Privacy Policy of m3connect GmbH

We are pleased about your visit to our website and the associated interest. Data protection has a particularly high priority for us, which is why use of the website is generally possible without any indication of personal data. However, if a data subject wishes to use special services from us via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

General Information

Responsible Body

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), is:

m3connect GmbH
Pascalstraße 18
52076 Aachen

Tel.: 02408 – 93681 0
Email: info@m3connect.de

Management: Emilijo Dragas

Data Protection

For questions regarding data protection, you can reach our Data Protection Officer at: dsb@m3connect.de.


General Information on Data Processing

In principle, only personal data of our website visitors is processed if and insofar as this is necessary to provide a functional website as well as our content and services. The collection and use of personal data of our website visitors regularly takes place only after consent. Something else applies if obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

Legal Basis for the Processing of Personal Data
  1. Art. 6 (1) (a) GDPR for data processing based on your consent; consent is obtained separately from you in these cases.
  2. Art. 6 (1) (b) GDPR for data processing necessary for the performance of a contract to which the data subject is a party. This also applies to data processing necessary for the implementation of pre-contractual measures.
  3. Art. 6 (1) (c) GDPR for data processing necessary for the fulfillment of a legal obligation to which we are subject.
  4. Art. 6 (1) (f) GDPR for data processing based on our legitimate interest.

Data processing based on legitimate interest pursuant to Art. 6 (1) (f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of us or third parties and does not outweigh your interests or fundamental rights and freedoms that require the protection of personal data.

If third-party technologies (such as cookies) are integrated, the processing of personal data is also based on consent. The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25. 1 TDDDG.
For cookies that are necessary to provide explicitly requested telemedia services, Section 25 (2) TDDDG applies.


Your Rights as a Data Subject

If personal data of yours is processed, you are a “data subject” within the meaning of the GDPR and you have the following rights towards us as the controller. You can make use of your rights by sending an email to the contact options mentioned above, stating your concern.

a. Right of access

Every data subject has the right under Art. 15 GDPR to receive free information from us at any time about the personal data stored about them as well as a copy of this data.

You can request confirmation from us as to whether personal data concerning you is being processed by us.

b. Right to rectification

Every data subject has the right under Art. 16 GDPR to demand the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of processing, to demand the completion of incomplete personal data – also by means of a supplementary declaration.

c. Right to restriction of processing

Every data subject has the right to demand from us the restriction of processing if one of the conditions provided by the legislator in Art. 18 GDPR is met.

d. Right to erasure

Every data subject has the right to demand from us that the personal data concerning them be deleted immediately, provided that one of the reasons mentioned in Art. 17 GDPR applies.

e. Right to data portability

Every data subject has the right under Art. 20 GDPR to receive the personal data concerning them, which has been provided to us by the data subject, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out using automated procedures.

e. Right to object (Art. 21 GDPR)

Every person affected by the processing of personal data has the right, for reasons arising from their particular situation, to object at any time to the processing of personal data concerning them which takes place on the basis of Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.

Should we process data to operate direct marketing, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

f. Right to withdraw data protection consent

Every person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time with effect for the future. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

g. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Data Erasure and Storage Period

The personal data of data subjects is deleted or restricted for further processing as soon as the purpose for which the personal data was collected no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which we are subject. The restriction or erasure of data also takes place when a storage period prescribed by the aforementioned norms expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.

Cooperation with Processors and Third Parties / Transfer to Third Countries

If, in the course of our processing, we disclose data to other persons and/or companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this only takes place on the basis of a legal permission, because you have consented, a legal obligation provides for this, or on the basis of our legitimate interest.

If we commission third parties with the processing of data on the basis of a so-called “data processing agreement,” this always takes place on the basis of Art. 28 GDPR.

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or the disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g., “Data Privacy Framework”) or compliance with officially recognized special contractual obligations (so-called “EU Standard Contractual Clauses”).


SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as inquiries you send to us, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.


