Data Privacy Policy (Last updated : July 2018)

Thank you for visiting our website and for your interest in our company. The protection of your personal data is a matter of great importance to us. Below we inform you according to Art. 12, 13 and 21 of the General Data Protection Regulation (GDPR) about the handling of your personal data when visiting our website www.maria-galland.com.

Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person. This includes information such as the civil name, address, telephone number and date of birth.

I. Responsible Body

MARIA GALLAND INTERNATIONAL GmbH

Wintrichring 58

D-80992 München

Phone: 0049-(0)89-1 43 24-0

Fax: 0049-(0)89-1 43 24-158

Email: info@maria-galland.com

II. Data Protection Officer

Alexander Bugl

Bugl & Kollegen GmbH

Sedanstraße 7

D-93055 Regensburg

Phone Office: 0049-(0)941-630 49 789

Mobile: 0049-(0)176-10 31 26 88

Email: ab(at)buglkollegen.de

 

III. Purposes and Legal Basis of the Data Processing

1. Informational Use of the Website

You can visit our website without providing any personal information. If you use our website for informational purposes only, i.e. if you do not log in, register, place an order or otherwise provide us with information about yourself, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website as well as information that is transmitted to us through cookies used for statistical analysis of the use of our website.

a. Technical Provision of the Website

For the purpose of the technical provision of the website, it is necessary that we process certain automatically transmitted information about you so that your browser can display our website and you can use the website. This information is automatically collected for each visit of our website and stored in our server log files. This information refers to the system of the requesting electronic device. The following information is collected thereby:

  • IP address;
  • Browser type / -version;
  • Operating system;
  • Date and time of your visit;
  • Your language;
  • Your user name, if you log in;
  • Accessed URLs respectively requested information.

 

Furthermore, in order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various web pages. Cookies are text files that are stored in the internet browser or by the internet browser when you visit a website on your computer system. A cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is called up again. Some functions of our website may not be offered without the use of cookies. We use in particular the following cookies:

a)    Necessary and functional cookies: These cookies are necessary to enable the operation of our website. These include, for example, cookies that enable you to log into the customer area, add something to the shopping cart or suggest a better navigation flow to our website.

b)    Analytical/performance cookies: These cookies allow us to collect anonymous data about the usage behavior of our visitors. These are then evaluated by us in order, for example, to improve the functionality of the website and to show you interesting offers.

c)    Targeting cookies: These cookies record your visit to our website, the pages you have visited and the links you have executed. We will use this information to tailor our website and the advertising you receive to your interests.

On our website we use the following necessary/functional and analytical/performance cookies:

(1) Cookie type

_utm.gif

Cookie description

Google Analytics Tracking Code that logs details about visitor’s browser and computer.

Expiry/duration of storage

After the session is closed

(2) Cookie type

_utma

Cookie description

Collects data on the number of times a user has visited the web site as well as dates for the first and most recent visit. Used by Google Analytics.

Expiry/duration of storage

2 years

(3) Cookie type

_utmb

Cookie description

Registers a timestamp with the exact time of when the user accessed the website. Used by Google Analytics to calculate the duration of a website visit.

Expiry/duration of storage

After the session is closed

(4) Cookie type

_utmc

Cookie description

Registers a timestamp with the exact time of when the user leaves the website. Used by Google Analytics.

Expiry/duration of storage

After the session is closed

(5) Cookie type

_utmt

Cookie description

Used to throttle the speed of requests to the server.

Expiry/duration of storage

After the session is closed

(6) Cookie type

_utmz

Cookie description

Collects data on where the user came from, what search engine was used , what link was clicked and what search term was used. Used by Google Analytics.

Expiry/duration of storage

6 months

(7) Cookie type

AWSALB

Cookie description

This cookie is needed for the load balancing service, making sure that a single user gets tied to a single website host. Otherwise information might be lost (e.g. already filled data for the institute finder or a form).

Expiry/duration of storage

6 days

We process your personal data for the technical provision of our website on the following legal basis:

  • for the fulfilment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 letter b GDPR, provided you visit our website to obtain information about our products; and
  • to protect our legitimate interests pursuant to Art. 6 para. 1 letter f GDPR in order to make the website technically available to you. Our legitimate interest is to offer you an appealing, technically functioning and user-friendly website.

b. Statistical Analysis of Website Usage and Range Increase

For the purpose of statistical analysis of the use of our website, we use Google Analytics and thus cookies, which enable an analysis of your browsing behaviour. This enables us to improve the quality of our website and its content. We learn how the website is used and can thus continuously optimize our offer.

