m-p flash Data Privacy Notice

Data Privacy Statement as per the GDPR

This data privacy notice applies to the online and traditional services of m-p flash Martin Heise e.K. and to its employment relationships.

Thank you for your interest in our company and our services. Our data privacy notice informs you of the data we collect from you, how they are used and how you can object to this use.

In principle, it is possible to use our website without providing personal data. Some of our company’s online services may require the processing of personal data. This is described in detail below. Please note that our websites may feature links to websites of other providers, which are not covered by this Data Privacy Statement.

I. Name and Address of the Controller

The controller as referred to in the General Data Protection Regulation (GDPR), other, national data protection acts of the Member States and other data protection provisions is:

m-p flash Martin Heise e.K.
Auf der Lind 10
65529 Waldems
Tel.: +49 (0)30 6341 2886 30
E-Mail: data-protect ( @ ) mp-flash.de

Website: www.mp-flash.de

II. The Data Protection Officer of the Controller is:

Andrea Guerrero

Alexander-Meißner-Str. 32 12526 Berlin
Tel.: +49 (0)30 6341 2886 10
E-Mail: data-protect ( @ ) mp-flash.de

Website: www.mp-flash.de

Deputy:

Jessika Heise

Auf der Lind 10
65529 Waldems
Tel.: +49 (0)30 6341 2886 30
E-Mail: data-protect ( @ ) mp-flash.de

Website: www.mp-flash.de

III. General Information on Data Processing

We only collect and process your data for specified and explicit purposes. These are related totechnical requirements, contractual obligations or express user requests.

For instance, we need your personal data in order to perform a contract or complete an order.

We use these data to fill orders, settle payments and process cancellations and refunds. In short, we need them to perform our contracts and our customs services.

For technical requirements, we collect and store certain data from website visitors, such as the date and duration of the visit, the pages visited, identifying details of the browser and operating system types used and the websites from which you visit us.

IV. Legal Basis for Personal Data Processing

Soweit wir für Verarbeitungsvorgänge personenbezogener Daten eine Einwilligung der betroffenen Person einholen, dient Art. 6 Abs. (1) lit. (a) DSGVO als Rechtsgrundlage.

Bei der Verarbeitung von personenbezogenen Daten, die zur Erfüllung eines Vertrages, dessen Vertragspartei die betroffene Person ist, erforderlich ist, dient Art. 6 Abs. (1) lit. (b) DSGVO als Rechtsgrundlage. Dies gilt auch für Ver arbeitungsvorgänge, die zur Durchführung vorvertraglicher Maßnahmen erforderlich sind.
Soweit eine Verarbeitung personenbezogener Daten zur Erfüllung einer rechtlichen Verpflichtung erforderlich ist, der unser Unternehmen unterliegt, dient Art. 6 Abs. (1) lit. (c) DSGVO als Rechtsgrundlage.

Ist die Verarbeitung zur Wahrung eines berechtigten Interesses unseres Unternehmens oder eines Dritten erforderlich und überwiegen die Interessen, Grundrechte und Grundfreiheiten des Betroffenen das erstgenannte Interesse nicht, so dient Art. 6 Abs. (1) lit. (f) DSGVO als Rechtsgrundlage für die Verarbeitung.

V. Data Erasure and Storage Period

We only store your data for as long as required for the purposes at hand or for as long as prescribed by law. For instance, in the case of a contractual relationship, we will store your data at least until the contract is terminated in full. Beyond this, data are stored for the statutory retention periods.

VI. Encryption

Online transfer of data and emails is normally unencrypted and is therefore not protected from unauthorized access. To protect your data on our website, your connection to our server is standardly encrypted with the Transport Layer Security cryptographic transport protocol (TLS protocol) with at least 256 bits. Because the confidentiality of information sent to us by email is not guaranteed during transfer, we recommend only using the contact form or traditional mail to send confidential information.

VII. Legal Basis for Data Processing

If IP addresses are saved to log files:
Rechtsgrundlage für die vorübergehende Speicherung der Daten und der Logfiles ist Art. 6 Abs. (1) lit. (f) DSGVO.

