We are strongly committed to protecting your privacy and handling your data carefully. Our Privacy Notice provides information on how we use your personal data and what your rights are in this regard. It contains detailed information about the data we process, the purpose behind this data processing, the legal basis on which we process data and for how long we store the data.
In principle, we collect, store and use personal data only to keep you informed about our work, to provide the services we offer and to ensure the functionality and user-friendliness of our website. The data processed, and the processing method and scope, are determined according to the respective purpose and the underlying legal relationship. Specifically, we process your data in the cases listed in this Privacy Notice. We process personal data in agreement with the applicable statutory provisions and, in particular, the European General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter referred to as GDPR). We only share your personal data with third parties if there is a legal basis to do so.
“Personal data” (hereinafter in part also referred to simply as “data”) is all information that relates to a known or identifiable person; it therefore means all information that can be attributed to you as a person. This applies, for example, to your name, address, exact location or IP address.
“Processing” is any process associated with personal data; the main examples are the collection, storage and use of your data.
Notes on data transfer to the USA
We have tools from other companies integrated in our website, including companies based in the USA. When these tools are active, your personal data may be transferred to the U.S. servers of the respective company. Please note that the USA are not a secure third-party country as defined in EU data protection law. U.S. companies are required to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this. It can therefore not be ruled out that your personal data located on U.S. servers may be processed, analysed, and stored permanently by certain U.S. authorities (e.g. secret services). We have no influence on these processing activities.
The provider of this website and the responsible body (“controller”) within the meaning of the GDPR and other statutory provisions is:
MUNDA Textile Lichtsysteme GmbH
D-40699 Erkrath, Germany
Tel. +49 211 9507373-10
DATA PROTECTION OFFICER
Data Protection Officer required by law
We have appointed a data protection officer for our company.
Boris Nicolaj Willm
Monschauer Straße 12
Telefon: +49 (0) 211 695289 92
SCOPE AND LEGAL BASES FOR PROCESSING PERSONAL DATA
We are only permitted to process the personal data of our users and customers if there is a legal basis to do so, and data processing therefore only occurs if this is the case. Below, we provide detailed information on why we are permitted to process your personal data, making reference to the following legal bases:
Provided that we obtain your consent to process your personal data, Article 6(1)(a) GDPR shall serve as the legal basis.
For processing of personal data which is required for fulfilment of an agreement to which you are a contracting party, Article 6(1)(b) GDPR shall serve as the legal basis. This also applies to the performance of pre-contractual measures.
To the extent that processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6(1)(c) GDPR shall serve as the legal basis.
If processing is required to protect a legitimate interest of our company or of a third party and if your interests, basic rights and basic freedoms do not outweigh the afore-mentioned interest, Article 6(1)(f) GDPR shall serve as the legal basis for processing.
The legal bases for collection and use of your personal data are discussed in detail below.
YOUR RIGHTS IN CONNECTION WITH YOUR PERSONAL DATA
At your request, you can obtain information at any time, free of charge and within a maximum of one month, regarding the personal data we store about you, its origin, recipients, storage period, the purpose of data processing and the existence of a right to lodge a complaint (Article 15 GDPR).
You have the right to have your personal data corrected if it is incorrect or incomplete (Article 16 GDPR).
Under certain circumstances, you can also demand erasure of your personal data (Article 17 GDPR) or restriction of processing (Article 18 GDPR). This is possible, amongst other things, if your personal data no longer needs to be processed for the purposes for which it was collected, or if you revoke your consent and there is no other legal basis for processing of the data.
These rights do not exist if we are required to process the data in order to fulfil a legal obligation or to assert, exercise or defend legal claims.
If you assert your right to correction, restriction or erasure, we will, where possible, notify all recipients of your personal data.
You have the right to receive the personal data we store about you in a current, machine-readable format and to send this data to another controller or have it sent by us, if processing is based on consent or is required for performance of a contract and processing is carried out using automated methods.
You have the right to revoke privacy consent that you have given at any time. However, this revocation will not affect the legality of processing up to this time or processing based on other legal principles.
In accordance with Article 21 GDPR, you can also object to the processing of your personal data if this is carried out based on Article 6(1)(f) GDPR, i.e. based on our legitimate interests or the legitimate interests of third parties. In this case, we will only continue to process your data to the extent that our compelling legitimate interests outweigh your interests.
You have the right to complain to a data protection supervisory authority. To do this, you can also contact the supervisory authority of your usual place of residence or place of work.
All rights listed here can be asserted by notifying us of this at the address specified at the beginning of this Privacy Notice.
