Privacy policy

Version dated 01.09.2023/XNUMX/XNUMX

 

 

The protection of your personal data is particularly important to us. We therefore process your data exclusively on the basis of the applicable legal provisions (EU General Data Protection Regulation GDPR, TKG 2003). In this data protection information we inform you about the most important aspects of data processing as part of our activities.

It is generally possible to use our website without providing any personal data. If you enter personal data, for example for the purpose of contacting us or subscribing to a newsletter, we will pass on the necessary information to companies that process data on our behalf (e.g. sending the newsletter). We only commission companies that comply with the General Data Protection Regulation.

Encrypted transmission

For security and data protection reasons, this website uses SSL encryption, which prevents third parties from intercepting and reading the data you enter during transmission. You can recognize active encryption by the padlock or similar symbols in the address bar of your browser.

Contact us

If you contact us using a form on the website, by e-mail or by other means, the data you provide (name, e-mail address, address and optionally the telephone number) will be used to process the request and for the purpose In the case of follow-up questions, we will store it until you revoke your consent. If the inquiry results in a contract, the statutory retention periods apply. We will not pass on this data without your consent. Data processing is carried out on the basis of Art 6 Paragraph 1 lit b (fulfillment of the contract) and Art 6 Para 1 lit a (consent) of the GDPR.

Newsletter

You have the option of subscribing to our newsletter via our website. For this we need your email address and your declaration that you agree to receive the newsletter.

Once you have registered for the newsletter, we will send you a confirmation email with a link to confirm your registration. The data processing is therefore carried out on the basis of the legal provisions of Section 96 Paragraph 3 TKG and Article 6 Paragraph 1 lit a (consent) of the GDPR.

You can cancel the newsletter at any time. Please send your cancellation to the following email address:office[at]mtbint[dot]com> or use the corresponding link at the end of the newsletter. We will then immediately delete your data in connection with sending the newsletter.

The newsletter is sent by “Brevo”, a brand of Sendinblue GmbH, Köpenicker Straße 126, D-10179 Berlin, Germany. Your email address, the date of your registration and the IP address used are stored on Brevo's servers in the EU. Brevo uses this information to send and evaluate the newsletters on our behalf. Brevo also uses the data to optimize its own service, but will under no circumstances pass it on or write to subscribers itself.

For the purpose of statistical analysis, the newsletters sent contain small images (web beacons) or redirected links, which we can use to determine whether you have read our newsletter and what type of device you used.

We have concluded a data processor agreement with Brevo, in which Brevo undertakes to comply with the standard contractual clauses defined by the EU Commission. You can find Brevo's privacy policy here.

 

Server protocols

The server from which this website is provided stores information that is automatically transmitted to us by your browser in so-called log files. These are:

  • The type and version of browser used
  • Operating system used
  • The page (URL) from which you came to us
  • The IP address of the accessing computer
  • Time of request

This data is used exclusively for technical monitoring of the web server (utilization, optimization, error detection, security) and is absolutely necessary for this purpose. They are not connected to other data sources so that they cannot be assigned to individual people. They will be deleted after three months.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the proper and secure functioning of the website.

Operation of the website by Webflow

This website is hosted by Webflow, a trademark of Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. When you visit our website, Webflow collects the following data for billing, troubleshooting and visitor statistical purposes:

  • The IP address
  • Date and time of access
  • the browser used and the operating system (user agent string)
  • installed fonts
  • MIME types
  • Browser language and time zone
  • installed browser plugins
  • screen resolution
  • http headers

Webflow processes this data on servers distributed around the world, usually in the USA and on the content delivery network server closest to you.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the attractive and technically flawless presentation of a website for marketing purposes.

We have concluded a processor agreement with Webflow, in which Webflow undertakes to comply with the standard contractual clauses defined by the EU Commission.

Further information can be found in the Webflow data protection declaration https://webflow.com/legal/eu-privacy-policy

scheduling

To plan appointments, we use the services of Calendly Inc., BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA:

Calendly processes the data you enter (name, email address and optional information on the consultation topic) in order to arrange a consultation appointment. This information is passed on to us.

Calendly also processes access logs (as described under “Server Logs”), sets cookies and uses Google Analytics to statistically record the use of your website. The purpose of this data processing is to provide the service, i.e. to book appointments, to improve the product and to fulfill legal regulations. Details on how Calendly uses data can be found here: https://calendly.com/pages/privacy.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit b (fulfillment of the contract) and Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the simple and effective booking of appointments by our customers.

We store the data from an appointment booking until the expiry of the tax retention period (7 years).
Calendly only stores the data for as long as it is absolutely necessary to provide the service or the other purposes mentioned above.

We have concluded a data processor agreement with Calendly, in which Calendly undertakes to comply with the standard contractual clauses defined by the EU Commission.

Use of Zoom for consultation

We use the online video conferencing solution Zoom for consultations. Zoom is a service provided by Zoom Video Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, CA 95113, USA.

