Skip to main contentSkip to page footer

Sequencing Digital Success

 

>> Data protection

Data protection declaration and information for data subjects pursuant to Article 13 and Article 14 of the EU General Data Protection Regulation

 

1. general information

Details of the controller

Company: M&M Software GmbH
Legal representative: Christian Gnädig, Thomas Gaus
Address: Industriestr. 5, 78112 St. Georgen
Contact details data protection officer: privacy@mm-software.com
 

2. general data processing information

Data concerned: Personal data is only collected if you provide it to us voluntarily. No other personal data is collected. Any processing of your personal data that goes beyond the scope of the statutory permissions will only take place on the basis of your express consent.

Purpose of processing: Performance of the contract

Categories of recipients: Public authorities in the event of overriding legal provisions. External service providers or other contractors. Other external bodies if the data subject has given their consent or a transfer is permitted for reasons of overriding interest.

Third country transfers: Processors outside the European Union may also be used in the context of contract performance.

Duration of data storage: The duration of data storage depends on the statutory retention obligations and is generally 10 years.
 

3. specific information about the website

In general, it is not necessary for you to provide personal data in order to visit our website. Technically, however, we temporarily store the connection data of the requesting computer, the web pages you visit, the date and duration of the visit, the identification data of the browser and operating system type used, and the website from which you visit us.

If the programming of our website causes your browser to load data from servers operated by third parties, we ourselves are not involved in these data transfers.

Personal data is only collected if you provide it to us yourself using one of our forms on the website. The transmission of data is encrypted.

a. Newsletter

When you register for our newsletter, you provide us with your name, your company, your e-mail address and optionally other data. We use this information exclusively to send you the newsletter. The data you enter when registering for the newsletter will remain with us until you unsubscribe from our newsletter. You can unsubscribe at any time using the link provided in the newsletter or by sending us a corresponding message. By unsubscribing, you object to the use of your data for this purpose.

We use the so-called double opt-in procedure to document the newsletter consent and to prevent misuse of your data. This procedure ensures that the recipient actually wishes to receive our newsletter. After registering, you will receive an e-mail asking you to confirm your newsletter registration. We will only send you our newsletter once you have confirmed your registration.

Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your stored data are also logged.

We also use your e-mail address, which we receive in connection with the sale of goods or services, exclusively for direct advertising in the form of our newsletter for our own similar goods or services, such as those ordered by you, provided you have not objected to this use. You can object to the use of your e-mail address at any time without incurring any costs other than the transmission costs according to the basic rates. You can exercise your objection (and thus unsubscribe from our newsletter) by sending a message to the above e-mail address (privacy@mm-software.com).

We use the service provider Newsletter2Go to send the newsletter. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for purposes other than sending newsletters. Click tracking also takes place in our newsletters, in which the following data is recorded: Opening rate of the email, which link was clicked.

b. Contact form

When using the contact form, you provide us with your name, your e-mail address and optionally other data. We use this information exclusively to process your request. The data you enter in the contact form will remain stored by us until you object to its storage. You can object at any time by sending us a corresponding message. This is how you object to the use of your data for this purpose.

c. Download registrations

When registering for downloads, you provide us with your e-mail address and optionally other data. We use this information to send you one-off download links. At the same time, you also register to receive our newsletter. The data you enter when registering for downloads will remain stored by us until you object to it being stored. You can object at any time by sending us a corresponding message. This is how you object to the use of your data for this purpose.

d. Event registrations

When registering for events, you provide us with your first name, surname, company, telephone number, e-mail address and optionally other data. We use this information to process your event registration. You also register to receive our newsletter at the same time. The data you enter when registering for the event will remain stored by us until you object to it being stored. You can object at any time by sending us a corresponding message. This is how you object to the use of your data for this purpose.

 

4. collection, storage of usage data when visiting our website without registration, use of cookies

