Data privacy
PRIVACY POLICY
This Privacy Policy (version: GDPR 1.0 dated May 15, 2018) was created by:
Deutsche Datenschutzkanzlei, Munich Data Privacy Office – www.deutsche-datenschutzkanzlei.de
Data protection
We, meteocontrol GmbH, are the party responsible for this online offering and, as the provider of a teleservice, are obligated to notify you on our online offering at the start of your visit about the nature, scope and purposes of collection and use of personal data in a precise, transparent, understandable and easily accessible form and in clear and simple language. You must be able to access the content of that notification at all times. We are therefore obligated to inform you as to what personal data is collected or used. Personal data denotes any information concerning an identified or identifiable natural person.
We attach utmost importance to the security of your data and to compliance with data protection regulations. The collection, processing and use of personal data are subject to the provisions of prevailing European and national law.
In the following Privacy Policy, we wish to present how we handle your personal data and how you can contact us:
meteocontrol GmbH
Spicherer Straße 48
D-86157 Augsburg
Commercial Register-No.: HRB 16415
Managing Director: Martin Schneider, Robert Pfatischer, Cheng Liu
Phone: +49 821 346660
E-Mail: info@meteocontrol.com
Our Data Protection Officer
If you have any questions, you can contact our Data Protection Officer:
Sven Lenz
Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
Germany - 87435 Kempten
E-Mail: datenschutz@meteocontrol.de
A. General information
For a definition of the terms used, such as “personal data” or “processing” of it, please refer to Article 4 of the EU General Data Protection Regulation (GDPR).
The personal data of users processed as part of this online offering includes master data (e.g. the names and addresses of customers), contract data (e.g. services utilized, names of clerical staff, payment information), utilization data (e.g. the websites visited on our online offering, interest in our products) and content data (e.g. data entered in the contact form).
“User” covers all categories of persons affected by data processing (“data subjects”). That includes, for example, our business partners, customers, prospective customers and other visitors to our online offering.
B. Specific information
Privacy Policy
Privacy Policy for this online offering and other disclosures related to the information that has to be provided in accordance with Article 13 GDPR when personal data of the data subject is collected
We warrant that we collect, process, store and use the data we gather from you solely to handle your requests and for internal purposes, as well as to provide you with the services you requested or content.
Grounds for data processing
We process users’ personal data only in compliance with the relevant data protection regulations. Users’ data is processed only in the following cases permitted by law:
- So that we can provide our contractual services (e.g. to handle orders) and online services
- Where processing of it is prescribed by law
- Where you have given your consent
- Pursuant to our legitimate interests (e.g. interest in analyzing and optimizing our online offering, operating it cost-effectively and ensuring its security within the meaning of Article 6 (1) point (f) GDPR, in particular in measuring reach and creating profiles for advertising and marketing purposes, as well as collecting access data and use of third-party services)
We also wish to show you the legal grounds for the above as defined in the GDPR:
Consent
Article 6 (1) point (a) and Article 7 GDPR
Processing to fulfill our services and perform contractual measures
Article 6 (1) point (b) GDPR
Processing to fulfill our legal obligations
Article 6 (1) point (c) GDPR
Processing to safeguard our legitimate interests
Article 6 (1) point (f) GDPR
Transmission of data to third parties
Data is transmitted to third parties only in compliance with the statutory stipulations. We pass on users’ data to third parties only if, for example, that is necessary for performance of a contract or on the basis of legitimate interests in enabling our business operations to be conducted economically and efficiently.
If we use subcontractors to provide our services, we take suitable legal precautions and appropriate technical and organizational measures to ensure personal data is protected in compliance with relevant statutory regulations.
We wish to point out that data is transmitted by Google Analytics when our online offering is used.
Transfer of data to a third country or international organization
“Third country” denotes countries where the GDPR does not apply directly. Basically, that means all countries outside the EU and the European Economic Area.
Data is transferred to a third country or international organization. That is done if there are suitable and adequate safeguards and enforceable rights and effective legal remedies for you.
