Data Protection
We are delighted about the visit of our website. CHG-MERIDIAN AG (hereinafter ‘CHG-MERIDIAN AG’, ‘we’ or ‘us’) attaches great importance to the security of users’ data and compliance with data protection provisions.
Hereinafter, we would like to inform about how personal data is processed on our website.
With the following privacy policy, we would like to show you how we handle your personal data and how you can contact us.
CHG-MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany
E-mail address: [email protected]
Web: www.chg-meridian.com
Telephone: +49 751 503-0
Fax: +49 751 503-66
Chairman of the supervisory board: Jürgen Mossakowski
Chairman of the board: Dr. Mathias Wagner
Board: Ulrich Bergmann, Daniel Welzer
Registry court Ulm HRB 551857
Tax office Weingarten
VAT identification number: DE 146349520
Court of jurisdiction Ravensburg
Applicable law: Law of the Federal Republic of Germany
our data protection officer
If you have any questions, you can contact our data protection officer at
Benjamin Hummer, E-mail address: [email protected]
For better comprehensibility, we have refrained from gender-specific distinctions in our privacy poli-cy. In the interest of equal treatment, the corresponding terms apply to both genders.
The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR, such as “personal data” and “processing”.
The personal data of users processed within the scope of this online offer includes inventory data (e.g., names and addresses of customer), contract data (e.g., used services, names of clerks, pay-ment information), usage data (e.g., visited websites on our online offer, interest in our products) and content data (e.g., entries in the contact form).
“Users” here includes all categories of data subjects affected by the data processing. This includes, for example, our business partners, customers, interested parties and other visitors of our online of-fering.
Each of the company names or brand names mentioned in this privacy policy is the property of the respective company. The mention of brands and names is for purely informative purpose.
Automated data processing (log files etc.)
Our website can be visited without actively providing personal information about the user. However, every time our website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website the user visited us from, the date and duration of the visit and the name of the file accessed, as well the IP address of the device used (for security reasons, such as to recognise attacks on our website) for a duration of 7 days. This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about the person of the user. This data is not merged with other data sources. Legal base for the processing of the data is Art. 6 (1) (f) GDPR. We process and use the data for the following purposes: 1. to provide the website, 2. to improve our websites and to prevent and 3. identify errors/malfunctions and the abuse of the website. The processing is based on legiti-mate interests to ensure the functionality of the website and its error-free, secure operation, as well as to adapt this website to suit users’ needs.
Use of cookies (general, functionality, opt-out links etc.)
We use ‘cookies’ on our website to make visiting our website more attractive and to enable certain functions to be used. The use of cookies serves our legitimate interest in making a visit to our web-site as pleasant as possible and is based on article 6 (1) (f) GDPR. Cookies are standard internet technology used to store and retrieve login details and other usage information for all the users of a website. Cookies are small text files that are deposited on your end device. They enable us to store user settings, inter alia, to ensure that our website can be shown in a format tailored to your device. Some of the cookies we use are deleted after the end of a browser session, i.e. when closing the browser (known as ‘session cookies’). Other cookies remain on the user’s end device and enable us or our partner companies to recognise the browser on the next visit (known as ‘persistent cookies’).
The browser can be set so that the user is informed when cookies are to be stored and can decide whether to accept them in each individual situation, to accept them under certain circumstances, or to exclude them in general. In addition, cookies can be retrospectively deleted to remove data that the website stored on your computer. Deactivating cookies (known as ‘opting out’) can limit our website’s functionality in some respects.
Categories of data subjects:
Website visitors, users of online services
Opt-out:
Internet Explorer:
https://support.microsoft.com/de-de/help/17442
Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de
Safari:
https://support.apple.com/de-de/HT201265
Legal bases:
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
The pertinent legal basis is specifically stated for each tool in question.
Legitimate interests:
Storing of opt-in preferences, presentation of the website, assurance of the website's functionality, provision of user status across the entire website, recognition for the next website visitors, user-friendly online offering, assurance of the chat function
Web analysis and optimisation
We use tools for web analysis and reach measurement so that we can evaluate user flows to our online offering. To do so, we collect information about the behaviour, interests or demographics of our users, such as their age, gender, and so on. This helps us to recognise the times at which our online offering, its functions, and content are frequented the most or accessed more than once. In addition, we can use the information that has been collected to determine whether our online offering requires optimisation or adjustment.
The information collected for this purpose is stored in cookies or deployed in similar procedures used for reach measurements and optimisation. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. In this case, the data is changed so that the actual identity of the user is not known to us, nor the provider of the tool used. The changed data is often stored in user profiles.
Categories of data subjects:
Website visitors, users of online services
Data categories:
Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos)
Purposes of processing:
Website analyses, reach measurement, utilisation and assessment of website interaction, lead evaluation
Legal bases:
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests:
Optimisation and further development of the website, increase in profits, customer loyalty and acquisition
etracker
Tool:
etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany
Privacy:
https://www.etracker.com/datenschutz/
Opt-out-link:
https://www.etracker.com/datenschutz/
Legal base:
Consent (article 6 (1) (a) GDPR)
WiredMinds
Tool:
WiredMinds GmbH, Lindenspürstraße 32, 70176 Stuttgart, Germany
Privacy:
https://wiredminds.de/datenschutz/
Legal base:
Consent (article 6 (1) (a) GDPR)
6Sense Insights, Inc.
Tool:
6Sense Insights, Inc., 450 Mission Street Suite 201, San Francisco CA 94105, US
Privacy
https://6sense.com/privacy-policy/
Opt-Out-Link:
https://6sense.com/privacy-policy/
Legal base:
Consent (Art. 6 Abs. 1 lit. a) GDPR)
Online marketing
We process personal data within the framework of online marketing, particularly regarding potential interests and to measure the effectiveness of our marketing measures, with the aim of continually boosting our reach and the prominence of our online offering.
We store the relevant information in cookies or use similar procedures for the purpose of measuring the effectiveness of our marketing measures and identifying potential interests. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. If so, the data is changed so that the actual identity of the user is not known to us, nor the provider of the tool used. The changed data is often stored in user profiles.
In the event that user profiles are stored, the data can be used, read, supplemented, and expanded on the server of the online marketing procedure when other online offerings are visited that use the same online marketing procedure.
We can calculate the success of our adverts using summarised data that is made available to us by the provider of the online marketing procedure (known as ‘conversion measurement’). As part of these conversion measurements, we can trace whether a marketing measure caused a visitor to our online offering to decide to make a purchase. This evaluation serves to analyse the success of our online marketing.
