PRIVACY POLICY
Information on Data Protection
This privacy policy provides you with information about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). MTM ASSOCIATION e. V. (hereinafter referred to as “we” or “us”) is the data controller.
List of contents
- 1. General information
- 2. Data processing on our websites
- 3. Data processing for newsletter registration mtm.org
- 4. Data processing on our websites mtm.org, training.mtm.org and solutions.mtm.org
- 5. Data processing in the online store at summit.mtm.org
- 6. Data processing on our social media pages
- 7. Other data processing
1. General information
Contact details
If you have any questions or suggestions about this information or would like to contact us to assert your rights, please submit your request to
MTM ASSOCIATION e. V.
Elbchaussee 352
22609 Hamburg
Phone: +49 40 822 779 0
E-mail: contact@mtm.org
or
Deutsche MTM-Gesellschaft Industrie- und Wirtschaftsberatung mbH
Elbchaussee 352
22609 Hamburg
Phone: +49 40 822 779 0
E-mail: contact@mtm.org
Legal basis
Under data protection law, the term “personal data” refers to any information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Our data processing is carried out only on the basis of legal permission. We process personal data only with your consent § 25 TTDSG (TTDSG = Telecommunications and Telemedia Data Protection Act)orArt. 6(1) point (a) GDPR), for the performance of a contract to which you are a party or at your request to take steps prior to entering into a contract (Art. 6(1) point (b) GDPR), to fulfil a legal obligation (Art. 6(1) point (c) GDPR) or if the processing is necessary for the pursuit of our legitimate interests or the legitimate interests of a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6(1) point (f) GDPR).
If you apply for a vacant position in our company, we also process your personal data for the purpose of deciding whether to establish an employment relationship with you (Section 26(1) sentence 1 BDSG).
Duration of storage
Unless otherwise stated in the information below, we store the data only as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention requirements may arise in particular from commercial or tax regulations. From the end of the calendar year in which the data were collected, we shall retain personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we shall retain data in connection with the demonstration of consent and with complaints and claims for the duration of the statutory limitation periods. We shall erase data stored for marketing purposes if you object to processing for this purpose.
Categories of recipients of the data
We use commissioned data processors to process your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support for IT systems, customer and order management, order processing, accounting and billing, marketing measures and file and data carrier destruction. A commissioned data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but perform data processing exclusively for the controller and are contractually obliged to ensure appropriate technical and organizational data protection measures are in place. In addition, we may transfer your personal data to bodies such as postal and delivery services, our bank, our tax advisor/auditor or the tax authorities. Other recipients may result from the following information.
Data transfer to third countries
Visiting our website may involve transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. In the absence of such an adequacy decision by the European Commission, a transfer of personal data to a third country shall only take place if appropriate safeguards are in place pursuant to Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.
Unless stated otherwise below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32010D0087. If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49(1) point (a) GDPR.
Processing if you exercise your rights
If you exercise your rights under Art. 15 to 22 GDPR, we process the personal data provided for the purpose of implementing those rights and to demonstrate that we have done so. We shall process data stored for the purpose of providing information and preparing it only for that purpose and for data protection control purposes, and otherwise restrict processing in accordance with Art. 18 GDPR. This processing takes place on the legal basis of Art. 6(1) point (c) GDPR in conjunction with Art. 15 to 22 GDPR and Section 34(2) BDSG.
Your rights
As the data subject, you are entitled to assert your rights toward us. In particular you have the following rights:
- In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information about whether and, if so, to what extent we process personal data relating to you.
- You have the right to demand that we correct your data in accordance with Art. 16 GDPR.
- You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
- You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer the data to another controller.
- If you have given us separate consent to data processing, you may revoke that consent at any time in accordance with Art. 7(3) GDPR. Such revocation shall not affect the lawfulness of the processing that took place up to the time of revocation on the basis of the consent.
- If you believe that processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
Right to object
In accordance with Art. 21(1) GDPR, you have the right to object to processing on the legal basis of Art. 6(1) point (e) or (f) GDPR on grounds relating to your particular situation. Where personal data about you is processed for purposes of direct marketing, you may object to this processing as described in article 21 (2) and (3) GDPR.
