Joachimstaler Strasse 34
10719 Berlin, Germany
Phone +49 30 844 153-30
Fax +49 30 844 153-33
Represented by the Managing Directors
Dr Constantin Mang (CEO)
Dr Jakob Ammer (COO)
Torben Teichler (CIO)
(hereinafter: "We") as the Controller pursuant to Article 4 (7) of the General Data Protection Regulation (GDPR).
FIRST PRIVACY GmbH
Tel.: 0421 696632-0
Fax: 0421 696632-11
General information about our handling of personal data
Personal data are any data that could be traced back to your identity.
We process your personal information if you are one of our customers or suppliers, use our products or services, are interested in our products or services, are employed by one of our customers or suppliers or work for someone who uses our products or services. In the event that you work for someone with whom we would like to exhibit or promote our products or services, we will have received your information directly from you or through a third party.
What personal data do we collect and process?
The personal data processed by us may include the following:
- Title, first name, last name;
- Name and contact details of your employer;
- Address, e-mail address, telephone number (landline and/or mobile) as well as other (professional and/or private) contact details.
In addition, additional personal data may be processed if necessary, namely:
- Information that you have communicated to us in the course of communication processes (e.g. by phone or e-mail) or via our website.
- Information you have provided to us as part of the product use or delivery, during the provision of our services, by placing an order, subscribing to a newsletter, or by making a request to us. This information will be collected whether you are doing this for yourself or your employer.
- We process the following data during business transactions with you and also your employer:
- Data from you that are necessary for the initiation, conclusion and fulfilment of a contract with you or your employer.
- Event information we need to perform our services, such as your dates and preferences or the dates and preferences of your colleagues.
- Data that you provide during your visit or that we may otherwise refer to (such as the entry of your name in the visitor list, your recording on our surveillance video or the licence plate of your vehicle if you use one of our parking lots).
- The data are collected
- to identify you as our customer, supplier or their employees;
- to be able to initiate, conclude and carry out contracts with you and/or your employer;
- to be able to obtain your products/services;
- to provide you with information about our products/services (e.g. via e mail) or to recommend other products/services from our portfolio to you that may be of interest to you and/or your employer, while taking your preferences into consideration.
On what basis do we collect this data and for what period of time?
The data are processed based on your consent (which is revocable at any time), provided we need it for the processing. In addition, the processing of your data takes place for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; The legal basis of the processing may also be a legal obligation to which we are subject, or it may be for the protection of our legitimate interests or that of a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail.
The personal data collected by us will be stored until the respective purpose of the data processing has been achieved and then deleted unless we are obliged to store it for a longer period of time due to tax and commercial requirements for storage and documentation (pursuant to the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Fiscal Code (AO)) in accordance with Article 6(1)(c) of the GDPR or you have consented to further storage in accordance with Article 6(1)(a) of the GDPR.
Do we pass your data on to third parties?
We do not disclose your personal data to third parties for purposes other than those listed. Your personal data will be passed on to third parties if it is necessary to achieve the purpose of the data processing in accordance with Article 6(1)(b) of the GDPR. This includes, in particular, companies in a corporate law relationship with us (members of the Group, i.e. parent, subsidiary and/or sister companies), but also suitable third parties, such as our other business partners, customers, suppliers or subcontractors who perform tasks in connection with a contract with you. Your data may also be disclosed to lawyers, accountants or auditors. Your data may also be disclosed to third parties in corporate transactions. The disclosed data may only be used by the third party exclusively for the stated purposes.
With regard to the data that we collect via our website, we only disclose your personal data to third parties if you have expressly consented to the disclosure of your personal data in accordance with Article 6(1)(a) of the GDPR, the disclosure is necessary for the purposes of our legitimate interests or that of a third party in accordance with Article 6(1)(f) of the GDPR, and there is no reason to assume that you have a predominantly legitimate interest in the non disclosure of your data in the event that there is a legal obligation for the disclosure in accordance with Article 6(1)(c) of the GDPR, and it is necessary for the performance of a contract with you in accordance with Article 6(1)(b) of the GDPR.
You can contact us at any time and request information, the correction, deletion, or restriction of or objection to the processing of your personal data. You also have the right to data portability and the right to complain to a supervisory authority. Please mail us a request or send an e-mail to anfrage(at)mbb.com to exercise your rights.
Right to object
If your personal data are processed based on legitimate interests in accordance with Article 6(1)(f) of the GDPR, you have the right to file an objection against the processing of your personal data in accordance with Article 21 of the GDPR, provided there are reasons for this arising from your particular situation. If you would like to exercise your right to object, please send an e-mail to request(at)mbb.com.
What data do we collect when you visit our website?
We collect personal data on our website only if you voluntarily disclose it to us. This may include the following data, depending on your use of our site:
We will save your e-mail address if you contact us via one of our contact forms. You can also voluntarily give us more data, such as your name. We use this data to process your inquiries.
We will save your e-mail address if you contact us via our newsletter form. You can also voluntarily give us your name. We use the "double opt-in process" when you register for our newsletter. After you have registered, we will send an e-mail to the e-mail address you have provided and ask you to confirm that you wish to receive the newsletter from us in the future. If you do not confirm your registration within 24 hours, the data you provided will be automatically deleted. We also store your IP address and the time of registration for the newsletter as well as the time of confirmation in order to prove your registration and, if necessary, to inform you about possible misuse of your personal data.