Objection to advertising emails

The use of contact data published within the scope of the imprint obligation for the purpose of sending unsolicited advertising and information materials is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

Collection of general information when visiting our website

Server log files

When you access our website, a range of general information is automatically collected each time the website is accessed. This general data and information is stored in the server log files. Hierbei handelt es sich unter anderem um folgende Informationen:

  • Accessed domain
  • Client IP
  • Time of access
  • Requested URL
  • Transferred data volume
  • Website from which you reached the requested page (referrer)
  • as well as product and version information of the browser used (user agent)

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is required to deliver the content of our website correctly, to optimize the content of our website, to ensure the permanent functionality of our systems and the technology of our website, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. This collected data and information are evaluated by us statistically on the one hand, and further with the aim of increasing data protection and data security, in order to ultimately ensure an optimal level of protection for the personal data we process. The data is deleted after XX days. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. In accordance with Art. 6 Para. 1 lit. f GDPR, we have a legitimate interest in improving the stability and functionality of our website.

Contact options


Contact form

On our website, we offer you the option of sending us your enquiry via the contact form. Wenn Sie uns über das Kontaktformular kontaktieren, wird Ihre Anfrage inklusive aller daraus hervorgehenden personenbezogenen Daten, die Sie an uns übermitteln (Name, Vorname, Mail-Adresse, Unternehmensangaben und Ihre Anfrage), zum Zwecke der Bearbeitung Ihres Anliegens bei uns gespeichert und verarbeitet.
The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. We require this data to, among other things, be able to provide you with an offer, for communication with you, and, if necessary, for order processing.
In all other cases, the processing is based on our legitimate interests (Art. 6 Para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of inquiries addressed to us. We forward your data within our corporate group so that the appropriate contact persons can process your request. No further forwarding of your data takes place. We store your data only as long as it is necessary for the stated purpose. As soon as the purpose for which we collected your data no longer applies, your data will be deleted, unless legal retention periods prevent deletion.

Email contact

If you contact us via the provided email addresses, the personal data transmitted with the email will be stored by us. This usually includes your name, your email address, the date and time, and the transmitted email. We process the data exclusively to handle your request and to get in touch with you. The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. We require this data to, among other things, be able to provide you with an offer, for communication with you, and, if necessary, for order processing.
In all other cases, the processing is based on our legitimate interests (Art. 6 Para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of inquiries addressed to us. We forward your data within our corporate group so that the appropriate contact persons can process your request. No further forwarding of your data takes place. We store your data only as long as it is necessary for the stated purpose. As soon as the purpose for which we collected your data no longer applies, your data will be deleted, unless legal retention periods prevent deletion.

Applications

We offer you the opportunity to apply to us (e.g., by email, post, or via an online application form). In the following, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data take place in accordance with applicable data protection law and all other legal provisions, and that your data will be treated strictly confidentially.

We process data related to your application. This may include general data about your person (such as name, date of birth, address, and contact details), information about your professional qualifications and school education, or information about professional further training, or other information that you transmit to us in connection with your application. We process your personal data only for the purpose of employment or the application process. If you apply to us or provide us with your contact details for the purpose of establishing contact, we use your data for internal review or to get in touch with you. Technical and organizational measures are taken to protect your data against accidental or intentional manipulation and unauthorized access.

Should employment occur, we use your data to fulfill legal requirements and thus establish the employment relationship. Upon departure, your data will be used to process your exit. This can be due to termination as well as reaching retirement age.

If you have applied to us, your application documents will remain internal. The documents are forwarded only to the responsible employees for coordination purposes. In the event of employment or upon leaving, your data will be forwarded to the relevant institutions to ensure smooth processing. These include, for example, legally required institutions such as health insurance providers, pension insurance, the tax office, tax advisors, etc. Your data will not be transferred to a third country. Mit Drittländern sind die Länder gemeint, die nicht zur EU gehören.
As part of the application process, we process your data in accordance with Art. 6(1) lit. b DSGVO, im Rahmen einer Vertragsanbahnung.
Should the processing of your personal data be based on consent in accordance with Art. 6 Para. 1 lit. a GDPR, we will obtain this from you separately. For example, if we wish to contact you again at a later date after a rejection.

Furthermore, we may process personal data about you insofar as this is necessary to defend against legal claims asserted against us from the application process. The legal basis for this is Art. 6 Para. 1 lit. f GDPR; the legitimate interest is, for example, a duty of proof in proceedings under the General Act on Equal Treatment (AGG).