VIII. Purpose of Data Processing

The system must temporarily store IP addresses in order to enable delivery of the website to the user’s computer. This means that user IP addresses must be saved for the duration of the session.

They are saved in log files to ensure website functionality. In addition, the data help us optimize the website and safeguard the security of our information systems. These data are not analyzed for marketing purposes.

In diesen Zwecken besteht auch unser berechtigtes Interesse an der Datenverarbeitung nach Art. 6 Abs. (1) lit. (f) DSGVO.

IX. Storage Period

The data will be erased as soon as they are no longer needed to achieve the purposes for which they were collected. If the data were collected in order to provide the website, this occurs when the current session ends.

Im Falle der Speicherung der Daten in Logfiles ist dies nach spätestens sieben Tagen der Fall. Eine darüber hinausgehende Speicherung ist möglich. In diesem Fall werden die IP-Adressen der Nutzer gelöscht oder verfremdet, sodass eine Zuordnung des aufrufenden Clients nicht mehr möglich ist.

X. Objection and Removal Options

Data collection is strictly necessary for provision of the website, as is storage in log files for operation of the website. Users are therefore not entitled to object to this.

XI. Use of Cookies

Cookies are data sets that the web server sends to the user’s web browser, where they are stored for future retrieval. You yourself decide whether it is permitted to collect cookies, by configuring your browser to inform you before storing cookies and to only store them after your express approval. We only use cookies to obtain information on the use of our online services and for statistical purposes. The data sets in cookies do not contain any personal information. They will not be merged with any personal data that you provide.

XII. Contact Form and Email

1. Description and Scope of Data Processing

Our website features a contact form that you can use to contact us electronically. If a user uses this form, the data entered in the input mask will be transferred to us and stored. These data are:

‣ Name, Vorname
‣ Mail-Adresse
‣ Im Zeitpunkt der Absendung der Nachricht werden zudem folgende Daten gespeichert:

๏ IP-Adresse des Nutzers

๏ Datum und Uhrzeit der Registrierung

For data processing, the submission form will ask you for your consent, with a reference to this Data Privacy Statement.

Alternatively, you can also contact us at the indicated email address. In this case, we store the personal data of the user provided in the email.

These data are not made available to third parties. The data are only used to process our correspondence.

2. Legal Basis for Data Processing

Rechtsgrundlage für die Verarbeitung der Daten ist bei Vorliegen einer Einwilligung des Nutzers Art. 6 Abs. (1) lit. (a) DSGVO.

Rechtsgrundlage für die Verarbeitung der Daten, die im Zuge einer Übersendung einer E-Mail übermittelt werden, ist Art. 6 Abs. (1) lit. (f) DSGVO. Zielt der E-Mail-Kontakt auf den Abschluss eines Vertrages ab, so ist die zusätzliche Rechtsgrundlage für die Verarbeitung Art. 6 Abs. (1) lit. (b) DSGVO.

3. Purpose of Data Processing

Personal data from the input mask are only processed for contact handling purposes. In cases of contact by email, the necessary legitimate interests also apply to data processing.

The other personal data processing during submission serves to prevent misuse of the contact form and safeguard the security of our information systems.

4. Storage Period

The data will be erased as soon as they are no longer needed to achieve the purposes for which they were collected. For personal data from the contact form input mask and data sent by email, this occurs when the correspondence with the user ends. The correspondence ends when the circumstances indicate that the matter has been conclusively resolved.

Any additional personal data collected during submission will be erased within no more than seven days.

XIII. Data Transfer

Performance of contracts generally requires the use of subordinate service providers, such as data centre operators, delivery services or other parties involved in contract performance. Third-party service providers that process data under contract with us are carefully selected and bound by strict contractual obligations, such as thorough technical and organizational measures and additional verifications. Your data are only transferred with your express consent or by virtue of the provisions of the law.

Data will not be transferred to third countries outside of the EU/EEA or to international organizations.

XIV. Objection and Removal Options

Users are entitled to withdraw their consent to personal data processing at any time. Users who contact us by email can object to storage of their personal data at any time. In such cases, our correspondence cannot proceed.

In this case, all personal data stored for the contact will be erased.