Data protection officer
You can reach our data protection officer using the following contact information:
E-mail: datenschutz@mtm.org
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg, Germany
2. Data processing on our websites
When you use our websites, we collect the information that you have provided yourself. In addition, during your visit to the sites we automatically collect specific information about your use of the sites. Under data protection law, an IP address is also considered to be an item of personal data. An IP address is assigned to every internet-connected device by the ISP so that it can send and receive data.
Processing of server logfiles
If you use our websites purely for information purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). These include as standard: browser type/version, operating system used, page visited, the previously visited page (referrer URL), IP address, the date and time of the server request, and the HTTP status code. Processing is carried out to pursue our legitimate interests and is on the legal basis of Art. 6(1) point (f) GDPR. The purpose of this processing is the technical management and security of the website. The stored data are deleted after ten days unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the information stored. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11(2) GDPR unless, in order to exercise your rights as set out in those articles, you provide additional information that enables your identification.
Cookies
We use cookies and similar technologies (“cookies”) on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers.
The use of cookies is partly necessary for the technical operation of our website and is thus permissible without the consent of the user. We may also use cookies to provide special functions and content and for analytics and marketing purposes as described below. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent, pursuant to § 25 TTDSG or Art. 6(1) point (a) GDPR. We request consent before you enter our site by means of a cookie consent banner. See paragraph 2.3 Consent management tool in this connection.
You have full control over the use of cookies through your browser. You can delete the cookies at any time by means of your browser’s security settings. You can object to the use of cookies through your browser settings in principle or in certain cases. Further information on this subject is available from the Federal Office for Information Security: https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Updates-Browser-Open-Source-Software/Der-Browser/JavaScript-Cookies-Fingerprints/javascript-cookies-fingerprints_node.html
Consent management tool
Our websites (excepted our summit.mtm.org website) use the consent management of cookiebot by Cybot (Cybot A/S, Haynegade39, 1058 Copenhagen, Denmark). The consent banner allows users of our websites to give consent to certain data processing operations or to withdraw consent that they have already given. In addition, cookiebot helps us to demonstrate that consent has been given. For this purpose, cookiebot processes information about the declaration of consent and further log data about this declaration.
By clicking on the “Allow all cookies” button, you give us your consent to process the selected cookie categories. You can view details about individual cookies under “Show details”. The legal basis is Art. 6(1) point (a) GDPR. You can withdraw your consent by clicking on the “Withdraw your consent” button provided below. Once the cookie consent banner has closed, you can delete the cookies at any time in the security settings of your browser. Please see 2.2. Cookies in this connection.
All cookies in the “Essential” category are technically necessary for the operation of our website and therefore do not require explicit consent.
Analysis of our website
a) Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU) on our website.
Google Analytics is a web analytics service that allows us to collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.
Some of this data is information that is stored on the end device that you are using. Other information is also stored on your end device via the cookies used. Such storage of information by Google Analytics and access to information already stored on your end device takes place only with your consent.
b) Tracking & retargeting
Google Ads
We use the online advertising program Google Ads of Google Ireland Limited (Ireland/EU), through which we place advertisements on the Google search engine. If you access our website via a Google ad, Google sets a cookie on your end device (“conversion cookie”). A different conversion cookie is assigned to each Google Ads customer, so that the cookies cannot be tracked across the websites of different Ads customers. The information obtained with the help of the cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our Google ads. However, we do not receive any information that identifies users in person.
For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our consent management tool. Processing takes place only with your consent in accordance with § 25 TTDSG orArt. 6(1) point (a) GDPR. You can revoke your consent via our consent management tool. Please see 2.2 and 2.3. Consent management tool in this connection.
Facebook pixel
On our website we use the Facebook pixel, a business tool from Meta Platforms Ireland Limited (Ireland, EU). For Meta Platforms Ireland Limited's contact details and the contact details for Meta Platforms Ireland Limited’s data protection officer, please see Meta Platforms Ireland Limited’s privacy policy at https://www.facebook.com/about/privacy.
The Facebook pixel is a snippet of JavaScript code that allows us to track visitors’ activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:
- - Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
- - Specific pixel information such as the pixel ID and the Facebook cookie;
- - Information about buttons clicked on by visitors to the website;
- - Information present in the HTTP header, such as IP addresses, web browser information, page location, and referrer;
- - Information about the status of disabling/restricting ad tracking.
Some of these event data are information that is stored on the end device you are using. In addition, cookies are also used via the Facebook pixel through which information is stored on the end device you are using. Such storage of information by the Facebook pixel and access to information already stored on your end device will only occur with your consent.