DATA ERASURE AND STORAGE PERIOD
The personal data relating to the person concerned will be deleted or blocked as soon as the storage purpose has expired. Data will only be stored beyond this time if the controller is legally obligated to do so. Data will also be blocked or deleted if a retention period prescribed by the specified standards elapses, unless there is a requirement for further storage of the data for the purpose of contractual completion or performance of a contract.
PROVISION OF THE WEBSITE/LOG FILES
1a) Provider/web host:
We use the services of a Provider for the provision of our website. In particular, the Provider provides us with the necessary storage space and technical infrastructure for the secure operation of this website. On our behalf, the Provider stores most of the data specified in this Privacy Notice, in order to make this data available to us for the respective specified purposes. The Provider’s compliance with the statutory data protection regulations is also contractually guaranteed.
2b) Server log files:
When you visit our website, your browser automatically sends information to our system. Our web host, who processes data on our behalf (“data processor”), collects and stores the following data as server log files:
- The user’s IP address
- Browser ID (see also browser type and version, plug-ins used),
- The user’s operating system,
- Internet service provider,
- Date and time of access,
- The Internet address of the website from which the user arrived at the current page by clicking on a link (“Referrer URL”),
- Websites, which are called up by the system from our website.
Log files are usually saved without any assignment to the individual user. However, some of the data contained in the log file, in particular the IP address, can enable assignment to the user. However, such assignment is only carried out if there is a legal obligation or basis to do so. In particular, we reserve the right to review log data retrospectively if there are specific indications of a legitimate suspicion of illegal use of our website.
We collect and process the data contained in the log files solely for the purpose of guaranteeing the functionality of our website, protecting ourselves against attacks and enabling communication between our servers and your device. This is a legitimate interest in the meaning of the legal basis set out in Article 6(1)(f) GDPR: We have an interest in presenting our offering on the Internet in a secure and efficient manner and use a specialist provider for this purpose.
The access data is stored only for as long as is necessary for the specified purpose or for as long as is prescribed by law. As a general rule, the log files are deleted after 7 days. If log files are required to track a breach of legal regulations or misuse of our homepage, they will be stored for as long as is required for the purposes of tracking.
It is not possible to object to the collection of server log files if you wish to use our website.
1c) Log data with other providers
In addition, log data is also stored by other providers, in particular Google. See details under Points 12 and 13 of this Privacy Notice.
2d) SSL encryption and data security:
We use the widely used SSL method (Secure Socket Layer) on our website, with the respective highest level of encryption. Therefore, data transmission between our server and your browser is encrypted. The encryption level is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology.
You can identify an encrypted connection by the fact that the address line in the browser changes from http to https and a padlock icon appears in your browser bar. If SSL encryption is activated, any data you send to us cannot be intercepted by third parties.
We also use technical and organisational security measures to protect your data against accidental or intentional manipulations, partial or complete destruction or against authorised access by third parties. Our security measures are continuously improved in line with technological development.
The legal basis on which we process your personal data using cookies depends on the respective cookie. Data processed using technically required cookies is processed on the basis of our legitimate interests or to comply with our contractual obligations. In all other cases, your consent is the legal basis for processing. The storage period for cookies can be up to two years unless another storage period for cookies is explicitly stated by us.
1b) Technically required cookies:
Our website uses technically required cookies. These cookies are used to store certain user settings, in order to guarantee the display on the website. The cookie we use is therefore required to ensure the full functionality of this website. The legal basis for using the cookies is Article 6(1)(f) GDPR: there is a legitimate interest in presenting our offering on the Internet and in enabling you to contact us; this is only possible by using technically required cookies.
You may object to your personal data being processed if our legitimate interest is the basis for processing your data. To do so, you can select the corresponding settings in your browser. If you do not wish data to be recorded, you can go to your Privacy settings and specify that all or certain cookies should be rejected or that the cookies should be deleted when the browser session ends. However, to obtain the full functionality of our website, it is necessary to allow technically required cookies. If you do not allow these cookies, complete use of our websites no longer possible. In that case, the cookies are deleted as soon as the browser is closed.
http://www.aboutads.info/choices (USA) or
1c) Technically not required cookies:
Revoke cookie settings
You can contact us by post, telephone, fax or e-mail.
If you contact us by post, we can collect and process all data that you provide us with in your correspondence, including in particular your name and address.
If you contact us by telephone, we can collect and process your telephone number, any personal data provided to us during the call, such as name and e-mail address, time of call and other details regarding your concern.
If you contact us by fax, the fax number, sender ID and the data resulting from the fax will be processed.