XV. Rights of Data Subjects

Below is a list of all rights of data subjects under the GDPR. If we process your personal data , you are a data subject in the sense of the GDPR and you are entitled to the following rights with respect to the controller:

1. Right of Access

You can ask us, the controller, to provide conformation of whether we are processing your personal data.

If so, you may request the following additional information:

  1. the purpose of processing the personal data;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom your personal data have been or will be disclosed;
  4. the planned period for which your personal data will be stored, or if specific details on this are not available, the criteria for determining the storage period;
  5. the right to request rectification or erasure of your personal data, a right to restrict processing by the controller or to object to this processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. any and all information available on the source of personal data that were not collected from the data subject;
  8. das Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling gemäß Art. 22 Abs. (1) und (4) DSGVO und – zumindest in diesen Fällen – aussagekräftige Informationen über die involvierte Logik sowie die Tragweite und die angestrebten Auswirkungen einer derartigen Verarbeitung für die betroffene Person.

Ihnen steht das Recht zu, Auskunft darüber zu verlangen, ob die Sie betreffenden personenbezogenen Daten in ein Drittland oder an eine internationale Organisation übermittelt werden. In diesem Zusammenhang können Sie verlangen, über die geeigneten Garantien gem. Art. 46 DSGVO im Zusammenhang mit der Übermittlung unterrichtet zu werden.

You are entitled to demand rectification and/or completion from the controller if your personal data in processing are incorrect or incomplete. The controller must apply the corrections immediately.

Under the conditions set out below, you can request restriction of processing of your personal data:

  1. if you dispute the correctness of your personal data, for a period that enables the controller to verify the correctness of the personal data;
  2. the processing is unlawful and you decline erasure of your personal data in favour of restriction of their use;
  3. the controller no longer requires the personal data for the purposes of the processing, but still needs them to assert, exercise or defend legal claims; or
  4. wenn Sie Widerspruch gegen die Verarbeitung gemäß Art. 21 Abs. (1) DSGVO eingelegt haben und noch nicht feststeht, ob die berechtigten Gründe des Verantwortlichen gegenüber Ihren Gründen überwiegen.

If processing of your personal data is restricted, then aside from storage, these data can only be processed with your consent or in order to assert, exercise or defend a legal claim or to protect the rights of other natural persons or legal entities or for reasons of important public interest of the EU or of a Member State.

2. Right to Rectification

You are entitled to demand rectification and/or completion from the controller if your personal data in processing are incorrect or incomplete. The controller must apply the corrections immediately.

3. Right to Restriction of Processing

If processing is restricted in accordance with the conditions above, the controller must inform you before the restriction is lifted.

4. Right to Erasure

a. Erasure Obligation

You can request that the controller immediately erase your personal data, which the controller must do if any of the following grounds applies:

  1. Your personal data are no longer needed for the purpose for which they were collected or otherwise processed.
  2. Sie widerrufen Ihre Einwilligung, auf die sich die Verarbeitung gem. Art. 6 Abs. (1) lit. (a) oder Art. 9 Abs. (2) lit. (a) DSGVO stützte, und es fehlt an einer anderweitigen Rechtsgrundlage für die Verarbeitung.
  3. Sie legen gem. Art. 21 Abs. (1) DSGVO Widerspruch gegen die Verarbeitung ein und es liegen keine vorrangigen berechtigten Gründe für die Verarbeitung vor, oder Sie legen gem. Art. 21 Abs. (2) DSGVO Widerspruch gegen die Verarbeitung ein.
  4. Your personal data have been processed unlawfully.
  5. our personal data must be erased to meet a statutory obligation under EU law or the law of a Member State applicable to the controller.
  6. Die Sie betreffenden personenbezogenen Daten wurden in Bezug auf angebotene Dienste der Informationsgesellschaft gemäß Art. 8 Abs. (1) DSGVO erhoben.

b. Disclosure to Third Parties

Hat der Verantwortliche die Sie betreffenden personenbezogenen Daten öffentlich gemacht und ist er gem. Art. 17 Abs. (1) DSGVO zu deren Löschung verpflichtet, so trifft er unter Berücksichtigung der verfügbaren Technologie und der Implementierungskosten angemessene Maßnahmen, auch technischer Art, um für die Datenverarbeitung Verantwortliche, die die personenbezogenen Daten verarbeiten, darüber zu informieren, dass Sie als betroffene Person von ihnen die Löschung aller Links zu diesen personenbezogenen Daten oder von Kopien oder Replikationen dieser personenbezogenen Daten verlangt haben.