When we communicate using Zoom, the conversation content (i.e. audio and video) is encrypted so that only the participants in the conversation can access it. No records are created.

Zoom also processes information you enter, such as your name, telephone number or email address, and automatically collected data such as your IP address, the MAC address of the device used, the operating system, the client software used, camera, microphone and and speaker type, whether they transmit the sound via telephone or VoIP and whether they participate in the conversation with or without video. The duration of the conversation, your name in the conversation and the content of the chat are also processed.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit b (fulfillment of the contract) and Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the simple and effective conduct of online meetings via the Internet.

Zoom only stores the data for as long as it is necessary to provide the service or the other purposes mentioned above.

We have concluded a data processor agreement with Zoom, in which Zoom undertakes to comply with the standard contractual clauses defined by the EU Commission.

Further details on data processing by Zoom can be found here: https://zoom.us/de-de/privacy.html

 

Google reCaptcha

We use the “Google reCaptcha” service from Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA, to protect our website from spam and misuse.

For this purpose, data is transmitted to Google that makes it possible to distinguish between humans and robots. In most cases, this happens without a human having to answer questions or recognize images.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit f (legitimate interest) of the GDPR.

Our concern within the meaning of the GDPR (legitimate interest) is to protect our website from spam and misuse.

The Google Terms of Use and further information about the data processed can be found under the following links: https://www.google.com/analytics/terms/de.html

Google Fonts

On our website we use fonts from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. When you view our website, your browser downloads these fonts from Google.

The use of Google Fonts takes place without registration and no cookies are sent to Google. If you are logged in to Google when you visit our website, your Google account information will not be transmitted to Google. Google only records the use of the corresponding fonts and stores this data securely.
Details can be found on https://developers.google.com/fonts/faq

Please also note the Google privacy policy https://www.google.com/intl/de/policies/privacy/, where you can find further information about the data processed.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the attractive design of the website.

Typekit Fonts

On our website we use fonts from Adobe Systems Incorporated: 345 Park Avenue, San Jose, California 95110-2704, USA or Adobe Systems Software Ireland Limited: 4-6 Riverwalk, City West Business Campus, Saggart, Dublin 24 , Ireland 4-6 Riverwalk, Citywest Business Park, Dublin 24, Ireland.
When you view our website, your browser downloads these fonts from Adobe Severn.

Typekit fonts are used without registration and no cookies are set. Adobe only records the use of the corresponding fonts for the purposes of billing and reliable operation of the servers. Details about the data processed can be found at https://www.adobe.com/at/privacy/policies/adobe-fonts.html.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the appeal

Cookies

Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm.

We use cookies to make our offer user-friendly. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit.

Some of these cookies are necessary for the operation of the website and store your consent to non-essential cookies, the language you have chosen and are used for registration. Add additional essential cookies here. If you do not want the necessary cookies to be stored, you can set your browser so that it informs you about the setting of cookies and you only allow this in individual cases.

The legal basis for the use of necessary cookies is Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. Legitimate interests within the meaning of the GDPR are the proper and secure functioning of the website and the optimization of our offering.

In addition, other cookies that are not absolutely necessary for the operation of the website may be stored and only with your consent. Details about this in the following sections.

Consent management with CookieYes

To query and store your consent for cookies and other data processing that requires your consent, we use CookieYes, a service provided by CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.

CookieYes does not process any personal data, but only the following information in anonymized form:

  • a random key
  • the selection you made (consent)
  • Your IP address in anonymized (shortened) form
  • Date and time of your consent/rejection
  • The URL where you agreed/rejected
  • the browser used and the operating system (user agent string)

The data is processed exclusively in the EU and stored permanently to document your consent.

In addition, a cookie is stored in the visitor's browser that stores the random key and the selection (consent) you made. This information can be used later to verify consent.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the effective and legally flawless recording and storage of your consent.

Information on data processing by CookieYes can be found here: cookie yes data protection agreement

 

Google Tag Manager 

For the purpose of effectively configuring the analysis services described below, we use Google Tag Manager on this website, a service provided by Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

The Tag Manager is primarily used to transmit data to the Google Analytics and Google Ads services described below. He only processes data to the extent technically necessary, in particular the IP address of the accessing computer. The data passed on to the configured services is not analyzed or stored.

We have concluded a data processor agreement with Google in which Google undertakes to comply with the standard contractual clauses defined by the EU Commission.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit a (consent) of the GDPR.

The Google Terms of Use and further information on data protection can be found at the following links: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ and https://www.google.com/intl/de/policies/privacy/

Google Analytics

With your consent, our website uses functions of the web analysis service “Google Analytics” from the provider Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Cookies are used for this purpose, which enable analysis of the use of the website by your visitors. The information generated in this way is transferred to the provider's server and stored there.

If you have agreed to the use of Google Analytics, cookies will be set in your browser that identify you when you visit our website again and allow us to distinguish between visitors and analyze what you have viewed on previous visits to our website. Because the privacy of our users is important to us, this data is pseudonymized, meaning we cannot assign it to specific people and do not know who the respective visitor was.

