Information on Data Protection
Using this website may mean that we need to process some personal data. We would like to provide you with the following information to summarize this processing work so that you can understand what is going on. We would also like to inform you about your rights according to the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) to guarantee that our processing work is fair.
MTM ASSOCIATION e. V., Elbchaussee 352, 22609 Hamburg, Germany (hereinafter referred to as “we” or “us”) is responsible for the data processing work.
List of contents
- 1. General information
- 2. Processing server log files
- 3. Contact opportunities and enquiries
- 4. Courses and events
- 5. Login section for the MTM organization/download center
- 6. Newsletters
- 7. Cookies
- 8. Analyzing our Website
- 9. Integrated third-party services and content
- 10. Making applications
- 11. Revoking your consent
- 12. Your rights
- 13. Your right to object
- 14. Data protection officer
- 15. Lodging a complaint with a supervisory authority
1. General information
If you have any questions or suggestions regarding this information or wish to contact us to assert your rights, please send your request to:
MTM ASSOCIATION e. V.
Phone: +49 40 822 779 0
General information about data processing
If you use this website, it is possible that some personal data will be processed. The data privacy term “personal data” describes all the information that relates to a particular or identifiable person. An IP address may involve personal data in this sense too. An IP address is assigned to every device that is connected to the Internet by the Internet provider so that is can send and receive data. When you use the website, we gather information that you yourself make available to us. We also log particular information about the use of the website during your visit to it – but this takes place automatically.
We process personal data, taking into consideration the relevant data protection stipulations, particularly the GDPR and the BDSG. Any processing of data by us only takes place on the basis of statutory authorization. When you use this website, we only process personal data with your consent (Article 6 Para. 1 Sentence 1 a) of the GDPR) or to complete an agreement, to which you are one party, or to respond to your enquiry to complete pre-contractual measures (Article 6 Para. 1 Sentence 1 b) of the GDPR) or to meet a statutory requirement (Article 6 Para. 1 Sentence 1 c) of the GDPR) or if the processing work is necessary to maintain our legitimate interests or the legitimate interests of a third party, provided that your interests or basic rights or basic freedoms, which require the protection of personal data, are not the overriding factor (Article 6 Para. 1 Sentence 1 f) of the GDPR). If you apply for a vacant position at our corporation, we will also process your personal data to make a decision on whether you are suitable for an employment relationship (Article 26 Para. 1 Sentence 1 of the BDSG).
How long we store data
If nothing different emerges from the following information, we only store your data for as long as is necessary to achieve the purpose of the processing work or to meet our contractual or statutory requirements. These kinds of statutory retention requirements may particularly be based on commercial and tax law stipulations.
Technical service providers
If nothing different emerges from the following information, the processing of the data takes place on the servers of technical service providers, which we have commissioned to perform this work. These service providers only process the data in line with explicit instructions and are obliged by agreements to guarantee adequate technical and organizational measures to protect the data.
2. Processing server log files
General information, which your browser sends to our server, is initially stored automatically (i.e. not through any registration) if you are simply using our website for information purposes. This includes the following standard features: your browser type and version, the operating system used, the site that is accessed, the site previously visited (the referrer URL), the IP address, the date and time of the server enquiry and the HTTP status code.
The data is processed so that we can maintain our legitimate interests and the legal basis for this is found in Article 6 Para. 1 Sentence 1 f) of the GDPR. This processing work helps us to technically manage our website and provide security for it. The stored data is deleted if there is no justified suspicion that it is being used illegally because of specific indications; if the latter is the case, the information needs to be subjected to further checks and processing.
3. Contact opportunities and enquiries
If you send us a message via the specified contact channels, we will only process the data sent to us in order to handle your request. The legal basis for processing this data is found in Article 6 Para. 1 Sentence 1 b) of the GDPR.
You have the opportunity of asking us to call you back via a form on our website. Your data is transferred in an encrypted manner in this case.
The legal basis for processing this data is found in Article 6 Para. 1 Sentence 1 b) of the GDPR. You must complete all the data boxes marked as mandatory so that we can process your request. If you do not supply this data, we will not be able to process your request or call you back. You can make available other data on a voluntary basis. We will exclusively make use of your data to process your request and call you back.