You can find a copy of the suitable safeguards under the following links:
Privacy Shield: https://www.privacyshield.gov/list
Standard contractual clauses:
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF
Length of time for which your personal data is stored
We abide by the principles of data economy and data reduction. That means we store your data provided to us only for as long as required to fulfill the above purposes or as defined by the various retention periods prescribed by law. If the purpose no longer applies or such retention periods have expired, your data is blocked or erased routinely and in compliance with statutory regulations.
We have created an internal concept at the company to ensure that.
Contacting us
If you contact us by e-mail, phone, fax, contact form, etc., you consent to electronic communication. Personal data is collected as part of your contact with us. Your data is encrypted by SSL when transferred. The particulars you provide are stored solely for the purpose of handling your request and possible questions in response to it.
We wish to present the legal grounds for that:
Processing to fulfill our services and perform contractual measures
Article 6 (1) point (b) GDPR
Processing to safeguard our legitimate interests
Article 6 (1) point (f) GDPR
We use software to maintain our customer data (CRM system) or similar software pursuant to our legitimate interests (efficient and quick handling of users’ requests).
To enable that, we have concluded with the provider an agreement containing standard contractual clauses (https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF), in which the provider undertakes to process user data only in accordance with our instructions and to comply with a level of data protection commensurate to that in the EU. The provider is also certified under the Privacy Shield Framework and so offers a safeguard that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzX1AAK&status=Active).
We wish to point out that e-mails may be read and changed without authorization and without a user noticing when they are transferred. We also wish to point out that we use software to filter unwanted e-mails (spam filter). The spam filter may reject e-mails if they are falsely identified as spam due to specific features.
What rights do you have?
a) Right to access and obtain information
You have the right to be provided free of charge with information on the data stored on you. Upon request, we will inform you in writing, in compliance with prevailing law, of what personal data we have stored on you. That also includes the origin and recipients of your data and the purpose for which it is processed.
b) Right to rectification
You have the right to demand rectification of your data we have stored if it is incorrect. As part of that, you can demand that processing of it be restricted, for example if the accuracy of the personal data is contested by you.
c) Right to blocking
You can also have your data blocked. In order to ensure blocking of your data at any time, the data in question must be available on a black list for control purposes
d) Right to erasure
You can also request erasure of your personal data, provided there are no statutory obligations to retain it. If such an obligation exists, we will block your data upon request. If the appropriate legal requirements are met, we will also erase your personal data without a request from you to do so.
e) Right to data portability
You are entitled to demand that we provide you with the personal data supplied to us in a format that allows it to be transferred to another body.
f ) Right to lodge complaints with a supervisory authority
You can lodge complaints with one of the data protection supervisory authorities.
The data protection supervisory authority responsible for our company is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA = Bavarian Data Protection Authority)
Promenade 27, 91522 Ansbach, Germany
Phone: +49 981 53-1300
Fax: +49 981 53-981300
You can open the form for submitting complaints to the Bayerisches Landesamt für Datenschutzaufsicht at: https://www.lda.bayern.de/en/complaint.html
g) Right to object
You can object to use of your data for internal purposes at any time with effect for the future. You merely need to send an e-mail to that effect to datenschutz@meteocontrol.com. However, such withdrawal of consent does not affect the lawfulness of the processing activities conducted up to that point. Processing of data on all other legal grounds, such as in steps prior to entering into a contract (see above), shall not be affected by that.
Protection of your personal data
We take state-of-the-art contractual, organizational and technical measures to ensure compliance with data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
The security measures include in particular encrypted transfer of data between your browser and our server. 128-bit SSL (AES 128) encryption technology is used in that.
Your personal data is protected with regard to the following aspects (excerpt):
a) To safeguard the confidentiality of your personal data
In order to safeguard the confidentiality of your personal data we store, we have taken various measures to control access to premises, equipment and data.
b) To safeguard the integrity of your personal data
In order to safeguard the integrity of your personal data we store, we have taken various measures to control transmission and input of data.
c) To safeguard the availability of your personal data
In order to safeguard the availability of your personal data we store, we have taken various order and availability control measures.
