Data protection

DATA PROTECTION POLICY  (as of May 2018)

 

Contents:

I. Data Controller within the meaning of data protection legislation

II. Data Protection Office

III. General information about data processing

IV. Automatic data processing when accessing the website www.mds-logisticspartner.com

V. Use of cookies

VI. Processing of personal data via the contact form

VII. Processing of personal data via email

VIII. Processing of personal data over the telephone

IX. Processing of personal data via fax

X. Processing of personal data in the context of the application process

XI. Rights of data subjects

 

Data processing by us

When using the website www.mds-logisticspartner.com and its functions, making contact with us and submitting a query, you transfer your personal data to us, which we use to process your queries. This data is used by us strictly for this purpose only, within the framework of data protection legislation.

 

I. The Data Controller within the meaning of data protection legislation is:

mds GmbH

Carl-Zeiss-Straße 1

55129 Mainz – Germany

 

Phone: +49 (0)6131 505 100

Email: info@mds-logisticspartner.com

 

Represented by:

Andrea Neumer, Managing Director

 

II. Data Protection Officer:

We have appointed a Data Protection Officer for our company. Legally stipulated Data Protection Officer:

RDP Röhl Dehm & Partner Rechtsanwälte mbB

Moritzplatz 6

86150 Augsburg

datenschutz@rdp-law.de

 

III. General information about data processing

 

Extent of processing of personal data in general

As a matter of principle, we only process personal data to the extent required in order to provide a properly functioning website and to deliver our content and services.

 

Legal basis for processing of personal data :

The legal basis for processing personal data is Article 6 (1) a) – f) of the General Data Protection Regulation (GDPR).

If the data subject gives consent, Art. 6 (1) a) GDPR is the legal basis.

Art. 6 (1) b) GDPR is the legal basis for the processing of personal data for the fulfilment of a contract in which the data subject is a contracting party or for the processing procedures for pre-contractual measures.

If processing is required to meet a legal obligation of the data controller, Art. 6 (1) c) GDPR is the legal basis.

If essential interests of the data subject or another natural person make processing necessary, Art. 6 (1) d) GDPR is the legal basis.

If processing is required to carry out a task that is in the public interest or to exercise public authority that has been transferred to the data controller, the legal basis is Art. 6 (1) e) GDPR.

If processing is required to protect a legitimate interest of our company and if the interests, basic freedoms and basic rights of the data subject do not outweigh this, the legal basis is Art. 6 (1) f) GDPR.

 

Provision of personal data for conclusion of a contract or on the basis of statutory retention obligations

Whenever you make contact with us, we collect personal data. This data is saved by us, partly in accordance with statutory regulations, partly because it is required to conclude a contract. If you wish to conclude a contract with us, you must provide us with your data so that we can deliver/render our services to/for you. We are also under legal retention obligations in respect of tax and commercial law that we must meet. Otherwise we may be unable to provide you with our services.

Before providing your personal data, you are welcome to get in touch with your contact in our company to find out if we require your data to conclude a contract and/or to meet our statutory retention obligations and what the consequences will be if you do not provide us with this data.

 

Data erasure and storage period

We store your personal data as long as is necessary to fulfil the particular purpose or as is prescribed by legal regulations, Art. 6 (1) c) GDPR. If the purpose of storage of personal data no longer exists, the data shall be erased after 6 months or its processing shall be restricted, unless there is still a need for further storage of the data to conclude or fulfil a contract. Storage beyond this shall take place only if European or national legislation dictates.

 

SSL and TLS encryption

For security purposes and to protect your confidential data, we use SSL and TLS encryption throughout our website. As a result of this encryption, confidential data that you send to us, such as queries etc, cannot be seen by third parties. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and a green padlock symbol appears on the address bar.

 

IV. Automatic data processing when accessing the website www.mds-partner.com

IP-address

1. Description and extent of data processing

When this site is accessed, requests are sent to the server that must receive a response. Your IP address must be collected and processed so that the corresponding server requests can be answered.

2. Legal basis for data processing

The legal basis for the processing of this data is Art. 6 (1) f) GDPR.

3. Purpose of data processing

The purpose of processing your IP address is to ensure functioning of the website and provide technical access to it.

4. Legitimate interest

The legitimate interest in the temporary storage of your IP address lies in the fact that the functioning of and provision of technical access to the website is not possible without it.

