Data protection
Data protection notice in accordance with Articles 13 and 21 of GDPR for the website of mk² gmbh (Status May 2018 / PDF)
1. In general
mk² gmbh take the protection of your personal data as well as the legal obligation to protect them very seriously. The statutory provisions require full transparency regarding the processing of personal data. Only if the processing is comprehensible for you, as a data subject, you are adequately informed about purpose, objectives and extent of the processing. Therefore, privacy statement explains in detail which so-called personal data (for definition see 2.1) are being processed by us for the use of the website www.mk-2.com and for the use of all other internet sites which refer to it (for definition see 2.2).
In accordance with Article 4 (7), responsible for the purposes of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) as well as other data protection regulations are mk² gmbh,
Oxfordstr. 24
D-53111 Bonn, Germany,
info@mk-2.com,
www.mk-2.com
here after referred to as‚ responsible company‘ or ‚we‘. The obligation to order a data protection officer does not exist. Please note that via links on our website you may get to other internet sites which are not operated by us but by third parties. Such links are either clearly marked by us or are identifiable by the change of your browser’s address line. We are not responsible for the observation of data protection provisions and the safe handling of your personal data on these websites operated by third parties.
2. Definitions
2.1 From GDPR
This data protection notice uses the terms of the GDPR legal text. You may see the definitions (Art. 4 of GDPR) e.g. on https://dejure.org/gesetze/DSGVO/4.html.
2.2 Cookies
3. General Information on Data Processing
We process personal data only as far as it is permitted by law. The transmission of personal data takes only place in the cases described below (see 4.).
The personal data are deleted or protected by technical and organizational measures (e.g. pseudonymization, encryption) as soon as the purpose of processing does not apply. This takes also place when a storage obligation expires, unless the further storage of personal data is required for the conclusion or the performance of a contract.
Provided that we are not legally bound to store data for a longer period or pass them on to third parties (in particular law enforcement authorities), the decision which personal data we collect, for how long they are being saved and to which extent you possibly need to disclose them depends on the functions of the website you use in the individual case.
4. Data Processing in Connection with the Use of the Website
The use of the website and its functions requires the processing of certain personal data regularly.
4.1 Informational Use of the Website
If you log on to our website and use it for information purposes only, i.e., without the use of additional functions like contact form or social media plugins, we collect automatically personal data. These are the following information: IP address of your terminal device as well as day and time of your retrieval of the website. This information is transmitted by your browser, unless you have configured it in a way that the transmission of information is suppressed.
Processing of these personal data is done for the functionality and optimization of the website as well as to ensure the safety of our information technology systems. This is where at the same time lies our legitimate interest, for what reason processing according to Article 6(1)(f) is allowed.
Personal data are stored for a period of 4 weeks. We do not merge these personal data with other data sources. There is no data transfer to third parties. A transmission to a third country or an international organization is not intended.
4.2 Webflow
This website is hosted on Webflow's Content Delivery Network (CDN). This is a service provided by Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, California, 94103. The Webflow CDN makes duplicate data from a website available on various Webflow servers distributed around the world. This provides faster website load times, increased resilience, protection against brute force attacks, and increased protection against data loss. A large part of the elements and the source code of this website are retrieved from the Webflow CDN when the page is called up. Through this retrieval, your IP address is transferred anonymously to Webflow's servers in other EU countries and stored there for 24 hours. This anonymized storage for 24 hours serves as protection against brute force attacks. Ein Tracking oder sonstige Weiterverarbeitung dieser Daten findet nicht statt. The use of the Webflow CDN is in the interest of a higher reliability of the website, increased protection against data loss, protection against brute force attacks and a better loading speed of this website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
Webflow Inc. with headquarters in the USA is certified for the us-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.
The current privacy policy of Webflow can be found at: https://webflow.com/legal/eu-privacy-policy
4.3 Contacting via E-Mail
If you send us an e-mail the personal data you indicate in the e-mail are being processed by us. This information is transmitted by your browser or e-mail client and stored in our information technology systems. Processing of these personal data is necessary for the answer of your inquiry. In addition, your IP address, day and time of the contact request are stored if you send us an e-mail.
Data processing serves to answer your inquiry.
These processings are lawful since the answer of your inquiry is a legitimate interest in line with Article 6(1)(f) of GDPR.