Tracked conversions appear on the dashboard of our Facebook ads manager and of Facebook Analytics. We can use the tracked conversions to measure the effectiveness of our ads, to set custom audiences for ad targeting, for dynamic ad campaigns and to analyze the effectiveness of our website’s conversion funnels. The functions we use via the Facebook pixel are described in more detail below.
Processing of event data for advertising purposes
Event data collected through the Facebook pixel are used to target our ads and improve ad delivery, personalize features and content, and improve and secure Facebook products.
Event data is collected on our website by means of the Facebook pixel and transmitted to Meta Platforms Ireland Limited for these purposes. This will be done only if you have previously given your consent. The legal basis for the collection and transmission of personal data by us to Meta Platforms Ireland Limited is therefore Art. 6(1) point (a) GDPR.
This collection and transmission of event data is carried out by us and Meta Platforms Ireland Limited as joint controllers. We have entered into a joint controller agreement with Meta Platforms Ireland Limited, which sets out the allocation of data protection obligations between us and Meta Platforms Ireland Limited. In this agreement, we and Meta Platforms Ireland Limited have agreed, among other things,
- - that we are responsible for providing you with all information according to Art. 13, 14 GDPR about the joint processing of personal data;
- - that Meta Platforms Ireland Limited is responsible for facilitating the rights of data subjects under Art. 15 to 20 GDPR with respect to personal data stored by Meta Platforms Ireland Limited after joint processing.
You can access the agreement concluded between us and Meta Platforms Ireland Limited at https://www.facebook.com/legal/controller_addendum.
Meta Platforms Ireland Limited is solely responsible for subsequent processing of the transmitted event data. For more information about how Meta Platforms Ireland Limited processes personal data, including the legal basis on which Meta Platforms Ireland Limited relies and how you can exercise your rights in respect of Meta Platforms Ireland Limited, please see Meta Platforms Ireland Limited’s privacy policy at https://www.facebook.com/about/privacy.
Processing of event data for analysis purposes
We have also engaged Meta Platforms Ireland Limited to prepare reports on the impact of our advertising campaigns and other online content based on the event data collected through the Facebook Pixel (campaign reports) and to provide analytics and insights about users and their use of our website, products and services (analytics). For this purpose, we transmit personal data contained in the event data to Meta Platforms Ireland Limited. The personal data submitted are processed by Meta Platforms Ireland Limited as our commissioned data processor to provide us with campaign reports and analytics.
Personal data are processed for the creation of analytics and campaign reports only if you have given your prior consent to this. The legal basis for this processing of personal data is therefore Art. 6(1) point (a) GDPR.
Transmission of data to Meta Platforms, Inc. in the USA cannot be ruled out. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section “Data transfer to third countries”.
LinkedIn Marketing Solutions
On our website we use the LinkedIn Insight tag, a marketing service provided by LinkedIn Ireland Unlimited Company (Ireland/EU). The LinkedIn Insight tag is a snippet of JavaScript code that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using.
Via the LinkedIn Insight tag, we can perform various functions, which we describe in detail below.
LinkedIn conversion tracking is an analytics function powered by the LinkedIn Insight tag. The LinkedIn Insight tag allows us to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. IP addresses are truncated or hashed (if used to reach members across devices). LinkedIn does not provide us with any personally identifiable information, but only provides reports (in which you are not identified) about site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes. Members’ direct identifiers are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then erases this remaining pseudonymized data within 180 days.
We also use LinkedIn Matched Audiences to target our advertising campaigns to specific audiences. LinkedIn Matched Audiences and related data integrations allow us to target advertising to specific audiences based on data we provide to LinkedIn (e.g. company lists, hashed contact information, device identifiers and event data such as websites visited). This processing is carried out for the purpose of marketing our services via targeted display of advertising.
For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our consent management tool. LinkedIn services are used only with your consent pursuant to § 25 TTDSG orArt. 6(1) point (a) GDPR.
In connection with LinkedIn services, transmission of data to LinkedIn Inc. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information about data protection at LinkedIn, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.
