Skip to main contentSkip to page footer

Privacy

 

Privacy statement and information of the persons concerned in accordance with Article 13 and Article 14 of the EU General Data Protection Regulation.

1. General information

Information about the responsible agency

Company: M&M Software GmbH
Legal representatives: Christian Gnädig, Thomas Gaus
Address: Industriestr. 5, 78112 St. Georgen
Contact Data Protection Officer:privacy@mm-software.com

 

2. General data processing information

Affected data:

Personal data is only collected if you provide it to us by yourself. Besides this, no personal data is collected. Any processing of your personal data that goes beyond the scope of the statutory permission is only possible based on your express consent.

Processing purpose: Contract Enforcement

Categories of recipients:

  • Public authorities in case of priority legislation.
  • External service providers or other contractors.
  • Other external agencies as far as the data subject has given his consent or a transmission
  • of predominant interest is permissible.

Third country transfers: In the context of contract enforcement, contractors outside the European Union can also be employed.

Duration of data storage: The duration of the data storage depends on the statutory storage requirements and is usually 10 years.

 

3. Specific information about the website

In general, visiting our website does not require you to provide any personal information. Technically, however, we temporarily store the connection data of the requesting computer, the websites you visit, the date and duration of the visit, the recognition data of the browser and operating system type used and the website from which you visit us.

If the programming of our website causes your browser to load data from servers operated by third parties, we ourselves are not involved in these data transfers.

Personal data is only collected if you provide it to us by using one of our forms on the website. The transmission of the data is encrypted.

a. Newsletter

As part of the registration of our newsletter, you provide us with your name, company name, e-mail address and optionally further data. We use this information exclusively to send you our newsletter. Your data entered during the newsletter registration will remain with us until you unsubscribe from our newsletter. A deregistration is possible at any time via the provided link in the newsletter or a corresponding message to us. With the deregistration you disclaim the use of your data for this purpose.

For documentation of the newsletter consent and to prevent misuse of your data, we use the so-called double-opt-in procedure. By using this process, we ensure that the recipient also wants to receive our newsletter. After registration you will receive an e-mail asking you to confirm your subscription to the newsletter. Only after confirmation, we will send you our newsletter.

The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of both the registration and the confirmation time. Similarly, changes to your stored data are logged.

Furthermore, we use your e-mail address, which we receive in connection with the sale of our products or services, for direct advertising in the form of our newsletter for our own similar products or services as ordered by you, except you disclaimed the use of your data for this purpose. You may disclaim the use of your e-mail address at any time without incurring any costs other than the base rate transmission costs. Your contradiction (and thus the cancellation of our newsletter) can be exercised by sending a message to the above-mentioned e-mail address (privacy@mm-software.com).

We use the service provider Newsletter2Go to send the newsletter. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for purposes other than sending newsletters. In our newsletters, so-called click tracking also takes place, in which the following data is recorded: Opening rate of the email, which link was clicked.

b. Contact form

When using the contact form, you provide us with your name, your e-mail address and optionally further data. We use this information exclusively to process your request. Your data entered in the contact form will remain with us until you disclaim the storage. A contradiction is possible at any time by sending a corresponding message to us. With this message, you contradict the use of your data for this purpose.

c. Download registrations

As part of the registration for downloads, you tell us your e-mail address and optionally other data. We use this information to send you download links once. In addition, you sign up for the newsletter at the same time. Your data entered during the download registration remain stored with us until you disclaim the storage. A contradiction is possible at any time by sending a corresponding message to us. With this message, you contradict the use of your data for this purpose.

d. Event registrations

When registering for events, you provide us with your first name, surname, company, telephone number, e-mail address and optionally further data. We use this information to process your event registration. In addition, you sign up for the newsletter at the same time. Your data entered during event registration will remain with us until you disclaim the storage. A contradiction is possible at any time by sending a corresponding message to us. With this message, you contradict the use of your data for this purpose.

 

4. Collection, storage of usage data when visiting our website without registration, use of cookies

When you visit our website, we receive your full IP address from your EDP. Only with this IP address we can transmit the data of our website to you, so that the website is displayed to you (Art. 6 para. 1 b), f) DSGVO). Beyond the processing for transmitting the retrieved data, the complete IP address is only stored for two (2) days in order to be able to initiate defensive measures, e.g. blocking of IP addresses, as well as criminal prosecution, if necessary, in the event of attacks on our IT (Art. 6 para. 1 f) DSGVO).
We store the date and time of the page view and the page from which you accessed our website. We do not store further personal data as long as you do not log in.
Insofar as the programming of our website causes your browser to load data from servers operated by third parties, we ourselves are not involved in these data transfers. Our third-party providers have asked us to inform you as follows:

