Privacy policy

Preamble:

GDPR compliance of MBmedien Group solutions

MBmedien Group GmbH designed its products and solutions to be in conformity with the GDPR from the very beginning. Ever since the GDPR came into effect, MBmedien Group’s products, solutions and workflows have consistently been compliant with its requirements. Mailings, online campaigns and direct marketing measures by the MBmedien Group continue to be permitted. A weighing of interests applies here under the GDPR. In this context, the legislator explicitly mentions direct marketing as a legitimate interest. (Art. 6 para. 1 sentence 1 lit. f) GDPR and recital 47). Our data management solutions and application services also comply with the GDPR requirements. Furthermore, the MBmedien Group has always followed the principle of hosting and storing data, and in particular personal data, exclusively in Germany. The MBmedien Group will continue to adhere to this principle in the future.

1. The importance of data protection

For us, data is the basis for providing an excellent service. However, our most important asset is the trust of our customers. Our top priority is to protect customer data and only use it in the way our customers would expect us to. That’s why we see compliance with the statutory provisions on data protection as something that goes with saying. It is also important to us that you are aware, at all times, when we store which data and how we use it.

2. How we process data

We process data both in connection with our website (https://www.mbmedien.group) and in connection with other websites we maintain, in particular with websites generally referred to as content hubs. Specifically, we process

• data that you will provide to us in the future – e.g., via contact forms – or that you have provided to us in the past, including, in particular, contact data, such as names, addresses and business email addresses,
• information about your user behavior on our websites,
• other information that we need to operate our business, in particular in connection with administration, financial accounting, office organization and contact management.

In addition, we receive contact data collected by third parties and use it to send information materials. We use such data exclusively for the purpose of sending information materials. The data is not stored by us.

3. Storage of personal information for the purpose of sending information materials

We collect contact information that we receive through telemarketing or when users fill out a registration form on any of our websites. This includes

• communication data (first and last names, business telephone numbers and email addresses, web addresses, telephone, fax numbers),
• hierarchy level (company management, 1st to 3rd management level [division, department], employee (specialist/user),
• classification by decision-making level (decision-maker type & budget responsibility),
• job function (e.g., IT, commercial management/responsibility, administration, research & development, marketing & sales), etc.,
• a field of interest assigned to the data subject on the basis of their own information with the note that the data subject has given their consent to be contacted for this field (opt-in).

We process this data on the basis of your consent for the purpose of sending you the information materials requested by you. The data is deleted if you do not access the linked information materials. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a) GDPR (consent).

4. Storage of personal information in the MBmedien database

We store the contact data mentioned under 3. in the MBmedien database for the purpose of contacting you at a later date on topics relating to your business or of interest to you if you have indicated that you are interested in such contact by telephone or electronically via a registration form on any of our websites.

The data in the MBmedien database is used exclusively as a tool for MBmedien Group GmbH to identify business leads and contact persons on behalf of customers. We do not transfer this data directly to third parties. Rather, the data is only used to identify users or user groups within a business context who are contacted by MBmedien Group GmbH on the basis of their own information on their business fields of interest in order to be selected as potential business contacts for customers. We only pass on information to customers if we have received your consent for us to do so. The database is used exclusively for MBmedien Group GmbH’s own business purposes, namely as the foundation for the provision of services (identification of relevant contacts/leads on behalf of customers). The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interests).

MBmedien Group GmbH does not attempt to collect non-business-related data, such as dates of birth, residential addresses, personal emails or telephone numbers and does not collect special category personal data such as biometric data, racial or ethnic origin data, etc.

5. Contact form

Each time you send us an inquiry via a contact form, the data from the contact form – including the contact information provided by you – is stored by us for the purpose of processing your inquiry and in the event of any follow-up questions. We do not pass on this data without your consent.

The data entered in contact forms is therefore processed exclusively to fulfill a contract with you or to take any pre-contractual steps (Art. 6 para. 1 sentence 1 lit. b) GDPR).

6. Processing of technical data during visits to our website

If you only use the website for information purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technologically necessary for us in order to display our website to you and to ensure stability and security (the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR):

• IP address
• date and time of the request
• time zone difference to Greenwich Mean Time (GMT)
• content of the request (specific page)
• access status/HTTP status code
• amount of data transferred in each case
• referring website
• browser
• operating system and its interface
• language and version of the browser software.
• page views, number of sessions, length of stay and downloads carried out
• pages visited during the visit to the website and the time spent on each page
• information on page interaction, such as clicks and browsing methods
• websites from which visitors have come and which they subsequently access
• page response times and any download errors, etc.

7. Processing of usage data

We use tracking pixels to collect information on the use of the websites and content hubs operated by us. This data is processed for the purposes of advertising and market research as well as to improve the design of our services. The data is used to determine the demand for goods and services from the companies you represent and it enables us to send our customers relevant leads in a targeted manner. The processing of usage data is limited to the context of the respective website on which the data is collected. We link the usage data to your contact data, insofar as the latter is available to us. No linking to data from other sources or from other content hubs or websites takes place. The data is pseudonymized at company level after completion of the project, usually after 6 months of project duration and can then normally no longer be assigned to a specific user (exception: sole proprietorships, for example). The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interest in the offering and sale of advertising services).