Personal data are stored as long as it is necessary for the response to your request. If your inquiry results in the conclusion of a contract, personal data are stored as long as they are required for pre-contractual measures or the performance of a contract. After that, personal data are routinely deleted every 4 weeks. We do not merge these personal data with other data sources. There is no data transmission to third parties. A transmission to a third country or an international organization is not intended. You are not obliged to provide these personal data, sending of an e-mail, however, is not possible without your data provision.
4.4 Subscription of a Newsletter
On our website you may subscribe to one of our client’s newsletter. If you do so, the personal data you indicated on occasion of the registration are transferred to us by your browser and stored in our information technology systems. Furthermore, your IP address and the time of registration are also stored.
Processing of the personal data entered by you serves for the personal design and shipment of the newsletter. This processing is lawful, since you gave us your permission according to Article 6(1)(f) of GDPR. The storage of IP address and time of registration has the purpose to guarantee the safety of our information technology systems. This is where at the same time lies our legitimate interest why processing according to Article 6(1)(f) is allowed.
The personal data you entered are stored until your subscription is canceled. The IP address of the registration will be stored for a period of 4 weeks. We do not merge these personal data with other data sources. There is no data transmission to third parties. A transmission to a third country or an international organization is not intended. You are not obliged to provide these personal data, the subscription to our newsletter, however, is not possible without your data provision.
4.5 Embedsocial
On our site, we use social plugins provided by EmbedSocial, operated by EmbedSocial, Boulevard Saint Clement of Ohrid 52, 1000 Skopje, Macedonia ("EmbedSocial"). We use these plugins to display user reviews on social media bundled on our website.When you visit a page that contains such a plugin, your browser establishes a direct connection to EmbedSocial's servers. In doing so, the plugin transmits log data to the EmbedSocial server. This log data may contain your IP address, type and settings of the browser, date and time of the request, your usage of EmbedSocial and cookies.The use of the EmbedSocial plugin is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media.For more information on the purpose, scope and further processing and use of the data by EmbedSocial, as well as your rights in this regard and options for protecting your privacy, please refer to the privacy policy of Embed Social: https://embedsocial.com/privacy-policy/.
5. Rights of Data Subjects
As a data subject you have the right to obtain information according to Article 15 of GDPR, the right of revocation according to Article 16 of GDPR, the right to request the cancelation according to Article 17 of GDPR, the right to limit processing according to Article 18 of GDPR as well as the right of data portability according to Article 20 of GDPR. The limitations according to §§ 34, 35 of BDSG (German Federal Data Protection Act) apply for information right and cancelation right. In addition, there is a right of complaint before a data protection authority (Article 77 of GDPR in connection with § 19 of BDSG). Country Representative for Data Protection and Freedom of Information North Rhine-Westphalia:
Kavalleriestr. 2-4
D-40213 Düsseldorf, Germany
Phone: +49 211/38424-0
Email: poststelle@ldi.nrw.de
6. Automated Decisions in Individual Cases Including Profiling
Automated decisions in individual cases including profiling are not made.
7. Reporting Obligations of Responsible Persons
We inform all recipients the personal data of whom were disclosed about each adjustment or cancelation of their personal data or a limitation of processing according to Articles 16, 17(1) and 18 of GDPR, unless it is impossible to inform them or the information would be associated with disproportionate time and effort.
We inform you about the recipients on your request.
8. Right of Objection
At any time you have the right to object the processing of the personal data related to you which takes place according to Article 6(1)(e) or (f) of GDPR for reasons which result from your particular situation. If personal data are processed for purposes of direct advertising, you have the right to object at any time the processing of personal data related to you and used for purposes of such advertising.
9. Right of Revocation of the Consent to Processing Personal Data
According to Article 7(3)(4) of GDPR you have the right to revoke your consent at any time. The legality of data processing due to the consent until the revocation is not affected. Therefore, the revocation applies only for the planned processing after the revocation. The revocation can be made informal by mail or e-mail. If you enter a revocation your personal data are not processed any longer, unless another (legal) basis allows it. If, however, a revocation is entered and there are no other permissions, according to Article 17(2)(b) of GDPR your personal data need to be deleted immediately on your request. The revocation can be made formless and should be addressed to:
mk² gmbh
Oxfordstr. 24
D-53111 Bonn, Germany
info[at]mk-2.com
4.3 Contacting via E-Mail
If you send us an e-mail the personal data you indicate in the e-mail are being processed by us. This information is transmitted by your browser or e-mail client and stored in our information technology systems. Processing of these personal data is necessary for the answer of your inquiry. In addition, your IP address, day and time of the contact request are stored if you send us an e-mail.