Categories of data subjects:
Website visitors, users of online services, prospective customers, communication partners, business partners and contractual partners
Data categories:
Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), location data, contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos)
Purposes of processing:
Marketing (sometimes interest-based and behavioural, as well), conversion measurement, target group formation, click tracking, development of marketing strategies and increase in the efficiency of campaigns
Legal bases:
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests:
Optimisation and further development of the website, increase in profits, customer loyalty and acquisition,
etracker
Tool:
etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany
Privacy:
https://www.etracker.com/datenschutz/
Opt-out-link:
https://www.etracker.com/datenschutz/
Legal base:
Consent (article 6 (1) (a) GDPR)
Google AdWords and conversion measurement
Tool:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:
https://policies.google.com/privacy
Opt-out-link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal base:
Consent (article 6 (1) (a) GDPR)
Google Doubleclick and Static
Tool:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:
https://policies.google.com/privacy
Opt-out-link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal base:
Consent (article 6 (1) (a) GDPR)
LinkedIn Analytics and Insight Tag
Tool:
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy:
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
Opt-out-link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Legal base:
Consent (article 6 (1) (a) GDPR)
Presence on social media
We maintain online presences on social networks and career platforms so we can exchange infor-mation with users registered there and easily contact them.
Sometimes, data belonging to social network users is used for market research and, by extension, for advertising purposes. Users’ usage behaviour, such as their stated interests, can lead to user profiles being created and used in order to adapt adverts to suit the interests of the target group. To this end, cookies are normally stored on users’ end devices, which sometimes occurs regardless of whether you are a registered user of the social network.
In conjunction with the use of social media, we also make use of the associated messenger services to communicate easily with users. We would like to point out that the security of some services can depend on the user's account settings. Even in cases of end-to-end encryption, the service provider can draw conclusions about the fact that the user is communicating with us, when they do so, and, on occasion, capture location data.
Depending on where the social network is operated, the user data can be processed outside the Eu-ropean Union or outside the European Economic Area. This can lead to risks for users because it is more difficult for them to assert their rights, for example.
Categories of data subjects:
Registered users and non-registered users of the social network
Data categories:
Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses)
Purposes of processing:
Increase in the reach, networking of users
Legal bases:
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests:
Interaction and communication on social media pages, increase in profits, findings regarding target groups
Tool:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy:
https://help.instagram.com/519522125107875 and https://www.facebook.com/about/privacy
Opt-out-link:
https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/
Tool:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy:
https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum
Opt-out-link:
https://www.facebook.com/policies/cookies/
Tool:
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy:
https://www.linkedin.com/legal/privacy-policy
Opt-out-link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Kununu
Tool:
New Work SE, Dammtorstr. 30, 20354 Hamburg, Germany
Privacy:
https://privacy.xing.com/de/datenschutzerklaerung
Opt-out-link:
https://nats.xing.com/optout.html?popup=1
Vimeo
Tool:
Vimeo Inc., 555 West 18th Street New York, New York 10011, USA
Privacy:
https://vimeo.com/privacy
Opt-Out-Link:
https://vimeo.com/cookie_policy
YouTube
Tool:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:
https://policies.google.com/privacy?hl=de&gl=de
Opt-out-link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Tool:
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy:
https://privacy.xing.com/de/datenschutzerklaerung
Opt-out-link:
https://nats.xing.com/optout.html?popup=1
Plug-ins and integrated third-party content
We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, depictions, buttons or contributions (hereinafter termed ‘content’) can be inte-grated.
To enable visitors to our online offering to be shown content, the third-party provider in question pro-cesses the user’s IP address, inter alia, to transmit the content to the browser and display it. It is not possible to integrate third-party content without this processing taking place.
Sometimes, additional information is collected via ‘pixel tags’ or web beacons through which the third-party provider receives information about the use of the content or visitor traffic to our online offering, technical information about the user's browser or operating system, the visit time or referring websites. The data collected in this manner is stored in cookies on the user’s end device.
We have taken security precautions to prevent this data from being automatically transferred, with the aim of protecting the personal data of visitors to our online offering. This data is only transferred if the visitor uses the buttons or click on the third-party content.
Categories of data subjects:
Users of plug-ins or third-party content
Data categories:
Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses) contact data (e.g. email address, telephone number), Master data (e.g. name, address)
Purposes of processing:
Design of our online offering, increase in the reach of adverts on social media, sharing of contributions and content, interest-based and behavioural marketing, cross-device tracking
Legal bases:
Consent (article 6 (1) (a) GDPR)
Facebook social plugins
Tool:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy:
https://www.facebook.com/privacy/explanation
Opt-out-link:
https://www.facebook.com/policies/cookies/
Legal base:
Consent (article 6 (1) (a) GDPR)
Google Api's
Tool:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy:
https://policies.google.com/privacy?hl=de&gl=de
Opt-out-link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal base:
Consent (article 6 (1) (a) GDPR)
LinkedIn plug-ins
Tool:
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy:
https://www.linkedin.com/legal/privacy-policy
Opt-out-link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Legal base:
Consent (article 6 (1) (a) GDPR)
YouTube
Tool:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy:
https://policies.google.com/privacy?hl=de&gl=de
Opt-out-link:
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal base:
Consent (article 6 (1) (a) GDPR)
Xing plug-ins and buttons
Tool:
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy:
https://privacy.xing.com/de/datenschutzerklaerung
Opt-out-link:
https://nats.xing.com/optout.html?popup=1
Legal base:
Consent (article 6 (1) (a) GDPR)
Perbit Recruiting
Tool:
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy:
https://perbit.com/datenschutz/
Opt-out-link:
https://nats.xing.com/optout.html?popup=1
Legal base:
Consent (article 6 (1) (a) GDPR)
Vimeo
Tool:
Vimeo Inc., 555 West 18th Street New York, New York 10011, USA
Privacy:
https://vimeo.com/privacy
Opt-out-link:
https://vimeo.com/cookie_policy
Legal base:
Consent (article 6 (1) (a) GDPR)
Online conferences and meetings
We make use of the opportunity to hold online conferences and meetings. To do so, we use offer-ings provided by other carefully selected providers.
When actively using offerings of this nature, data regarding the participants in the communication is processed and stored on the servers of the third-party services used, provided this data is necessary for the communication process. In addition, usage data and metadata can also be processed.