In all other respects, personal data is only collected by us if and to the extent that you yourself knowingly provide us with such data. In particular, such personal data is only passed on for the purposes of advertising/market research and to improve the design of our services if you have expressly given us your consent to do so. The legal basis here is Art. 6 para. 1 sentence 1 lit. a) GDPR.

8. Matomo

Some of our pages may use the open-source software Matomo. Matomo makes use of what is commonly referred to as “cookies”. The information generated by Matomo via cookies is only stored and analyzed locally.

Cookies are data records that are sent from the web server to the user’s web browser and stored there for retrieval at a later point in time. You can determine whether cookies should be collected by configuring your browser in such a way that you are always informed before a cookie is stored and storage only takes place if you expressly accept it. However, the website’s functionality may be limited if you refuse the use of cookies. We use cookies to personalize content, to offer social media functions and to analyze the user behavior of visitors to our websites. Information about your use of our website is only linked to the contact information you have provided to us within the context of a content hub.

Necessary cookies help us make the website usable by enabling basic functions (page navigation, access to secure sections). The website cannot function properly without these cookies.

Preference cookies enable our website to remember information that affects the way it presents itself to you as a visitor/return visitor.

Statistics cookies help us understand how you as a visitor interact with the website. This information is collected in an anonymized manner.

Marketing cookies are used to track visitors to the website. The intention is to only show you content that is relevant to you.

9. Pipedrive

We use Pipedrive as our CRM tool for processing and storing contact data.

When you contact us (via a contact form or via email), your user details are processed in order to process and handle the contact inquiry in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR. We use contact forms from Pipedrive, our customer relationship management tool (“CRM tool”), to process and respond to your requests and messages as quickly as possible. When a form is submitted, the data is sent to Pipedrive and stored on Pipedrive’s servers.

We use the Pipedrive CRM system from the provider Pipedrive OÜ on the basis of our legitimate interests (efficient and fast processing of user inquiries, existing customer management, new customer business).

Pipedrive OÜ is a limited liability company under Estonian law (EU) with the address Mustamäe tee 3a, 10615 Tallinn, Estonia, registered in the Estonian Commercial Register under the code 11958539.

You can access Pipedrive’s privacy policy here: https://www.pipedrive.com/en/privacy.

10. Cookie First / Borlabs Cookie

Our website and our content hubs use Cookie First/Borlabs Cookie, which sets a technologically necessary cookie (cookiefirst-id & cookiefirst-consens/borlabs-cookie) in order to save your cookie consent.

Cookie First and Borlabs Cookie do not process any personal data.

The cookie (cookiefirst-id & cookiefirst-consens or borlabs-cookie) keeps track of the consent you gave us when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will again be asked for your consent to receive cookies.

11. Data processing on our social media pages

We maintain company pages on several social media platforms. They enable us to provide more information about our company and interact with our users. Our company has company pages on the following social media platforms:

• LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter referred to as “LinkedIn”;
• XING of NEW WORK SE, (Germany, EU), hereinafter referred to as “XING”.
• Facebook and Instagram of Meta Platforms, Inc. (USA), hereinafter referred to as “Meta”.

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used by you also regularly constitutes personal data. This includes messages and statements made while using this profile. In addition, when you visit a social media profile, certain information is often collected automatically, and this information may also constitute personal data.

 11.1 Visits to social media pages

When you visit any of our social media pages, which we use to present our company or individual products that we offer, certain information about you is processed. The operators of the social media platforms are solely responsible for this processing of personal data. Further information on the processing of personal data can be found in their privacy policies, which we link to below:

• LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy)
• XING (https://privacy.xing.com/de/datenschutzerklaerung/druckversion)
• Meta (https://www.facebook.com/privacy/explanation). Meta offers the possibility to object to certain types of data processing; you can find more information and opt-out options in this regard at https://www.facebook.com/settings?tab=ads

The operators of social media platforms collect and process event data and profile data and provide us with statistics and insights for our pages in anonymized form, which help us understand the types of actions people take on our pages (commonly referred to as “Page Insights”). These Page Insights are created on the basis of certain information about persons who have visited our pages. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our pages and improving our pages based on these findings. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.

We cannot assign the information obtained via Page Insights to individual user profiles that interact with our pages. We have entered into agreements with the operators of social media platforms on the processing of user data as joint controllers which stipulate the allocation of data protection obligations between us and the operators. You can find more detailed information on the processing of personal data for the creation of Page Insights and the agreements concluded between us and the operators under the following links:

• LinkedIn (https://legal.linkedin.com/pages-joint-controller-addendum);
• XING (https://www.xing.com/terms/onlyfy-one#h2-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit).
• Meta (https://www.facebook.com/legal/terms/information_about_page_insights_data)

You also have the option to assert your rights directly against the operators. Further information can be found under the following links:

• LinkedIn (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de);
• XING (https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen).
• Meta (https://www.facebook.com/privacy/explanation)

11.2 Communication via social media pages

We also process information that you have made available to us via our company pages on the respective social media platforms. This information may include your username, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data on the basis of our legitimate interest to enter into contact with persons who send us inquiries. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Further data processing may take place if you have given your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

11.3 LinkedIn Insight Tag

This website uses the Insight tag from LinkedIn.