3. Data processing for newsletter registration mtm.org
Registration and deregistration
We offer the option to subscribe to our newsletter on our website. Following registration, we will regularly inform you about the latest news on topics such as consulting, training, software, research and development. A valid email address is required to subscribe to the newsletter. To verify the email address, you will first receive a registration email which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your email address and name on the basis of the consent you have given us. Processing is on the legal basis of Art. 6(1) point (a) GDPR. You can withdraw your consent at any time with effect from that point forward, via the “Unsubscribe” link in the newsletter, for example, or by contacting us using the channels mentioned above. The lawfulness of the data processing operations already carried out remains unaffected by the withdrawal. When registering for the newsletter, we also store the IP address and the date and time of registration. Processing of this data is necessary in order to be able to demonstrate that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6(1) point (c) in conjunction with Art. 7(1) GDPR).
Analysis
We also analyze the reading behavior and opening rates for our newsletter. For this purpose, we collect and process pseudonymized user data, which we do not combine with your email address or your IP address. The legal basis for the analysis of our newsletter is Art. 6(1) sentence 1 point (f) GDPR, and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by using one of the contact channels mentioned above.
4. Data processing on our websites mtm.org, training.mtm.org and solutions.mtm.org
Contact form
Our websites include contact forms through which you can send us messages and request us to call you (“Callback”). Your data is encrypted for transfer (recognizable by the “https” in the address bar of the browser). All data fields marked as mandatory are necessary for us to process your request. Failure to provide this information will mean that we are unable to process your request. The provision of additional data to this is voluntary. Alternatively, you can send us a message via the contact email. We process the data for the purpose of responding to your inquiry. If your inquiry relates to the conclusion or performance of a contract with us, Art. 6(1) point (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who submit inquiries. The legal basis for the data processing is then Art. 6(1) point (f) GDPR.
Registration
In order to use certain features of the websites, registration on the websites is necessary. The information required can be found on the registration screen. Provision of the information marked as mandatory is essential to complete the registration. The data provided are processed for the purpose of performing the service. Processing is on the legal basis of Art. 6(1) point (b) GDPR.
YouTube
We use YouTube of Google Ireland Limited (Ireland/EU) to embed videos on our websites. The processing of your IP-address is technically necessary to send the video content to your browser so that you can be able to see these videos. As a consequence, your IP-address is transferred to Google, Google may set up its own cookies. We use YouTube in a so-called “advanced data protection mode” so that no data about the behavior of visitors can be analysed.
Processing is on the basis of the consent you have given us, the legal basis for is of Art. 6(1) point (a) GDPR. You can withdraw your consent at any time, please refer to the settings of our consent management tool.
In connection with this service, a transmission of data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Further information can be found on Google´s privacy policy: https://www.google.com/policies/privacy.
Google Tag Manager
We use Google Tag Manager of Google Ireland Limited (Ireland/EU). Google Tag Manager is used to manage our website tags via an interface. Google Tag Manager is a cookie-less domain that does not collect or store any personal data. Google Tag Manager merely ensures that other tags are triggered, which in turn may collect data, without accessing those data itself. If tags have been disabled at domain or cookie level (e.g. via the consent management tool), this remains in place for all tracking tags implemented with Google Tag Manager.
Analysis of our websites
a) Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU) on our websites.
Google Analytics is a web analytics service that allows us to collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.
Some of this data is information that is stored on the end device that you are using. Other information is also stored on your end device via the cookies used. Such storage of information by Google Analytics and access to information already stored on your end device takes place only with your consent.
b) Tracking & retargeting
Google Ads
We use the online advertising program Google Ads of Google Ireland Limited (Ireland/EU), through which we place advertisements on the Google search engine. If you access our website via a Google ad, Google sets a cookie on your end device (“conversion cookie”). A different conversion cookie is assigned to each Google Ads customer, so that the cookies cannot be tracked across the websites of different Ads customers. The information obtained with the help of the cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our Google ads. However, we do not receive any information that identifies users in person.
For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our consent management tool. Processing takes place only with your consent in accordance with § 25 TTDSG orArt. 6(1) point (a) GDPR. You can revoke your consent via our consent management tool. Please see 2.2 and 2.3. Consent management tool in this connection.
Facebook pixel
On our website we use the Facebook pixel, a business tool from Meta Platforms Ireland Limited (Ireland, EU). For Meta Platforms Ireland Limited's contact details and the contact details for Meta Platforms Ireland Limited’s data protection officer, please see Meta Platforms Ireland Limited’s privacy policy at www.facebook.com/about/privacy.