If you contact us by e-mail, we will process the e-mail address and the data sent by you in the e-mail.
In all cases, the processing purpose is correspondence with you in the context of fulfilling the order placed with us or of responding to your request. The data in your contact form will only be processed in order to get in contact with you and to handle your request. If your message is connected to an order that you have placed with us or wish to place with us, Article 6(1)(b) GDPR is the legal basis for processing your data: The use of your data for correspondence is required and therefore permissible as a pre-contractual measure before completion of an agreement or for fulfilment of obligations in connection with the contractual relationship. In all other cases, the legal basis is the one set out in Article 6(1)(f) GDPR: We have an interest in answering the queries that we receive by post, fax, telephone or by visitors to our website, and in making and remaining in contact with said visitors, also due to the fact that the data is transmitted voluntarily and at the visitor’s own initiative. In addition, we assume that, by making contact, the users consent to the processing of their data, and hence Article 6(1)(a) GDPR is the legal basis. This also applies to any data that you send to us and that is not required for correspondence with you.
We will store your data for as long as is necessary to achieve the respective purpose or for as long as there is a requirement by law to retain the data. The purpose of making contact is achieved when the matter about which you first contacted us has been resolved.
The data will only be shared with third parties to the extent that this is technically required or is required for processing of your request. We will not share it with third parties for any other purpose, in particular for advertising purposes.
Please note that transferring data on the Internet, such as when communicating by e-mail, can involve security gaps.
You have a right to object if your data is collected on the legal basis of Article 6(1)(f) GDPR. You can submit your objection to us at any time, e.g. by e-mail to email@example.com. If data processing is based on your consent, you can revoke your consent at any time.
We present our company on the following social networks:
Xing (https://www.xing.com/pages/munda-textile-lichtsysteme-gmbh) und
in order to make ourselves known to registered users there and make contact with them.
Facebook is a service offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected will also be transferred to the USA and other third countries.
You can change your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
The basis for data transfer to the USA are the EU Commission’s standard contractual clauses. For more details, please go to: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
LinkedIn uses marketing cookies. If you want to deactivate the LinkedIn marketing cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The basis for data transfer to the USA are the EU Commission’s standard contractual clauses. For more details, please go to: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Xing is a service provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
If you are a member of these social networks, Facebook, Xing or LinkedIn can assign your visit to our website to your user profile. Your personal data may potentially also be collected when you are not logged in or even if you have no account with the respective social media portal. In that case the data is collected for example with the help of cookies stored on your device or through recording your IP address.
The collected data allows the operators of the social media portals to create user profiles where your preferences and interests are recorded. This information can then be used to show you interest-based advertisements inside or outside the respective social media presence. If you have an account with the social network in question, the interest-based advertisements can be displayed on all devices where you are, or were previously, logged in.
The social networks process your data in agreement with their respective Privacy Notices, which you can view here:
The data that you share on Facebook, Xing or LinkedIn is only processed by ourselves for the purpose of communicating with you and informing you about our services and products. We only process the data that you yourself have published on those platforms.
By using Facebook, Xing and/or LinkedIn, you have consented to the processing of your personal data by the respective operator of the social network and the legal basis for data processing is therefore your consent in accordance with Article 6(1)(a) GDPR. From our perspective, there is a further interest in efficiently informing our existing and potential customers about our product offering; this interest outweighs your interest in not having your data processed not least of all because your use of the social networks is voluntary. To the extent that you have not consented to data processing, and in relation to our processing of your data, the legal basis for data processing is therefore Article 6(1)(f) GDPR.
You can object to the processing of your data by the operator of the respective social network. You can make the corresponding settings on the following websites:
Please note that while we share responsibility with the social media portal operators, our influence on the social media portals’ data processing activities is limited. Whether and how we can exert influence depends largely on the respective provider’s corporate policy.
The easiest way to assert your rights in connection with the processing of your personal data is directly to the operator of the respective social network, as the operator has all information about the processing of your data. If you wish to do this, we would be pleased to assist you.
On our website, we use various services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”. Google is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In the context of its involvement in these services, Google collects and processes personal data. It cannot be ruled out that Google may also transfer the information to servers located in the USA.
Google Tag Manager
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager does not create any user profiles, nor does the tool store any cookies or analyse data independently. Its only purpose is to manage and run the tools integrated with its help. However, Google Tag Manager records your IP address and this may then also be transmitted to Google’s parent company in the United States.