The security measures used are continuously improved to reflect technological advances. Despite these precautions, we cannot guarantee secure transfer of data to our online offering due to the insecure nature of the Internet. Consequently, you transfer data to our online offering at your own risk at all times.
Protection of minors
Persons under the age of 16 are not allowed to send personal data to us without the consent of their parent or guardian. Persons under the age of 16 are allowed to send personal data to us only if we have received the explicit consent of their parent or guardian. This data is processed in accordance with this data privacy policy.
Cookies
Control of cookies by the user
Browser cookies: You can set all browsers so that cookies are only accepted upon request. You can also set them so that only cookies whose pages you are currently visiting are accepted. All browsers offer functions to enable selective deletion of cookies. You can also disable acceptance of cookies in general, but if you do so, that may impair the user-friendliness of this online offering.
Use of first-party cookies (Google Analytics cookies)
Google Analytics cookies log:
- Unique users – Google Analytics cookies record and group your data. All activities during a visit are grouped. Setting Google Analytics cookies means that a distinction is made between users and unique users.
- Activities of users – Google Analytics cookies also store data on the time a visit to the online offering starts and ends and how many pages you have viewed. When the browser is closed or if the user is inactive for a longer time (30 minutes as standard), the user session is ended and the cookie records the visit as ended. The date and time of the first visit is also recorded. The total number of visits per unique user is also logged. External link: https://marketingplatform.google.com/about/analytics/terms/us/.
You can prevent recording of the data relating to use of the online offering and generated by the cookie (including your IP address) and processing of this data by Google by downloading and installing the browser plug-in available under the following link: External link: https://tools.google.com/dlpage/gaoptout?hl=en.
More information can be found in the section “Web analytics service Google Analytics / Universal Analytics.”
Use of third-party cookies
Third-party providers use [further] cookies (third-party cookies) in our online offering by displaying editorial texts or advertising. The third-party providers are also subject to stringent data privacy requirements as regards personal data being able to be used to identify specific persons.
Lifetime of the cookies used
Cookies are administered by the web server of our online offering. This online offering uses: Session cookies (once-only use)
Lifetime: Until this online offering is closed
Disabling or removing cookies (opt-out)
Every web browser has an option for restricting or deleting cookies. You can obtain more information about this subject on the following websites:
- Internet Explorer: http://windows.microsoft.com/en-GB/windows7/How-to-manage-cookies-in-Internet-Explorer-9
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Safari: https://support.apple.com/en-us/HT201265
Web analytics service Google Analytics / Universal Analytics
We use Google Analytics, a web analytics service run by Google Inc. (“Google”). Google Analytics uses cookies. These are text files that are saved on your computer and enable analysis of the online offering’s use. The information on the use of this online offering generated by the cookie is usually sent to a Google server in the USA and stored there. The data is therefore transferred to a third country. That is done if there are suitable and adequate safeguards and enforceable rights and effective legal remedies for you.
You can find a copy of the suitable safeguards under the following links:
- Privacy Shield: https://www.privacyshield.gov/list
- Standard contractual clauses: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF
However, if IP anonymization is activated in our online offering, your IP address will be abbreviated by Google beforehand within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area.
Only in exceptional cases is the complete IP address sent to a Google server in the USA and abbreviated there. Google will use this information on our behalf to evaluate use of the online offering, to compile reports on activities relating to the online offering and to provide other services for us relating to use of the online offering and Internet. The IP address sent from your browser as part of Google Analytics is not combined by Google with other data. You can prevent the storage of cookies by activating the respective setting in your browser software. However, we point out that in this case some functions of this online offering may not be able to be used to their full extent.
We point out that this online offering uses Google Analytics with the extension “_anonymizeIp()”, which means that IP addresses are only processed further in abbreviated form in order to prevent them being directly linked to a particular individual.
We also use Google Analytics reports to record demographic features and interests.
