Template
Logo - MBB SE

Data Protection

This Privacy Policy applies to data processing by
 
MBB SE
Kurfürstendamm 188
10707 Berlin, Germany
Telephone +49 30 844 153-30
Fax +49 30 844 153-33
e-mail compliance(at)mbb.com

Represented by the Chairman of the Board and 
Managing Director 
Dr Christof Nesemeier 
Managing Director
Torben Teichler


(hereinafter referred to as "we") as the controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR).

The protection of our visitors' personal data is important to us. You can expect us to handle your data sensitively and carefully and to ensure a high level of data security. We comply with the provisions of the Federal Data Protection Act and the General Data Protection Regulation and will only process users' personal data to the extent described in this privacy policy.

Our data protection officer is
Peter Suhren
FIRST PRIVACY GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Tel.: 0421 696632-0
Fax: 0421 696632-11
e-mail: office(at)first-privacy.com

Our data protection officer will be happy to provide you with information or suggestions on the subject of data protection.

General information about how we handle personal data

Personal data is data that allows conclusions to be drawn about your identity.

We may process your personal data if you are a customer or supplier of ours, use our products or services, are interested in our products or services, are employed by or otherwise work for one of our customers or suppliers, or work for someone who uses our products or services. If you work for someone to whom we wish to exhibit or advertise our products or services, we will have obtained your data directly from you or via a third party.

What personal data do we collect and process?

The personal data we process may include the following:

  • Title, first name, surname;
     
  • Name and contact details of your employer;
     
  • Address, e-mail address, telephone number (landline and/or mobile) and other (professional and/or private) contact details.


Furthermore, other personal data about you may be processed, namely:

  • Information that you yourself have provided to us during communication (e.g. by telephone or e-mail) or via our website. 
     
  • Information that you have provided us yourself in the course of product use or delivery, that has been provided to us while providing our services, by placing an order, subscribing to a newsletter or sending us an enquiry. This information is collected both when you do this for yourself personally and when you do this for your employer.
     
  • During business transactions with you and your employer, we process the following data: 
     
  • Data from you is necessary for the initiation, conclusion and fulfilment of a contract with you or your employer. 
     
  • Event information that we need to carry out the event, such as your data and preferences or the data and preferences of your accompanying persons. 
     
  • Data that you provide during your visit or that we may obtain elsewhere (such as your name on the visitor list, your image on our surveillance video or your vehicle registration number if you use one of our car parks).
     
  • This data is collected
     
  • to identify you as our visitor, customer, supplier or their employee; 
     
  • to initiate, conclude and execute contracts with you and/or your employer; 
     
  • to be able to purchase your products/services; 
     
  • to send you information about our products/services (e.g. by e-mail) or to recommend other products/services from our range that may be of interest to you and/or your employer, taking your preferences into account.

On what basis do we collect this data and for how long?

Data processing is carried out based on your consent (which can be revoked at any time), provided that we require such consent for processing. In addition, your data is processed for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken at your request. The legal basis for processing may also be a legal obligation to which we are subject, or it may be carried out to safeguard our legitimate interests or those of a third party, unless the interests or fundamental rights and freedoms of the data subject require the protection of personal data prevail. 

The personal data we collect is stored until the respective purpose of data processing has been achieved and then deleted, unless we are obliged to store it for a longer period in accordance with Article 6(1)(c) GDPR due to tax and commercial law retention and documentation obligations (from the German Commercial Code (HGB), Criminal Code (StGB) or Fiscal Code (AO)) or you have consented to further storage in accordance with Article 6(1)(a) GDPR.

What data do we collect when you visit our website?

We only collect personal data on our website if you voluntarily disclose it to us. Depending on how you use our site, this may include the following data:

Contact

If you contact us via one of our contact forms, we will store your e-mail address for this purpose. You can optionally provide additional data, such as your name. We use this data to process your enquiries.

