m-p flash Data Privacy Notice

Data Privacy Statement as per the GDPR

This data privacy notice applies to the online and traditional services of m-p flash Martin Heise e.K. and to its employment relationships.

Thank you for your interest in our company and our services. Our data privacy notice informs you of the data we collect from you, how they are used and how you can object to this use.

In principle, it is possible to use our website without providing personal data. Some of our company’s online services may require the processing of personal data. This is described in detail below. Please note that our websites may feature links to websites of other providers, which are not covered by this Data Privacy Statement.

I. Name and Address of the Controller

The controller as referred to in the General Data Protection Regulation (GDPR), other, national data protection acts of the Member States and other data protection provisions is:

m-p flash Martin Heise e.K.
Auf der Lind 10
65529 Waldems
phone: +49 (0)30 6341 2886 30
email: data-protect ( @ ) mp-flash.de

Website: www.mp-flash.de

II. The Data Protection Officer of the Controller is:

Andrea Guerrero

Alexander-Meißner-Str. 32 12526 Berlin
phone: +49 (0)30 6341 2886 10
email: data-protect ( @ ) mp-flash.de

Website: www.mp-flash.de

Deputy:

Jessika Heise

Auf der Lind 10
65529 Waldems
phone: +49 (0)30 6341 2886 30
email: data-protect ( @ ) mp-flash.de

Website: www.mp-flash.de

III. General Information on Data Processing

We only collect and process your data for specified and explicit purposes. These are related to technical requirements, contractual obligations or express user requests.

For instance, we need your personal data in order to perform a contract or complete an order.

We use these data to fill orders, settle payments and process cancellations and refunds. In short, we need them to perform our contracts and our customs services.

For technical requirements, we collect and store certain data from website visitors, such as the date and duration of the visit, the pages visited, identifying details of the browser and operating system types used and the websites from which you visit us.

IV. Legal Basis for Personal Data Processing

If we obtain a person’s consent to process their personal data, Article 6(1)(a) of the GDPR serves as the legal basis.

Personal data processing that is required in order to perform a contract with the person in question is based on Article 6(1)(b) of the GDPR. This also applies to processing required in order to complete precontractual measures. Personal data processing that is required in order to meet a legal obligation applicable to our company is based on Article 6(1)(c) of the GDPR.

Processing that is required to protect the legitimate interests of our company or a third party, where the interests and basic rights and freedoms of the data subject do not override the aforementioned interests, is based on Article 6(1)(f) of the GDPR.

V. Data Erasure and Storage Period

We only store your data for as long as required for the purposes at hand or for as long as prescribed by law. For instance, in the case of a contractual relationship, we will store your data at least until the contract is terminated in full. Beyond this, data are stored for the statutory retention periods.

VI. Encryption

Online transfer of data and emails is normally unencrypted and is therefore not protected from unauthorized access. To protect your data on our website, your connection to our server is standardly encrypted with the Transport Layer Security cryptographic transport protocol (TLS protocol) with at least 256 bits. Because the confidentiality of information sent to us by email is not guaranteed during transfer, we recommend only using the contact form or traditional mail to send confidential information.

VII. Legal Basis for Data Processing

If IP addresses are saved to log files:
Article 6(1)(f) of the GDPR is the legal basis for temporary storage of data and log files.

VIII. Purpose of Data Processing

The system must temporarily store IP addresses in order to enable delivery of the website to the user’s computer. This means that user IP addresses must be saved for the duration of the session.

They are saved in log files to ensure website functionality. In addition, the data help us optimize the website and safeguard the security of our information systems. These data are not analyzed for marketing purposes.

These purposes also include our legitimate interests in data processing as per Article 6(1)(f) of the GDPR.

IX. Storage Period

The data will be erased as soon as they are no longer needed to achieve the purposes for which they were collected. If the data were collected in order to provide the website, this occurs when the current session ends.

For data stored in log files, this occurs after no more than seven days. Storage for longer periods is possible. In such cases, the user IP addresses will be erased or masked so attribution to calling clients is no longer possible.

X. Objection and Removal Options

Data collection is strictly necessary for provision of the website, as is storage in log files for operation of the website. Users are therefore not entitled to object to this.