Categories of data subjects:
Participants in the online offering in question (conference, meeting, webinar)
Data categories:
Master data (e.g. name, address), contact data (e.g. email address, telephone number), Content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses)
Purposes of processing:
Processing of enquiries, increase in efficiency, promotion of cross-company or cross-location collaboration
Legal bases:
Consent (article 6 (1) (a) GDPR)
TeamViewer
Tool:
TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany
Privacy:
https://www.teamviewer.com/de/datenschutzerklaerung/
Legal base:
Consent (article 6 (1) (a) GDPR)
Contacting us
On our online offering, we offer the option of contacting us directly or requesting information via var-ious contact options.
In the event of contact being made, we process the data of the person making the enquiry to the ex-tent necessary for answering or handling their enquiry. The data processed can vary depending on the method via which contact is made with us.
We want to point out, that e-mails can be read or changed unauthorized and unnoticed during trans-mission. Furthermore, we would like to point out that we use software to filter undesired e-mails (spam filter). The spam filter can reject e-mails if they have been erroneously identified as spam by certain chararcetristics.
Categories of data subjects:
Individuals submitting an enquiry
Data categories:
Master data (e.g., name, address), contact data (e.g., email address, telephone number), content data (e.g., text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Purposes of processing:
Processing requests
Legal bases:
Consent (article 6 (1) (a) GDPR), performance of contract (article 6 (1) (b) GDPR)
Newsletter and mass communication (including tracking)
On our online offering, users have the option of subscribing to our newsletter. We only send newsletters to recipients who have agreed to receive the newsletter, and within the framework of statutory provisions.
An email address must be provided to subscribe to our newsletter. If applicable, we collect extra data, such as your name to include a personal greeting in our newsletter.
Our newsletter is only sent after the ‘double opt-in procedure’ has been fully completed. If visitors to our online offering decide to receive our newsletter, they will receive a confirmation email that serves to prevent the fraudulent input of wrong email addresses and preclude a single, possibly accidental, click from causing the newsletter to be sent. The subscription to our newsletter can be ended at any time with future effect. An unsubscription (opt-out) link is given at the end of every newsletter.
In addition, we are obliged to provide proof that our subscribers actually want to receive the newsletter. To this end, we collect and store their IP address, along with the time of subscription and unsubscription.
Our newsletters are designed so that we can obtain findings about improvements, target groups or the reading behaviour of our subscribers. We are able to do this thanks to a 'web beacon’ or tracking pixel that reacts to interactions with the newsletter, such as looking at whether links are clicked on, whether the newsletter is opened at all, or at what time the newsletter is read. We can associate this information with individual subscribers.
Categories of data subjects:
Newsletter subscribers
Data categories:
Master data (e.g. name, address), contact data (e.g. email address, telephone number), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, inter-est in content, access times)
Purposes of processing:
Marketing, increase in customer loyalty and new customer acquisition, analysis and evaluation of the campaigns’ success
Legal bases:
Consent (article 6 (1) (a) GDPR)
Microsoft Dynamics Marketing
Tool:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy:
https://privacy.microsoft.com/de-de/privacystatement
Provision of whitepaper
On our online offering, visitors have the opportunity to request Whitepaper, so that we can provide them with recent or relevant information.
We collect personal data via a form and make the provision of our free services dependent on the subscription to our newsletter. In this case, consent is obtained via a double-opt-in procedure both for the processing of user data for the distribution of the Whitepaper and for the subscription to our mailings, which are each freely withdrawable separately.
Categories of data subjects:
Interested persons who specifically request our information material
Data categories:
IP address, form-data (form of address, name, email address, telephone number
Purposes of processing:
Marketing, acquisition of new customers, sales increase
Legal bases:
Consent (article 6 (1) (a) GDPR)
Microsoft Dynamics Marketing
Tool:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy:
https://privacy.microsoft.com/de-de/privacystatement
Data transfer
We are a globally active company headquartered in Germany. Data of visitors to our online offering is stored in our central customer database in Germany, in compliance with the pertinent data protection provisions, and is processed across the group for internal administrative purposes. It is not processed for purposes other than administrative ones.
Legal basis:
Legitimate interests (article 6 (1) (f) GDPR )
Legitimate interests:
‘Small-group exemption’, centralised management and administration within the company to make use of synergy effects, cost savings, increased efficiency
It may be necessary for us to disclose personal data for the performance of contracts or to comply with legal obligations. If the data necessary in this regard is not provided to us, it may be the case that the contract cannot be concluded with the data subject. It may also be necessary for us to engage service providers for the provision of our service or the provision of our online offer. Since it cannot be ruled out that these receive personal data of the visitors of our online offer, their engagement always takes place in accordance with the GDPR. We use the following service providers for the provision of our online offer:
Magnolia
Tool:
Magnolia International Ltd., Oslo Str. 2, 4142 Münchenstein, Switzerland
Privacy:
https://www.magnolia-cms.com/de_DE/legal/privacy.html
Indevis
Tool:
indevis IT-Consulting and Solutions GmbH, Irschenhauser Straße 10, 81379 München
Privacy:
https://indevis.de/datenschutz
Consent manager
Tool:
consentmanager gmbh, Eppendorfer Weg 183, 20253 Hamburg, Germany
Privacy:
https://www.consentmanager.net/datenschutz
We transfer data to countries outside the EEA (known as ‘third countries’). This occurs due to the above-mentioned purposes (transfer within the group and/or to other recipients). Transfer is only effected to fulfil our contractual and legal obligations, or on the basis of the consent that the data subject granted prior to this. In addition, the transfer is only effected in compliance with the applicable data protection laws, in particular taking into account Art. 44 et seq. GDPR, for example on the basis of adequacy decisions issued by the European Commission or other appropriate safeguards (e.g., standard data protection clauses, etc.).
Storage period
In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations, or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).
Automated decision-making
We do not use automated decision-making or profiling.
Legal bases
The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states and can, if applicable, be applied alongside or in addition to the GDPR.
Consent:
Article 6 (1) (a) GDPR serves as the legal basis for processing procedures regarding which we have sought consent for a particular purpose of processing.
Performance of a contract:
Article 6 (1) (b) serves as the legal basis for processing required to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.
Legal obligation:
Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.
Vital interests:
Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest:
Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.
Legitimate interest:
Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not outweighed by the interests or fundamental rights and fundamental freedoms of the data subject that require personal data to be protected, particularly if the data subject is a child.
Rights of the data subject
Right of access:
Pursuant to article 15 GDPR, data subjects have the right to request confirmation as to whether we process data relating to them. They can request access to their data, along with the additional information listed in article 15 (1) GDPR and a copy of their data.
Right to rectification:
Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.
Right to erasure:
Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.
Right to data portability:
Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.
Right to lodge a complaint:
In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under article 77 GDPR.