We have activated the “IP anonymization” function on this website. This means that your IP address is shortened before it is transmitted to the USA and can no longer be assigned to a specific person. Only a rough localization is possible. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.

We have concluded a data processor agreement with Google in which Google undertakes to comply with the standard contractual clauses defined by the EU Commission.

Data processing is carried out on the basis of the legal provisions of Section 96 Paragraph 3 TKG and Article 6 Paragraph 1 lit a (consent) of the GDPR.

The Google Terms of Use and further information on data protection can be found at the following links: https://www.google.com/analytics/terms/de.html and http://www.google.com/intl/de/policies/privacy/

GTranslate

With your consent, our website uses functions of the translation service “GTranslate” from the provider Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA, which Data processing and translation processes ensure a high level of data protection. When used, personal data is processed, but is protected in an appropriate manner.

When you use our services and GTranslate is involved, certain data, including personal data, will be processed. GTranslate is committed to immediately reporting possible security breaches and to transparently handling any data requests from you.In order to verify data processing, GTranslate provides us with a test report and secures the transfer of personal data in an international context with EU standard contractual clauses. In this way, we ensure compliant data transfer even outside the EEA.When data is transferred to sub-processors outside the EEA, GTranslate ensures that appropriate data protection measures are taken. We rely on recognized data protection standards such as the EU-US Privacy Shield framework.This data processing is carried out on the basis of the legal provisions of the GDPR and in accordance with the obligations that we and GTranslate have as data processors.For more information about GTranslate and its privacy policy, please visit https://gtranslate.io/assets/pdf/gtranslate_dpa_20180622.pdf.

data storage

For accounting purposes, we store the following customer data: name, address, telephone number, email address, VAT ID. If you have agreed to a direct debit mandate (SEPA direct debit mandate), also your bank details. This data will not be passed on, with the exception of transmission to the processing banking institutions/payment service providers for the purpose of debiting, as well as to our tax advisor for accounting purposes and to fulfill our tax obligations. The data is stored exclusively within the EU.

The data you provide is necessary to fulfill the contract or to carry out pre-contractual measures. Without this data we cannot conclude and fulfill the contract with you.

All data from a contractual relationship will be stored until the tax retention period (7 years) has expired.

The above data is stored

  • On encrypted local computer systems or portable computers secured by passwords and physical access protection.
  • in encrypted and password-secured cloud solutions from Microsoft (Microsoft Ireland Operations Limited, Atrium Block B, Carmenhall Road, Sandyford Industrial Estate, Dublin 18, Ireland).
    The data is stored exclusively on servers within the EU.
    We have concluded a data processor agreement with Microsoft in which Microsoft undertakes to comply with the standard contractual clauses defined by the EU Commission. You can find Microsoft's privacy policy here

Data processing is carried out on the basis of Article 6 Paragraph 1 lit c (legal regulations) of the GDPR and Article 6 Paragraph 1 lit b (necessary for the fulfillment of the contract) of the GDPR.

Data processing as part of order fulfillment and customer service

For the purpose of fulfilling the contract, if necessary for the order you have placed and actively transmitted by you, access data for online services you use such as web hosting, email providers, Office Solutions, social media platforms etc. saved.

The storage takes place

  • On encrypted local computer systems or portable computers secured by passwords and physical access protection.
  • In the encrypted and password-secured cloud solution LastPass (LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson's Quay, Dublin 2, Ireland). The data is stored exclusively on servers in Germany. LogMeIn is certified under the US-EU data protection agreement “Privacy Shield”, and a data processor contract is currently in progress.

For the purpose of remote maintenance, we use the Teamviewer service from TeamViewer GmbH, Göpping, Germany.

For the purposes of project management, communication and time recording, your contact details or information about the content of the contract may be stored on the following systems:

  • Slack, Slack Technologies, USA

The data you provide is necessary to fulfill the contract or to carry out pre-contractual measures. Without this data we cannot conclude and fulfill the contract with you. Data will only be transferred to third parties with your express permission

All data from a contractual relationship will be stored until the tax retention period (7 years) has expired. Access data to systems used by the customer will be deleted immediately after the contract ends.

Data processing is carried out on the basis of the legal provisions of Section 96 Paragraph 3 TKG and Article 6 Paragraph 1 lit a (consent) and/or lit b (necessary for contract fulfillment) of the GDPR.

Your rights

In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and objection. Relevant inquiries can be sent to the email addressmtb-market-intelligence[dot]com> are addressed.

If you believe that the processing of your data violates data protection law or that your data protection claims have been violated in any other way, you can complain to the supervisory authority. In Austria this is the data protection authority.

You can reach us under the following contact details:

1st MTB Market Intelligence eU

Rappgasse 6/15

A-1210 Wien

Austria

office[at]mtbint[dot]com