We, MX1, are the data controllers responsible for this website and as a teleservices provider have the duty to inform you at the beginning of your website visit of the nature, scope and purpose of collection and use of personal data in a precise, transparent, understandable und easily accessible format and in a clear and simple language. The contents of this information must be available for you at any time. We therefore have the obligation to inform you of which personal data is being collected and used. Personal data means any information which relates to an identified or identifiable natural person.
There are several ways to contact us (e.g. via our contact form). In this context we will process your contact details for communicating with you. Without this data, it would not be possible for us to communicate with you. The legal grounds for such data processing are based on Art. 6 (1) sentence 1 b) GDPR.
Where you contact us, we may also send you e-mails informing you about our products. In this context we will also process your contact details for communicating with you. Without this data, it would not be possible for us to communicate with you. The legal grounds for such data processing are based on Art. 6 (1) f) GDPR. Where you do not wish to receive such e-mails, you have the right to object to receiving such e-mails free of charge at any time. You will find a cancellation link in every e-mail message; alternatively you can contact us at any time.
The security of your data and compliance with data protection requirements are of utmost importance for us. Collection, processing and use of personal data will be governed by the provisions of European and national law currently valid.
With the following privacy statement we would like to show you how we handle your personal data and how you can get in contact with us:
E-mail: [email protected]
Our data protection officer
Should you have any questions or queries, please do not hesitate to contact our data protection officer as follows:
85774 Unterfoehring, Germany
E-mail: [email protected]
A. General points
For ease of understanding, we will not make a distinction between genders in our privacy statement. Based on equal treatment, the terms used will be deemed to apply with respect to both genders.
As far as terminology used such as “personal data” or “processing” thereof is concerned, please refer to Article 4 of the EU General Data Protection Regulation (GDPR).
Personal data processed within the framework of this website includes inventory data (such as the name and address of customers), contract details (such as services used, names of handling agents, payment information) usage data (such as pages of our website visited, interest in our products) and content data (e.g. information entered into contact form).
The term “user” in this case is deemed to comprise all categories of data subjects affected by data processing. This includes, without limitation, our business partners, customers, prospective customers and other visitors of our website.
B. Specific points
We represent and warrant that data incurred in relation to you will merely be collected, processed, stored and used by us in connection with handling your inquiries and for internal purposes as well as for rendering services requested by you or for providing content.
Basis or grounds of data processing
We will process personal data of users only subject to compliance with the relevant data protection rules and regulations. User data will only be processed in case the following circumstances legitimating processing on the basis of the law apply:
- You have given us your consent
- We have legitimate interests (e.g. optimising and efficient operation, safety, security and reliability of our website within the meaning of Art. 6 (1) f) GDPR).
We would like to inform you of which articles of the GDPR the respective legal grounds stipulated above are based on:
- Consent - Art. 6 (1) a) and Art. 7 GDPR
- Processing for the purpose of safeguarding our legitimate interests - Art. 6 (1) f) GDPR
Data transmission to third parties
Data will only be transmitted to third parties to the extent permitted by provisions of the law. We will only disclose user data to third parties if this is required, for instance, for contract purposes or on the basis of legitimate interests in efficient and effective operation of our business.
In such cases where we avail ourselves of the services of sub-contractors for providing our services, we will take adequate legal precautions and the corresponding technical and organisational measures for ensuring the protection of personal data in line with the relevant provisions of the law.
We would like to point out that because we use Google Analytics etc., data will be transmitted when our website is used.
Transmission of data to a third country or an international organisation
Third countries are deemed to mean countries in which the GDPR is not transposed directly. This generally includes all countries outside the EU or, as the case may be, the European Economic Area.
Data will be transmitted based on your consent and to a third country or an international organisation. What is taken into consideration in this context is that the corresponding adequate/suitable safeguards exist and that you will have enforceable rights and effective remedies available.
For a copy of adequate safeguards click the following link:
- Privacy Shield: https://www.privacyshield.gov/list
- Standard contractual clauses: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF
Period of storage of personal data
We will observe the principles of data economy and data avoidance. This means that we will store the data you have made available to us only for as long as it takes to implement the purposes stated above or for as long as the legislator requires that such information be retained for various purposes. After the purpose has ceased to apply or after the corresponding period has expired, your data will routinely be blocked or deleted in compliance with the provisions of the law.
We have developed an in-house concept for ensuring this process.