The legal basis on which Google Tag Manager is used is Article 6(1)(f) GDPR. The website operator has a legitimate interest in being able to quickly and easily integrate and manage various tools on its website. If corresponding consent has been requested and given, processing will be exclusively based on Article 6(1)(a) GDPR; you may withdraw your consent at any time.
This website uses functions of the web analytics service Google Analytics. Google Analytics enables the website operator to analyse the behaviour of website visitors. This involves providing the website operator with various user data, such as page views, session duration, operating systems used and user origin. This data may be aggregated by Google in a profile assigned to the respective user or the user’s device.
Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally sent to a Google server in the USA and stored there.
The legal basis for using this analytics tool is Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both its web offering and its advertising. If corresponding consent has been requested and given (e.g. consent to the storage of cookies), processing will be exclusively based on Article 6(1)(a) GDPR; you may withdraw your consent at any time.
The basis for data transfer to the USA are the EU Commission’s standard contractual clauses. For more details, please go to: https://privacy.google.com/businesses/controllerterms/mccs/.
The IP anonymization function is activated on this website. This means that your IP address will be truncated by Google in the member states of the European Union or in another state party to the Agreement on the European Economic Area before it is transferred to the USA. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to produce reports about website activities and to provide other services to the website operator with regard to website use and Internet use. The IP address sent from your browser for Google Analytics is not merged with other data from Google.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Data processing on our behalf
We have entered into a data processor agreement with Google concerning its processing of data on our behalf and the strict requirements specified by the German data protection authorities regarding the use of Google Analytics are fully implemented.
Data retention period
User-level and event-level data stored at Google which is linked to cookies, user identifications (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. For more details, please use the following link: https://support.google.com/analytics/answer/7667196?hl=de
Google Ads is an online advertising platform that allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). It also allows us to display targeted advertisements based on the user data held by Google (e.g. location data and interests) (audience targeting). As the website operator, we can perform quantitative evaluations of this data by analysing, for example, what search terms resulted in our advertisements being displayed and how many advertisements received corresponding clicks.
The legal basis for using Google Ads is Article 6(1)(f) GDPR. The website operator has a legitimate interest in marketing its services and products as effectively as possible.
The basis for data transfer to the USA are the EU Commission’s standard contractual clauses. For more details, please go to: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
This website uses the Google Analytics Remarketing functions. Google Remarketing analyses your user behaviour on our website (e.g. clicking on certain products) in order to include you in specific advertising audiences and then display suitable advertisements to you when you visit other online offerings (remarketing or retargeting).
The advertising audiences created by Google Remarketing can also be linked to Google’s cross-device functions. This means that interest-based, personalised advertisements tailored to you on the basis of your previous user and browsing behaviour on one device (e.g. mobile phone) will then also be displayed to you on another of your devices (e.g. tablet or PC).
If you have a Google account you may use the following link to object to personalised advertising: https://www.google.com/settings/ads/onweb/.
The legal basis for using Google Remarketing is Article 6(1)(f) GDPR. The website operator has a legitimate interest in marketing its products as effectively as possible. If corresponding consent has been requested and given, processing will be exclusively based on Article 6(1)(a) GDPR; you may withdraw your consent at any time.
This website uses the Google DoubleClick functions. DoubleClick is used to display interest-based advertisements to you across the entire Google advertising network. DoubleClick is used to tailor advertisements specifically to the interests of the respective viewer. This allows us to display our advertisements, for example, in Google search results or advertising banners that are linked to DoubleClick.
To display interest-based advertisements to website users, DoubleClick must be able to recognise the respective user and associate them with the websites visited, clicks performed and other information related to the user’s behaviour. For this purpose DoubleClick sets cookies or uses similar recognition technologies (e.g. device fingerprinting). The information collected is aggregated in a pseudonymised user profile to enable the display of interest-based advertising content to the respective user.
We use Google DoubleClick in the interest of targeted advertising activities. This is a legitimate interest in the meaning of Article 6(1)(f) GDPR. If corresponding consent has been requested and given (e.g. consent to the storage of cookies), processing will be exclusively based on Article 6(1)(a) GDPR; you may withdraw your consent at any time.
For further information regarding your options of objecting to the advertisements shown by Google, please follow these links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.
Videos from the YouTube website are embedded in this website. The operator of the YouTube website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use the YouTube website in a way that allows us to embed YouTube videos in our website. When you access the videos, a direct contact is established between you and the servers of Google. This connection is required to be able to display the respective video on our website via your Internet browser. In the course of this, YouTube collects and processes at least your IP address, the date and time as well as the website visited by you. In addition, a connection to the “DoubleClick” advertising network by Google is established.