5. Storage period

The data will be deleted as soon as further storage is no longer required to achieve the particular purpose.

When recording data to make the website accessible, this is the case when the retrieval process is complete.

6. Recipients of personal data

The IP address is processed by the following hosting provider on the basis of an order data processing agreement in accordance with Art. 28 (2) and (4) GDPR:

1&1 Internet SE
Elgendorfer Straße 57
56410 Montabaur

 

Hosting

1. Description and extent of data processing

We use the services of our hosting service provider for the technical implementation of the website, to make it accessible, and to carry out technical maintenance.

This comprises the provision of storage and database services and the maintenance and servicing of these.

2. Legal basis for data processing

The legal basis for the processing of this data is Art. 6 (1) f) GDPR.

3. Purpose of data processing

The purpose of processing is the implementation of the online service and the detection of malfunctions or any attempted unauthorized access.

4. Legitimate interest

The legitimate interest in commissioning the hosting service provider is to have external technical competence and the provision of a functioning and uncompromised technical website environment.

5. Recipients of personal data and data categories:

The following hosting provider is commissioned to work on our behalf on the basis of an order data processing agreement in accordance with Art. 28 (2) and (4) GDPR:

1&1 Internet SE
Elgendorfer Straße 57
56410 Montabaur

 

The data categories concerned are:

• User data
• Communication data
• Contact details
• Contract data

 

Server-Log-Files

1. Description and extent of data processing

The IP addresses recorded when accessing this site are also stored in so-called server log files to identify and allow rectification of technical faults, attempted manipulation, and/or unauthorised access to the server structure. The hosting provider for this website also automatically collects, stores and processes information in so-called server log files, which is transferred automatically by your browser. This information is:

• Browser Type and Browser Version
• Used operating system
• Referrer URL
• IP
• Date
• Time
• Pages accessed
• Logs
• Status code
• User agent

However, this information is not combined with any other data sources.

 

2. Legal basis for data processing

The legal basis for the processing of this data is Art. 6 (1) f) GDPR.

3. Purpose of data processing

The purpose of processing your IP address and the above information is detecting malfunctions and any attempts at unauthorised access.

4. Legitimate interest

The legitimate interest in processing the IP address and the aforementioned information is the provision of a functioning and uncompromised technical website environment.

5. Storage period

The data is erased within 7 days.

6. Recipients of personal data

The IP address and the information specified above is processed by the following hosting provider on the basis of an order data processing agreement in accordance with Art. 28 (2) and (4) GDPR:

1&1 Internet SE
Elgendorfer Straße 57
56410 Montabaur

 

V. Use of cookies

1. Description and extent of data processing

The site www.mds-logisticspartner.com uses so-called “cookies”. Cookies are small text files that are stored in the memory and/or on a data storage carrier of the device you use to visit the site and are processed by your web browser in accordance with its settings.

The content of the cookies is:

_ga (to identify unique users)
_gat (to throttle the request rate)
_gid (to distinguish users)

 

2. Legal basis for data processing

The legal basis for such processing is Art. 6 (1) b) and Art. 6 (1) f) GDPR.

3. Purpose of data processing

These cookies contain technical information for the provision of website functions. This facilitates technical implementation of the website.

4. Legitimate interest pursuant to Art. 6 (1) f) GDPR

The cookies used only contain technical data, which ensure the proper functioning of the website.

5. Storage period and rejection and removal options

The cookies used on the site are so-called “session cookies”.They are automatically deleted from the browser cache/memory of your computer at the end of your visit to our website and/or when you close your browser, provided that you have activated this function in your browser.

Please check the settings of your internet browser (e.g. Firefox, Internet Explorer, Edge, Chrome, Opera, Safari) in regards to this. You internet browser also gives you the option to control how you handle cookies or to deactivate them completely. Cookies that have already been saved can be deleted at any time. This can also take place automatically. If cookies are deactivated for our website, it may be the case that it is not possible to use all of the functions of the website to the fullest extent possible.

 

VI. Processing of personal data via the contact form

1. Description and extent of data processing

A contact form is provided on our website which is used only for electronic contact. We process your personal data only to the extent that you communicate it to us when you make contact. When queries are submitted via the contact form, the following data is processed:

• Name*
• Email address*
• Comment*

The fields marked with an asterisks “*” symbol are obligatory and queries cannot be sent to us using this form unless they are completed.

Providing your name allows us to address you in person when we process your query. Simply entering the data on the form does not communicate any data to us, as this happens only when you press the blue “Submit” button. When the message is submitted, the following data is also processed:

• Date and time of the query

 

2. Legal basis for data processing

The legal basis for the processing of personal data for handling and responding to your queries is Art. 6 (1) f) GDPR.

The legal basis for the processing of personal data for the preparation and/or implementation a contractual relationship is Art. 6 (1) b) GDPR.

3. Purpose of data processing

Processing of personal data via the contact form is used solely for the purpose of making contact and allows the customer to request information from the company at the initiative of the customer. Depending on the intention and content of your query, the purpose may also be the initiation and/or execution of a contractual relationship.

4. Legitimate interest

The legitimate interest in data processing lies in the option to process your query and respond to your query appropriately. The data collected is processed on the basis of a query that comes from you. This processing is also in your interest, so that we can respond to your query in accordance with your expectations.

5. Storage period

The data is erased within 6 months of the point at which it is no longer required to achieve the purpose for which it was collected, provided that it is not subject to further statutory retention obligations (e.g. 10 years under the German Tax Code, 6 years under the Commercial Code). This is the case for the data that you enter in the contact form if the conversation with the user has ended.

The conversation is ended when circumstances indicate that the issue in question has been resolved definitively.

 

VII. Processing of personal data via email

1. Description and extent of data processing

Personal data is processed for queries submitted by email in accordance with the content of the email: In all cases, this includes your email address, the date and time and the content of the message. Depending on the content of your email, the following personal data may also be processed, for example:

• First name, surname
• Telephone number

The data is used exclusively to process the conversation and/or to implement and/or initiate a contractual relationship.

2. Legal basis for data processing

Due to the explicit query coming from the user by email, the legal basis for the processing of this data is Art. 6 (1) f) GDPR. If the aim of the email contact is also to conclude and/or execute a contract, the additional legal basis for processing is Art. 6 (1) b) GDPR.

3. Purpose of data processing

Processing of personal data via email query is used solely for the purpose of making contact and allows the customer to request information from the company at the initiative of the customer. Depending on the intention and content of your query, the purpose may also be the initiation and/or execution of a contractual relationship.

4. Legitimate interest

The legitimate interest in data processing lies in the option to process your query and respond to your query appropriately. The data collected is processed on the basis of a query that comes from you. This processing is also in your interest, so that we can respond to your query in accordance with your expectations.

5. Storage period

The data is erased within 6 months of the point at which it is no longer required to achieve the purpose for which it was collected, provided that it is not subject to further statutory retention obligations (e.g. 10 years under the German Tax Code, 6 years under the Commercial Code). This is the case for your email when the conversation with the user has ended.

The conversation is ended when circumstances indicate that the issue in question has been resolved definitively.

 

VIII. Processing of personal data over the telephone

1. Description and extent of data processing

Personal data is processed for telephone queries in accordance with the content of the conversation. Depending on the information you provide in the course of the phone call, this may include the following information:

• First name, surname
• Telephone number
• Customer number
• Payment data
• Contract data

The data is used exclusively to process the conversation and/or to implement and/or initiate a contractual relationship

 

2. Legal basis for data processing

Due to the explicit query coming from the user via telephone, the legal basis for processing of this data is Art. 6 (1) f) GDPR. If the aim of the telephone contact is also to conclude and/or execute a contract, the additional legal basis for processing is Art. 6 (1) b) GDPR.

3. Purpose of data processing

The processing of personal data through the telephone call is solely done for the purpose of making contact and allows the customer to request information from the company at the initiative of the customer. Depending on the intention and content of your query, the purpose may also be to initiate and/or execute a contractual relationship and to maintain and support the customer relationshi.

4. Legitimate interest

The legitimate interest in data processing lies in the option to process your query and respond to your query appropriately. The data collected is processed on the basis of a query that comes from you. This processing is also in your interest, so that we can respond to your query in accordance with your expectations.

5. Storage period

The data is erased within 6 months of the point at which it is no longer required to achieve the purpose for which it was collected, provided that it is not subject to further statutory retention obligations (e.g. 10 years under the German Tax Code, 6 years under the Commercial Code). This is the case for your email when the conversation with the user has ended.

The conversation is ended when circumstances indicate that the issue in question has been resolved definitively.

