mgi-olpe.de | Privacy Policy

Privacy Policy

1. Introduction
Thank you for your interest in our company.

Personal data is all information that relates to an identified or identifiable person. Pseudonymous data that we cannot assign to you directly, e.g. via a name or e-mail address, is also personal data.

As the protection of your personal data is very important to us, we inform you in this privacy policy about the type, scope and purpose of the personal data processed by us and your rights as a data subject.

At the end of the privacy policy, you will find the various explanations of the terms under the heading Definitions.

The controller for the processing of personal data is

MGI GmbH
Olper Hütte 7
57462 Olpe, Germany

Phone: +49 2761 86-0
E-mail: info@mgi-olpe.de

The external company data protection officer is

dokuworks GmbH
Mr. Markus Weber
Birlenbacher Str. 20
57078 Siegen

Phone: +49 271 77237-60
Email: datenschutz@doku.works

If you have any questions or suggestions on the subject of data protection, please feel free to contact us as the responsible party or our data protection officer at any time.

2. Rights of Data Subjects
You can assert the following rights regarding your personal data against us:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to the processing (Art. 21 GDPR)

If you submit a request for information to us, we will inform you in accordance with the data protection regulations whether and which data we have collected from you. We always endeavor to ensure up-to-date and error-free data collection. However, if incorrect information has been recorded, we will correct it immediately following a corresponding request

To do so, please send us a request to: info@mgi-olpe.de

In addition to exercising your rights against us, you also have the right to lodge a complaint with a supervisory authority if you suspect a breach of data protection regulations (Art. 77 GDPR).

3. Data Transfer to Third Countries
We only transfer or process data to countries outside the scope of the GDPR (so-called third countries) if you consent to this processing or other legal permission exists. This applies in particular if the processing is required by law or necessary to fulfill a contractual relationship and in any case only to the extent that this is generally permitted.

If data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we conclude EU standard contractual clauses in conjunction with a Transfer Impact Assessment (TIA) with corresponding service providers to establish an appropriate level of data protection.

With regard to data transfer to US companies, the transatlantic data protection agreement (so-called Data Privacy Framework) came into force on July 10, 2023; also known as “Privacy Shield 2.0”. This means that - under certain conditions - the use of tracking/analysis and marketing tools with data transfer to the USA is permitted again. In order for a US company to be considered a secure data recipient and comply with the principles of the Data Privacy Framework, it must undergo a self-certification process by the US Department of Commerce (DoC). This self-certification requires a company to submit a series of documents. If these are complete, the organization is added to the DPF list (short for “Data Privacy Framework”) and is considered self-certified according to the requirements of the new data protection framework.

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. In addition, data collected may be linked to data from other services of the same provider if you have a corresponding user account. Where possible, we try to use server locations within the EU if this is offered.

4. Data protection notice for business partners
We are pleased that you are interested in MGI GmbH and are contacting us.

The protection of your data is very important to us. With this data protection notice, we provide you with the following information in accordance with Art. 13 GDPR on the processing of your personal data in connection with our business relationship.

Further information about our company, details of the authorized representatives and other contact options can be found at https://mgi-olpe.de/de/service/impressum/

What data do we process and for what purposes?
We only process personal data that we have received from you or, if applicable, from publicly accessible sources as part of our business relationship.

Personal data within the meaning of Art. 4 No. 1 GDPR may include Names, telecommunication data and address data. In addition, we also process offer, inquiry and order data, data from the fulfillment of our contractual obligations, product data, documentation data and other data comparable to the categories mentioned.

The provision of your personal data is necessary for the initiation, execution and processing of the contractual relationship. If you do not provide it, we will unfortunately not be able to contact you to clarify pre-contractual or contractual issues.

What is the legal basis for processing your personal data?
Your personal data is processed in accordance with the statutory provisions of the GDPR and the Federal Data Protection Act for the fulfillment of contractual obligations or for measures to initiate a contract (Art. 6 para. 1 sentence 1 lit. b GDPR),

In addition, we may use this data for additional purposes within the scope of our business relationship.

How long is the data stored?
We process and store your personal data for the duration of our business relationship and at least in accordance with the statutory retention periods, such as the German Commercial Code or Tax Code.

Who is the data passed on to and where is it processed?
We only use the personal data for our own purposes in the course of the business relationship.

5. Data Protection Notice for Applicants
The data controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

The legal basis for this processing is Section 26 (1) sentence 1 BDSG in conjunction with Art. 88 (1) GDPR.

If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

If you expressly consent to your data being stored for a longer period of time, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 para. 1 lit. a GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 para. 3 GDPR by making a declaration to us with effect for the future.

6. Data Protection when Visiting our Website

Type and purpose of processing:
When you access our website, i.e. if you do not register or otherwise transmit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar.

They are processed for the following purposes in particular:

Ensuring a smooth connection setup of the website,
Ensuring the smooth use of our website,
evaluating system security and stability and
to optimize our website.

We do not use your data to draw conclusions about your person. Information of this kind may be statistically evaluated by us in anonymized form in order to optimize our website and the technology behind it.

Legal basis and legitimate interest:
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipients:
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period:
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for data used to provide the website when the respective session has ended.

If the data is stored in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are anonymized so that it is no longer possible to identify the accessing client.

Provision prescribed or required:
The provision of the aforementioned personal data is not required by law or contract. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted. For this reason, an objection is excluded.

7. Hosting
We host the content of our website with the following provider:

.webflow GmbH
Wasserburger Straße 4
83352 Altenmarkt a. d. Alz

Tel.: +49-8621-9998920
E-Mail: info@webflow.de

Details can be found in the provider's privacy policy:
https://www.webflow.de/unternehmen/datenschutzerklaerung

The use of .webflow GmH is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

8. Use of Analysis and Tracking Tools
Cookies are small text files that are placed on your device and collect data that can later be read by a web server of the domain that placed the cookie.

Cookies and similar technologies are used on our website to provide users of this website with a more user-friendly service, to analyze the performance of our products and for other legitimate purposes.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

The following types of cookies can be distinguished:

8.1 Technically necessary Cookies
Technically necessary cookies are those that ensure the basic functions of the website and thus enable its operation. This only concerns the technical necessity, not economic aspects.

The legal basis is our legitimate interest in the provision of a functional website pursuant to Art. 6 para. 1 lit. f GDPR or the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR

8.2 Statistics Cookies and Marketing Cookies
Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing cookies store user information regarding the website visited. This data is used, for example, to display advertisements tailored to user interest, to optimize offers, to recognize the user or to simplify website use.

The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

9. Contact us
When you contact us (e.g. via contact form, chat or email), we process your data to process the request and in the event that follow-up questions arise.

If the data processing is carried out for the implementation of pre-contractual measures that are carried out at your request or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

10. Storage Period
Unless specifically stated, we only store personal data for as long as is necessary to fulfill the purposes pursued.

In some cases, the legislator provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will only be stored by us for these legal purposes, but will not be processed in any other way and will be deleted after the statutory retention period has expired.

11. Definitions
The data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing
The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

12. Transfer of Personal Data to Third Parties
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

13. Data Security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data is transmitted to us in encrypted form. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

14. Topicality and Amendment of this Data Protection Declaration
This privacy policy is currently valid and is dated July 2024. It may become necessary to amend this privacy policy as a result of the further development of our website and offers on it or due to changes in legal or official requirements.