The data that we send and that is linked with cookies, user identifiers (e.g. a user ID) or advertising IDs is automatically erased after 14 months. Data whose retention period has ended is erased automatically once a month. You can find more information on the terms of service and data privacy at https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en.
You can also prevent recording of the data relating to use of the online offering and generated by the cookie (including your IP address) and processing of this data by Google by downloading and installing the browser plug-in available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=en.
LinkedIn Insight-Tag
We use LinkedIn Insight-Tag, an analysis service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn Ireland"). LinkedIn Insight-Tag is a small piece of JavaScript code used to generate campaign reports and information about visitors to our website. The information generated by the LinkedIn Insight-Tag, including URL, referrer URL, IP address, device and browser properties, timestamps and page views, is encrypted and transmitted directly to LinkedIn for storage.
Please note that the data will be anonymized by LinkedIn within seven days and the anonymized data will be deleted by LinkedIn within 90 days. We do not receive any personal data from LinkedIn, only aggregated reports.
On our behalf, LinkedIn will use this information for optimization and marketing purposes because of our legitimate interest in statistical analysis of user behavior. This means:
- to compile reports on the activities of our campaigns
- to display further advertisements
Web analytics service Sentry
meteocontrol GmbH uses Sentry from the company Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA. Data is collected and stored to create anonymized user profiles. They are used solely to analyze errors and to monitor system stability. Cookies are used for that. Cookies are small text files that are saved locally on the user’s computer system and so enable it to be recognized the next time the user visits meteocontrol GmbH’s portals. Users can opt out from data being collected and stored by Sentry at any time with future effect by disabling cookies in their browser settings. However, meteocontrol GmbH points out that in this case some functions of the portals may not be able to be used to their full extent. More information on Sentry can be found at sentry.io. Sentry’s Privacy Policy can be called at https://sentry.io/privacy/.
Subscription to the meteocontrol e-mail newsletter
We send you the latest information about meteocontrol if you subscribe to our e-mail newsletter. The only information you must always disclose so that you can receive the newsletter is your e-mail address.
We use a double opt-in procedure for sending the newsletter. We only send you an e-mail newsletter if you explicitly confirm your consent to being sent our newsletter. We then send you a confirmation e-mail, which you are asked to confirm by clicking on the link in question if you wish to receive our newsletter in the future.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6 (1) point (a) GDPR. When you subscribe to the newsletter, we store your IP address entered by your Internet service provider, as well as the date and time you subscribed, as later proof if your e-mail address is misused.
You can cancel your subscription to the newsletter at any time using the link for that purpose in the newsletter or by sending notification to that effect to the controller specified at the start of this Privacy Policy. After you have canceled your subscription, your e-mail address is deleted from our newsletter mailing list without undue delay, unless you have explicitly consented to further use of your data.
We use the third-party provider Campaign Monitor, which is operated by Campaign Monitor Pty Ltd, 404/3-5 Stapleton Ave, Sutherland NSW 2232, Sydney, Australia, to send our newsletter. Campaign Monitor offers extensive means of analyzing how the newsletters are opened and used. These analyses relate to groups of persons and are not used by us to analyze individual newsletter recipients. You can find more information on the provider Campaign Monitor and data protection at Campaign Monitor under http://www.campaignmonitor.com/privacy. You can cancel your subscription at any time, either by sending notification to that effect to the contact address specified below or using the link for that purpose in the newsletter.
In addition, Campaign Monitor states that it can use this data in pseudonymous form, i.e. the data is not assigned to a specific user, to optimize or improve its own services, such as to technically optimize mailing and presentation of the newsletters or for statistical purposes in order to determine the countries the recipients come from. However, this service provider does not use the data of our newsletter recipients to write to them itself or to transmit the data to third parties. If you wish to opt out of data analysis for statistical purposes, you must completely cancel your subscription to the newsletter.