Right to object:
If personal data is processed on the basis of legitimate interests pursuant to article 6 (1) (1) (f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.
Withdrawal of consent
Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to [email protected] is sufficient. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.
Protection of personal data
We implement contractual, organizational, and technical security measures in accordance with the state of the art to ensure compliance with the provisions of data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
The security measures include in particular the encrypted transmission of data between your browser and our server. For this, a 256-bit-SSL (AES 256) encryption technology is used. This includes your IP-address.
In this context, your personal data is protected within the scope of the following points (excerpt):
The implemented security measures are continuously improved in line with technological developments. Despite these measures, we cannot guarantee the security of your data transmission to our online service due to the insecure nature of the Internet. For this reason, any data transmission from you to our online service is at your own risk.
External links
Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.
Amendments
We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.
The CHG-MERIDIAN AG (CHG) is committed to process personal data responsibly and in compliance with the applicable data protection laws in all countries in which the company operates.
This European Union (“EU”) Customer/Vendor Data Protection Notice (the “Notice”) describes the types of personal data CHG collects, how CHG uses that personal data, with whom the CHG shares your personal data, and the rights you, as a data subject, have regarding the CHG`s use of the personal data. This notice also describes the measures CHG takes to protect the security of the data and how you can contact us about our data protection practices.
The CHG-entities responsible for the collection and use of your personal data (the Data Controllers) in your home country for the purposes described in this notice are:
Contact information can be found here.
A Data Protection Officer (“DPO”) is designated. The DPO is involved in all issues related to the protection of your personal data. In particular, the DPO is in charge of monitoring and ensuring compliance with this notice and the applicable data protection laws. They will also provide advice on data protection matters upon request.
For any clarification or additional information you may need in order to fully understand this Notice, please contact:
CHG processes personal data in accordance with applicable data protection laws and regulations and only for limited, explicit and legitimate purposes. CHG will not use personal data for any purpose that is incompatible with the original purpose for which it was collected unless you provide your prior explicit consent for further use.
Personal data relating to customers/vendors may be processed for the purposes of:
CHG ensures that our internal governance procedures clearly specify the reasons behind decisions to use personal data for alternative processing purposes. Prior to using your personal data for a purpose other than the one for which it was initially collected, you will be informed about such new purpose.
Insofar as not exclusively for the fulfillment of legal requirements, we process personal data in order to respond to inquiries from investigating authorities that are legitimately submitted to us. When responding to inquiries, we comply with the data protection principles of the GDPR.
The provision of personal data is a requirement necessary to enter into a contract with CHG or a requirement by law or regulation for the CHG to administer your customer/vendor relationship. The personal data processed is limited to the data necessary for carrying out the purpose for which such personal data is collected.
Personal data processed includes the following:
CHG will not collect personal data if such collection is prohibited under the applicable data protection laws.
In no case will personal data revealing religious beliefs, racial or ethnic origin, political opinions, philosophical beliefs, trade union membership or concerning sex life be processed in the customer/vendor context.
CHG will maintain personal data in a manner that ensures it is accurate, complete and up-to-date.
CHG has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such risk analysis includes an analysis of the risk of compromising the rights of the data subject, costs of implementation, and the nature, scope, context and purposes for data processing.
The measures include
(i) encryption of personal data where applicable/appropriate;
(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
(iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
(iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
CHG will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the function for which such access is granted.
Authorization to access personal data will always be linked to the function so that no authorization will be extended to access personal data on a personal basis. Service providers will only receive personal data according to the purposes of the service agreement with the Company.
International data transfers refer to transfers of personal data outside of the European Economic Area (“EEA”). The international footprint of CHG involves the transfer of personal data to and from other group companies or third parties, which may be located outside the EEA. CHG will ensure that when personal data is transferred to countries that have different standards of data protection, appropriate safeguards to adequately protect the personal data are implemented to secure such data transfers in compliance with applicable data protection laws. CHG has implemented Data Transfer agreements based on EU model clauses to cover international data transfers and a copy of these agreements can be obtained by contacting the DPO.
CHG will not retain your Personal data for longer than is allowed under the applicable data protection laws and regulations or for longer that is justified for the purposes for which it was originally collected or otherwise processed, subject to applicable local retention requirements.
Under applicable data protection laws, you will benefit from the following rights:
This notice may be revised and amended from time to time and appropriate notice about any amendments will be given.
CHG is allowed to adapt the text of this notice only in order to be compliant with local legislation by means of an addendum attached to this notice. In case of any discrepancies between this notice and a specific local addendum made in accordance with local law, the terms of the latter will prevail.
Introduction
We are pleased that you have contacted us. CHG-MERIDIAN AG (hereinafter "controller" we" or "us") attaches great importance to the security of users' data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data in the context of compliance reporting.
Responsible body and data protection officer
Responsible body:
CHG-MERIDIAN AG
Franz-Beer-Straße 111
Telephone: +49 751 503-0
E-Mail: [email protected]
Data Protection Officer:
Benjamin Hummer
E-Mail: [email protected]
Terms
The technical terms used in this data protection declaration are to be understood as legally defined in Art. 4 GDPR.
Information on data processing in the event of reports of compliance violations
We offer the possibility to contact our ombudsman for the purpose of reporting compliance breaches. In the event of a compliance report, we process the data of the reporting person to the extent necessary for processing the report. If facts are brought forward that concern a specific or identifiable person in our company, we process the data about the person affected by this notice to the extent that they have been communicated to us by the reporting person.
You can find out about the further processing of your personal data by our ombudsman here.
Data we collect about you as the reporting person:
Categories of data subject:
Reporting person
Categories of data:
Name, contact details (e.g. your address, email address, telephone or fax number), factual data relating to you, if any (depending on the individual case and the notification made, the data you provide may vary).
Purposes of processing:
processing the report of a compliance breach based on and in accordance with our legal or operational obligations, in particular under European and national whistleblower laws.
Contacting you to obtain further information about the breaches you have reported.
Evaluation of your information in connection with the reported violations
Legal grounds:
legitimate interest in complying with internal requirements and ethical principles (Art. 6(1)(f) GDPR), compliance with legal obligation (Art. 6(1)(c) GDPR in conjunction with. RL (EU) 2019/1937)
Data we collect about you as a data subject of a tip-off:
Categories of data subject:
person affected by a tip-off.
Categories of data:
Name, contact details, if applicable further characteristics for the exact identification of the respective person in the company.
Content of the report:
Details of the alleged violation of internal, national or European law, provided that these allow conclusions to be drawn about a natural person.