The information obtained in the context of the statistical analysis of our website will not be merged with your other data collected in the context of the website.

We process your personal data for statistical analysis of the use of our website on the following legal basis:

  • to protect our legitimate interests pursuant to Art. 6 para. 1 letter f GDPR; in order to make the website technically available to you. Our legitimate interest is to offer you an demand-oriented and needs-based design of our website.

Google Analytics

On our website we use Google Analytics, a web analysis service of Google LLC. Google Analytics uses so-called "cookies": text files placed on your computer, enabling an analysis of the use of the website by you. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on our website, Google will shorten your IP address within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with other services relating to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

On our website we use Google Analytics with the extension "_anonymizeIp()". This arranges for IP addresses to be further processed in abridged form, a direct relation to a person can be ruled out.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that in this case you may not be able to use the full scope of functions on our website.

You can prevent the collection of data generated by the cookie and relating to your use of our website (including your IP address) and the transmission to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout

As an alternative to the browser plugin, you can click this https://maria-galland.com/#cookies to prevent Google Analytics from collecting data about our website in the future. An opt-out cookie is stored on your device. If you delete your cookies, you must click the link again.

For more information on Google Analytics' Terms of Use and Privacy Policy, please visit www.google.com/analytics/terms/de.html or www.google.de/intl/de/policies/

Use of the Facebook Social Plugin

On our website we use the Facebook Social Plugin. In order to increase the protection of your data when you visit our website, the Facebook Social Plugin is not unrestricted, but merely integrated into the page using an HTML link (so-called "Shariff solution"). This ensures that when accessing our website, no connection is established with the Facebook servers and that your data is not transmitted to Facebook. Only when you activate the plugins and thus give your consent to the data transfer, your browser establishes a direct connection to the Facebook servers, where you can (if necessary after entering your login data) e.g. click the Like or Share button. Functionally, the Facebook Social Plugin through the Shariff solution is equivalent to a hyperlink, so that neither we, nor Facebook, collect data from you on our website.

If you have left our website and are on the pages of Facebook, please refer to the Facebook privacy policy for information on how Facebook handles your data, in particular on the purpose and extent of data collection, further processing and use of the data by Facebook, your respective rights and setting options to protect your privacy: www.facebook.com/policy.php

Google Maps

Our website uses the Google Maps plugin. This service is offered by Google.

To increase the protection of your data when you visit our website, the Google Maps plugin is not integrated into the page unrestrictedly, but by using an HTML link. This ensures that when you visit our website, you are not yet connected to Google's servers and that your data is not transmitted to Google. Only when you activate the plugins and thus give your consent to the data transmission, your browser establishes a direct connection to the Google servers, where you can (if necessary after entering your login data) e.g. click the Like or Share button. Functionally, the Google Maps plugin thus corresponds to a hyperlink through the Shariff solution, so that neither we nor Google collect data from you on our website.

The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights and setting options for the protection of your privacy can be found in Google's data protection information at www.google.com/policies/privacy/partners/

c. Social Links

The website includes links to services such as Twitter and Instagram. After clicking on the link you will be redirected to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on the handling of your data when using the websites of other providers, please refer to the respective data privacy policies by these providers.

2. Active Use of the Website

In addition to the merely informational use of our website, you can also actively use our website to order one of our products, to register for an user account or to contact us. In addition to the above-mentioned processing of your personal data for merely informational purposes, we will also process other personal data that we require from you to process your order or to process and respond to your inquiry.

a. User Requests

In order to process and answer your inquiries to us, e.g. via the contact form or our e-mail address, we process your personal data provided by you in this context. In any case, this includes your name and e-mail address in order to send you an answer, as well as other information that you send us in the context of your message.

We process your personal data in order to respond to user inquiries on the following legal basis:

  • to protect our legitimate interests pursuant to art. 6 para. 1 letter f GDPR; our legitimate interest is to answer customer inquiries appropriately.

b. Law Enforcement

We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to defend against or prosecute criminal offences.

We process your data for the above purposes on the following legal basis:

  • to protect our legitimate interests pursuant to art. 6 para 1 letter f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or clarify criminal offences.

c. Promotional Purposes

Use of Data for Email Advertising and your Right of Objection

If we have received your email address in connection with the conclusion of the contract and the provision of our products and you have not objected to this, we reserve the right to regularly send you offers for similar products from our range of products by e-mail. You can object to this use of your e-mail address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.