Data processing serves to answer your inquiry.
These processings are lawful since the answer of your inquiry is a legitimate interest in line with Article 6(1)(f) of GDPR.
Personal data are stored as long as it is necessary for the response to your request. If your inquiry results in the conclusion of a contract, personal data are stored as long as they are required for pre-contractual measures or the performance of a contract. After that, personal data are routinely deleted every 4 weeks. We do not merge these personal data with other data sources. There is no data transmission to third parties. A transmission to a third country or an international organization is not intended. You are not obliged to provide these personal data, sending of an e-mail, however, is not possible without your data provision.
4.4 Subscription of a Newsletter
On our website you may subscribe to one of our client’s newsletter. If you do so, the personal data you indicated on occasion of the registration are transferred to us by your browser and stored in our information technology systems. Furthermore, your IP address and the time of registration are also stored.
Processing of the personal data entered by you serves for the personal design and shipment of the newsletter. This processing is lawful, since you gave us your permission according to Article 6(1)(f) of GDPR. The storage of IP address and time of registration has the purpose to guarantee the safety of our information technology systems. This is where at the same time lies our legitimate interest why processing according to Article 6(1)(f) is allowed.
The personal data you entered are stored until your subscription is canceled. The IP address of the registration will be stored for a period of 4 weeks. We do not merge these personal data with other data sources. There is no data transmission to third parties. A transmission to a third country or an international organization is not intended. You are not obliged to provide these personal data, the subscription to our newsletter, however, is not possible without your data provision.
4.5 Embedsocial
On our site, we use social plugins provided by EmbedSocial, operated by EmbedSocial, Boulevard Saint Clement of Ohrid 52, 1000 Skopje, Macedonia ("EmbedSocial"). We use these plugins to display user reviews on social media bundled on our website.When you visit a page that contains such a plugin, your browser establishes a direct connection to EmbedSocial's servers. In doing so, the plugin transmits log data to the EmbedSocial server. This log data may contain your IP address, type and settings of the browser, date and time of the request, your usage of EmbedSocial and cookies.The use of the EmbedSocial plugin is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media.For more information on the purpose, scope and further processing and use of the data by EmbedSocial, as well as your rights in this regard and options for protecting your privacy, please refer to the privacy policy of Embed Social: https://embedsocial.com/privacy-policy/.
5. Rights of Data Subjects
As a data subject you have the right to obtain information according to Article 15 of GDPR, the right of revocation according to Article 16 of GDPR, the right to request the cancelation according to Article 17 of GDPR, the right to limit processing according to Article 18 of GDPR as well as the right of data portability according to Article 20 of GDPR. The limitations according to §§ 34, 35 of BDSG (German Federal Data Protection Act) apply for information right and cancelation right. In addition, there is a right of complaint before a data protection authority (Article 77 of GDPR in connection with § 19 of BDSG). Country Representative for Data Protection and Freedom of Information North Rhine-Westphalia:
Kavalleriestr. 2-4
D-40213 Düsseldorf, Germany
Phone: +49 211/38424-0
Email: poststelle@ldi.nrw.de
6. Automated Decisions in Individual Cases Including Profiling
Automated decisions in individual cases including profiling are not made.
7. Reporting Obligations of Responsible Persons
We inform all recipients the personal data of whom were disclosed about each adjustment or cancelation of their personal data or a limitation of processing according to Articles 16, 17(1) and 18 of GDPR, unless it is impossible to inform them or the information would be associated with disproportionate time and effort.
We inform you about the recipients on your request.
8. Right of Objection
At any time you have the right to object the processing of the personal data related to you which takes place according to Article 6(1)(e) or (f) of GDPR for reasons which result from your particular situation. If personal data are processed for purposes of direct advertising, you have the right to object at any time the processing of personal data related to you and used for purposes of such advertising.
9. Right of Revocation of the Consent to Processing Personal Data
According to Article 7(3)(4) of GDPR you have the right to revoke your consent at any time. The legality of data processing due to the consent until the revocation is not affected. Therefore, the revocation applies only for the planned processing after the revocation. The revocation can be made informal by mail or e-mail. If you enter a revocation your personal data are not processed any longer, unless another (legal) basis allows it. If, however, a revocation is entered and there are no other permissions, according to Article 17(2)(b) of GDPR your personal data need to be deleted immediately on your request. The revocation can be made formless and should be addressed to:
mk² gmbh
Oxfordstr. 24
D-53111 Bonn, Germany
info[at]mk-2.com