Purposes of processing:
processing of the notification of compliance violations on the basis of and in accordance with our legal and internal obligations, in particular on the basis of the relevant national and European laws
Contacting you to clarify the facts in order to obtain further information about the violations alleged in connection with you
Analysis of the facts and comparison with past reports
Legal grounds:
legitimate interest in complying with internal requirements and ethical principles (Art. 6(1)(f) GDPR), compliance with legal obligation (Art. 6(1)(c) GDPR in conjunction with. RL (EU) 2019/1937)
Recipients of the data
Within the EU
Within our company, those internal offices or organizational units receive your data that need it to achieve the above-mentioned purposes, in particular the investigation of reported compliance violations. We store all reports in our database, which is also used for passing on data to official databases.
We will only pass on data in such a way that a direct conclusion to your person is not possible (pseudonymized). We do not transfer any data beyond the cases listed above.
We use a specialized service provider as a so-called ombudsman to record and process reports of compliance violations in accordance with legal and internal requirements. Your data is subject to the same security standards there as it is with us. The data may only be used within the framework of the contractual agreement, to the extent absolutely necessary and for the purposes specified by us.
Outside the EU
We transfer data to countries outside the EEA, so-called third countries. The transfer takes place for the fulfilment of our contractual and legal obligations or on the basis of a previously granted consent of the data subject. In addition, data is transferred in compliance with the applicable data protection laws, in particular in consideration of Art. 44 et seq. GDPR, e.g. on the basis of adequacy decisions issued by the European Commission or other suitable guarantees (e.g. standard data protection clauses, etc.).
Recipient overview
The following recipients receive your data in the context of the data processing described here:
Recipients:
DDSK GmbH, Dr.-Klein-Str. 29, 88069 Tettnang, Germany
Third country transfer:
A third country transfer does not take place.
Recipients: ServiceNow Nederland B.V., Hoeckenrode 3, 1102 BR Amsterdam, Netherlands
Third country transfer: A third country transfer does not take place.
Recipient:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third country transfer:
The transfer is based on a Data-Privacy-Framework approved by the EU Commission
Storage period
We store the data provided to us in connection with the reporting of compliance breaches for as long as this has been provided for the fulfilment of our obligation under national or European laws and regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled. In the case of reports of compliance violations, we delete the data 3 years after completion of the processing of the facts at the end of each year.
Data that we process about you on the basis of existing contractual relationships or other permissions remain unaffected by this storage period.
Automated decision-making
We do not use automated decision-making or profiling, pursuant to Art. 22 GDPR.
Legal basis
The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the member states and are applicable together with or in addition to the GDPR where applicable.
Consent:
Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.
Performance of a contract:
Art. 6(1)(b) GDPR serves as the legal basis for processing operations necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the request of the data subject.
Legal obligation:
Art. 6(1)(c) of the GDPR serves as the legal basis for processing which is necessary for compliance with a legal obligation.
Vital interests:
Art. 6(1)(d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest:
Art. 6(1)(e) GDPR serves as the legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate interest:
Art. 6(1)(f) of the GDPR serves as the legal basis for processing necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Rights of the data subjects
Right to information:
Pursuant to Art. 15 of the GDPR, data subjects have the right to request confirmation as to whether we are processing data relating to them. They can request information about this data as well as the further information listed in Art. 15(1) GDPR and a copy of their data.
Right to rectification:
Pursuant to Art. 16 GDPR, data subjects have the right to request the correction or completion of data concerning them and processed by us.
Right to erasure:
Pursuant to Art. 17 of the GDPR, data subjects have the right to request the immediate erasure of data concerning them. Alternatively, they can demand that we restrict the processing of their data in accordance with Art. 18 of the GDPR.
Right to data portability:
Pursuant to Art. 20 of the GDPR, data subjects have the right to request that the data they have provided to us be made available and transferred to another controller.
Right to complain:
Data subjects also have the right to complain to the supervisory authority responsible for them in accordance with Art. 77 GDPR.
Right to object:
If personal data are processed on the basis of legitimate interests pursuant to Art. 6(1)(1)(f) GDPR, data subjects have the right to object to the processing of their personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from their particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which is implemented by us without specifying a particular situation.
Dear applicant we are pleased that you are interested in the CHG-MERIDIAN and applied for a job in our company. Subsequently we want to inform you about the processing of personal data in connection with your application. Please read the information and regulations listed below carefully before transmitting your data to us.
Who is the Controller of the data processing?
CHG-MERIDIAN AG
Franz-Beer Straße 111
88250 Weingarten
Telephone +49 751 5030
Fax +49 751 50366
E-Mail-address [email protected]
You will find further information regarding our company, details on the authorized representatives and further contact details in our imprint.
Which of your data do we process? And for which purposes?
We process the data that you have sent us associated with your application to check your suitability for the position (or other positions in our company that may be suitable) and conduct the application process.In case you have been added to our talent pool at your own requested, we process your data in order to contact you again, for example to continue an application process or to conduct a new application process.
What is the legal basis for the processing?
The legal basis for the processing of your personal data in this application procedure is primarily Art. Section 26 BDSG in the version applicable as of 25th Mai 2018. Accordingly, the processing of the necessary data in connection with the decision on the establishment of an employment relationship is legitimate.
Should the data be required once the application process has been concluded, the data may be processed on the basis of the requirements of Art. 6 GDPR, particularly for exercising legitimate interests in accordance with Art. 6 para. 1 f) GDPR. In such case, our interest is the assertion or defense of claims.
In case you have been added to our talent pool at your own requested, the legal basis for the processing of your personal data is solely your consent, you have given prior to the start of the data processing pursuant to Art. 6 para. 1 a), 7 GDPR.
How long will the data be stored?
In case of rejection, the applicants’ data will be erased within six months after notice of rejection. In case you have been added to the talent pool, your data will be stored for 24 months and will not be deleted until this period has expired, unless you withdraw your consent before the retention period expires. In the case that your application for a position is successful, the data is transferred from the applicant data system to our HR information system
To which recipient’s data will be transmitted?
We use a specialized software provider for our application process. This provider operates as a service provider for us and may also obtain knowledge of your personal data in connection with the maintenance and servicing of our systems. We have signed a so-called data processing agreement with this provider, which ensures that the data processing is done in a lawful way.
Your application data is reviewed by the HR department once your application has been received. Suitable applications are forwarded internally to the persons in the respective departments responsible for the vacant position. The further course of action is determined after that. Only persons who require your data for the proper processing of your application are given access to it within our company.
Where is the data processed?
The data will be processed exclusively in data centers in Germany.
Your rights as a „data subject“
You have the right to receive information from us about your data processed with us. In case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be. Furthermore, you have a right to rectification, erasure, restriction of processing, insofar as you are entitled to this by law. In addition, you have the right to object to the processing within the scope of the legal requirements. The same applies to your right to data portability.
The withdrawal has to be sent to the person responsible, Benjamin Hummer by mail or E-Mail at: [email protected]
Our data protection officer
We have appointed a data protection officer in our company. You can contact him at the following contact details:
CHG-MERIDIAN AG
Benjamin Hummer
Franz-Beer-Straße 111
88250 Weingarten
E-Mail-address: [email protected]
Right to lodge a complaint
You have the right to lodge a complaint with the responsible data protection supervisory authority.
Consent
By checking the box, you explicitly agree that CHG-MERIDIAN AG may collect, process, and use the data you provide to us for the purpose of managing your application in accordance with § 26 BDSG-neu.
Your data will only be transmitted if you have confirmed your consent by checking the box.
Note on sensitive data: We like to expressly point out that applications, in particular CVs, certificates and other data you send us, may contain particularly sensitive information about mental or physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in a trade union or political party or sexual life.
If you provide us with such information in your online application, you expressly agree that CHG-MERIDIAN AG may collect, process, and use this data for the purpose of managing your application. This data will be processed in accordance with this data protection information and other applicable legal provisions.
Contact person / data protection officer
If you have any questions about data protection or if you want to make use of your right to access or right of withdrawal, please contact [email protected].
Changes to this data protection information
CHG-MERIDIAN AG reserves the right to amend this data protection information at any time. In addition, we also refer to our general data protection information on our website.
Name and contact details of the data controller
CHG-MERIDIAN
Franz-Beer-Strasse 111
88250 Weingarten
Germany
Tel: +49 (0)751 5030
Email: [email protected]
Contact details of the data protection officer
Benjamin Hummer
Franz-Beer-Strasse 111
88250 Weingarten
Germany
Tel: +49 (0)751 503 246
Email: [email protected]
Purpose and legal basis of data processing
Article 6(1) (f) GDPR in conjunction with section 4 FDPA (new)
Building security
Enhancing the sense of security
Deterrence
Legitimate interests
Prevention of vandalism
Forensic purposes
Prevention of theft
Duration of storage
Data collected is stored for seven days
Recipients of data and categories of recipients (if data collection takes place)
No transmission of data to non-EU countries or international organizations is intended.
Notice regarding the rights of data subjects
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. Where that is the case, the data subject has the right of access to personal data concerning him or her, and to the information listed in Article 15 GDPR.
The data subject has the right to request that the controller rectify any incorrect personal data or complete any incomplete personal data (Article 16 GDPR).
The data subject has the right to request that the controller erase personal data concerning him or her without undue delay, provided that the reason given is listed in Article 17 GDPR, e.g. the personal data is no longer required in relation to the purposes for which it was collected or otherwise processed (right to erasure).
The data subject has the right to request that the controller restrict processing if one of the conditions listed in Article 18 GDPR applies (for example, the accuracy of the personal data is contested by the data subject), for a period enabling the controller to verify its accuracy.
The data subject has the right to object to the processing of personal data concerning him or her at any time on grounds relating to his or her particular situation. The controller may then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims (Article 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory body if the data subject considers that the processing of personal data concerning him or her infringes the GDPR (Article 77 GDPR). The data subject may lodge the complaint with any supervisory body in the Member State of his or her habitual residence, place of work, or place of the alleged infringement. In Baden-Württemberg, the supervisory authority is the State Representative for Data Protection and Freedom of Information for Baden-Württemberg.
The postal address is Postfach 10 29 32, 70025 Stuttgart, Germany.
Please use the street address for parcels: Lautenschlagerstraße 20, 70173 Stuttgart.
You can conduct the customer satisfaction survey without actively providing personal data. However, due to the technical implementation of the customer satisfaction survey, we collect your IP address, but we do not use this IP address to draw conclusions about your person.
We process data to ascertain the satisfaction of our customers regarding the service we provide and the cooperation with our team of auditors. This helps us to continuously improve our services. In addition, we are required by accreditation law to conduct customer satisfaction surveys.
We process personal data in accordance with the provisions/regulations of the General Data Protection Regulation (GDPR), the new version of the Federal Data Protection Act of Germany (BDSG) and other applicable data protection regulations.
The legal basis for the processing of your personal data is the protection of our legitimate interests in accordance with Art. 6 (1) f GDPR. Our legitimate interests are the continuous improvement of our service and the increase in our customers’ satisfaction. It is necessary to collect the IP address to comply with our obligations regarding the security of our website and to prevent fraud effectively.
We will inform you in advance if we process your personal data at a later time for a purpose not mentioned above.
Your participation in the customer satisfaction survey is technically only possible by collecting your IP address. Without collecting your IP address, a participation is unfortunately not possible.
We do not use sole automated decision-making procedures pursuant to Article 22 GDPR.
Within our company, only the persons and departmens (e.g. specialist departments, management, personnel department) will receive your data, which they need for the evaluation of the customer satisfaction survey.
We also use a specialized software provider for the online survey. It cannot be ruled out, that this provider may get access to personal data within the scope of maintenance and service measures of the systems. We ensure the lawfull processing of personal data by concluding appropriate data protection contracts.
If we transfer personal data to service providers or corporate enterprises outside the European Economic Area (EEA), the transfer will only take place if the third country has been approved by the EU Commission on the basis of an adequacy decision or if other appropriate data protection guarantees (e.g. binding corporate rules or standard data protection clauses) have been provided.
We process data of participants as long as necessary to fulfil the purpose. After the purpose has ceased, the data will be erased without undue delay.
By law, you have the right to receive free information about your stored personal data, as well as the right to rectification, the right to data portability and the right ro erasure; if the erasure conflicts with statutory storage obligations, we will restrict the processing. In addition, you have the right to object to the processing of the data under certain conditions or to demand the restrictiction of processing. Furthermore, you have the right to lodge a complaint with a supervisory authority.
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time with future effect.
Requests for information must be submitted to:
CHG MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany
E-Mail: [email protected]
Web: www.chg-meridian.com
Telefon: +49 751 503-0
Telefax: +49 751 503-66
Data Protection Officer:
You can contact our data protection officer via email.
Herr Benjamin Hummer
E-Mail: [email protected]
CHG-MERIDIAN AG is a company based in Germany. The data that we collect is stored in our central customer database in Germany. CHG-MERIDIAN AG is the controller as defined by data protection law.
