookies and third-party cookies:

First-party cookiesCookies that are placed and accessed by the operator of the website as the controller or by a processor commissioned by them.
Third-party cookiesCookies that are placed and accessed by controllers other than the website operator who are not acting as processors on behalf of the website operator.

Transient and persistent cookies

Depending on the period of validity, it is possible to distinguish between transient and persistent cookies:

Transient cookies
(session cookies)

Cookies that are automatically erased when you close your browser.

Persistent cookies

Cookies that remain stored on your device for a certain period of time after you close your browser.

3. Cookies that require/do not require consent

Depending on their function and purpose, the use of certain cookies may require the user’s consent. To this extent, it is possible to distinguish between cookies based on whether the user’s consent is required for their use:

Cookies that do not
require consent

Cookies whose sole purpose is to transmit a message via an electronic communications network.

Cookies that are strictly necessary for the provider of an information society service that has been expressly requested by the subscriber or user to be able to provide this service (“cookies that are strictly necessary”).

Cookies that require consent

Cookies for all other purposes than those mentioned above.

 

II. Management of the cookies used on this website

1. Granting consent to the use of cookies and management of cookies via the cookie dashboard

If the use of certain cookies requires the user’s consent, we will only place these cookies when you use the website if you have given your prior consent. For in-formation about whether consent is required for the use of a cookie, please see the information about the cookies used on this website in Section C.III. of this privacy policy.

When you visit our website, we display what is known as a “cookie banner,” which allows you to declare your consent to the use of cookies on this website by clicking on a button. By clicking on the button provided for this purpose, you have the option to consent to the use of the cookies described in detail in Section C.III. of this privacy policy that require consent. The “Data protection and cookie settings” section of this website also gives you the option to revisit and custom-ize your selection at a later time.

We also store your consent and, if applicable, your individual selection of cookies in the form of a cookie (“opt-in cookie”) on your device in order to determine whether you have already given your consent when you revisit the website. The opt-in cookie, and thus your consent as well, is valid for a limited period of 12 months.

Cookie dashboard

2. Management of cookies via browser settings

You can also manage the use of cookies in your browser settings. Different browsers offer different ways to configure the cookie settings in the browser. Further detailed information is available, for instance, at http://www.allaboutcookies.org/ge/cookies-verwalten/ .

Please note, however, that some of the website’s functionality may not or no longer function properly if you generally deactivate cookies in your browser.

III. Cookies used on this website

The following cookies may be used on this website:

Name

First-party/third-party

Purpose and content

Period of validity

Need for consent

Opt-In cookies

Cookie_consent

First-party

This cookie is strictly necessary for storing your consent and, if applicable, your individual se-lection regarding the use of cookies on your device in order to determine whether you have already given your consent when you revisit the website.

12 months.

No.

Matomo cookies

These cookies are used by the web analysis tool Matomo to record and analyze usage patterns on our website in order to improve the website (Section B).

_pk_ref

First-party

This cookie is used to track from which website the anonymized user proceeded to www.mll.com or to any MLL sub-page. The respective URL is saved as a string, which specifies the referrer, or rather the website from which the respective MLL page was accessed, in a cookie to be able to create and analyze corresponding statistics.

 

6 months.

Yes.

_pk_testcookie

First-party

Integer value—a test cookie created by Matomo to verify whether the website’s cookie functionality and cookie settings are configured correctly for Matomo.

Session.

Yes.

_pk_id

First-party

This cookie contains a unique, pseudonymized visitor ID internal to Matomo for recognizing repeat visitors.

The _pk_id is an ID that makes it possible to verify which routes a website visitor has clicked on. A generated identifier is used for this purpose. On the basis of this ID, http requests can be linked to each other and corresponding statistics can be generated on e.g. B. the number of visits, average time a user stays on the website and the number of pages read.


 


13 months.

Yes.

_pk_ses

First-party

The Matomo session cookie is used to track the visitor's page requests during the session. The cookie is automatically deleted at the end of each session (website visit), at the latest after one day. It is not possible to identify individuals using these cookies. The cookies are used to compile user statistics that cannot be directly tied to individuals (“pseudonymous usage profiles”). 

 

1 day.