Getting in contact
Where you contact us by e-mail or contact form, you are deemed to have consented to electronic communication. In the context of getting in contact with us, personal data will be collected. You can see from the contact form which data is collected via our contact form. Your data will be transmitted with SSL encryption. The information provided by you will exclusively be used for the purpose of processing your inquiry and for any subsequent questions that may arise in this context.
We would like to let you know which legal grounds this is based on:
- Processing for the purpose of performance of our services and performance of contractual measures - Art. 6 (1) b) GDPR
- Processing for the purpose of safeguarding our legitimate interests - Art. 6 (1) f) GDPR
We use software for managing customer data (CRM system) or a comparable software on the basis of legitimate interests that exist on our part (efficient and fast processing of user inquiries).
The system is operated in-house by us. This means that no such data will be transmitted to third parties.
We would like to point out to you that when sending e-mails, it may be possible for parties without authority to read or modify e-mails without this being noticed. We would also like to point out to you that we use software for filtering unsolicited e-mails (spam filter). The spam filter may reject e-mails if they were falsely identified by the filter as spam based on certain criteria.
What are your rights?
a. Right of access to data
You have the right to obtain information free of charge about the data stored on you. At request we will, based on governing law, let you know in writing which personal data we have stored on you. This also implies that the source and recipients of your data as well as the purpose of data processing will be disclosed.
b. Right to have inaccurate information corrected
You have the right to have data stored by us on you corrected where it is inaccurate. In this case you also have the right to request a restriction of processing, for instance when the accuracy of your personal data is contested by you.
c. Right to have data blocked
You can also have your data blocked. For blockage of your data to be taken into consideration at any time, such data will have to be stored in a blacklist for control purposes.
d. Right to erasure
You also have the right to request deletion of your personal data unless you are required by law to retain such information for a period specified by law. Provided that such an obligation to retain data exists, we will block your data on request. Where the corresponding conditions stipulated by law are satisfied, we will delete your personal data unless you have correspondingly requested otherwise.
e. Right to data portability
You have the right to request that we provide personal data disclosed to us in a format which will allow you to transfer such information to another body.
f. Right to complain to a supervisory authority
You have the right to address a complaint to any of the data protection authorities
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
(Bavarian Data Protection Authority)
Promenade 27, D-91522 Ansbach, Germany
Telephone: +49 981 53-1300
Facsimile: +49 981 53-981300
The complaint form of the Bavarian Data Protection Authority may be accessed via the following link: https://www.lda.bayern.de/de/beschwerde.html
g. Right to object to processing
You have the right to object to use of your data for internal purposes at any time in which case such objection shall take effect in the future. To do so, you can simply send an e-mail to [email protected] Such objection to processing, however, shall apply notwithstanding the lawfulness of processing operations performed up until that date. This shall not affect data processing based on any other legal grounds such as initiation of contract, for instance (see above).
Protection of personal data
We will take contractual, organisational and technical security measures that conform to the state of the art of technology to ensure that the provisions of data protection law are complied with and to protect the data processed by us from accidental or deliberate manipulation, loss, destruction or access by persons without authority.
The security measures include but are not limited to encrypted transfer of data between your browser and our server. To this end we will apply 128-bit SSL (AES 128) encryption. This includes your IP address.
Your personal data will be protected within the scope of the following (excerpts):
a. Safeguarding the confidentiality of your personal data
In order to safeguard the confidentiality of your personal data stored by us, we have adopted various measures to ensure physical access control, system access control and data, software and document access control.
b. Safeguarding the integrity of your personal data
In order to safeguard the integrity of your personal data stored by us, we have adopted various measures to ensure transmission control and input control.
c. Safeguarding the availability of your personal data
In order to safeguard the availability of your personal data stored by us, we have adopted various measures to ensure job control and availability control.
The security measures applied will be continuously improved as the state of the art of technology evolves. Despite these precautions being taken by us, we are unable to guarantee that your data transmitted to us online to our website will be safe. This means that any data transmitted by you to our website shall be at your own risk.
Protection of minors
It will not be permitted for individuals who have not yet reached the age of 16 to transmit personal data to us. It will only be allowed for persons who have not yet reached the age of 16 to provide us with personal data provided that the guardian of the minor has explicitly given his or her consent or provided that the persons are 16 or older. This data will be processed in line with this privacy statement.
Our website uses: browser cookies
Review of cookies by user
You can change all browser settings in such a way that cookies will only be enabled after the user has accepted the cookies. It would also be possible to change the settings in such a way that only cookies of websites that are currently being visited are enabled. All of the browsers offer a functionality that allow selective deletion of cookies. It is possible to disable cookies in general, however, please note that you may find that in this case the user friendliness of this website may be compromised and impaired.
Use of first-party cookies (Google Analytics cookies)
The following information is logged by Google Analytics cookies:
- Unique user – Google Analytics cookies collect and group your data. Activities during the website visit will be summarised. After Google Analytics cookies have been placed, the system will be able to distinguish between users and unique users.
- Activities of users – Google Analytics cookies also store data on the time the website visit started and ended and the number of pages viewed. When closing the browser or after the user has remained inactive for a longer period (default: 30 minutes), the user session will be terminated and the cookie will record the website visit as over. The date and time of first visit will also be recorded. The total number of visits per unique user will also be logged. External link: https://www.google.com/analytics/terms/us.html
It is possible for you to prevent the collection of data generated through the cookie and relating to the use of the website made by you (incl. your IP address) as well as processing of this data by Google by downloading and installing a browser plug-in:
External link: http://tools.google.com/dlpage/gaoptout?hl=en.
For more information see “Google Analytics / Universal Analytics” web analytics service.
Use of third-party cookies
On our website, third-party providers will be placing [additional] cookies (third-party cookies) via integrated editorial content or ads. Third-party providers will also be covered by and subject to strict data protection requirements imposed upon them as they may obtain personal data.
Lifespan of cookies applied
Cookies will be managed by the web server of our website. This website uses the following:
Persistent cookie (permanent browser identifier)
Lifespan: 30 days (browser cookies)
Lifespan: unlimited (third-party cookies)
Disabling or removing cookies (opt-out)
Every web browser offers settings which allow the user to restrict the use of or delete cookies. For more information please refer to the following websites:
- Internet Explorer: http://windows.microsoft.com/en-GB/windows7/How-to-manage-cookies-in-Internet-Explorer-9
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Safari: https://support.apple.com/en-us/HT201265
Google Analytics / Universal Analytics web analytics services
This website uses Google Analytics, a web analytics service offered by Google Inc. ("Google"). Google Analytics uses what is known as cookies, i.e. text files that are stored on your computer and that make it possible to analyse utilisation of the website by you. The information about use of this website generated by the cookie will generally be transmitted to a Google server in the USA and stored there. This means that data will be transmitted to a third country. What is taken into consideration in this context is that the corresponding adequate/suitable safeguards exist and that you will have enforceable rights and effective remedies available.
For a copy of adequate safeguards click the following link:
Privacy Shield: https://www.privacyshield.gov/list
Standard contractual clauses: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF
Where IP anonymisation is enabled on our website and you are within a EU member state or another state that is a Contracting Party to the Agreement on the European Economic Area, your IP address will be truncated beforehand by Google.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will be using this information on our behalf to analyse use of the website, to compile reports regarding the website activities and to render to us additional services relating to use of the website and internet use. The IP address transmitted to Google Analytics by your browser will not be aggregated with other Google data. You can prevent the storage of cookies by changing your browser software settings accordingly. We would like to point out to you, however, that in this case not the full scope of all functions offered by our website may be utilised.
It is possible for you to prevent the collection of data generated through the cookie and relating to the use of the website made by you (incl. your IP address) as well as processing of this data by Google by downloading and installing a browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser plug-in or with browsers used on mobile devices, the following link shall apply for placing an opt-out cookie which will prevent collection of data by Google Analytics within this website in the future (this opt-out cookie will only work in this browser and only with respect to this domain, in the event that you were to delete cookies in this browser, you will have to click it again):
Disable Google Analytics
DoubleClick by Google web analytics service
We use the DoubleClick by Google online marketing tool operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").
Also, DoubleClick can record what is known as “conversions” in relation to ad requests with the help cookie IDs. This would be the case, for instance, when a user sees a DoubleClick ad and later loads the website of the company that has placed the ad with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal data. Due to the marketing tools applied, your browser will automatically establish a direct connection with the Google server. We have no way of influencing the scope and further use made of the data that is collected by using this Google tool and therefore would like to inform you of what we know: By DoubleClick being added to the website, Google will receive the information that you loaded the respective part of our website or clicked on one of our ads. Where you are registered with a Google service, Google may attribute the visit to your account. Even if you are not registered with Google or have not logged into your account, it is possible for the provider to learn and store your IP address.