Purpose of and legal basis for the processing of your personal data
We collect and process personal data (personal master data) in accordance with the provisions of the General Data Protection Regulation (GDPR). The legal basis for this data processing is article 6 (1) sentence 1 letter a) GDPR. The personal data of the competition entrant will be collected, processed, and used for the purpose of running the competition and for marketing purposes. The scope of data processing is set out in the specific consent form.
Transfer of data within the Group
Your data will be passed on within the Group in order to run the competition and for marketing purposes. Where data is exchanged within the Group, this is done in order to run the competition or for marketing purposes and is done on the basis of your consent. We may also have an interest in passing on this data for internal administrative purposes. If your data is processed outside Europe, it will be transferred in compliance with all applicable data protection legislation.
Transfer of data to other recipients
Your data will be collected and submitted to us by our external service provider IDG Business Media GmbH for the purpose of running the competition.
CHG-MERIDIAN AG does not transfer the data to other recipients. Where data is transferred to other recipients, this is done only to the extent necessary to run the competition. The service providers that we deploy act only on our instructions and process the data only for the specified purpose, unless they are authorized to further process the data on the basis of consent provided to them. The data is not used for any other purposes.
Data transfer to a non-EU country or international organization
Where we transfer data to a non-EU country, this takes place solely within the Group. Data is not transferred to a company or international organization beyond this scope.
Existence of automated decision making, including profiling
Our Company does not carry out automated decision making or profiling.
Duration of storage
Data is deleted as soon as it is no longer needed for processing purposes and provided that record retention periods do not prevent it from being erased.
Your rights
At all times, you have a right to access your stored personal data free of charge, as well as a right to rectification, data portability, and erasure of this data. If statutory record retention requirements mean that the data cannot be erased, we will have it blocked instead. You are also entitled to object to the processing of this data or to demand that we restrict its processing.
You also have the right to complain to a regulator.
If data is processed on the basis of your consent, you may revoke this consent at any time with effect for the future.
Requests for information must be submitted to:
CHG MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany
E-Mail: [email protected]
Web: www.chg-meridian.com
Telefon: +49 751 503-0
Telefax: +49 751 503-66
Data Protection Officer:
You can contact our data protection officer via email.
Herr Benjamin Hummer
E-Mail: [email protected]
Introduction
We, CHG-MERIDIAN AG, are the controller of this online offering. As the provider of a teleservice, we have to notify you about the nature, scope and purposes of the collection and use of personal data, in a precise, transparent, understandable and easily accessible form and in clear and simple language, at the start of your visit to our online offering. You must be able to access the content of this notification at any time. As a result, we are obliged to notify you of the types of personal data that are collected or used. Personal data is any information relating to an identified or identifiable natural person.
We set great store by ensuring that your data is secure and by complying with the provisions of data protection legislation. The collection, processing and use of personal data is subject to the provisions of currently applicable European and national laws.
We would like to use the below Privacy Policy to show you how we handle your personal data and how you can contact us:
CHG-MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany
Email: [email protected]
Website: www.chg-meridian.com
Telephone: +49 751 503-0
Fax: +49 751 503-66
Chairman of the Supervisory Board: Jürgen Mossakowski
Chairman of the Board of Management: Dr Mathias Wagner
Board of Management: Frank Kottmann, Oliver Schorer, Ulrich Bergmann
Register Court: Ulm HRB 551857
Tax Office: Weingarten
VAT ID no.: DE 146349520
Court of Jurisdiction: Ravensburg
Applicable law: Law of the Federal Republic of Germany (FRG)
Our data protection officer
If you have any questions, you can contact our data protection officer as follows: Benjamin Hummer, email: [email protected]
Terminology
To improve readability, our Privacy Policy does not differentiate between genders. In the interests of equality, the corresponding terminology refers to both genders.
Article 4 of the EU General Data Protection Regulation (GDPR) details the meaning of the terminology that is used, such as ‘personal data’ or the ‘processing’ of this.
Users’ personal data processed within the framework of this online offering includes inventory data (e.g. customers’ names and addresses), contract data (e.g. services used, names of administrators, payment information), usage data (e.g. websites within our online offering that were visited, interest in our products) and content-related data (e.g. information entered into a contact form).
Here, the term ‘user’ refers to all categories of data subjects affected by data processing. For example, this includes our business partners, customers, prospective customers and other visitors to our online offering.
The legal basis of processing
Article 6 (1) (a) GDPR serves as the legal basis for processing when we have sought consent for a particular purpose of processing.
If personal data needs to be processed for the performance of a contract to which the data subject is a party, as is the case for processing operations relating to the delivery of goods or the rendering of a service or consideration in return, for example, processing is based on article 6 (1) (b) GDPR. The same applies to processing operations required for taking steps prior to entering into a contract, such as in cases of enquiries relating to our products or services.
If we are subject to a legal obligation that makes it necessary to process personal data, such as the fulfilment of obligations under tax law, processing is based on article 6 (1) (c) GDPR.
If personal data needs to be processed to protect vital interests of the data subject or of another natural person, processing is based on article 6 (1) (d) GDPR.
Finally, processing can be based on article 6 (1) (f) GDPR. Processing is carried out on this legal basis if the processing is necessary to protect our legitimate interest or that of a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not override this.
The processing of personal data
You can visit our website without actively providing information about yourself as an individual. However, we automatically store access data (server log files) every time the website is accessed. This data includes the name of your internet service provider, the operating system used, the website you visit us from, the date and duration of your visit or the name of the file requested, for example. We also store data for security reasons, e.g. we store the IP address of the computer used so that we can recognise attacks on our websites. This data is solely used to improve our offering and cannot enable conclusions to be drawn about you as an individual. This data is not merged with other sources of data.
The legal basis for data processing is article 6 (1) (f) GDPR. We process and use data for the following purposes:
This type of data processing is either undertaken for the performance of the contract regarding the use of CHG-MERIDIAN AG’s website or because we have a legitimate interest in guaranteeing the functionality and error-free operation of CHF-MERIDIAN AG's websites and adapting these websites to suit users’ requirements.
After users have logged into TESMA® within our customer area, log files are processed and stored with an additional user identifier that is assigned internally.
After the user has logged into TESMA®, these log files encompass the following data: user identifier, browser version, the operating system used and the date and duration of the visit.
We process data within this framework to fulfil our contractual obligation to our customers and to render our service. The legal basis for data processing within this framework is article 6 (1) (b) GDPR. In addition, we are contractually bound to instructions under a processor contract and have suitable technical and organisational measures in place to protect the rights of the data subject.