Newsletter

If you subscribe to our newsletter via our newsletter form, we will store your e-mail address for this purpose. You can also optionally provide your name. We use the double opt-in procedure for registration for our newsletter. After you register, we will send you an e-mail to the e-mail address you provided, asking you to confirm that you wish to receive the newsletter from us in future. If you do not confirm your registration within 24 hours, the data you have provided will be automatically deleted. In addition, we store your IP address and the time of registration for the newsletter as well as the time of confirmation to be able to verify your registration and, if necessary, to investigate any possible misuse of your personal data.

We store the aforementioned data for as long as you subscribe to the newsletter. The data will be deleted after you unsubscribe from the newsletter. You can cancel your subscription to the newsletter at any time by unsubscribing from the newsletter. You can do this by clicking on the link contained in every newsletter e-mail we send you. Alternatively, you can also unsubscribe from the newsletter using the form provided on our website or send us your unsubscription request by post.

Job Applications

If you wish to send us an application, please do so either by post or by e-mail to the address provided on our website in the MBB Talents section. This ensures that the data and documents you send us will only be stored for as long as you wish.

Server Logs

As a precaution, we would like to point out the following technical information: The operator of the web servers through which our website is published (hereinafter referred to as "provider") automatically and temporarily collects and stores information in so-called server log files, which your browser automatically transmits to our provider's web server. These files are divided into access logs, error logs and mail logs.

The following data is stored in the access logs: IP address truncated by the last three digits ("anonymized"), date, time, pages accessed, protocols, http status code, data volume, referrer, user agent and host name accessed. The data is stored for 60 days and then automatically deleted.

In addition to error messages, the error logs store the accessing anonymized IP address and, depending on the error, the website accessed. The data is stored for 7 days and then deleted.

Mail logs for sending e-mails from the web environment (e.g. when using the newsletter form) are anonymized after one day and then retained for 60 days. During anonymization, all data relating to the sender/recipient etc. is removed. Only the data relating to the time of dispatch and information on how the e-mail was processed (queue ID or not sent) is retained.

As a customer of our provider, we have no influence or access to the data collected, nor do we have any influence on the storage period of the data in the server logs.

This data is not stored together with any other personal data relating to you. Neither we nor our provider evaluate this data for marketing purposes. The temporary storage in log files serves the provider to ensure the functionality of our website and to guarantee the security of its information technology systems and is, according to the provider, necessary.

Why and on what legal basis do we collect your personal data when you visit our website?

We use the data you enter in our web forms exclusively to provide the service you have requested. We do this on the basis of Art. 6 (1) (a), (b), (c) and (f) GDPR.

The basis for data processing by our provider is Art. 6 (1) lit. f GDPR, in order to ensure the functionality of the website.

IP Addresses, Cookies and Tracking

We do not use cookies on our website. Therefore, you do not need to confirm a cookie notice on our site. 

Nor do we use tracking software on our website. When you visit our website, we do not store your IP address – not even in abbreviated (anonymized) form – or any other data from your system. We cannot draw any conclusions about your person from your visit to our website unless you actively provide us with personal data in one of the ways described above.

Links to other Websites and Plug-Ins

Our website may contain links to websites of other providers not affiliated with us. In addition, our website also contains so-called plugins from such providers, which display content from the websites operated by these providers on our website. Such plugins are only visible on our website if you explicitly request them by clicking on the corresponding links. After clicking on links or activating a plugin, we no longer have any influence on the processing of the transmitted data (such as your IP address or other data from your system), as the behaviour of third parties is beyond our control. We therefore cannot accept any responsibility for the processing of such data by third parties.

Social Media Plug-Ins

We do not use any social media plug-ins.

Security

All information you transmit to us is stored on servers in Germany. We use technical and organizational security measures to ensure that our users' personal data is protected against loss, destruction, incorrect changes or unauthorized access by third parties. In particular, your personal data is transmitted in encrypted form from our website.

In any case, only authorised persons on our part have access to your personal data, and only to the extent necessary for the above-mentioned purposes.

Data Protection Information for Shareholders

The following regulations also apply to our shareholders:

We use your personal data for the purposes specified in the German Stock Corporation Act (AktG). This includes, in particular, the organization of annual general meetings. The legal basis for the processing of your personal data is the German Stock Corporation Act in conjunction with Art. 6 (1) (c) and (4) GDPR.