The Facebook pixel is a snippet of JavaScript code that allows us to track visitors’ activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:
- - Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
- - Specific pixel information such as the pixel ID and the Facebook cookie;
- - Information about buttons clicked on by visitors to the website;
- - Information present in the HTTP header, such as IP addresses, web browser information, page location, and referrer;
- - Information about the status of disabling/restricting ad tracking.
Some of these event data are information that is stored on the end device you are using. In addition, cookies are also used via the Facebook pixel through which information is stored on the end device you are using. Such storage of information by the Facebook pixel and access to information already stored on your end device will only occur with your consent.
Tracked conversions appear on the dashboard of our Facebook ads manager and of Facebook Analytics. We can use the tracked conversions to measure the effectiveness of our ads, to set custom audiences for ad targeting, for dynamic ad campaigns and to analyze the effectiveness of our website’s conversion funnels. The functions we use via the Facebook pixel are described in more detail below.
Processing of event data for advertising purposes
Event data collected through the Facebook pixel are used to target our ads and improve ad delivery, personalize features and content, and improve and secure Facebook products.
Event data is collected on our website by means of the Facebook pixel and transmitted to Meta Platforms Ireland Limited for these purposes. This will be done only if you have previously given your consent. The legal basis for the collection and transmission of personal data by us to Meta Platforms Ireland Limited is therefore Art. 6(1) point (a) GDPR.
This collection and transmission of event data is carried out by us and Meta Platforms Ireland Limited as joint controllers. We have entered into a joint controller agreement with Meta Platforms Ireland Limited, which sets out the allocation of data protection obligations between us and Meta Platforms Ireland Limited. In this agreement, we and Meta Platforms Ireland Limited have agreed, among other things,
- - that we are responsible for providing you with all information according to Art. 13, 14 GDPR about the joint processing of personal data;
- - that Meta Platforms Ireland Limited is responsible for facilitating the rights of data subjects under Art. 15 to 20 GDPR with respect to personal data stored by Meta Platforms Ireland Limited after joint processing.
You can access the agreement concluded between us and Meta Platforms Ireland Limited at https://www.facebook.com/legal/controller_addendum.
Meta Platforms Ireland Limited is solely responsible for subsequent processing of the transmitted event data. For more information about how Meta Platforms Ireland Limited processes personal data, including the legal basis on which Meta Platforms Ireland Limited relies and how you can exercise your rights in respect of Meta Platforms Ireland Limited, please see Meta Platforms Ireland Limited’s privacy policy at https://www.facebook.com/about/privacy.
Processing of event data for analysis purposes
We have also engaged Meta Platforms Ireland Limited to prepare reports on the impact of our advertising campaigns and other online content based on the event data collected through the Facebook Pixel (campaign reports) and to provide analytics and insights about users and their use of our website, products and services (analytics). For this purpose, we transmit personal data contained in the event data to Meta Platforms Ireland Limited. The personal data submitted are processed by Meta Platforms Ireland Limited as our commissioned data processor to provide us with campaign reports and analytics.
Personal data are processed for the creation of analytics and campaign reports only if you have given your prior consent to this. The legal basis for this processing of personal data is therefore Art. 6(1) point (a) GDPR.
Transmission of data to Meta Platforms, Inc. in the USA cannot be ruled out. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section “Data transfer to third countries”.
LinkedIn Marketing Solutions
On our website we use the LinkedIn Insight tag, a marketing service provided by LinkedIn Ireland Unlimited Company (Ireland/EU). The LinkedIn Insight tag is a snippet of JavaScript code that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using.
Via the LinkedIn Insight tag, we can perform various functions, which we describe in detail below.
LinkedIn conversion tracking is an analytics function powered by the LinkedIn Insight tag. The LinkedIn Insight tag allows us to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. IP addresses are truncated or hashed (if used to reach members across devices). LinkedIn does not provide us with any personally identifiable information, but only provides reports (in which you are not identified) about site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes. Members’ direct identifiers are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then erases this remaining pseudonymized data within 180 days.
We also use LinkedIn Matched Audiences to target our advertising campaigns to specific audiences. LinkedIn Matched Audiences and related data integrations allow us to target advertising to specific audiences based on data we provide to LinkedIn (e.g. company lists, hashed contact information, device identifiers and event data such as websites visited). This processing is carried out for the purpose of marketing our services via targeted display of advertising.