Yes.

Third-party plug-in cookies
If you activate a third-party plug-in, you are using a feature offered by the provider of the respective plug-in on its responsibility, which is only optically embedded in the presentation of our website. When activating the respective plug-in, the provider of this plug-in may make use of cookies (Section B).

 

Third-party plug-in cookiesThird-partyWe have no knowledge of the specific purposes, content, and retention period of the cookies used by the provider of the plug-in, includ-ing whether or not they require consent.

D. Information about the rights of data subjects

As a data subject, you have the following rights with regard to the processing of your personal data:

  • Right of access (Article 15 of the General Data Protection Regulation)
  • Right to rectification (Article 16 of the General Data Protection Regulation)
  • Right to erasure (“right to be forgotten”) (Article 17 of the General Data Protection Regulation)
  • Right to restriction of processing (Article 18 of the General Data Protection Regulation)
  • Right to data portability (Article 20 of the General Data Protection Regulation)
  • Right to object (Article 21 of the General Data Protection Regulation)
  • Right to withdraw consent (Article 7(3) of the General Data Protection Regulation)
  • Right to lodge a complaint with a supervisory authority (Article 77 of the General Data Protection Regulation)

To exercise your rights, please contact us using the contact details provided in Section A.

For information about any specific procedures and mechanisms that may facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, please see the information about the processing of personal data in Section B of this privacy policy.

I. Right of access

As a data subject, you have a right of access subject to the conditions set out in Article 15 of the General Data Protection Regulation.

In particular, this means that you have the right to obtain confirmation from us as to whether we are processing personal data concerning you. If this is the case, you also have a right of access to this personal data and the information listed in Article 15(1) of the General Data Protection Regulation. This includes, for in-stance, information about the purposes of the processing, the categories of personal data processed, and the recipients or categories of recipients to whom the personal data has been or will be disclosed (Article 15(1)(a), (b), and (c) of the General Data Protection Regulation).

The full scope of your right of access is set out in Article 15 of the General Data Protection Regulation, which you can access via the following link: eur-lex.europa.eu/legal-content/DE/TXT/HTML/.

II. Right to rectification

As a data subject, you have a right to rectification subject to the conditions set out in Article 16 of the General Data Protection Regulation.

In particular, this means that you have the right to request us to rectify inaccuracies in your personal data and fill in the gaps of incomplete personal data with-out undue delay.

The full scope of your right to rectification is set out in Article 16 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679 .

III. Right to erasure (“right to be forgotten”)

As a data subject, you have a right to erasure (“right to be forgotten”) subject to the conditions set out in Article 17 of the General Data Protection Regulation.

This means that you generally have the right to request us to erase personal data concerning you without undue delay, and we are obligated to erase personal data without undue delay if one of the grounds listed in Article 17(1) of the General Data Protection Regulation applies. This may be the case, for instance, if personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed (Article 17(1)(a) of the General Data Protec-tion Regulation).

If we have made the personal data public and are obligated to erase it, we are also obligated, taking account of available technology and the cost of implemen-tation, to take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that a data subject has re-quested that they erase any links to, or copies or replications of, this personal data (Article 17(2) of the General Data Protection Regulation).

The right to erasure (“right to be forgotten”) does not apply to the extent that the processing is necessary on grounds listed in Article 17(3) of the General Data Protection Regulation. This may be the case, for instance, to the extent that the processing is necessary in order to comply with a legal obligation, or establish, exercise, or defend legal claims (Article 17(3)(a) and (e) of the General Data Protection Regulation).

The full scope of your right to erasure is set out in Article 17 of the General Data Protection Regulation, which you can access via the following link: eur-lex.europa.eu/legal-content/DE/TXT/HTML/.

IV. Right to restriction of processing

As a data subject, you have a right to restriction of processing subject to the conditions set out in Article 18 of the General Data Protection Regulation.

This means that you have the right to request us to restrict processing if one of the conditions listed in Article 18(1) of the General Data Protection Regulation applies. This may be the case, for instance, if you contest the accuracy of the personal data. In this case, the processing is restricted for a period that enables us to verify the accuracy of the personal data (Article 18(1)(a) of the General Data Protection Regulation).