We store your data only for as long as required for the purposes stated above. If one or more purposes no longer apply, your data will be deleted unless statutory retention periods prevent deletion. Once these periods have expired, your data will be deleted. If you are not considered further in the application process, your application documents will be deleted after a period of 6 months. Etwas anderes ergibt sich, wenn Sie uns Ihre Einwilligung zur längeren Aufbewahrung als der gesetzlich vorgeschrieben, erteilt haben.

If you apply via our career portal, the following personal data will be processed as mandatory information:

  • Last name, first name
  • Contact details (telephone & email)
  • Documents (CV, certificates, cover letter)
  • Other information provided to us via the documents.

In addition, you can provide the following optional information:

  • Availability
  • Salary expectations

In our online application process, we use the special recruiting page of Personio SE & Co. KG (‘Personio’). Personio acts as a processor for us. Corresponding contractual regulations have been made for this purpose. You can find more details about the processing of your personal data by Personio under “Processing of personal data of the recruiting page by Personio SE & Co. KG”.

Cookies and Plugins

Technically necessary cookies

We use cookies to make our website more user-friendly. Some functions and elements of our website require that the calling browser can be identified even after a page change. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies.

You have the option to prevent the installation of cookies by changing the settings of your browser software. We point out that with such a setting, not all functions of this website may be available or restrictions in the user experience are to be expected.

Cookie consent with Usercentrics

This website uses the cookie consent technology from Usercentrics to obtain your consent for the storage of certain cookies on your terminal device and to document this in a data protection-compliant manner. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich (hereinafter “Usercentrics”).

When you enter our website, the following personal data is transmitted to Usercentrics:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your terminal device
  • Time of your visit to the website

In addition, Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or their revocation to you. The data collected in this way is stored until you request deletion, delete the Usercentrics cookie yourself, or the purpose for storing the data no longer applies. Zwingende gesetzliche Aufbewahrungspflichten bleiben unberührt.
Usercentrics is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1) lit. c DSGVO.
We have concluded a contract for order processing with Usercentrics.

Captcha

We use a captcha on our website. This captcha is a so-called “HoneyPot”. It does not process any personal data. This captcha is intended to check whether data entry (simple arithmetic task) is performed by a human or by an automated program.

Google Tag Manager

Our website uses Google Tag Manager, a service offered for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The Tag Manager is a tool for managing so-called tags, which are used in tracking in online marketing.
The Tag Manager serves us to manage the tools and external services that we use on our website and allows the use of so-called tags. A tag is a code element that is stored in the source code of the website, for example, to control which page or service elements and tools are activated and loaded in which order. Google Tag Manager itself does not create user profiles, does not set cookies, and does not perform independent analyses.

However, Google Tag Manager records your IP address, which can also be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 Para. 1 lit. f GDPR. There is a legitimate interest in the fast and uncomplicated integration and management of various tools on our website. Insofar as a corresponding consent for the displayed elements has been requested, processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device within the meaning of the TDDDG. Consent can be revoked at any time with effect for the future.

Google Inc. is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/list. In addition, you can find further information on Tag Manager at: https://www.google.com/intl/en/tagmanager/use-policy.html.

Technically non-essential cookies

Google Analytics 4

Our website uses the web analysis service Google Analytics 4, which is offered for persons from Europe, the Middle East, and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We integrate Google Analytics 4 via Google Tag Manager. If you have not consented to the use of the analysis tools, your data will not be recorded within the scope of Google Analytics 4.

Google Analytics 4 allows us to analyze the behavior of website visitors. In doing so, we receive various usage data, such as page views, duration of stay, operating systems used, and the origin of the user. This data is summarized in a User ID and assigned to the respective terminal device of the website visitor.

Furthermore, with Google Analytics 4, we can record, among other things, your mouse and scroll movements and clicks. Furthermore, Google Analytics uses various modeling approaches to supplement the recorded data sets and employs machine learning technologies in data analysis.

Google Analytics 4 uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent according to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. Consent can be revoked at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/list

Data security and data protection, communication by email

Your personal data is protected by technical and organizational measures during collection, storage, and processing so that it is not accessible to third parties. In the case of unencrypted communication by email, complete data security on the transmission path to our IT systems cannot be guaranteed by us, so we recommend encrypted communication or the postal route for information with a high need for confidentiality.

Updating the data protection provisions

We reserve the right to adapt the privacy policy so that it corresponds to the current and latest legal requirements or to change it if, for example, new services are introduced.