 

IX. Processing of personal data via fax

1. Description and extent of data processing

Personal data is processed for queries submitted by fax in accordance with the content of the fax. In all cases, this includes your fax address, the date and time and the content of the message. Depending on the content of your fax, the following personal data may also be processed, for example:

• First name, surname
• Phone number
• Customer number
• Payment data
• Contract data

The data is used exclusively to process the conversation and/or to implement and/or initiate a contractual relationship.

 

2. Legal basis for data processing

Due to the explicit query coming from the user by fax, the legal basis for the processing of this data is Art. 6 (1) f) GDPR. If the aim of the fax contact is also to conclude and/or execute a contract, the additional legal basis for processing is Art. 6 (1) b) GDPR.

3. Purpose of data processing

Processing of personal data via fax query is used solely for the purpose of making contact and allows the customer to request information from the company at the initiative of the customer. Depending on the intention and content of your query, the purpose may also be the initiation and/or execution of a contractual relationship.

4. Legitimate interest

The legitimate interest in data processing lies in the option to process your query and respond to your query appropriately. The data collected is processed on the basis of a query that comes from you. This processing is also in your interest, so that we can respond to your query in accordance with your expectations.

5. Storage period

The data is erased within 6 months of the point at which it is no longer required to achieve the purpose for which it was collected, provided that it is not subject to further statutory retention obligations (e.g. 10 years under the German Tax Code, 6 years under the Commercial Code). This is the case for your fax when the conversation with the user has ended.

The conversation is ended when circumstances indicate that the issue in question has been resolved definitively.

 

X. Processing of personal data in the context of the application process

We provide regular information about current job vacancies in job advertisements and on our website. You have the opportunity to apply for such vacancies. You can send your application data to us by post or by email.

Data that you send to us as part of the application process may include:

• Name, address and contact details
• Curriculum vitae including further details
• Personal letter
• Qualifications
• Interests

 

If you send your data to us by email, we will also process your email address, the date and time and the content of the message. Depending on the content of your email, the following personal data may also be processed, for example:

• First name, surname
• Telephone number

The data is used exclusively in the context of the application process to take a decision about filling the post.

 

2. Legal basis for data processing

The legal basis for processing data in the context of the application process is Art. 6 (1) b) GDPR and Section 26 (1) of the German Federal Data Protection Act (BDSG).

If, in the course of the application process, you provide us with special categories of personal data, such as information about an existing serious disability or about your health, which is required to assess your suitability for a specific job, processing of the data communicated to us at your initiative is done in accordance with Art. 9 (2) b), h) GDPR, Section 26 (3) BDSG.

3. Purpose of data processing

The processing or personal data in the course of the application process is solely done for the purpose of personnel planning and establishing employment relationships.

4. Legitimate interest

The legitimate interest in processing the data lies in the need to fill vacancies with qualified applicants as part of sustainable personnel planning and company management.

5. Storage period

If an application is turned down, the data is erased within 6 months of the rejection. Data relating to successful applications is subject to retention obligations under the regulations of employment and social law, the Tax Code and the Commercial Code.

 

XI. Rights of data subjects

If your personal data is processed, you are the data subject within the meaning of the General Data Protection Regulation. You therefore have the following rights in respect of the data controller. In order to exercise your rights as the data subject in respect of us as the data controller, please contact us at the following email address: datenschutz@rdp-law.de

 

1. Right to information – Art. 15 GDPR

You have the right to request confirmation from the data controller as to whether your personal data is being processed or not. If such processing is being carried out, you have the right to information about this personal data and about the following:

• the purposes for which the personal data is being processed;
• the categories of personal data that are being processed;
• the recipients or the categories of recipients to whom the personal data has been disclosed or is still being disclosed;
• if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for establishing the period of storage;
• the existence of a right to correction or erasure of the personal data relating to you, a right to restriction of the processing by the data controller or a right to object to such processing;
• the existence of a right of complaint to a supervisory authority;
• all available information about the origin of the data if the personal data was not collected from the data subject;
• the existence of an automated decision-making process including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, the scope and the intended effects of processing of this sort for the data subject.

You also have the right to demand information about whether the personal data about you is being transferred to a third country or an international organisation. Here, you can also demand information about the appropriate guarantees pursuant to Art. 46 GDPR in connection with such transfer.

 

2. Right to correction – Art. 16 GDPR

You have the right, vis-a-vis the data controller, to immediate correction and/or completion of the data about you, insofar as the personal data is incorrect or incomplete.