When you visit our website, we receive your full IP address from your IT system. Only with this IP address can we transmit the data of our website to you so that the website can be displayed to you (Art. 6 para. 1 b), f) GDPR). In addition to the processing for the transmission of the retrieved data, the full IP address is only stored for two (2) days in order to be able to initiate defensive measures in the event of attacks on our IT, e.g. blocking of IP addresses, and, if necessary, criminal prosecution (Art. 6 para. 1 f) GDPR).
We store the date and time of the page view and the page from which you accessed our website. We do not store any other personal data unless you log in.
If the programming of our website causes your browser to load data from servers operated by third parties, we ourselves are not involved in these data transfers. Our third-party providers have asked us to inform you as follows:

a. Google Conversion Tracking

As an AdWords customer, we also use "Google Conversion Tracking", an analysis service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). Google Adwords places a cookie on your computer ("conversion cookie") if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognize that someone clicked on the ad and was redirected to our website. Each AdWords customer receives a different cookie. Cookies cannot therefore be used to identify you or your path on the Internet on different websites. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. We thus receive usage statistics about those users who reach our website via a Google ad and can thus understand which of our ads are successful and how well they matched your search topic (Art. 6 para. 1 f) GDPR).
As an AdWords customer, we learn the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking process, you can refuse the setting of a cookie required for this - for example, by setting your browser to generally deactivate the automatic setting of cookies. You have the right to object and can prevent the installation of cookies for Google AdWords (under the domain "googleadservices.com") by making a setting in your browser so that cookies from the domain "googleadservices.com" are blocked. You can find details on this in your browser help. You can find the corresponding cookie names in our cookie policy.
You can find Google's privacy policy here: https://www.google.com/intl/de/policies/privacy/.

b. Google Tag Manager

This website uses the "Google Tag Manager". Google Tag Manager is a solution from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") that allows marketers to manage website tags via an interface. The "Tag Manager" tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool only ensures the forwarding of data and the triggering of other tags, which in turn may collect data under certain circumstances. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

c. LinkedIn Analytics and LinkedIn Ads

Our website uses the "LinkedIn Insight Tag" marketing function of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; "LinkedIn"). Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. The active program function (JavaScript) is used to understand the actions of visitors to our website in anonymized form, to measure the effectiveness of advertising and to present interest-based advertisements ("LinkedIn Ads") when visiting the LinkedIn social network and other websites. For this purpose, the LinkedIn Insight tag is integrated on our website, which establishes a connection to the LinkedIn server if you visit our website and are logged into your LinkedIn account at the same time. The assignment attempts to work across devices, so that it is also evaluated how visitors behave across devices. The basis for use is Art. 6 para. 1 f) GDPR.
We also have a profile on the social network LinkedIn itself. Our social media presence and our LinkedIn profile are intended to ensure the broadest possible presence on the internet. When you visit our LinkedIn profile, LinkedIn can generally analyze your user behavior.
We use "LinkedIn Lead Ads" in the context of customer acquisition. These are advertisements on LinkedIn in which LinkedIn uses forms to generate leads and functions and content of the LinkedIn service can be integrated. In such advertising, defined information is requested in accordance with our current campaign or other measures. If you have a LinkedIn account, the corresponding advertising campaign can be pre-filled with the information you have shared with LinkedIn.
With LinkedIn Lead Ads, for example, we offer you a function with which you can provide us with user information via your LinkedIn account. We use this functionality to address you in a target group-oriented manner. Our legitimate interest in the use of LinkedIn Lead Ads is for marketing purposes in the context of initiating business. The legal basis for this is Art. 6 para. 1 f) GDPR.
If you are logged into your LinkedIn account and visit our LinkedIn profile, LinkedIn can assign this visit to your user account. The same applies to advertising on LinkedIn via LinkedIn Lead Ads. However, your personal data may also be collected if you are not logged in or do not have a LinkedIn account. In this case, data may be collected, for example, via cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have a LinkedIn account, interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
In LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy you will find further information on data collection and use as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate data collection at any time by clicking on the following link: www.linkedin.com/psettings/enhanced-advertising.
Please click this link to prevent LinkedIn from collecting data on our website in the future (the opt-out only works in this browser and only for this domain) and to exercise your right to object. An opt-out cookie will be stored on your device. If you delete your cookies in this browser, you must click this link again.

d. Live chat (chat function)

This website offers the optional use of Tawk.to, a live chat software from Tawk.to ltd. The chat is integrated into the source code of the website via a plugin. By using the chat, you automatically use the services of Tawk.to. All data that you enter in the chat window is transmitted to Tawk.to and stored there. The data collected includes: Name, chat history and country of origin. This data is not passed on to third parties and is only used for protection and internal statistics. By using the chat, you agree to this storage and use of the data. The data collected using Tawk.to technologies is not used to personally identify visitors to this website. It is not stored and is deleted after the chat. The purpose and scope of the data collection and the further processing and use of the data by Tawk.to as well as your rights in this regard and setting options to protect your privacy can be found in Tawk.to's data protection information: https://www.tawk.to/privacy-policy/

e. Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information from the provider can be found here.