4. Courses and events
Bookings on the website
You have the opportunity of booking training courses (e.g. e-learning, webinars, presence), events and webinars on our website. If you wish to use this facility, you must register and create a user account. The data provided will be processed for the purpose of providing the service or carrying out the services you have booked. The details that are required are clearly visible on the input form; we require, among other things, your contact and payment details as well as information on those attending the course.
The legal basis for processing this data is found in Article 6 Para. 1 Sentence 1 b) of the GDPR.
Registering on the spot
If we are commissioned by third parties to carry out the service and this client assumes both the booking and the costs of the training/event for you, we reserve the right to pass on the examination result to the client. The details that are required are clearly visible on the input form; we require, among other things, your contact and payment details.
The legal basis for processing this data is found in Article 6 Para. 1 Sentence 1 b) of the GDPR.
Transferring data to third parties
If third parties have commissioned us to hold the sercive and this contracting entity handles both the booking and the costs of the service for you, we reserve the right to communicate the results of the examination to the contracting entity. This transfer of information is restricted to your name and the information on whether you have passed or not.
The legal basis for this is the legitimate interest of the third party, according to Article 6, Para. 1 f) of the GDPR.
Special data processing for the implementation of the webinars
To conduct the webinars we used Microsoft Teams, a service of the provider Microsoft Corporation (USA) or alternatively CiscoWebex, a service of the provider Cisco WebEx LLC (USA). Personal data of the participants such as registration name and communication contents are processed and stored on their servers. For data transmission to the USA, both providers offer an appropriate level of data protection in accordance with Art. 45 DSGVO through the EU-US Privacy Shield certification. The certifications can be found on the following list: www.privacyshield.gov/list
The legal basis for the processing provided by the providers is Art. 6 para. 1 sentence 1 b) DSGVO.
During the webinar, the login names of all participants and the generated communication content will be displayed and can be viewed by the other participants in the webinar. The communication contents are stored for documentation purposes. The webinar is recorded and then made available to the participants.
The legal basis for the processing is our legitimate interest in an attractive design of our webinar offer, Art. 6 para. 1 lit. f) DSGVO.
5. Login section for the MTM organization/download center
Our website contains a restricted section for those attending events and members of the MTM Association; this enables them, for example, to register for future courses or download particular materials.
If you make available data as part of the login section, we will exclusively use this to provide the service that you have requested or make available information to you, depending on what is required. The processing work is justified by the legal basis found in Article 6 Para. 1 Sentence 1 b) of the GDPR.
Registering and deregistering
Our newsletter gives you and your corporation the opportunity of obtaining the latest information and useful knowledge related to the topics of consultancy work, training, software, research and development. You must send us a valid email address to register for the newsletter. Other details can be provided on a voluntary basis. You will first receive a registration email to verify the email address and you must confirm this using a link (double opt-in).
We send you our newsletter on the basis of your consent (Article 6 Para. 1 Sentence 1 a) of the GDPR). You have the opportunity to deregister from the newsletter again or cancel your consent with regard to the future at any time. You can simply use the unsubscribe link contained in the email or one of the contact channels mentioned earlier.
When you register for the newsletter, we also store your IP address and the date and time of the registration process. It is necessary to process this data in order to be able to provide evidence that your consent has been given. The legal basis for this is found in our legal duty to document your consent (Article 6 Para. 1 Sentence 1 c) in conjunction with Article 7 Para. 1 of the GDPR).
We also analyze the reading behavior and the opening rates of our newsletter. We gather pseudonymized usage data and process it for this purpose, but we do not combine this with your email address or your IP address.
The legal basis for analyzing our newsletter is found in Article 6 Para. 1 Sentence 1 f) of the GDPR and the processing work serves our legitimate interest of optimizing our newsletter. You can object to this at any time by using one of the contact channels mentioned earlier.