You have the right to object to participation in this tracking technique by disabling cookies for conversion tracking. To this end change your browser settings in such a way that cookies by the domain www.googleadservices.com are blocked, https://www.google.de/settings/ads; this setting will be deleted whenever you delete cookies. Alternatively, it would be possible for you to obtain information from Digital Advertising Alliance at www.aboutads.info with regard to placement of cookies and to change the settings accordingly. Ultimately, it is possible for you to change your browser settings in such a way that you will be informed about the placement of cookies and be able to decide on a case by case basis whether you would like to accept a certain cookie or whether you would like to disable cookies in general or in certain cases. In case cookies are not enabled, the functionality of our website may be limited.
New Relic web analytics service
We use New Relic, a web analytics service by New Relic Inc (“New Relic”). They use and store data that is generated based on the use of pseudonymous user profiles. The purpose is to analyse the user behaviour as well as adapt our website as required. This is why cookies will be used. Pseudonymous user profiles will not be aggregated with personal data on the bearer of the pseudonym without your explicit consent which needs to be given separately.
As a result of the plug-in being added, New Relic will be informed about the fact that you have loaded the respective page of the website. Where you are logged in at your New Relic account at the same time, it will be possible for New Relic to attribute the visit to your account with New Relic. Even if you have not joined New Relic, it is nonetheless possible for New Relic to learn and save your IP address.
New Relic Inc. based in the USA has certified that it adheres to the US-EU Privacy Shield principles which ensures compliance with the data protection level applicable in the EU. You at all times have the right to object to future collection and storage of data by New Relic by disabling the cookies in your browser settings. Alternatively, there is a website for consumers from the EU for disabling of cookies (http://www.youronlinechoices.com/uk/your-ad-choices/) where you can check whether advertising cookies are being placed by New Relic in your browser and disable them. We would, however, like to point out to you that in this case it is possible that you may not be able to benefit from the full scope of all functions offered by our website.
For more information on New Relic see www.newrelic.com.
The privacy statement of New Relic may be downloaded from http://newrelic.com/privacy.
Utilisation of Google reCaptcha
We use the reCAPTCHA service offered by Google Inc (“Google”) to protect establishment of contact via web form. The purpose of the query is to establish whether data has been entered into the form by a human user or whether inappropriate use is being made of the contact form by a software application that runs automated or machine processing tasks over the Internet (Internet bots or web robots). This query includes transmission of the IP address and, if applicable, other data required by Google for enabling Google to offer the reCAPTCHA service. It is to this end that data entered by you will be transmitted to Google and processed there. By using the reCAPTCHA service you consent to character recognition performed by you being stored for the purpose of digitising the works of old masters.
Utilisation of Google Tag Manager
We use Google Tag Manager. This is a service that allows website tags to be managed through a user interface. Google Tag Manager merely implements tags. No cookies will be placed and no personal data will be collected. Google Tag Manager triggers other tags that, if applicable, collect data. Google Tag Manager shall not access this data. Where disablement setting has been made on domain or cookie level, it shall apply with respect to all tracking tags as long as they are implemented with the Google Tag Manager. For more information on Google Tag manager click on the following link: https://www.google.com/analytics/tag-manager/use-policy/
It is possible for you to prevent any tags from being sent by Google Tag Manager. Where you wish to prevent the generation of tags, click on the following opt-out link to place the Google Tag Manager disablement cookie in your browser.
Click here to be excluded from collection of data via the Google Tag Manager.
Utilisation of Google AJAX Search API by Java Script Code
We use Google AJAX Search API by Java Script Code which enables you to use the Google search function on our website for searching other websites. When you use the search field, personal data may be transmitted to Google and processed by Google. To prevent execution of the Java Script Code applied, install a Java Script Blocker (such as www.noscript.net).
Use of Google Maps
Use of Facebook plug-ins
We use facebook.com social network plug-ins. These plug-ins are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
Where you load our website via a plug-in, a connection to Facebook servers will be established and your browser will be instructed to display the plug-in on the website. This means that the Facebook server will be informed of you having visited our website. Where you are logged into your Facebook account at the same time, Facebook will be able to attribute this information to your personal Facebook user account.
When using plug-in functions (e.g. clicking the “like” button, making a comment), this information will also be attributed to your Facebook account and it is only possible for you to prevent that from happening by logging off your account before using the plug-in.
Use of Twitter plug-ins
We use Twitter social network social plug-ins. Twitter is operated by: Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. You will recognise this plug-in based on the Twitter logo (“Twitter Bird” contours/relief). There are various Twitter logos. You can inspect them on the Twitter website when clicking on the following link http://twitter.com/about/resources/logos.