XI. Use of Cookies

Cookies are data sets that the web server sends to the user’s web browser, where they are stored for future retrieval. You yourself decide whether it is permitted to collect cookies, by configuring your browser to inform you before storing cookies and to only store them after your express approval. We only use cookies to obtain information on the use of our online services and for statistical purposes. The data sets in cookies do not contain any personal information. They will not be merged with any personal data that you provide.

XII. Contact Form and Email

1. Description and Scope of Data Processing

Our website features a contact form that you can use to contact us electronically. If a user uses this form, the data entered in the input mask will be transferred to us and stored. These data are:

‣ First and last name
‣ Email
‣ At the time of message submission, the following data are stored:

๏ User IP address

๏ Date and time logged

For data processing, the submission form will ask you for your consent, with a reference to this Data Privacy Statement.

Alternatively, you can also contact us at the indicated email address. In this case, we store the personal data of the user provided in the email.

These data are not made available to third parties. The data are only used to process our correspondence.

2. Legal Basis for Data Processing

If the user has granted consent, the legal basis for data processing is Article 6(1)(a) of the GDPR.

The legal basis for processing data transferred in an email is Article 6(1)(f) of the GDPR. If the email is intended to conclude a contract, Article 6(1)(b) of the GDPR serves as an additional legal basis for this processing.

3. Purpose of Data Processing

Personal data from the input mask are only processed for contact handling purposes. In cases of contact by email, the necessary legitimate interests also apply to data processing.

The other personal data processing during submission serves to prevent misuse of the contact form and safeguard the security of our information systems.

4. Storage Period

The data will be erased as soon as they are no longer needed to achieve the purposes for which they were collected. For personal data from the contact form input mask and data sent by email, this occurs when the correspondence with the user ends. The correspondence ends when the circumstances indicate that the matter has been conclusively resolved.

Any additional personal data collected during submission will be erased within no more than seven days.

XIII. Data Transfer

Performance of contracts generally requires the use of subordinate service providers, such as data centre operators, delivery services or other parties involved in contract performance. Third-party service providers that process data under contract with us are carefully selected and bound by strict contractual obligations, such as thorough technical and organizational measures and additional verifications. Your data are only transferred with your express consent or by virtue of the provisions of the law.

Data will not be transferred to third countries outside of the EU/EEA or to international organizations.

XIV. Objection and Removal Options

Users are entitled to withdraw their consent to personal data processing at any time. Users who contact us by email can object to storage of their personal data at any time. In such cases, our correspondence cannot proceed.

In this case, all personal data stored for the contact will be erased.

XV. Rights of Data Subjects

Below is a list of all rights of data subjects under the GDPR. If we process your personal data , you are a data subject in the sense of the GDPR and you are entitled to the following rights with respect to the controller:

1. Right of Access

You can ask us, the controller, to provide conformation of whether we are processing your personal data.

If so, you may request the following additional information:

  1. the purpose of processing the personal data;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom your personal data have been or will be disclosed;
  4. the planned period for which your personal data will be stored, or if specific details on this are not available, the criteria for determining the storage period;
  5. the right to request rectification or erasure of your personal data, a right to restrict processing by the controller or to object to this processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. any and all information available on the source of personal data that were not collected from the data subject;
  8. the existence of automated decision-making, including profiling, as per Article 22(1 and 4) of the GDPR and, at least in those cases, meaningful information on the logic involved, as well as the significance and the planned consequences of this processing for the data subject.

You are entitled to request information on whether your personal data have been transferred to a third country or an international organization. Here, you may also request information on the appropriate safeguards as per Article 46 of the GDPR for data transfers.

You are entitled to demand rectification and/or completion from the controller if your personal data in processing are incorrect or incomplete. The controller must apply the corrections immediately.

Under the conditions set out below, you can request restriction of processing of your personal data:

  1. if you dispute the correctness of your personal data, for a period that enables the controller to verify the correctness of the personal data;
  2. the processing is unlawful and you decline erasure of your personal data in favour of restriction of their use;
  3. the controller no longer requires the personal data for the purposes of the processing, but still needs them to assert, exercise or defend legal claims; or
  4. if you have submitted an objection to processing as per Article 21(1) of the GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If processing of your personal data is restricted, then aside from storage, these data can only be processed with your consent or in order to assert, exercise or defend a legal claim or to protect the rights of other natural persons or legal entities or for reasons of important public interest of the EU or of a Member State.

2. Right to Rectification

You are entitled to demand rectification and/or completion from the controller if your personal data in processing are incorrect or incomplete. The controller must apply the corrections immediately.