Data processing via the LinkedIn Insight Tag

The LinkedIn Insight Tag enables us to receive information about visitors to our website. If our website visitors are registered with LinkedIn, we can, among other things, analyze their key professional data (e.g., career level, company size, country, location, industry and job title) in order to better optimize our website according to the needs of our respective target groups. In addition, we can use LinkedIn Insight Tags to measure whether visitors to our web pages make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g., PCs/tablets). Beyond that, the LinkedIn Insight Tag offers a retargeting function that allows us to display targeted advertising to persons who have visited our website outside the website; according to LinkedIn, the advertising recipients are not identifiable within this process.

LinkedIn itself also maintains what is known as log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

We, as the website operator, cannot link the data collected by LinkedIn to specific individuals. LinkedIn stores the personal data collected from website visitors on its servers in the USA and uses it for its own advertising purposes. You can find more details in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including through social media. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

The transmission of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag

You can object to the analysis of user behavior and targeted advertising by LinkedIn via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes via their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

12. Administration, financial accounting, office organization, contact management

We process data within the scope of administrative tasks and for the organization of our business, for financial accounting purposes and to ensure compliance with legal obligations, e.g., with regard to archiving. Here, we process the same data that we process as part of the provision of our contractual services. The data subjects of the processing operation are customers, interested parties, business partners and website visitors.

The purpose and our interest in data processing here relate to administration, financial accounting, office organization, data archiving, i.e., tasks that are necessary to maintain our business activities, perform our tasks and provide our services. The deletion of data relating to contractual services and contractual communication is governed by the same rules as specified for these processing activities.

We disclose or transmit data to the tax authorities, consultants, such as tax advisors or auditors, as well as other billing offices and payment service providers insofar as we are obliged to do so or if the disclosure or transmission of data are necessary for the fulfillment of a legal obligation.

In addition, we store information on suppliers, event organizers and other business partners on the basis of our business interests, e.g., for the purpose of contacting them at a later date.

The basis for processing is Art. 6 para. 1 sentence 1 lit. c) GDPR (fulfillment of a legal obligation) or Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interests).

13. Information on the regular duration of processing

All data received by us is only stored for as long as is necessary to provide our services or to safeguard our legitimate interests, unless we have expressly informed you of a specific storage duration in individual cases.

Any mandatory statutory provisions – in particular retention periods – remain unaffected.

14. Your rights

You have the following rights with regard to your personal data:

Right to information

You have the right to obtain information from us about what personal data we process about you.

Right to rectification

You have the right to have incorrect data corrected or incomplete data completed if your personal data is incorrect or incomplete.

Right to erasure

You have the right to have your personal data deleted under the conditions of Art. 17 GDPR. Your right to erasure may be excluded under this provision due to a conflicting interest.

Right to restriction of processing

You have the right to demand from us that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.

Right to object to the processing

Please see the “Right to object” section of this Privacy Policy.

Right to revoke consent

Please see the “Revocation of consent” section of this Privacy Policy.

Right to data transfer

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format under the conditions of Art. 20 GDPR and you have the right to transmit this data to another controller without any interference from us.

Right to lodge a complaint with a data protection supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you believe that the processing of your personal data violates the GDPR.

Please send your request to the contact specified below.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us, for example to the supervisory authority responsible for us:

The State Commissioner for Data Protection and Freedom of Information

Bettina Gayk
P.O. Box 20 04 44
40102 Düsseldorf
Phone: 02 11/384 24-0
Fax: 02 11/384 24-10
Email: poststelle@ldi.nrw.de

15. Revocation of consent

You have the right to revoke any consent you have given for the purpose of data processing at any time. The revocation of consent does not affect the lawfulness of processing that has been performed based on consent prior to its revocation.

To exercise your right to revoke consent, you can contact us at any time using the contact details provided above.

16. Right to object

Insofar as the processing of your personal data is based on Art. 6 para. 1 sentence 1 lit. e) or f) GDPR, you have the right to object to the processing in accordance with Art. 21 GDPR. If you object on grounds relating to your particular situation, we will no longer process your personal data unless we can prove that we have compelling legitimate reasons for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defense of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for such purposes at any time; this also applies to profiling insofar as it is connected to such direct marketing. If you object to data processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data if the data processing is carried out in the public interest or on the basis of a weighing of interests; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can prove that we have compelling legitimate reasons for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defense of legal claims.

You can exercise your right to object at any time by contacting us using the contact details above. If information society services are used, you can exercise your right to object by means of automated procedures that are based on technical specifications.

You also have the right to object, on grounds relating to your particular situation, to the processing of your personal data that is carried out for scientific, historical research or statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest.