Toggle Nav
Search
Language
DE
EN
    • My Cart
Menu
Language
DE
EN

Privacy Statement

Last updated: 24.04.2023

Notes on the Processing of Personal Data (Privacy Policy)

(Version 3.0, Stand 24.04.2023)

 

Welcome to the data protection area of MAXIMATOR GmbH. Thank you for your interest in our company. Based on this privacy policy, we would like to inform you in detail about which data we collect in which cases, and how we process this data.

Controller
The controller in accordance with Article 4(7) of the EU’s General Data Protection Regulation (GDPR) is:

MAXIMATOR GmbH

Lange Straße 6

99734 Nordhausen

Phone +49 3631 9533-0

Email: info@maximator.de 

 

Data Protection Officer
The data protection officer can be reached at:

Gesellschaft für Personaldienstleistungen mbH

Pestalozzistraße 27

34119 Kassel

Phone: +49 561 78968-93

Fax: +49 561 78968-61

Email: datenschutz@gfp24.de 

 

General information on the collection of personal data

In the following, we would like to inform you in detail about the nature and the extent of the processing of personal data which is collected within the scope of

-       your visit to our website,

-       your use of our online services,

-       our online profiles on external social media platforms,

-       application processes,

-       as well as business relationships with customers and service providers

.

In particular, the legal basis for our privacy policy are the provisions of the General Data Protection Regulation GDPR as well as the additional stipulations of the German Data Protection Act (Bundesdatenschutzgesetz BDSG) (new).

Purpose of/legal basis for the processing
In cases where we obtain your consent for the processing of personal data, Article 6(1)(a) of the GDPR constitutes the legal basis.

When processing personal data that is required for fulfilling a contract concluded between us, Article 6(1)(b) of the GDPR constitutes the legal basis. This also applies to processing operations that are necessary in order to carry out measures prior to entering into a contract.

In cases where processing of personal data is required in order to fulfil statutory requirements that we must comply with, Article 6(1)(c) of the GDPR constitutes the legal basis.

In cases where processing personal data is required to protect the vital interests of the data subject or of another natural person, Article (6)(1)(d) of the GDPR constitutes the legal basis.

In cases where processing personal data is required in order for our company or a third party to pursue a legitimate interest, and your interests, fundamental rights and freedoms do not override the aforementioned interest, Article 6(1)(f) of the GDPR shall be the legal basis for the processing of the data.

 

Transmission of personal data

In the event that we transmit or disclose your personal data to other parties within the scope of our processing, this is done exclusively based on one of the above-mentioned legal bases. Payment service providers may for instance be among the recipients of this data within the scope of fulfilment of a contract. In addition, we transmit your data to the bodies entitled to receive such data in cases where we are obliged to do so by law or by court order.

To the extent that external service providers support us in processing your data (e.g. data analysis, sending newsletters), this is done within the scope of processing in accordance with Article 28 of the GDPR. In this regard, we only enter into relevant contracts with service providers that offer sufficient guarantees that suitable technical and organisational measures have been implemented to ensure the protection of your data.

 

Transfer of data to third countries

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if such data transfer follows statutory provisions. Subject to your express consent or contractually/legally required data transfer, we process data, or have it processed, in third countries only if said third countries offer a recognised level of data protection, or - in accordance with 44 ff. GDPR - based on specific guarantees, including e.g. contractual obligations using the EU Commission’s so-called Standard Contractual Clauses (information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

 

Data storage

As soon as the respective purpose for storing the data is no longer valid, we will delete or block your personal data. Your data will then only continue to be stored if deletion is not permitted due to statutory retention periods (in particular under commercial and tax law) on a national or European level.

Definitions
Our privacy policy is based on terms which are used and defined in the GDPR. In order to ensure that our privacy policy is easily readable and understandable, we would firstly like to explain the most important terms.

Personal data
“Personal data” is any information that refers to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is deemed identifiable if said natural person can be identified, directly or indirectly, in particular by reference to identifiers such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing
“Processing” refers to any operation or set of operations performed on personal data or on sets of personal data, irrespective of whether or not this is done by automated means. Processing includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller
“Controller” refers to the natural or legal person, public authority, agency or other body which, alone or together with others, decides on the purposes and means of the processing of personal data. In case the purposes and means of such processing are specified under Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Pseudonymisation
“Pseudonymisation” refers to the processing of personal data in such a way that said data is no longer attributable to a specific data subject without using additional information, provided that such additional information is stored separately, and technical and organisational measures are taken in order to guarantee that the personal data is not attributed to an identified or identifiable natural person.

Processor
“Processor” refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient
“Recipient” refers to a natural or legal person, public authority, agency or other body, to which the personal data is disclosed, whether a third party or not. However, public authorities which obtain personal data within the scope of a particular inquiry in accordance with Union or Member State law are not considered recipients.

Third party
“Third party” refers to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and individuals who, under the direct authority of the controller or processor, are granted permission to process personal data.

Consent
“Consent” of the data subject refers to any freely given, specific, informed and unambiguous indication given by the data subject by which the data subject signifies - by means of a statement or a clear affirmative action - his or her agreement to the processing of personal data relating to him or her.

Profiling
“Profiling” refers to any kind of automated processing of personal data involving the use of personal data for evaluating certain personal aspects regarding a natural person, particularly in order to analyse or predict aspects concerning said natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Rights of the data subject
As the data subject, you have certain rights when it comes to the processing of your personal data. You can exercise these rights at any time. These rights comprise:

·       the right to withdraw your consent to the processing of your personal data, in accordance with Article 7(3) of the GDPR

·       the right to obtain information regarding your personal data stored by us, in accordance with Article 15 of the GDPR

·       the right to have incorrect data rectified or have incomplete data completed, in accordance with Article 16 of the GDPR

·       the right to erasure of your data stored by us, in accordance with Article 17 of the GDPR

·       the right to restriction of the processing of your data, in accordance with Article 18 of the GDPR

·       the right to data portability, in accordance with Article 20 of the GDPR

·       the right to object, in accordance with Article 21 of the GDPR

·       automated individual decision-making, including profiling, in accordance with Article 22 of the GDPR.

Right of access
You have the right to know whether and - if so - which of your personal data we process. In addition, you have the right to obtain copies of your personal data. Please note that under certain circumstances, your right of access may be restricted in accordance with statutory requirements.

Right to rectification
In case the data concerning you is not accurate (any more), you have the right to have your incorrect personal data rectified immediately and, if applicable, to have incomplete personal data completed.

Right to erasure
In accordance with statutory provisions, you have the right to have the data concerning you deleted immediately, e.g. if the data is no longer required for the purposes for which it was collected or processed and if deletion of the data is not prohibited due to statutory retention periods.

Right to restriction of processing
Within the scope of the provisions set forth in Article 18 of the GDPR, you have the right to have the processing of your personal data restricted, e.g. if you have objected to the processing, pending verification of whether your objection can be upheld.

Right to data portability
You have the right to have the data you have provided us with transmitted to yourself or to a third party in a commonly used and machine-readable format. In cases where you ask for the data to be directly transmitted to another controller, this will only be done if it is technically feasible.

Right to withdraw consent with regard to data protection
If the processing of your personal data is based on consent you have given us, you have the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on your consent before its withdrawal.

You can notify us of your objection by means of an informal notification to MAXIMATOR GmbH, Lange Straße 6, 99734 Nordhausen, Phone +49 3631 9533-0, Email: info@maximator.de.

We would like to point out that your objection can also be raised during the course of further proceedings or if necessary for technical reasons. For further information, please refer to the relevant services described.

Right to object
Subject to the conditions of Article 21(1) of the GDPR, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data in accordance with Article 6(1)(e) of the GDPR. This also includes profiling based on those provisions. If you make use of your right to object, we will no longer process your personal data, unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

You can notify us of your objection by means of an informal notification to MAXIMATOR GmbH, Lange Straße 6, 99734 Nordhausen, Phone +49 3631 9533-0, Email: info@maximator.de.

We would like to point out that your objection can also be raised during the course of further proceedings or if necessary for technical reasons. For further information, please refer to the relevant services described.

Right to lodge a complaint with a supervisory authority
In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that your personal data is being processed unlawfully. The address of the supervisory authority responsible for our company is:

Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit

PO box 90 04 55

99107 Erfurt

Häßlerstr. 8

99096 Erfurt

poststelle@datenschutz.thueringen.de 

Phone +49 (361) 57-3112900

Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects in relation to you or similarly significantly affects you.

 

Use of online services

In the following, we will inform you about when and in which contexts data is processed if you use our online services.

 

Collection of personal data when visiting our website

If you visit our website solely for informational purposes, i.e. if you do not register or transmit information to us in other ways, we only collect the personal data which your browser transmits to our server. If you visit our website, we will collect the data mentioned below. This data is required for technical reasons in order to be able to make our website available and make sure that it is presented stably and securely (the legal basis is Article 6(1)(f) GDPR, 1st sentence):

·       IP address

·       Date and time of the request

·       Time difference to Greenwich Mean Time (GMT)

·       Content of the request (specific page)

·       Access status / HTTPS status code

·       Volume of data transmitted in each case

·       Website that the request comes from

·       Browser

·       Operating system and its interface

This data is stored for a limited period of time of no more than seven days in the log files of our system. Further storing beyond this is possible. In this case, however, the IP addresses are partially deleted or disguised, such that they can no longer be assigned to the client visiting the website.

Use of cookies
In addition to the data mentioned above, cookies are stored on your end device (e.g. PC, laptop, smartphone) when you use our website. Cookies are small text files which are stored on your end device and are assigned to the browser you are using. By means of the cookie, certain information is transmitted to the party that sets the cookie (in this case, us). Cookies are not able to execute any programmes or transmit viruses to your end devices. They serve to make the website more user-friendly and effective overall.

This website uses the following types of cookies, whose scope and function are explained in the following:

Transient cookies
Transient cookies are automatically deleted once you close the browser. In particular, they include session cookies. They store a so-called session ID, allowing for various requests from your browser to be assigned to a common session. That way, your computer can be recognised when you return to our website. Session cookies are deleted once you log out or close the browser.

Persistent cookies
Persistent cookies are deleted automatically after a specific length of time, which may vary depending on the cookie. You can delete cookies at any time by adjusting the privacy settings in your browser.

On our website, we only use cookies which are generated by us as the website operators, and which are necessary to ensure the availability of all functions and the correct presentation of all contents and services on our website. We use these cookies for the purposes of a legitimate interest to ensure the availability and functionality of our website in accordance with Article 6(1)(f) of the GDPR.

Besides the cookies that are set by us as the controller, third party cookies are also used. We process these cookies on the basis of your consent in accordance with Article 6(1)(a) of the GDPR or on the basis of our legitimate interest in accordance with Article 6(1)(f) of the GDPR. For further information on the use of external services and the collaboration with external service providers, please refer to the relevant data protection information for our individual online services.

You can adjust your browser settings according to your own wishes and can, for example, object to the use of third-party cookies or reject all cookies. However, we would like to point out that in that case, the functions of this website may not all be fully available. If you have consented to the use of cookies and would like to object to the use of cookies with future effect, you can delete the stored cookies in your browser settings.

SSL/ TLS encryption
For reasons of security, our website uses TLS encryption (formerly SSL) for the transmission of confidential information. Orders and contact requests which you send to us are therefore encrypted by means of Transport Layer Security. Depending on your browser, this is indicated either by the padlock icon and/or by the https protocol in the address line.

 

Getting in contact with us

Contact form
If you get in contact with us using a contact form, we will store the data you provide us with (your email address, your name, your address and , if applicable, your phone number and customer number) in order to respond to your request. We process the data you enter into the contact form on the basis of you consent in accordance with Article 6(1)(a) of the GDPR. In case your enquiry relates to the fulfilment of a contract or measures to be taken prior to entering into a contract, we will process your data on the basis of Article 6(1)(b) of the GDPR. We will delete the data collected in this context once storing the data is no longer necessary. In case statutory retention periods apply, we restrict the processing of the data. You have the right to withdraw your consent at any time. This does not affect the lawfulness of the data processing carried out prior to the withdrawal.

Enquiries by email, phone or fax
If you contact us by email, phone or fax, we will store the personal data you provide us with (your email address and, if applicable, your name and your phone number) in order to process your request. We will not disclose this data to third parties without your consent.

In case your enquiry relates to the fulfilment of a contract or measures to be taken prior to entering into a contract, we will process your data on the basis of Article 6(1)(b) of the GDPR. In all other cases, we will process your data on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and/or on the basis of our legitimate interests in accordance with Article 6(1)(f) of the GDPR. In particular, we have a legitimate interest to process your request efficiently.

The data you send us within the scope of contact requests remains with us until you ask us to delete it, withdraw your consent to the storage of the data or until the purpose for storing the data is no longer valid (e.g. after your request has been fully processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected by this.

 

Social media information

We use social media profiles that are open to the public in order to draw attention to our services and products. There, we would like to get in touch with you as a visitor and user of these pages as well as our website. You can find more information about this here.

 

Online shop

We offer an online shop to allow you to purchase our products. In this context, we mainly process data from the B2B segment and - where applicable - personal data of the contact persons on the basis of Article 6(1)(b) of the GDPR. Mandatory information for the execution of contracts is highlighted, further information is optional. The data required for concluding, executing or terminating a contract includes:

Name of the company

First name and last name of the contact person, if applicable

Billing address and delivery address

Email address of the contact person, if applicable

Invoice data and payment data

In case we do not use your contact data for advertising purposes, we store the data collected for contract execution until the end of the statutory retention periods. Due to retention periods specified under commercial and tax law, we are obliged to store the required information for a period of ten years (after conclusion of the contract).

Customer account / registration

You can optionally create a customer account, which will allow us to store your data for subsequent purchases. When creating an account, the data you enter is stored revocably. At the same time, we will store your IP address and the date and time of your registration. We will not transmit this data to third parties.

If you have granted consent, the legal basis for the processing of this data is Article 6(1)(a) of the GDPR. If the registration is carried out for the execution of a contract to which you are a contractual party, or for taking measures prior to entering into a contract, the additional legal basis for the processing of the data is Article 6(1)(b) of the GDPR.

In addition to the data you are asked to provide when placing an order, you will also have to enter a self-selected password when creating a customer account. Together with your email address, this will allow you to access your customer account. Please keep your login data confidential. In particular, do not disclose it to unauthorised third parties.

Your data will only be used as long as necessary for the existing customer relationship. Furthermore, you can view and change data stored about you at any time in your customer account. You have the option of closing your user account at any time. In this case, your data will be deleted unless we are obliged to store your data due to provisions under commercial and tax law.

 

Analytic tools

Google Analytics
This website uses Google Analytics, a web analytics service offered by Google Inc. (“Google”). Google Analytics uses so-called “cookies”. Cookies are text files which are stored on your computer, and which allow for an analysis of your use of the website. The information about your use of this website generated by the cookie is usually transmitted to and stored on a Google server in the USA. In case IP anonymisation is activated on this website (Anonymize IP), your IP address is first shortened by Google within the member states of the European Union or in other states signatory to the European Economic Area Agreement. Only in exceptional cases is the full IP address transmitted to Google servers in the USA and shortened there. On behalf of the operator of this website, Google uses this information in order to analyse your use of this website, compile reports regarding website activities and provide further services to the website operator with regard to website use and internet use.

The IP address transmitted by your browser within the scope of Google Analytics is not combined with other Google data.

This website uses Google Analytics with the “Anonymize” extension. Thus, shortened IP addresses are processed, and personal references can be almost completely excluded. If there is a personal reference to you in the collected data, the data is deleted immediately.

We use Google Analytics in order to analyse the use of our website and improve our website continuously. Using these statistics, we are able to improve our service and make it more interesting for you as the user. The legal basis for the use of Google Analytics is your consent in accordance with Article 6(1)(a) of the GDPR.

Furthermore, we use Google Analytics for a cross-device analysis of the flow of visitors. This analysis is performed by means of a user ID. You have the option of deactivating this cross-device analysis in your customer account under “My data”, “Personal data”.

You can prevent cookies from being stored on your device by adjusting the settings in your browser software. However, we would like to point out that in this case, it is possible that some functions of this website may not be fully available. In addition, you can prevent Google from collecting and processing the data related to your use of the website and generated by the cookie (including your IP address) by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Contact information of the third-party service provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: https://www.google.com/analytics/terms/de.html, Overview on data protection: https://support.google.com/analytics/answer/6004245?hl=de and privacy policy: https://policies.google.com/privacy?hl=de&gl=de.

 

LinkedIn (Insight)

This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g., career level, company size, country, location, industry, and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, we can use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be done across devices (e.g., PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted off-site advertising to visitors to our website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it in the context of its own advertising measures. For details, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.  

 

Legal basis

We use the LinkedIn Insight Tag to effectively operate advertising measures with the inclusion of social media. The aforementioned service is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a DSGVO and Section 25 (1) TTDSG.

 

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

 

Objection to the use of LinkedIn Insight Tag.

You can object to the analysis of usage behavior as well as targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To avoid a link between data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

 

New Relic

This website uses a plug-in offered by new Relic’s web analysis service. This allows us to obtain statistical evaluations regarding the speed of the website, to determine whether the website can be accessed and to establish how fast the relevant page is displayed when it is called up. This service is offered by New Relic Inc. (188 Spear Street, Suite 1200 San Francisco, CA 94105, USA; “New Relic”).

New Relic uses cookies. When a user calls up a website which uses a New Relic plug-in, the user’s browser establishes a direct connection with New Relic’s servers.

By means of the plug-in, New Relic obtains the information that a user has called up the relevant page of the website. If a user has logged in to New Relic, New Relic can assign their website visit to their New Relic account. If the user is not a member of New Relic, New Relic stores the user’s IP address.
The purpose and the scope of the data collection and the further processing and use of the data by New Relic, as well as the corresponding rights and settings options for the protection of the user’s privacy are outlined in New Relic’s privacy policy: https://newrelic.com/privacy.

If a user is a member of New Relic and does not want New Relic to collect data concerning him or her through this website and combine this data with their other user data stored by New Relic, the user must log out of New Relic prior to visiting the website.

You can object to data collection and storage for web analysis purposes at any time with future effect by deactivating cookies in your browser settings. For this purpose, refer to the relevant help file or help function of your browser.

For more information on New Relic’s data protection policies, click on the following link: https://newrelic.com/de/security