We will store the aforementioned data as long as you have subscribed to the newsletter. The data will be deleted after you unsubscribe from the newsletter. Your subscription to the newsletter may be revoked at any time by unsubscribing from the newsletter. You can do this by clicking on the link contained in each newsletter e-mail. You can also unsubscribe from the newsletter by using the form provided on our website or mailing us your unsubscribe request.
If you would like to apply to work for us, please either mail us your application or use our applicant e-mail, which is listed in the Career section of our website. This will ensure that the data and documents you submit to us will only be stored for as long as you wish.
As a precaution, we would like to point out some technical facts. The operator of the web server on which our website is published (hereinafter "provider") automatically collects and temporarily stores information in server log files that your browser automatically transmits to our provider's web server. These files are divided into access logs, error logs and mail logs.
Access logs store the following data: the last three digits of your IP address ("anonymised"), date, time, pages accessed, logs, http status code, dataset, referrer, user agent, and host name. The data are stored for 60 days and then automatically deleted.
In addition to the error messages, the accessing computer (IP address) and, depending on the error, the accessed web page are stored in the error logs. The data are stored for 7 days and then deleted.
Mail logs for sending e-mails from the web environment (e.g. when using the newsletter form) are anonymised after one day and then kept for 60 days. All data about the sender/recipient, etc. are removed during the anonymisation process. The data about the send time and information on how the e-mail was processed (queue ID or not sent) are the only data that are retained.
As our provider's customer, we have no influence on and no access to the collected data and also no influence on the storage duration of the data in the server logs.
This data will not be stored with any other personal data. Neither we nor our provider evaluate this data for marketing purposes. The temporary storage in log files helps the provider to ensure the functionality of our website and to ensure the security of its IT systems and is necessary according to the provider.
Why and on what legal basis do we collect your personal data when you visit our website?
We only use the data entered by you in our web forms in order to provide the service you requested. We do this based on Article 6(1) points (a), (b), (c) and (f) of the GDPR.
The basis for data processing by our provider is Article 6(1)(b) of the GDPR, which allows the processing of data to the performance of a contract or in order to take steps prior to entering into a contract.
IP addresses, cookies and tracking
We also do not use tracking software on our website. When you visit our website, we do not store your IP address – even in truncated (anonymised) form – or any other data from your system. We cannot use your data to identify you from your visit to our website, unless you actively submit personal information to us in any of the ways described above.
Links to other websites and plug-ins
Our website may contain links to websites of other providers that are not affiliated with us. In addition, our website also contains plug-ins from providers that display the content of the websites operated by these providers on our website. These plug-ins are only visible on our website if you explicitly request it by clicking on the corresponding links. After clicking on links or after activating a plug-in, we no longer have any influence on the processing of transmitted data (such as your IP address or other data from your system), because the behaviour of third parties is beyond our control. We therefore cannot accept any responsibility for the processing of this data by third parties.
Social media plug-ins
We do not use any social media plug-ins.
All information that you submit to us will be stored on servers in Germany. We use technical and organisational security measures to ensure that our users' personal data are protected against loss, destruction, incorrect changes and unauthorised access by third parties. Specifically, your personal information is transmitted in encrypted form by our website.
In any case, only authorised persons on our side have access to your personal data, and only to the extent that it is necessary for the purposes mentioned above.
The following additional provisions apply for our shareholders:
We use your personal data for the purposes set out in the German Stock Corporation Act (Aktiengesetz, AktG), particularly for the handling of the Annual General Meetings. The legal basis for processing your personal data is the Stock Corporation Act in conjunction with Article 6(1)(c) and 6(4) of the GDPR.
In addition, your personal data may also be used to fulfil other legal obligations, such as regulatory requirements, as well as stock, commercial and tax-related retention requirements. For example, when authorising proxies nominated by the Company for the Annual General Meeting, it is mandatory to record the data serving as proof of authorisation in a verifiable manner and to keep it for review for three years (sentence 5 of Section 134(3) of the AktG). The legal basis for processing in this case is the respective statutory provisions in conjunction with Article 6(1)(c) of the GDPR.
In individual cases, we will also process your data to safeguard legitimate interests in accordance with Article 6(1)(f) of the GDPR.
If your personal data is intended to be processed for a different purpose, you will be informed in advance in accordance with the law.
The retention period for data collected in connection with Annual General Meetings is normally up to 3 years. The data stored in the share register is normally kept for 10 years after the shares have been sold. In addition, we store personal data only if it is necessary in connection with claims asserted against the company (statutory limitation period of up to 30 years). In principle, your personal data will be deleted or anonymised as soon as the data are no longer required for the purposes mentioned above and we are no longer legally obligated to provide proof and store the data for a longer period of time.
We use external service providers for the technical handling of the Annual General Meeting.
In addition, it may be necessary to transfer your personal information to other recipients, insofar as it is necessary to fulfil legal obligations. If you attend the Annual General Meeting, other MBB shareholders will be able to view the data entered in the list of shareholders required by company law in accordance with Section 129 of the AktG.
As of: 25 May 2018