For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our consent management tool. LinkedIn services are used only with your consent pursuant to § 25 TTDSG orArt. 6(1) point (a) GDPR.
In connection with LinkedIn services, transmission of data to LinkedIn Inc. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information about data protection at LinkedIn, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.
Training courses and events
a) Booking on the website
You have the option to book training courses (e.g. e-learning, webinars, in-person courses), events (conferences) and webinars via our website. You have to register and create a user account for this purpose. The data provided are processed for the purpose of performing the service or delivering the courses you have booked. The information required can be seen on the input screen and we need, among other things, your contact and payment details and information about course participants.
The legal basis for the processing is Art. 6(1) sentence 1 point (b) GDPR.
b) On-site registration
If third parties have booked the training/event, it is necessary to collect further personal details from you for the purposes of organizing the training, event execution and for creating and sending the certificates. The required information can be seen on the input screen, and among other things, we need your contact and payment details.
The legal basis for the processing is Art. 6 (1) sentence 1 point (b) GDPR.
c) Transmission to third parties
If we are commissioned by a third party to perform the service and this client assumes responsibility for both the booking and the costs of the training/event on your behalf, we reserve the right to forward the test result to the client. The transmission is limited to your name, date and place of birth als well as the information as to whether you have passed or failed.
The legal basis for the processing is Art. 6 (1) sentence 1 point (b) GDPR.
d) Special data processing for running webinars and online meetings
We use one of the following service providers to run webinars:
- Microsoft Teams, a service of the provider Microsoft Corporation (USA);
- CiscoWebex, a service of the provider Cisco WebEx LLC (USA);
- Zoom, a service of Zoom Video Communications, Inc. (USA).
In the process, personal data of the participants such as login name and communication content are processed on our behalf and stored on their servers. For data transfers to the USA, the appropriate level of data protection pursuant to Art. 46(2) GDPR is provided by concluding standard contractual clauses. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32010D0087
The legal basis for the processing carried out by the providers is Art. 6(1) sentence 1 point (b) GDPR.
During the webinar, the login names of all participants and the communication content generated are displayed and can be viewed by the other participants in the webinar. The communication content is stored for documentation purposes. The webinar is recorded and subsequently made available to participants.
The legal basis for the processing is our legitimate interest in an appealing design of our webinar service, Art. 6(1) lit. point (f) GDPR.
Login area of the MTM organization / download center / downloads
Our website contains a separate area for participants in events and members of the MTM Association, through which you can register for future courses, for example, or download certain materials.
If you provide data in the login area, we shall only use this data to provide you with the requested service or information. Processing is on the legal basis of Art. 6(1) sentence 1 point (b) GDPR.
We also offer digital content for download outside the separate area on our website. You are able to receive this from us if you consent to our contacting you by email for marketing purposes from that point forward. A valid email address is required to receive the digital content. To verify the email address, you will first receive a registration email which you must confirm via a link (double opt-in). We process your email address on the basis of the consent you have given us. The data are not transmitted to third parties. Processing is on the legal basis of Art. 6(1) point (a) GDPR. You can withdraw your consent at any time with effect from that point forward, for example via the link provided for this purpose at the end of every message from us or by contacting us in another way. The lawfulness of the data processing operations already carried out remains unaffected by the withdrawal.
Data processing for purchase transactions
If you order a ticket for one of our events via our website, we process personal data exclusively for the purpose of fulfilling the contract and to be able to provide you with the ticket you have ordered. During the booking process, we only process the data that you yourself have entered on the input screen and, if applicable, payment information if you pay by advance bank transfer. We use your email address to send you the ticket you have ordered. The legal basis for the processing in each case is Art. 6(1) point (b) GDPR.
All data fields marked as mandatory are required to process your booking. Failure to provide this information will mean that we are not able to process your booking. The provision of additional data to this is voluntary.
Registration for our services
Through our website you have the possibility to register for our services. The information required for registration can be seen from the registration input mask. The provision of the information, which is marked as mandatory, is mandatory in order to complete the registration. The data provided will be processed for the purpose of providing the service.
The processing is based on the legal basis of Art. 6 (1) point (b) GDPR.
Payment by credit card
We offer you the option to pay by credit card. Please note that the relevant payment information is collected and processed by the payment service providers concerned on their own responsibility.