When you load our website, your browser will be establishing a direct connection with the Twitter servers (likely to be located in the USA). The contents of this plug-in will be transmitted by Twitter directly to your browser and integrated by it into the website. We have no way of influencing the scope of data that Twitter collects with the help of this plug-in and therefore would like to inform you based on what we know from the information available from Twitter that is available from the Twitter website http://twitter.com/about/resources. As a result of the plug-in being added, Twitter will be informed about the fact that you have loaded the respective page of the website. Where you are logged into your Twitter account at the time when you use the plug-in, Twitter will be able to attribute the website visit to the user account.
Where you interact with plug-ins, e.g. press on a “Tweet This” button or make a comment, the respective information will be transmitted by the browser directly to Twitter and stored there. Where you are a member of Twitter and do not wish Twitter to collect data about you via our website and to connect it to data stored by Twitter, you will have to log off your Twitter account before using our website. Where you are no member of Twitter or have logged off your Twitter account before visiting our website, it would still be possible for Twitter to learn and store your IP address.
Use of LinkedIn plug-ins
We use LinkedIn social network social plug-ins. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn“). You can recognise LinkedIn plug-ins based on the LinkedIn logo or the “share button” on our website.
Where you visit our website, a direct connection will be established between your browser and the LinkedIn server through the plug-in. This means LinkedIn will be informed about your IP address having visited our website. Where you click the LinkedIn “share button” whilst being logged into your LinkedIn account, you can link the content of our website on your LinkedIn profile. This means that LinkedIn will be able to attribute the website visit to your user account.
Utilisation of Vimeo plug-ins
We use Vimeo.com plug-ins. Vimeo is operated by Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA (”Vimeo“).
Where you load such a plug-in, a connection to Vimeo servers will be established and your browser will be instructed to display the plug-in on the website. This means that the Vimeo server will be informed of you which pages on the website you visited. Where you are logged into your Vimeo account at the same time, Vimeo will be able to attribute this information to your personal user account with this platform. By using these plug-ins, for instance by clicking/start buttons of a video or sending a comment, this information will, for instance, be attributed to the Vimeo user account and it is only possible for you to prevent this by logging off your account before using the plug-in.
Where you register for our e-mail newsletter, personal data will be collected. This data will be used by us for own advertising purposes by way of your e-mail newsletter to the extent you have thereby explicitly given us your consent as follows:
“Yes, I would like to subscribe to your newsletter! I accept the privacy statement”
It is possible for you to unsubscribe from the newsletter at any time by using the designated link in the newsletter or by sending a corresponding message to us by e-mail at [email protected]. After unsubscribing, your e-mail address will promptly be deleted from our newsletter distribution list and be integrated into a blacklist for the purpose of ensuring the cancellation.
Newsletter tracking: Provided that you have explicitly given us your consent beforehand, we will apply newsletter tracking techniques (also referred to as web beacons or tracking pixels). When delivering the newsletter, the external server may record certain recipient data such as the time of retrieval, the IP address or information on the e-mail programme (client) used. The name of the image file will be customised for every mail recipient by a unique ID being attached. The mail sender will remember which e-mail address belongs to which ID and this means that when the image is loaded, it will know which newsletter recipient has just opened the e-mail.
In newsletter tracking, user behaviour will be recorded in a pseudonymised way. This relates to the following pseudonymised data: Recipients, recipients minus bounces, recipients in queue, recipients skipped, unique unsubscribe rate, unique unsubscribes, bounce rate, bounces (of which hard and soft bounces), unique open rate, unique opens, open rate, opens, unique click-through rate, unique clicks, click-through rate, clicks, unique click-to-open rate, clicks for segmentation of target groups.
We use the services of an external service provider, dotMailer, No. 1 London Bridge, London, SE 9BG for delivering the newsletter. For sending the newsletter, your personal data will be forwarded to dotMailer and processed by the latter exclusively on our instructions.
We reserve the right to occasionally adapt our privacy statement to ensure that it always conforms to legal requirements, as amended at the time, or to implement changes in our services in the privacy statement. This could, for instance, happen in connection with the introduction of new services. When you visit our website again, the new privacy statement, as amended, will apply in this case.
Any company logo or trademark specified here is owned by and the property of the respective company. Trademarks and names have been mentioned by us purely for information purposes.
The following terms shall apply with respect to users located in the Russian Federation:
The services mentioned on our website are not meant to be used by citizens of the Russian Federation that are resident in Russia.
Where you are a citizen of Russia domiciled in Russia, this is to explicitly inform you of the fact that any personal data that you may be providing to us via this website shall exclusively be provided at your own risk and your own responsibility. Furthermore you agree not to hold us liable for any non-compliance with laws applicable in the Russian Federation, if any.