Google processes usage and communication data of visitors to the website while they are using the website. The purpose of processing your personal data is to enable us to present our offering in an appropriate and contemporary manner on our website. The legal basis is your consent, which is given via the Borlabs service (see Point 8: Cookies). Our legitimate interest lies in improving the quality of our Internet presence.
We use YouTube in connection with the “Privacy-Enhanced Mode”, in order to be able to show you videos. According to YouTube, its “Privacy-Enhanced Mode” means that the data described in greater detail below is only sent to the YouTube servers if you actually start a video. Without this “Privacy Enhanced Mode”, a connection is established to the YouTube server in the USA as soon as you visit one of our websites in which a YouTube video is embedded.
If you are also logged into YouTube at the same time, YouTube assigns the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our website or make the corresponding settings in your YouTube user account.
We use Google reCAPTCHA on our website e.g. to prevent the misuse of a contact form. This enables us to distinguish whether forms are being used by natural persons or whether they are being misused by machine or automated processing. reCAPTCHA analyses the behaviour of the website visitor based on various attributes. The analysis begins automatically as soon as the website visitor lands on the website. reCAPTCHA evaluates various pieces of information for its analysis (e.g. IP address, duration of the user’s visit to the website or mouse movements performed by the user). The data collected in this analysis will be transferred to Google. In addition, reCAPTCHA sets cookies in order to identify you again the next time you visit. The reCAPTCHA analyses are performed entirely in the background. Website visitors are not made aware that an analysis is taking place.
The legal basis for storing and analysing the data is Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings against fraudulent automated spying and SPAM.
On our website, we publish job vacancies, for which you can apply. The application can also be completed by submitting your application documents by e-mail. To this extent, the information under Point 9 of this Privacy Notice applies. When selecting applicants, we process any data that you send to us in your application solely for the purpose of filling job vacancies within our company.
Data processing in the context of the application procedure is based on the fact that you voluntarily provide us with your data for the purpose of applying for a position and we therefore assume that you consent to data processing. The legal basis for data processing is therefore primarily your consent and thus Article 6(1)(a) GDPR. Your data is also processed in view of employment within our company; it is therefore to be considered as a pre-contractual measure, so that Article 6(1)(b) GDPR also serves as a legal basis for processing. When selecting applicants, we do not use any automated decision-making method in accordance with Article 22 GDPR.
Your data will be deleted immediately upon completion of the application procedure, unless you have explicitly given consent for us to save your data in our pool of applicants and store it for this purpose.
Even if you revoke your consent, complete erasure of the data is only possible if you withdraw your application, as we cannot process your application without processing your data.
CUSTOMERS AND CONTRACTUAL PARTNERS
In the context of business relationships with us, we collect and process the following personal data regarding natural persons: Name, address, telephone number, e-mail address (if relevant) and account number (in the context of bank transfers). As a general rule, we process this data to fulfil the contract between us or between us and the company by which the person concerned is employed, to provide our work according to agreement and to be able to assess and, if relevant, fulfil claims which may result from the contract. In addition, we are legally obligated to retain certain contractual documents, including the data contained within it, even after processing of the contract. In principle, we only share your data with third parties if this is required for the specified purposes or if we have a duty to disclose the information. In any case, data will only be transferred to the required extent.
To the extent that we have received your data from third parties, in particular from your landlord or a property management company, we will assume that the transfer of the data to us is covered by the corresponding legal relationship or your consent. In this case, processing of your data is required to be able to fulfil the contract with the respective third party.
The legal basis for processing your data is generally Article 6(1)(b) GDPR: processing is required in order to fulfil the contract between us. In addition, we are subject to the legal obligation to retain invoices and other documents and hence Article 6(1)(c) GDPR is also a legal basis for storage.
In principle, we retain data connected to a contract for a period of 3 years following fulfilment of all mutual obligations from the contract, in case of possible claims arising from the contract. For commercial reasons, we must retain our correspondence for 6 years, and for tax purposes, we must retain invoices for 10 years. This also concerns the respective data contained therein.
To the extent that we offer links to other sites on our website, we have first carefully checked the corresponding websites. However, this notwithstanding, we are not responsible for compliance with the privacy regulations and other legal provisions by the providers of the websites to which we provide links. Therefore, please make your own check of the Privacy Notices of these websites.
CHANGES TO THIS PRIVACY NOTICE
This Privacy Notice is currently valid and was last changed in June 2021.
Through the further development of our website or due to changed legal or official requirements, it may be necessary to amend this Privacy Notice. The respective current Privacy Notice can be viewed at any time on this website.