c. Exceptions

The right to erasure does not apply if the processing is required:

  1. to exercise the right of freedom of expression and information;
  2. to meet a statutory obligation that requires this processing under EU law or the law of a Member State applicable to the controller, or to perform a task in the public interest or in the exercise of official authority granted to the controller;
  3. aus Gründen des öffentlichen Interesses im Bereich der öffentlichen Gesundheit gemäß Art. 9 Abs. (2) lit. (h) und (i) sowie Art. 9 Abs. (3) DSGVO;
  4. für im öffentlichen Interesse liegende Archivzwecke, wissenschaftliche oder historische Forschungszwecke oder für statistische Zwecke gem. Art. 89 Abs. (1) DSGVO, soweit das unter Abschnitt a) genannte Recht voraussichtlich die Verwirklichung der Ziele dieser Verarbeitung unmöglich macht oder ernsthaft beeinträchtigt, oder
  5. to assert, exercise or defend legal claims.

5. Right to Notification

If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller must report this data rectification or erasure or processing restriction to all recipients to which your personal data have been disclosed, unless this proves impossible or would entail disproportionate expenditures.

You have the right to request information on these recipients from the controller.

6. Right to Data Portability

You have the right to receive your personal data, which you provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transfer these data to another controller, without hindrance from the controller to which the personal data were provided, if:

  1. die Verarbeitung auf einer Einwilligung gem. Art. 6 Abs. (1) lit. (a) DSGVO oder Art. 9 Abs. (2) lit. (a) DSGVO oder auf einem Vertrag gem. Art. 6 Abs. (1) lit. (b) DSGVO beruht und
  2. the processing is performed using automated means.

In the exercise of this right, you also have the right to request that one controller transfer your personal data directly to another controller, where this is technically feasible. This cannot infringe on the rights or freedoms of other persons.

The right to data portability does not apply to the personal data processing that is required to perform a task in the public interest or in the exercise of official authority granted to the controller.

7. Right to Object

Sie haben das Recht, aus Gründen, die sich aus ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung der Sie betreffenden personenbezogenen Daten, die aufgrund von Art. 6 Abs. (1) lit. (e) oder (f) DSGVO erfolgt, Widerspruch einzulegen; dies gilt auch für ein auf diese Bestimmungen gestütztes Profiling.

The controller must stop processing your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for these marketing purposes. This also applies to any profiling related to direct marketing of this kind.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for this purpose. In connection with the use of information society services, and without prejudice to Directive 2002/58/EC, you have the option to exercise your right to object by automated means, using technical specifications.

8. Right to Withdraw a Declaration of Consent for Data Processing

You have the right to withdraw your declaration of consent for data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal.

9. Automated Decision-Making in Specific Cases including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or significantly affects you in a similar way. This does not apply if the decision:

  1. is required in order to conclude or perform a contract between you and the controller;
  2. is permitted under the provisions of EU law or the law of a Member State applicable to the controller and these provisions include reasonable measures to protect your rights and freedoms and your legitimate interests; or
  3. is made with your express consent.

Allerdings dürfen diese Entscheidungen nicht auf besonderen Kategorien personenbezogener Daten nach Art. 9 Abs. (1) DSGVO beruhen, sofern nicht Art. 9 Abs. (2) lit. (a) oder (g) DSGVO gilt und angemessene Maßnahmen zum Schutz der Rechte und Freiheiten sowie Ihrer berechtigten Interessen getroffen wurden.

With regard to cases referred to in paragraphs 1 and 3, the controller must take reasonable measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any and all other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data is in breach of the GDPR.

The supervisory authority that receives the complaint will inform the complainant of the progress and the outcome of the complaint, including the option for a judicial remedy as per Article 78 of the GDPR.

This site uses cookies to improve user-friendliness. By proceeding, you agree to the use of cookies. Data Privacy Statement

en_CA
de_DE en_CA