If you have provided us with your email address in connection with the purchase of goods or services and if we send you offers for similar products, we process your personal data in order to safeguard our legitimate interests pursuant to art. 6 para. 1 letter b GDPR in connection with Sec 7 para. 3 of the German Act against Unfair Competition; our legitimate interest is based on our economic interests in the implementation of advertising measures and target group-oriented advertising.

d. Submitting a Job Application

We process your personal data in the context of your job application, provided that you make such job application available to us. The application documents may contain special categories of personal data.

Processing of Personal Data

The job application data usually includes the following: First and last name, if applicable your academic degree, date and place of birth, contact details (address, e-mail, telephone and/or mobile phone number), application documents (cover letter, CV, certificates), language skills, abilities. In addition, we process the data that you send us by email when contacting us.

We base our decisions in the application process on the personal data you provide within the framework of legal requirements. For example, we use your professional qualifications to decide whether we consider you in the shortlist or for an interview to decide whether we offer you the job you applied for.

We process your personal data for the above purposes on the following legal basis:

  • Data processing for the decision on the establishment of an employment relationship, art. 88 Para. 1 GDPR in connection with Sec. 26, para. 1, sentence 1 of the German Data Protection Act.

Processing of Special Personal Data

According to art. 9 GDPR, special categories of personal data are personal data which reveal racial and ethnic origin, political opinion, religious (e.g. information on religion/denomination) or ideological beliefs or trade union membership, as well as the processing of biometric data for unique identification (e.g. photos), health data (e.g. information on the degree of severe disability) or data on sex life or sexual orientation. If your CV contains special categories of personal data, we do not collect them intentionally. We expressly ask you not to send us such data.

If, as part of your application documents, you voluntarily and against our express request, provide us with special categories of personal data pursuant to art. 9 para. 1 GDPR (e.g. your photo or details of your religious affiliation/denomination), we will store these on the basis of your consent pursuant to art. 88 para. 1 GDPR in connection with Sec. 26 para. 3 sentence 2 of the German Data Protection Act. This also applies if you provide us with further special personal data in the course of the application process. By voluntarily submitting this data, you agree to the storage of this special personal data within the application process.

We do not take this special personal data into account when making a selection decision, unless it is required by law to take this special personal data into account. It is possible, for example, in some job advertisements that people with disabilities are given preferential treatment in accordance with the applicable laws. In these cases, the information is always voluntary and is provided with your express consent, which you provide by voluntarily submitting this data.

We process your special personal data on the following legal basis:

  • According to art. 9 para. 1 GDPR on the basis of your consent according to art. 88 para. 1 GDPR in connection with Sec. 26 para. 3 sentence 2 of the German Data Protection Act.

IV. Links

Some sections of our web pages may contain links to the web pages of third parties. These websites are subject to their own data protection principles. We are not responsible for their operation including the data handling. If you send information to or about such third party sites, you should review the privacy statements of those sites before you submit any information that may assigned to you.

V. Categories of Recipients

Firstly, only our employees will be informed of your personal data. In addition, we share your personal data with other recipients who provide services to us in connection with our website, insofar as this is legally permitted or prescribed. We limit the transfer of your personal data to what is necessary, in particular to be able to complete your order. In some cases, our service providers receive your personal data as contract data processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently with your data, which we transmit to them.

Below, we describe the categories of recipients of your personal data:

  • Payment service providers and banks, if applicable, during payment processing,
  • Logistics service providers to be able to deliver the products to you,
  • IT service providers who administrate and host our website,
  • Provider of an online application system,
  • Legal advisors in asserting our claims.

VI. Transfer to Third Countries

As part of the use of Google tools, we transfer your shortened IP address to the USA. The data transfer is based on the EU Commission implementing decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EG of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US data privacy shield.

Furthermore, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations.

VI. Duration of Storage

1. Informational Use of the Website

When using our website for information purposes only, we store your personal data on our servers exclusively for the duration of your visit to our website. After you have left our website, your personal data will be deleted immediately.

Cookies installed by us are usually also deleted after leaving our website. However, this does not apply to _utma cookies -these remain stored for the duration of 2 years, as well as to _utmz cookies that remain stored for 6 months and to AWSALB cookies that are stored for 6 days.  You also have the option to delete installed cookies yourself at any time.

2. Cookies

Regarding the duration of storage of your data by cookies we refer to the tables in section III.1.a. above.

3. Active Use of the Website

If you actively use our website, we initially store your personal data for the duration of responding to your inquiry or for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we will store your personal data until any legal claims arising from the relationship with you become time-barred, in order to use them as evidence if necessary. The limitation period is generally between 12 and 36 months, but can also be up to 30 years.