Payment by PayPal
You also have the option to pay by PayPal. Please note that the relevant payment information is collected and processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., based in Luxembourg, on its own responsibility. PayPal sends the address data you have set up with PayPal to us, which we process exclusively for fulfilment of the contract. The legal basis is Art. 6(1) point (b) GDPR.
For more information about PayPal’s privacy statement, please visit: https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
Payment in advance or by invoice
You also have the option to pay in advance or by invoice. Please note that the relevant payment information is collected and processed by the payment service providers concerned on their own responsibility.
Sentry
Our website uses the Sentry service of Functional Software Inc. (USA). Sentry is used to monitor system stability and identify code errors in order to improve the website. Information about the device or time of the error is collected pseudonymously and then erased. There is no analysis for marketing purposes. For more information about Sentry’s privacy policy, please see the following page: https://sentry.io/privacy/. The legal basis for data processing in connection with the use of this service is Art. 6 (1) point (f) GDPR and the processing serves our legitimate interest in optimizing our website.
In connection with Sentry services, transmission of data to the USA cannot be ruled out. The data transfer takes place on the basis of appropriate guarantees according to Art. 46 GDPR and is ensured via EU standard contractual clauses. For more information, see: https://sentry.io/legal/dpa/2.0.0/
5. Data processing in the online store at summit.mtm.org
Cookies
On our event website, we exclusively use cookies that are technically necessary for the operation of the event website and are therefore permissible without the user’s consent.
Contact form
Our event website contains a contact form you can use to send us messages. Your data is encrypted for transfer (recognizable by the “https” in the address bar of the browser). All data fields marked as mandatory are necessary for us to process your request. Failure to provide this information will mean that we are unable to process your request. The provision of additional data to this is voluntary. Alternatively, you can send us a message via the contact email. We process the data for the purpose of responding to your inquiry. If your inquiry relates to the conclusion or performance of a contract with us, Art. 6(1) point (b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting persons who submit inquiries. The legal basis for the data processing is then Art. 6(1) point (f) GDPR.
6. Data processing on our social media pages
We have a presence on several social media platforms with a company page. In this way, we want to offer further opportunities to obtain information about our company and interact with us. Our company has company pages on the following social media platforms:
- - Facebook of Meta Platforms Ireland Limited, (Irland, EU), referred to as “Meta“;
- - Instagram of Meta Platforms Ireland Limited, (Irland, EU), referred to as „Meta“;
- - LinkedIn of LinkedIn Ireland Unlimited Company, (Irland, EU), referred to as “LinkedIn“;
- - XING of NEW WORK SE, (Deutschland, EU), referred to as „XING“.
When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile usually constitutes personal data. This also covers messages and posts made using the profile. When you visit to a social media profile, certain information is often collected automatically, which may also constitute personal data.
Visiting a social media page
When you visit social media pages through which we present our company and individual products from our range, certain information about you is processed. The sole controllers of this processing of personal data are the operating social networks platforms. You can find further information about the processing of these data on their privacy statements by clicking following links:
- - Meta www.facebook.com/privacy/explanation. Meta provides the option to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.
- - LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy)
- - XING (https://privacy.xing.com/de/datenschutzerklaerung/druckversion)
The social media platforms provide us with anonymized statistics and information about our Facebook and Instagram pages that help us gain insights into the types of actions people take on our page (so-called “Page Insights”). These Page Insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by the social media platforms and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings.
The legal basis for this processing is Art. 6(1) point (f) GDPR.
We cannot associate the information obtained through Page Insights with individual user profiles that interact with our pages. We have entered into a joint controller agreement with the social media platforms, which sets out the distribution of data protection obligations between us and these platforms.
For details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and the social media platforms, please refer to the following links:
- - Meta (https://www.facebook.com/legal/terms/information_about_page_insights_data);
- - LinkedIn (https://legal.linkedin.com/pages-joint-controller-addendum);
- - XING (https://www.xing.com/terms/onlyfy-one#h2-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit).
Please note that you are entitled to assert your rights toward social media platforms. Please refer to:
- - Meta (https://www.facebook.com/privacy/explanation);
- - LinkedIn (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de);
- - XING (https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen).
Meta, Linkedin and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing the processing for page insights. You always have the right to send a complaint to the Irish Data Protection Commission (www.dataprotection.ie) or to any other supervisory authority.