Newsletter distribution via Mailchimp
Our e-mail newsletter is distributed by the technical service provider The Rocket Science Group, LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (https://mailchimp.com), to whom we transmit the data you provide when you register for our newsletter. This transmission takes place pursuant to Article 6 (1) point (f) GDPR and serves our legitimate interest in using this data for a newsletter system that is secure, user-friendly, and has a positive advertising effect. Please note that your data is usually transmitted to a Mailchimp server in the USA and stored there.
Mailchimp uses this data to distribute and statistically evaluate the newsletter on our behalf. For purposes of evaluation, the transmitted e-mail messages contain web beacons or tracking pixels that are one-pixel image files stored on our website. They make it possible to determine whether a newsletter was opened by the recipient and what links, if any, were clicked.
Mailchimp uses these web beacons to generate automated general and non-personal statistics on recipients’ reactions to our newsletter campaigns. Pursuant to Article 6 (1) point (f) GDPR, the web beacons also collect and process data on the individual newsletter recipient (e-mail address, time and date the newsletter is retrieved, IP address, browser type and operating system). This is based on our legitimate interest in the statistical assessment of our newsletter campaigns with the aim of optimizing advertising communication and orienting it more effectively to recipients’ interests. This data enables the identity of the newsletter recipient to be individually determined and is used by Mailchimp for the automated production of statistics that reveal whether a particular recipient has opened a newsletter.
If you wish to opt out of data analysis for statistical purposes, you must cancel your subscription to the newsletter.
Mailchimp can also use this data itself pursuant to Article 6 (1) point (f) GDPR on the basis of its own legitimate interest in a need-based design and the optimization of its service as well as for market research purposes, such as to identify the countries in which recipients are located. However, Mailchimp does not use the data of our newsletter recipients to write to them itself, nor does it transmit the data to third parties.
To protect your data in the USA, we have concluded a data processing agreement with Mailchimp to enable the transmission of your personal data to Mailchimp. If you are interested, you can view this data processing agreement at the following site: https://mailchimp.com/legal/data-processing-addendum/ Furthermore, Mailchimp is certified according to the EU–US Privacy Shield data protection agreement and has thus committed itself to abide by EU data protection requirements.
You can view Mailchimp’s Privacy Policy here: https://mailchimp.com/legal/privacy/
Disclosure of personal data for handling orders
We shall disclose the personal data collected by us to the transport company tasked with delivering the goods in order to fulfill contracts, where this is necessary to deliver the goods. We shall disclose payment data to the commissioned bank as part of handling payments.
If we make delivery before payment (only in the case of purchases on account), we reserve the right to conduct a creditworthiness check so as to safeguard our legitimate interests. The personal data required for this creditworthiness check shall be sent by us to Euler Hermes Deutschland AG, Friedensallee 254, 22763 Hamburg, Germany. The credit report can include probability ratings (scores). If scores are included in the credit report, they are based on scientifically acknowledged mathematical-statistical methods. Among other things, address data is taken into account in calculating scores. The result of the creditworthiness check shall be used solely for the purpose of taking a decision on the establishment, execution or termination of a contractual relationship. The recipient may use the data disclosed in such a way only to perform the task for which it was collected. Any other use of the information is not permitted.
If you decide to pay by credit card through the payment service provider Concardis, the payment shall be handled through the payment service provider Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany, to whom we disclose the information provided as part of the ordering process, along with information on your order. Your data shall be disclosed solely for the purpose of handling payments with the payment service provider Concardis.
If you decide to pay by credit card through the payment service provider TeleCash, the payment shall be handled through the payment service provider TeleCash GmbH & Co. KG, Konrad-Adenauer-Allee 1, 61118 Bad Vilbel, Germany, to whom we disclose the information provided as part of the ordering process, along with information on your order. Your data shall be disclosed solely for the purpose of handling payments with the payment service provider TeleCash.
Amendments to our data privacy regulations
We reserve the right to adapt our Privacy Policy from time to time so that it always complies with the latest statutory requirements or to reflect changes to our services in the Privacy Policy. That may be the case, for example, if new services are launched. The new Privacy Policy will then apply when you visit our online offering again.
Trademark protection
Every company logo, trade name or trademark specified here is the property of the company in question. Marks and names are specified purely for informational purposes.