In addition, your personal data may also be processed to fulfil other legal obligations, such as regulatory requirements and stock corporation, commercial and tax law retention obligations. For example, when authorizing the proxies appointed by the company for the Annual General Meeting, it is mandatory to record the data serving as proof of authorization in a verifiable manner and to store it in an access-protected manner for three years (Section 134 (3) sentence 5 AktG). In this case, the legal basis for processing is the respective statutory provisions in conjunction with Art. 6 (1) (c) GDPR.

In individual cases, we also process your data to safeguard legitimate interests in accordance with Art. 6 (1) lit. f GDPR.

If we intend to process your personal data for any other purpose, you will be informed in advance in accordance with the statutory provisions.

Data collected in connection with general meetings is generally retained for up to three years. Data stored in the share register is generally retained for ten years after the sale of the shares. Beyond that, we only retain personal data if this is necessary in connection with claims asserted against the company (statutory limitation period of up to 30 years). As a matter of principle, your personal data will be deleted or anonymized as soon as it is no longer required for the above-mentioned purposes and we are not obliged to retain it for further storage due to statutory documentation and retention obligations.

We use external service providers (e.g. AGM agencies and solicitors) for the technical handling of the Annual General Meeting.

In addition, it may be necessary to transfer your personal data to other recipients (e.g. AGM agencies, solicitors or auditors) if this is required to comply with legal obligations. If you participate in the Annual General Meeting, other MBB shareholders may view the data recorded about you in the list of participants required under stock corporation law in accordance with Section 129 of the German Stock Corporation Act (AktG).

Do we pass your data on to third parties?

Your personal data will not be transferred to third parties for purposes other than those listed. Your personal data will be passed on to third parties if this is necessary to achieve the purpose of data processing in accordance with Art. 6 (1) (b) GDPR. This includes, in particular, companies with which we have a corporate relationship (members of the group, i.e. parent, subsidiary and/or sister companies), but also suitable third parties, such as our other business partners, customers, suppliers or subcontractors who perform tasks in connection with a contract concluded with you. Your data may also be passed on to solicitors, tax advisors or auditors. In the case of corporate transactions, your data may also be passed on to third parties. The data passed on may only be used by the third party for the specified purposes.

With regard to the data that we collect via our website, we only pass on your personal data to third parties if you have given your express consent in accordance with Art. 6 (1) (a) GDPR the disclosure is necessary to safeguard our legitimate interests or those of a third party pursuant to Art. 6 (1) (f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, in the event that has a legal obligation to disclose the data pursuant to Art. 6 (1) (c) GDPR 1 lit. c GDPR, and this is legally permissible and necessary for the performance of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

The data will only be transferred to third countries if this is necessary in the individual case. In the event of an inspection by an authority, such as the supervisory authority, the disclosure of personal data may also be necessary in individual cases.

Your Rights

You have the following rights in accordance with Art. 12-22 GDPR. As a data subject, you have the right to request information about which personal data we store and for what purpose, as well as to receive a copy of your data. In addition, you can have incorrect data corrected or data deleted whose storage is inadmissible or no longer necessary. Furthermore, you have the right to request the restriction of the processing of your data, to have your automatically processed data transferred if we process it on the basis of your consent or on the basis of a contract, and to complain to a supervisory authority if you believe that our processing of your data is unlawful.

In accordance with Art. 77 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your data violates data protection regulations. You can exercise this right with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

Right to Object

If your personal data is processed based on legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, if there are reasons for this arising from your particular situation. If you wish to exercise your right to object, simply send an e-mail to compliance(at)mbb.com.

To exercise your rights vis-à-vis us, please use the postal service or e-mail compliance(at)mbb.com.

Changes to this Privacy Policy

We reserve the right to change this privacy policy at any time with future effect. The current version is available here. Please visit regularly and inform yourself about the applicable privacy policy. 
As of: 19 August 2025