8. Analyzing our Website
If you have given your consent, Google Analytics, a web analysis service of Google LLC ("Google") is used on this website. The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices. This data protection notice is provided by www.intersoft-consulting.de.
Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The recipient of the collected data is Google.
Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission's adequacy decision. You can download the certificate here.
The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on. Opt-out cookies will prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used.
If you click here, the opt-out cookie will be set: Disable Google Analytics
9. Integrated third-party services and content
We make use of services, operations and content that is made available by third parties on our website. It is technically necessary to process your IP address to integrate this material so that the content can be sent to your browser. Your IP address is therefore transferred to the third-party provider in question.
The processing of this data takes place, in each case, to maintain our legitimate interests in optimizing and operating our website in a cost-effective manner and the legal basis for this is found in Article 6 Para. 1 Sentence 1 f) of the GDPR.
The Java programming language is regularly used to integrate the materials. You can therefore object to any processing of your data by deactivating the use of Java in your browser. The German Federal Office for Information Security provides information on this matter and other security details .
We have integrated content from the following third-party providers on our website:
We use “Google Maps” from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) to display maps. Google is certified by the privacy shield agreement and it provides a guarantee that it complies with European data protection law.
We use the service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”) to display videos. As a subsidiary of Google, YouTube is covered by the privacy shield certification provided by Google.
10. Making applications
You have the opportunity of applying for vacant positions at our corporation by email. We gather personal data about you for this purpose – and this particularly involves your name, your résumé, your letter of application and other information that you make available. You can apply in writing too by sending your details to the contact data specified on this website.
Your personal application data is exclusively gathered, stored, processed and used for purposes that are connected to your interest in being employed by us now or in the future and in processing your application. Your application is only processed and taken note of by the relevant contact partners at our corporation. All the employees entrusted with processing data are obliged to maintain secrecy about your data.
If we are unable to offer you any employment, we will store the data that you have communicated to us for up to six months after any possible rejection for the purpose of responding to any questions connected to your application and rejection. This shall not apply if statutory provisions oppose any deletion or if continued storage is necessary for the purpose of providing evidence or if you have specifically consented to a longer period of storage.
The legal basis for this can be found in Section 26 Para. 1 Sentence 1 of the BDSG. If we keep your application data beyond six months and you have not specifically agreed to this, we would point out that this consent can be freely withdrawn at any time, according to Article 7 Para. 3 of the GDPR. The legitimacy of the processing work, which took place on the basis of your consent until you withdraw it, is not affected by this kind of cancellation.
11. Revoking your consent
You can withdraw any consent that you have provided, according to Article 7 Para. 3 of the GDPR. The legitimacy of the processing work, which took place on the basis of your consent until you withdraw it, is not affected by this kind of cancellation.
12. Your rights
As an affected person, you have the right to assert your rights with us. You particularly have the following rights:
- You have the right, according to Article 15 of the GDPR and Section 34 of the BDSG, to request information about whether and, if necessary, to what degree we process personal data related to you or not.
- You have the right, according to Article 16 of the GDPR, to request us to correct your data.
- You have the right, according to Article 17 of the GDPR and Section 35 of the BDSG, to request us to delete your personal data.
- You have the right, according to Article 18 of the GDPR, to have restrictions placed on the processing of your personal data.
- You have the right, according to Article 20 of the GDPR, to receive the personal data related to you, which you have made available to us, in a structured, conventional and machine-readable format and transfer this data to a different controller.
13. Your right to object
According to Article 21 of the GDPR, you have the right to lodge an objection to any processing of data, which is based on Article 6 Para. 1 Sentence 1 e) or f) of the GDPR. If we process any personal data about you for the purpose of direct marketing, you can lodge an objection to this according to Section 21 Para. 2 and Para. 3 of the GDPR.
14. Data protection officer
You can reach our data protection officer at the following contact address: firstname.lastname@example.org
15. Lodging a complaint with a supervisory authority
If you believe that any processing of the personal data related to you breaches the stipulations in the GDPR, you have the right to make a complaint to a supervisory authority, according to Article 77 of the GDPR.
QG-DAT-10 04/20 [JAS]