Communication on social media platforms
We also process information that you have provided to us via our company page on any social media platform. Such information may include the username, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data based on our legitimate interest in contacting persons who make inquiries to us. The legal basis for the data processing is Art. 6(1) point (f) GDPR. Further data processing may take place if you have consented (Art. 6(1) point (a) GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6(1) point (c) GDPR).
We use software to manage our company pages. If a user asks a question which is dealt with in more detail in the software via the comment function on one of our company pages, the text is displayed via the software together with the user’s username. In the process, this data is also transmitted to the provider of the software. The text and username transmitted are erased as soon as the request is answered.
7. Other data processing
Contacting us by e-mail or phone
If you send us a message via the contact email provided or contact us by telephone, we will process the data transmitted for the purpose of responding to your inquiry. We process this data based on our legitimate interest in contacting persons who make inquiries to us. The legal basis for the data processing is Art. 6(1) point (f) GDPR.
Customer and prospective customer data
If you contact our company as a customer or potential customer, we process your data to the extent necessary to establish or implement the contractual relationship. This usually includes processing of personal master data, contract data and payment data provided to us and contact and communication data for our contacts at commercial customers and business partners. The legal basis for this processing is Art. 6(1) point (f) GDPR. We also process customer and prospective customer data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6(1) point (f) GDPR and serves our interest in further developing our service and informing you specifically about our services. Further data processing may take place if you have consented (Art. 6(1) point (a) GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6(1) point (c) GDPR).
Data processing at events and conferences on-site
Your personal data, such as surname, first name, billing address, e-mail address will be processed by the MTM ASSOCIATION e. V. resp. the Deutsche MTM-Gesellschaft Industrie- und Wirtschaftsberatung mbH for the purpose of addressing you personally, for the implementation of the event and for participant support before, during and after the event.
The MTM ASSOCIATION e. V. resp. the Deutsche MTM-Gesellschaft Industrie- und Wirtschaftsberatung mbH also intends to make video, image and sound recordings in which you can be recognized. These recordings are to be used in the context of reporting on the event. The use includes the storage, editing and publication of the recordings made. The responsible party will publish the recordings on the Internet via its websites, in the newsletter, on YouTube, in trade media, as part of meetings and conferences, and in social media (LinkedIn, Xing, etc.).
We would like to point out that the company website and social media channels can be accessed from anywhere in the world and the data can be collected as well as analyzed by third parties. Even if the respective recordings are removed from the website or social media profiles at a later time, data traces may remain on the Internet that cannot be completely deleted.
This processing of personal data is carried out on the basis of overriding legitimate interests pursuant to Art. 6 (1) point (f) GDPR.
Data processing for online participation in events and conferences
For online participation in our events and conferences, the processing of the name and email address you provide is required for registration. The processing of the data provided by you is carried out for the purpose of providing the service and is based on the legal basis of Art. 6 (1) b) GDPR.
The name you provide as well as any content provided by you in the public chat can also be viewed by all online participants. The data provided by you is processed for the purpose of enabling the online participants to exchange information about the content provided. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) point (f) GDPR.
Use of the e-mail address for marketing purposes
We may use the email address you provide when you register or place an order to contact you about similar products and services that we offer. The legal basis is Art. 6(1) point (f) GDPR in conjunction with Section 7(3) of the German Act Against Unfair Competition (UWG). You may object to this at any time without incurring any costs other than the transmission costs at the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link included in each mailshot or by sending an email to contact@mtm.org.
Applications
If you apply to our company, we process your application data exclusively for purposes related to your interest in current or future employment with us and processing of your application. Your application will only be processed and examined by the relevant contact persons. All employees involved in processing the data are obliged to protect the confidentiality of your information. If we are unable to offer you employment, we will retain the information you have provided for up to six months following any rejection for the purpose of answering questions related to your application and rejection. This does not apply if statutory provisions preclude deletion, if further storage is necessary for purposes of providing evidence or if you have expressly consented to a longer storage period. The legal basis for the data processing is section 26 (1) sentence 1 BDSG. If we retain your applicant data for longer than six months and you have expressly consented to this, we wish to point out that this consent can be withdrawn at any time in accordance with Art. 7(3) GDPR. Such revocation shall not affect the lawfulness of the processing that took place up to the time of revocation on the basis of the consent.
QMTM-DAT-10 04/24 [KUHP]