Upon expiry of the limitation period, we delete your personal data, unless there is a legal obligation to store such data, for example from the German Commercial Code (sec. 238, 257 para. 4 HGB) or from the Tax Code (sec. 147 para. 3, 4 AO). These retention obligations can last from two to ten years.

4. Job Applications

We initially store your personal data for the duration of the application process. If we do not fill the vacancy with you, we will delete your data after three months after rejection, unless you have consented to further storage. We will ask you for your consent via our online application system and the request for your consent will be repeated every three months. We will delete your data if your consent is not renewed or if you revoke your consent. If your application was successful and you enter into an employment relationship with us, we refer you to our information sheet on data protection for employees, which explains how your data is processed.

Longer storage periods may also result from the fact that the data is necessary for asserting, exercising or defending legal claims or that legal retention obligations exist. The data will be stored for as long as necessary to fulfil these purposes.

VIII. Your Rights as Data Subject

Under the legal provisions you are entitled to the following rights as data subject, which you can assert against us:

Right to information: You are entitled to request confirmation from us at any time within the scope of art. 15 GDPR as to whether we are processing personal data relating to you; If this is the case, you are also entitled under art. 15 GDPR to receive information about such personal data as well as other specific information (inter alia, processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of transfers to third countries, the appropriate guarantees) and a copy of the data.

Right to correction: According to art. 16 GDPR, you are entitled to demand correction of the personal data stored about you if it is inaccurate or incorrect.

Right to deletion: You are entitled, under the conditions of art. 17 GDPR, to request from us the deletion of personal data relating to you without delay. Among other things, there is no right of deletion if the processing of personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) the fulfilment of a legal obligation to which we are subject (e.g. statutory retention obligations) or (iii) the assertion, exercise or defense of legal claims.

Right to limitation of processing: Under the conditions of art. 18 GDPR you are entitled to request from us the limitation of the processing of your personal data.

Right to data transferability: You are entitled, under the conditions of art. 20 GDPR, to request from us the provision to you of the personal data relating to you that you have submitted to us in a structured, current and machine-readable format.

Right of revocation: You have the right to revoke your consent to the processing of personal data at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates.

Right to objection: You are entitled to object to the processing of your personal data under the conditions of art. 21 GDPR, meaning that we have to terminate the processing of your personal data. The right of objection exists only within the limits provided for in art. 21 GDPR. In addition, our interests may prevent the processing from being terminated, so that we are entitled to process your personal data despite your objection.

Right of appeal to a supervisory authority: You are entitled to file a complaint with a supervisory authority, in particular in the Member State of your place of residence, work or suspected infringement, under the conditions laid down in Article 77 GDPR, if you believe that the processing of personal data concerning you infringes the GDPR. The right of appeal is not prejudicial to any other administrative or judicial remedy.

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27
91522 Ansbach
Germany
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Email: poststelle@lda.bayern.de

However, we recommend that you always address a complaint to our data protection officer first.

If possible, your applications for the execution of your rights should be addressed in writing to the above address or directly to our data protection officer.

IX. Scope of your Obligations to Provide Data

Generally, you are not obliged to provide us with your personal data. However, if you do not provide this information, we will not be able to make our website available to you, answer your questions and enter into a contract with you. Personal data which we do require for the above-mentioned processing purposes are marked as mandatory by a "*” or another symbol.

X. Automated Decision Making/ Profiling

We do not use automated decision making or profiling (an automated analysis of your personal circumstances).

Information about your right of objection art. 21 GDPR

1. You have the right to object at any time to the processing of your data on the basis of art. 6 para. 1 f GDPR (data processing on the basis of a balance of interests) or art. 6 para. 1 e GDPR (data processing in the public interest), if there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data, unless we can prove compelling and applicable reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

2. We also process your personal data in individual cases for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to it at any time; this also applies to profiling, insofar as it is associated with such direct advertising. We will take this objection into account in the future.

We will no longer process your data for direct marketing purposes if you object to the processing for these purposes.

The objection can be made without formality and should be addressed to :

MARIA GALLAND INTERNATIONAL GmbH

Wintrichring 58

D-80992 München

Phone: 0049-(0)89-1 43 24-0

Fax: 0049-(0)89-1 43 24-158

Email: info@maria-galland.com

XI. Amendments

We reserve the right to change this privacy policy at any time. Any changes will be announced by publishing the amended privacy policy on our website. Unless otherwise specified, such amendments shall take immediate effect. Please check this privacy policy regularly to ensure you have the latest version.

 

Last updated in July  2018