  1. IP anonymization: Google Analytics IP anonymization is activated. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
  2. Browser plugin: You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google Analytics handles user data in Google's privacy policy.
  3. Order processing: We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

5. information on further data processing procedures

a. Specific information on the extranet

When registering for the M&M Extranet, you provide us with your first name, surname, company, company address, e-mail address and optionally other data. We use this information to create your user account. The data you enter during registration will remain with us until the user account is deleted. You can request deletion at any time by sending us a corresponding message. Your account will then be deleted accordingly. Furthermore, login times, page views and file downloads on the extranet are automatically logged for security purposes.

Data concerned: Contact details
Purpose of processing: Provision of the user account.
Categories of recipients:

  • Public authorities in the event of overriding legal provisions.
  • Third country transfers: Processors outside the European Union may also be used in the context of contract performance.
  • Duration of data storage: The logs are stored for 90 days.

b. Specific information on the application process

Data concerned: Application details such as name, address, telephone number, e-mail address and other contact information, CV with professional and educational background, certificates, qualifications, salary expectations and other information that would like to be provided

Purpose of processing: Carrying out the application process

Categories of recipients:

  • External service providers for the provision of the applicant and personnel management system
  • Public authorities in the event of overriding legal provisions.
  • Other external bodies if the data subject has given their consent or a transfer is permitted due to overriding interests, e.g. parent company, Ministry of Justice (financial sanctions list).


Third country transfers: none
Duration of data storage: Application data is generally deleted within six months of notification of the decision, unless consent has been given for longer data storage in the context of inclusion in the applicant pool. Data from the applicant pool will be deleted after one year.

c. Specific information on the processing of customer data/prospect data

Data concerned: Data provided for the performance of the contract; any additional data for processing on the basis of your express consent.
Purpose of processing: Contract execution, including offers, orders, sales and invoicing, quality assurance.

Categories of recipients:

  • Public authorities in the event of overriding legal provisions
  • External service providers or other contractors, e.g. for the provision of customer management systems, shipping, service providers for printing and sending information.
  • Other external bodies if the data subject has given their consent or a transfer is permitted for reasons of overriding interest, e.g. for credit checks.


Third country transfers: Processors outside the European Union may also be used in the context of contract performance.
Duration of data storage: The duration of data storage depends on the statutory retention obligations and is generally 10 years.

d. Specific information on the processing of supplier data

Data concerned: Data provided for the performance of the contract; any additional data for processing on the basis of your express consent.
Purpose of processing: Contract performance, including inquiries, purchasing, quality assurance.

Categories of recipients:

  • Public authorities in the event of overriding legal provisions, including the tax office, customs.
  • External service providers or other contractors, e.g. for payment processing, provision of customer management system.
  • Other external bodies if the data subject has given their consent or a transfer is permitted for reasons of overriding interest.


Third country transfers: Processors outside the European Union may also be used in the context of contract performance.
Duration of data storage: The duration of data storage depends on the statutory retention obligations and is generally 10 years.

e. Specific information on data processing by social networks

We maintain publicly accessible profiles in social networks.

Social networks such as Facebook can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis: Our social media presences are intended to ensure the widest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6 para. 1 f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 a) GDPR).
Controller and assertion of rights:
If you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the company policy of the respective provider.

Duration of data storage:
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policies).

 

6 Further information and contacts

You can assert your rights to information, rectification, blocking, completion, erasure or restriction of processing or the exercise of your right to object to processing, as well as the right to data portability, at any time.

You can send us your requests for information, blocking, deletion and correction of your personal data as well as revocation of consents granted by e-mail to privacy@mm-software.com or by letter to the contact address given in the imprint.

You also have the right to contact the competent data protection supervisory authority in the event of complaints.

If you have any further questions about the protection of your personal data, this privacy policy, declarations of consent given and the processing of your personal data or complaints about data protection, you can contact us at the following e-mail address: privacy@mm-software.com.

 

7. acceptance of the privacy policy, changes

This privacy policy is valid from the time of publication on the M&M Software GmbH website until revoked. Confirmation and acceptance of the data protection agreement is essential in order to use our offer.

Please note that data protection regulations and data protection practices may change continuously and the contents of this data protection declaration may have to be adapted. Should this be the case, we will present changes in a transparent form for you. It is also advisable to inform yourself about changes to the legal provisions and the practices of our company.