C. Regulations specific to Russia
The following applies to users domiciled in the Russian Federation:
The above services in our online offering are not intended for citizens of the Russian Federation who are resident in Russia.
If you are a Russian citizen who is resident in Russia, you are hereby explicitly notified that any personal data you disclose using this online offering is provided solely at your own risk and under your own responsibility. You also consent to not hold us responsible for any failure to comply with the laws of the Russian Federation.
Data Privacy Information for Job Applicants
This Data Privacy Policy informs you about how data relating to your job application is processed at meteocontrol GmbH.
Protection of applicants’ data at meteocontrol GmbH
In accordance with Article 4 No. 1 of the General Data Protection Regulation (GDPR), personal data includes all information that relates to or can be associated with your person, in particular by reference to an identifier such as a name or an applicant number with which you can be identified within the company.
Personal information and data
Your application means that meteocontrol GmbH obtains information concerning you in paper and digital form. This is data you disclose to us as part of your application, such as your:
- Name
- Address
- Date of birth
- Place of birth
- Details of your education and vocational training, further education and training, and qualifications
- Certificates and testimonials
Purposes for which data is collected and processed
meteocontrol GmbH collects, processes and uses your personal data solely for the purposes relating to your application (= steps prior to establishment of an employment relationship). Your data is processed for purposes other than those specified only if that is permissible under Article 6 (4) GDPR and is consistent with the original purposes. We will notify you of such further processing of your data beforehand.
Your data protection rights
You have the right to demand access to and information on data stored concerning you, the purposes for which it is processed, whether it has been transmitted to other bodies, and the length of time for which it will be stored. You can also obtain excerpts or copies in exercising this right. If the data is incorrect or is no longer required for the purposes for which it was collected, you can demand that it be rectified or erased or that processing of it be restricted. If envisaged in the processing procedures, you can also view your data yourself and correct it if necessary. If there are grounds relating to your particular situation which argue against processing of your personal data, you can object to processing of it, if such processing is based on legitimate interests. In such a case, we will only process your data if we have special compelling interests for doing so. If you have questions on your rights or wish to exercise them, please contact datenschutz@meteocontrol.com or our Data Protection Officer.
Legal basis for processing your personal data
Your data is required for steps prior to entering into a contract (Article 6 (1) point (b) GDPR). That means we require your data to decide whether to hire you and so process it. In an individual case, we may obtain your consent to processing or transmission of your data. That may be the case, for example, if we retain your application for a lengthy time or we consider you for another post at our company. In such cases, your consent is voluntary and can be withdrawn at any time with future effect.
Transmission of your personal information
Your data is not transmitted to external bodies.
Party responsible for processing your personal data (“controller”)
The controller responsible for collecting, processing and using your personal data is, unless otherwise contractually agreed, meteocontrol GmbH in the Federal Republic of Germany. Applicants’ data is stored and processed in HR data processing systems. Their technical setup is such that only a narrow group of specially authorized persons has the right to access them and that any other means of accessing them or gaining knowledge of the data is prevented in accordance with the state of the art.
Period for which data is stored
Your personal data is stored only for as long as knowledge of it is required for the purposes of the employment relationship or the purposes for which it was collected, or there are statutory or contractual regulations on retention of it. If an employment relationship is not concluded, we retain your application data for 6 months as proof in the event of possible legal action under the German General Act on Equal Treatment (AGG). If an employment relationship is concluded (i.e. you are hired), we will transfer necessary information to your personnel file.
Complaints about processing of your personal data
If you have misgivings or questions about processing of your personal data and information, you can contact datenschutz@meteocontrol.com. However, you can also get in touch with our Data Protection Officer using the contact data below or with the responsible data protection supervisory authority.
Datenschutzkanzlei Lenz GmbH & Co. KG
Mr. Sven Lenz
Bahnhofstraße 50
87435 Kempten
Germany
Phone: +49 831 930653-00
Email: lenz@deutsche-datenschutzkanzlei.de