 

3. Right to erasure – Art. 17 GDPR

Erasure obligation:

you have the right to demand immediate erasure of your personal data, provided that one of the following grounds applies:

• the personal data about you is no longer required for the purposes for which it was collected or processed in another way;
• you have withdrawn your consent on which processing was based pursuant to Art. 6 1 a) or Art. 9 (2) a) GDPR and there is no other legal basis for processing;
• you have objected to processing pursuant to Art. 21 (1) and there are no legitimate, precedent reasons for processing, or you have objected to processing pursuant to Art. 21 (2) GDPR;
• the personal data about you has been processed illegally;
• erasure of the personal data about you is required to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject;
• the personal data about you has been collected in relation to the information society services offered pursuant to Art. 8 (1) GDPR

Exceptions:

A right to erasure does not exist if processing is required:

• to exercise the right to free speech and freedom of information;
• to fulfil a legal obligation that requires processing under EU law or the law of the Member States to which the data controller is subject or to carry out a task that is in the public interest or to exercise public authority that has been transferred to the data controller;
• for reasons of public interest in the area of public health pursuant to Article 9 (2) letters h and i and Article 9 (3);
• for archiving purposes, historical research purposes or statistical purposes that are in the pubic interest pursuant to Article 89 (1) GDPR,
• insofar as the right specified in section a) is likely to make achievement of the objectives of this processing impossible or will seriously hinder it, or
• to assert, exercise or defend against legal claims.

 

4. Right to restrict processing – Art. 18 GDPR

You have the right to demand that the processing of the personal data about you be restricted in accordance with the following conditions:

• if you have contested the accuracy of the personal data about you for a period that allows the data controller to verify the accuracy of the personal data;
• if processing is illegal and you decline to have your personal data erased and instead demand restriction of the use of the personal data;
• if the data controller no longer requires the personal data for purposes of processing but still requires it to assert, exercise or defend against legal claims, or
• if you have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.

If processing of the personal data about you has been restricted, with the exception of storage, this data may be processed only with your consent or to assert, exercise or defend against legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest in the EU or a Member State.

If processing has been restricted on the basis of the conditions described, you shall be notified by the data controller before the restriction is lifted.

 

5. Right to notification – Art. 19 GDPR

If you have exercised one of your rights to correction, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data about you has been disclosed of the correction or erasure of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of work.

You also have the right to be informed of those recipients.

 

6. Right to data transferability – Art. 20 GDPR

You have the right to receive the personal data about you that you have provided to the data controller in a structured and standard format that can be read by a computer. You also have the right to communicate this data to another data controller without hindrance by the data controller to whom the personal data was provided, if

• processing is based on consent pursuant to Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR or is based on a contract pursuant to Art. 6 (1) b) GDPR and
• processing is carried out with the aid of an automated process.

In exercising this right to data transferability, you also have the right to have the personal data about you transferred directly from one data controller to another data controller, insofar as this is technically feasible.

 

7. Right to object – Art. 21 GDPR

You have the right for reasons resulting from your specific situation to object, at any time, to the processing of personal data about you that is/was carried out on the basis of Art. 6 (1) e) or f) GDPR; this also applies to profiling based on these provisions.

The data controller shall stop processing the personal data about you unless the data controller can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise of defend against legal claims.

If personal data is processed for the purposes of direct advertising, you have the right to object to the processing of personal data about you for the purposes of such advertising at any time; this also applies to profiling, insofar as it is connected with such direct advertising.

If you object to processing for purposes of direct advertising, the personal data about you shall no longer be processed for those purposes.

Notwithstanding Directive 2002/58/EC, you have the option, in connection with the use of services of the information company, to exercise your right to object by means of automated processes in which technical specifications are used.

 

8. Right to withdraw a declaration of consent under data protection legislation

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing that was already carried out on the basis of your consent up to the point at which you withdraw it.

 

9. Right to complain to a supervisory authority – Art. 77 GDPR

Irrespective of any other legal remedies under administrative law or in court, you have the right to complain to a supervisory authority, in particular in the Member State of your normal place of residence, your place of work or the location of the alleged breach, if you believe that the processing of the personal data about you breaches the General Data Protection Regulation.

The supervisory authority to whom you submit your complaint shall notify you, as the complainant, of the status and outcome of the complaint, including the option to seek legal remedy in court pursuant to Art. 78 GDPR.

This data protection policy will be updated at regular intervals.