Restriction of processing means marking of stored personal information so as to limit its future processing (Article 4(3) of the General Data Protection Regula-tion).

The full scope of your right to restriction of processing is set out in Article 18 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679 .

V. Right to data portability

As a data subject, you have a right to data portability subject to the conditions set out in Article 20 of the General Data Protection Regulation.

This means that you generally have the right to receive the personal information concerning you that you have made available to us in a structured, commonly used, and machine-readable format, and that you have the right to transmit this data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation or on a contract pursuant to Article 6(1)(b) of the General Da-ta Protection Regulation, and the processing is carried out by automated means (Article 20(1) of the General Data Protection Regulation).

For information about whether the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation or on a contract pursuant to Article 6(1)(b) of the General Data Protection Regulation, please see the information about the legal bases for the processing in Section B of this privacy policy.

When exercising your right to data portability, you also generally have the right to have the personal data transmitted directly from us to another controller to the extent that this is technically feasible (Article 20(2) of the General Data Protection Regulation).

The full scope of your right to data portability is set out in Article 20 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679 .

 

VI. Right to object

As a data subject, you have a right to object subject to the conditions set out in Article 21 of the General Data Protection Regulation.

By no later than the time of our first communication with you, we expressly draw the attention of you, as the data subject, to your right to object.

More detailed information is available below:

1. Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object at any time on grounds relating to your particular situation to personal data concerning you being processed based on Article 6(1)(e) or (f) of the General Data Protection Regulation, including profiling based on these provisions.

For information about whether the processing is based on Article 6(1)(e) or (f) of the General Data Protection Regulation, please see the information about the legal bases for the processing in Section B of this privacy policy.

In the event of an objection on grounds relating to your personal situation, we will cease processing the personal data concerning you unless we can demon-strate compelling, legitimate grounds for the processing that override your interests, rights, and freedoms, or the data is processed in order to establish, exer-cise, or defend legal claims.

The full scope of your right to object is set out in Article 21 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679 .

 

2. Right to object to direct marketing

If personal data is processed for the purposes of direct marketing, then you have the right to object at any time to such processing of personal data concerning you, including profiling to the extent that it is related to such direct marketing.

For information about whether and to what extent personal data is processed for the purposes of direct marketing, please see the information about the purpos-es of the processing in Section B of this privacy policy.

In the event of an objection to processing for the purposes direct marketing, we will cease processing the personal data concerning you for these purposes.

The full scope of your right to object is set out in Article 21 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679 .

 

VII. Right to withdraw consent

If the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation, you, as the data subject, have the right to withdraw your consent at any time pursuant to Article 7(3) of the General Data Protection Regulation. Withdrawing your consent does not affect the lawfulness of the processing that took place based on your consent up until the time of withdrawal. We inform you of this before you give your consent.

For information about whether the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation, please see the information about the legal bases for the processing in Section B of this privacy policy.

 

VIII. Right to lodge a complaint with a supervisory authority

As a data subject, you have the right to lodge a complaint with a supervisory body subject to the conditions set out in Article 77 of the General Data Protection Regulation.

Our supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht
Postfach 1349
91504 Ansbach
Deutschland

E-Mail: poststelle@lda.bayern.de
Telefon: +49 (0) 981 180093-0

IX. Information about the technical terms from the General Data Protection Regulation that are featured in this privacy policy

The technical terms featured in this privacy policy take their meaning from the General Data Protection Regulation.

The full scope of the definitions found in the General Data Protection Regulation is set out in Article 4 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

More detailed information about the most important technical terms from the General Data Protection Regulation that are featured in this privacy policy is available below:

  • “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
  • “Data subject” means in each case the identified or identifiable natural person to whom personal data relates;
  • “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
  • “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
  • “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • “Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
  • “Recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of this data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • “Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
  • “International organization” means an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
  • “Third country” means a country that is not a Member State of the European Union (“EU”) or the European Economic Area (“EEA”);
  • “Special categories of personal data” means data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

E. Effective date of and changes to this privacy policy

This privacy policy is valid as of 10th of December 2019.

Due to technical developments and/or changes in legal and/or official requirements, it may become necessary to adapt this privacy policy.