3. Right to Restriction of Processing

If processing is restricted in accordance with the conditions above, the controller must inform you before the restriction is lifted.

4. Right to Erasure

a. Erasure Obligation

You can request that the controller immediately erase your personal data, which the controller must do if any of the following grounds applies:

  1. Your personal data are no longer needed for the purpose for which they were collected or otherwise processed.
  2. You withdraw your consent for the processing as per Article 6(1)(a) or 9(2)(a) of the GDPR, and processing is not possible on other legal grounds.
  3. You object to the processing as per Article 21(1) of the GDPR and it is not justified by any overriding legitimate grounds, or you object to the processing as per Article 21(2) of the GDPR.
  4. Your personal data have been processed unlawfully.
  5. our personal data must be erased to meet a statutory obligation under EU law or the law of a Member State applicable to the controller.
  6. Your personal data were collected in relation to an offer of information society services as referred to in Article 8(1) of the GDPR.

b. Disclosure to Third Parties

If the controller has published your personal data and is obligated to erase them as per Article 17(1) of the GDPR, the controller must take reasonable measures – taking into account the available technology and implementation costs – including technical measures, to inform data processing controllers that process the personal data that, as a data subject, you have requested that they erase any and all links to these personal data or copies or reproductions of this personal data.

c. Exceptions

The right to erasure does not apply if the processing is required:

  1. to exercise the right of freedom of expression and information;
  2. to meet a statutory obligation that requires this processing under EU law or the law of a Member State applicable to the controller, or to perform a task in the public interest or in the exercise of official authority granted to the controller;
  3. in the public interest in the area of public health as per Articles 9(2)(h and i) and 9(3) of the GDPR;
  4. for archiving purposes, scientific or historical research purposes or statistical purposes, in the public interest, as per Article 89(1) of the GDPR, where the right indicated under subparagraph a is expected to render impossible or seriously complicate achievement of the goals of this processing; or
  5. to assert, exercise or defend legal claims.

5. Right to Notification

If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller must report this data rectification or erasure or processing restriction to all recipients to which your personal data have been disclosed, unless this proves impossible or would entail disproportionate expenditures.

You have the right to request information on these recipients from the controller.

6. Right to Data Portability

You have the right to receive your personal data, which you provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transfer these data to another controller, without hindrance from the controller to which the personal data were provided, if:

  1. the processing is based on consent as per Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract as per Article 6(1)(b) of the GDPR; and
  2. the processing is performed using automated means.

In the exercise of this right, you also have the right to request that one controller transfer your personal data directly to another controller, where this is technically feasible. This cannot infringe on the rights or freedoms of other persons.

The right to data portability does not apply to the personal data processing that is required to perform a task in the public interest or in the exercise of official authority granted to the controller.

7. Right to Object

You have the right object to the processing of your personal data, carried out based on Article 6(1)(e or f) of the GDPR, at any time for grounds related to your specific situation. This also applies to profiling based on those provisions.

The controller must stop processing your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for these marketing purposes. This also applies to any profiling related to direct marketing of this kind.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for this purpose. In connection with the use of information society services, and without prejudice to Directive 2002/58/EC, you have the option to exercise your right to object by automated means, using technical specifications.

8. Right to Withdraw a Declaration of Consent for Data Processing

You have the right to withdraw your declaration of consent for data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal.

9. Automated Decision-Making in Specific Cases including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or significantly affects you in a similar way. This does not apply if the decision:

  1. is required in order to conclude or perform a contract between you and the controller;
  2. is permitted under the provisions of EU law or the law of a Member State applicable to the controller and these provisions include reasonable measures to protect your rights and freedoms and your legitimate interests; or
  3. is made with your express consent.

However, these decisions cannot based on particular categories of personal data as per Article 9(1) of the GDPR, unless Article 9(2)(a or g) of the GDPR applies and reasonable measures have been taken to protect you rights and freedoms as well as your legitimate interests.

With regard to cases referred to in paragraphs 1 and 3, the controller must take reasonable measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any and all other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data is in breach of the GDPR.

The supervisory authority that receives the complaint will inform the complainant of the progress and the outcome of the complaint, including the option for a judicial remedy as per Article 78 of the GDPR.

This site uses cookies to improve user-friendliness. By proceeding, you agree to the use of cookies. Data Privacy Statement

en_CA
de_DE en_CA