a. Google Conversion Tracking

As an AdWords customer, we also use "Google Conversion Tracking", an analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). Google Adwords sets a cookie on your computer ("conversion cookie") if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of ours and the cookie has not yet expired, we and Google can recognize that someone has clicked on the ad and thus been redirected to our website. Each AdWords customer receives a different cookie. Cookies can therefore not be used to identify you or your path on the Internet on different websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. We thus receive usage statistics about those users who arrive at our website via a Google ad and can thus track which of our ads are how successful and have matched your search topic (Art. 6 para. 1 f) DSGVO).
We as an AdWords customer learn the total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking process, you can refuse the setting of a cookie required for this - for example, via browser settings that generally disable the automatic setting of cookies. You have a right to object and can prevent the installation of the cookie for Google AdWords (under the domain "googleadservices.com") by a setting in your browser so that cookies from the domain "googleadservices.com" are blocked. You can find details on this in the help of your browser. You can find the corresponding cookie names in our Cookie Policy.
Here you can find Google's privacy policy: www.google.com/intl/de/policies/privacy/.

b. Google Tag Manager

This website uses the "Google Tag Manager". Google Tag Manager is a solution provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") that allows marketers to manage website tags through one interface. The "Tag Manager" tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool only provides data redirection and triggering of other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.

c. LinkedIn Analytics and LinkedIn Ads

Our website uses the "LinkedIn Insight Tag" marketing function of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; "LinkedIn"). Each time you access one of our pages that contains functions from LinkedIn, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. The active program function (JavaScript) is used to understand the actions of visitors to our website in anonymized form, to measure the effectiveness of advertising and to present interest-based advertisements ("LinkedIn ads") in the context of visiting the social network LinkedIn and other websites. For this purpose, the LinkedIn Insight tag is embedded on our website, whereby a connection to the LinkedIn server is established if you visit our website and are logged into your LinkedIn account at the same time. The mapping tries to work across devices, so that it is also evaluated how visitors behave across devices. The basis of the use is Art. 6 para. 1 f) DSGVO.
In addition, we have a profile on the social network LinkedIn itself. Our social media presences and, consequently, our profile on LinkedIn, are intended to ensure the most comprehensive presence possible on the Internet. When you visit our profile on LinkedIn, LinkedIn can generally analyze your user behavior.
In the context of customer acquisition, we use "LinkedIn Lead Ads". These are advertising circuits on LinkedIn, in which LinkedIn uses forms for lead generation and functions and content of the LinkedIn service can be integrated. In such advertising, defined information is requested in accordance with our current campaign or other measures. If you have a LinkedIn account, the corresponding advertising circuit can be pre-filled with the information you have shared on LinkedIn.
Thus, with LinkedIn Lead Ads, we offer you a function with which you can provide us with user information using your LinkedIn account. We use this functionality to be able to address you in a target group-oriented manner. Our legitimate interest for the use of LinkedIn Lead Ads serves marketing purposes in the context of a business initiation. The legal basis for this is Art. 6 (1) f) DSGVO.
If you are logged into your LinkedIn account and visit our profile on LinkedIn, LinkedIn can assign this visit to your user account. The same applies to advertising on LinkedIn via LinkedIn Lead Ads. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have a LinkedIn account. In this case, the data collection can take place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. If you have a LinkedIn account, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Please see LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy for more information on data collection and use, as well as your privacy options and rights. If you are logged in to LinkedIn, you can opt out of data collection at any time at the following link: www.linkedin.com/psettings/enhanced-advertising.
Please click this link to prevent the collection by LinkedIn within our website in the future (the opt-out only works in this browser and only for this domain) and hereby exercise your right to object. In doing so, an opt-out cookie will be placed on your device. If you delete your cookies in this browser, you must click this link again.

d. Live-Chat (Chat-Funktion)

This website optionally offers the use of Tawk.to, a live chat software from Tawk.to ltd.
The chat is integrated into the source code of the website via a plugin. By using the chat, you automatically use the services of Tawk.to. All data that you enter the chat window will be transferred to Tawk.to and saved there. The data collected includes: name, chat history and country of origin. These data are not passed on to third parties and are only used for protection and internal statistics. By using the chat, you consent to this storage and use of the data. The data collected with the Tawk.to technologies are not used to personally identify the visitor to this website. They are not saved and deleted after the chat. The purpose and scope of the data collection and further processing and use of the data by Tawk.to as well as your related rights and setting options to protect your privacy can be found in the data protection information of Tawk.to: https://www.tawk.to/privacy-policy/

e. Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the data records collected and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: privacy.google.com/businesses/controllerterms/mccs/

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information from the provider can be found here.