Email contact
If you send us enquiries or information via email, your details (email address, content of your email, subject line of your email, and date/time), including the contact information provided by you in it (e.g. signature, such as first name, last name, telephone number if given, address) will be stored for the purpose of handling the enquiry and dealing with follow-up questions. We will not disclose this information without your consent. The legal basis for the collection and processing of the data is article 6 (1) (a) GDPR.
Users are reminded that emails can be read or changed while they are being transferred, without this act being authorised or detected. CHG-MERIDIAN AG uses software to filter out undesired emails (a spam filter). The spam filter means that the system can put emails into the spam folder if certain characteristics cause them to be wrongly identified as spam, meaning that they may not reach us.
The data you provide remains with us until you request that it is erased, you withdraw your consent for the storage of the data or the purpose of storing the data lapses (e.g. once your enquiry has been processed to completion). Mandatory statutory provisions, particularly retention periods, remain unaffected by this.
Cookie-based services
We use ‘cookies’ on our websites to make visiting our website a more attractive experience and to enable certain functions to be used. Cookies are small text files that are stored on your end device. They are a standard internet technology for storing and accessing log-in details and other user information for all users of CHG-MERIDIAN AG’s websites. They also enable us to store user settings, permitting our websites to be displayed in a format tailored to your device.
The use of cookies serves our legitimate interest in making your visit to our website as enjoyable as possible and preventing you from inputting information multiple times or adjusting your settings repeatedly. The legal basis for this is article 6 (1) (f) GDPR.
Some of the cookies we use are deleted after the end of the browser session, or, in other words, after you close your browser (known as ‘session cookies’). Other cookies remain on your end device and make it possible for us or our partner companies to recognise your browser during your next visit (known as ‘persistent cookies’).
You can adjust your browser's settings so you are informed when cookies are placed and can make an individual decision as to whether to accept them, accept them under certain circumstances or universally exclude them. In addition, cookies can be retrospectively deleted to remove data that websites have stored on your computer. If cookies are deactivated, this may limit the functionality of CHG-MERIDIAN AG ’s websites.
Deactivate or remove cookies (opt-out)
Web browsers offer options for limiting and deleting cookies. Further information on this can be found on the following websites:
Our services
Registering on the website and logging in
You have the option of registering on our website. Registration serves the purpose of offering you content or services that can only be offered to registered users due to the nature of the matter at hand. To do so, we require the following data: first name and last name, email address. This data is required for registration, and by extension, for the fulfilment of our contractual obligation.
Logging into our website with your log-in details also leads to the IP address provided by the data subject’s internet service provider (ISP), the date, and the time of log-in being stored. This data is stored because this is the only way that the misuse of our services can be prevented and because this data is required, when necessary, to shed light on crimes that have been committed. To this extent, this data needs to be stored for our protection. In principle, this data is not disclosed to third parties, unless there is a statutory obligation for disclosure or the disclosure is in the interests of law enforcement.
The legal basis for processing is the performance of a contract pursuant to article 6 (1) (b) GDPR.
Contact form/enquiries
On our website, you have the option of sending us enquiries via a contact form. Here, your details from the contact form (content of your enquiry, subject line of your enquiry and date), including the contact details you provide (first name, last name, company, telephone number and email), are stored by us for the purpose of handling the enquiry and in the event of follow-up questions. The legal basis for the collection and processing of the data is article 6 (1) (a) GDPR.
The data provided by you via the contact form remains with us until you request that it is erased, you withdraw your consent for the storage of the data or the purpose of storing the data lapses (e.g. once your enquiry has been processed to completion). Mandatory statutory provisions, particularly retention periods, remain unaffected by this.
Shop function
Our websites give you the option of using shop functions. To this end, we collect additional contact and address data for the following purposes:
We process your data for the following purposes:
We may need to disclose this data to third parties such as processors, shipping services, banks, the tax office etc. in order to fulfil our contractual obligations. The legal basis for the collection and processing of data is article 6 (1) (b) GDPR. This data remains stored for the entire usage period. Mandatory statutory provisions, particularly retention periods as per the provisions of trade law and tax law, remain unaffected by this.
Feedback function
Our websites give you the option of leaving feedback. This feedback can be accessed by the TESMA community. Your comment will be stored and published with the user name stated by you and details about when the comment was left. In addition, the IP address of the data subject provided by the internet service provider will be logged as well.
Information service
When you write a comment, you can tick a box for our email service. This will inform you if other users leave a comment on your post. You can turn off notifications at any time by clicking the link within the email.
CHG MERIDIAN AG has implemented appropriate technical and organizational measures to ensure a level of security, appropriate to the risk. This type of risk analysis includes estimating the risk that the data subject’s rights will be compromised, the costs of implementation and the nature, scope, context and purpose of data processing.
These measures encompass:
Recipients of personal data
CHG-MERIDIAN AG only grants access to personal data if this is absolutely necessary. This access is limited to the personal data required for the purpose in question.
The authorisation for access to personal data is always associated with a purpose, meaning that universal approval for access to personal data is not granted. Service providers only receive personal data in line with the purpose of their contractual relationship with the company.
International data transfer
International data transfer relates to the transfer of personal data outside the European Economic Area (EEA). The international presence of CHG-MERIDIAN AG involves the transfer of personal data from and to other group companies or third parties located outside the EEA. When personal data is transferred to countries with different data protection standards, CHG- MERIDIAN AG will ensure that suitable measures are taken to provide personal data with adequate protection, ensuring that data transfers are performed in compliance with the applicable data protection legislation. CHG-MERIDIAN AG has implemented data transfer agreements on the basis of EU standard contractual clauses to cover international data transfers. The data protection officer can provide a copy of these agreements on request.
CHG-MERIDIAN AG will not process your personal data for longer than permissible in line with applicable data protection legislation and provisions. This applies subject to the applicable local retention requirements.
This online offering is not suitable for minors under the age of 16. Individuals who are under the age of 16 may not transfer personal data to CHF-MERIDIAN AG without the permission of their parent or guardian.
Within the framework of the applicable data protection legislation, you have the following rights:
External links
Our website contains links to websites offered by other providers, We hereby indicate that we have no influence over the content of the linked websites and their providers’ compliance with the provisions of data protection legislation.
Changes to our Privacy Policy
This Privacy Policy can be changed and expanded from time to time. CHF-MERIDIAN AG is only permitted to adapt this Privacy Policy to take local and general legal provisions into account. In the event that this Privacy Policy contradicts with a specific local law, local laws take precedence.