  1. IP anonymisation: Google Analytics IP anonymisation is activated. As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
  2. Browser plugin: You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout. You can find more information on how Google Analytics handles user data in Google's privacy policy.
  3. Order processing: We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

5. Details of other data processing procedures

a. Specific information about the extranet

When registering for the M&M Extranet, you provide us with your first name, last name, company name, company address, e-mail address and optionally further data. We use this information to create your user account. Your data entered during registration will remain with us until the user account is deleted. You can request a deletion at any time by sending a corresponding message to us. Your account will be deleted accordingly.

Furthermore, login times, page views and file downloads in the extranet are automatically logged for security purposes.

Affected data: Contact information
Purpose: Provision of the user account.
Categories of recipients: Public authorities in case of priority legislation.
Third country transfers: In the context of contract execution, contractors outside the European Union can also be employed.
Duration of data storage: The retention of the logs is 90 days.

 

b. Specific information about the application process

Data concerned: Application data and details
Processing purpose: Execution of application procedure

Categories of recipients: 

  • External service providers for the provision of the applicant and personnel management system
  • Public authorities in the event of overriding legal provisions.
  • Other external bodies if the data subject has given their consent or transmission is permitted for reasons of overriding interest, e.g. parent company, Ministry of Justice (financial sanctions list).
     

Third country transfers: none

Duration of data storage: Application data will generally be deleted within six months of notification of the decision, unless consent has been given for longer data storage in the context of inclusion in the applicant pool. Data from the applicant pool will be deleted after one year.

c. Specific information for the processing of customer data / prospect data

Data concerned: Data provided for the execution of the contract; if necessary, additional data for processing based on your express consent.
Processing purpose: Contract execution, like offers, orders, sale and invoicing, quality assurance.
Categories of recipients:

  • Public authorities in the event of overriding legal provisions
  • External service providers or other contractors, e.g. for the provision of customer administration systems, dispatch, service providers for printing and dispatching information.
  • Other external bodies if the data subject has given their consent or transmission is permitted for reasons of overriding interest, e.g. for credit checks.

d. Specific information for the processing of supplier data

Data concerned: Data provided for the execution of the contract; if necessary, additional data for processing based on your express consent.
Processing purpose: Contract execution, such as inquiries, purchasing, quality assurance.
Categories of recipients:

  • Public authorities in the case of overriding legal provisions, e.g. tax office, customs.
  • External service providers or other contractors, e.g. for payment processing, provision of customer administration system.
  • Other external bodies if the data subject has given their consent or transmission is permitted due to overriding interests.

e. Specific information for the processing through social networks

We maintain publicly available profiles in social networks.

Generally, social networks like Facebook can analyze your user behavior comprehensively by visiting their website or a website with integrated social media content (such as like buttons or banner ads). By visiting our social media presences, numerous data protection relevant processing processes are triggered.

In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account on the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. This way, you can see interest-based advertising in and out of your social media presence. If you have an account on the respective social network, the interest-based advertising can be displayed on all devices on which you are, or were, logged in.

Please also note that we can not retrace all processing processes on the social media portals. Depending on the provider, therefore, further processing operations may possibly be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal base: Our social media presences are designed to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) EU-GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (for example, consent within the meaning of Article 6 (1) (a) EU-GDPR).
Responsible and asserting rights:
If you visit any of our social media sites (such as Facebook), we, together with the social media platform operator, are responsible for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, limitation of processing, data portability and complaint) both to us and to the operator of the respective social media portal (for example, Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Duration of data storage:
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for their storage is removed, you ask us to delete it, you revoke your consent for storage or the purpose for the data storage is dropped. Saved cookies remain on your device until you delete them. Mandatory legal provisions - especially retention periods - remain unaffected.

We have no control over the storage time of your data stored by the social network operators for their own purposes. For details, please contact the social network operators directly (for example, in their privacy policy).

 

6. Further information and contacts

You may at any time assert your claims to information, correction, blocking, completion, deletion or restriction of the processing or the exercise of your right of objection to the processing, as well as the right to data portability.

You may send us your request for information, blocking, deletion and rectification regarding your personal data as well as revocations of your consent by e-mail to privacy@mm-software.com or by letter to the contact address stated in the imprint.

You also have the right to contact the relevant data protection supervisory authority for complaints.

If you have any further questions regarding the protection of your personal data, this privacy statement, consent declarations and the processing of your personal data or complaints about data protection, you can contact us at the following e-mail address: privacy@mm-software.com

 

7. Acknowledgement of the privacy policy, changes to this policy

This privacy policy is valid from the date of publication on the website of M&M Software GmbH until further notice. For the use of our offer the confirmation and acknowledgment of the data protection agreement is indispensable.

Please note that data protection regulations and data protection procedures may change constantly and the contents of this privacy policy must be adapted. In this case, we will make changes transparent to you. It is also advisable to inform yourself about changes in the legal provisions and practice of our company.