Last modified: 01. August 2018

This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online services and the associated websites, functions and contents, as well as external online presences, e.g. our social media profiles. (hereinafter jointly referred to as “online service”). With regard to the terms used, such as “personal data”, or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

megeo UG (haftungsbeschränkt)
Albertsplatz 5a
96450 Coburg
Germany
CEO: Johannes Schmölz
Telephone: +49 9561 976969-0
Email: info@megeo.de
Imprint: https://www.megeo.de/en/imprint

Data protection officer

Email: privacy@megeo.de

Types of processed data

  • Inventory data
  • Contact details
  • Content data
  • Contract data
  • Usage data
  • Metadata/communication data

Categories of data subjects

  • Customers, interested parties and suppliers
  • Visitors and users of our online services
  • Users of our apps

Purpose of processing

  • Provision of our online services, its functions and contents
  • Provision of our apps, their functions and contents
  • Provision of contractual and other services and customer care
  • Response to contact requests and communication with users
  • Security measures

Applicable legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consents is Art. 6 paragraph 1 point (a) and Art. 7 GDPR, the legal basis for processing for the fulfilling of our services and the execution of contractual measures as well as for answering inquiries is Art. 6 paragraph 1 point (b) GDPR, the legal basis for processing for the fulfilling of our legal obligations is Art. 6 paragraph (1) point (c) GDPR, and the legal basis for processing for safeguarding our legitimate interests is Art. 6 paragraph 1 point (f) GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 paragraph 1 point (d) GDPR serves as the legal basis.

Changes and updates to this privacy policy

We ask you to inform yourself regularly about the contents of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Security measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, in accordance with Art. 32 of the GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons; the measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, ensuring the availability and their separation. Furthermore, we have established processes to ensure the right of data subjects to exercise their rights, the erasure of data and the reaction to data threats. We also consider the protection of personal data already during the development or selection of hardware, software and processes, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our servers and between our apps and our servers.

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit it to them or otherwise grant them access to the data, this is carried out only on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is required for contract fulfilment in accordance with Art. 6 paragraph 1 point (b) GDPR), if you have consented, if a legal obligation requires this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “Data processing agreement”, this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special requirements of Art. 44 ff. GDPR apply. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects

You have the right to request confirmation as to whether the concerned data are processed and to request information about these data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.

You have the right to request that the data concerning you that you have provided to us be made available to you in accordance with Art. 20 GDPR and to request its transmission to other controllers.

In accordance with Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.

Right to withdraw consent

You have the right to withdraw consents granted in accordance with Art. 7 paragraph 3 GDPR with respect to the future.

Right to object

You can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The objection may be filed in particular against processing for direct marketing purposes.

Erasure of data

The data processed by us will be deleted or their processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any legal archiving obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

In accordance with statutory requirements, the records are kept in particular for 6 years in accordance with Section 257 (1) of the German Commercial Code (Handelsgesetzbuch, “HGB”) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code (Abgabenordnung, “AO”) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

Contractual services

We process inventory data (e.g. names and addresses, as well as contact data of users), contract data (e.g. services used, names of contact persons) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 paragraph 1 point (b) GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.

Users can optionally create a user account in our apps in order to be able to use additional functions that go beyond the functional range of our website. During the registration process, users will be provided with the required information. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to its storage is necessary for commercial or tax reasons according to Art. 6 paragraph 1 point (c) GDPR. It is up to the users to save their data before the end of the contract if they have given notice of termination. We are authorized to irretrievably delete all user data stored during the contract period.

When registering and logging in, as well as using our online services, we store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests as well as the user’s protection against misuse and other unauthorized use. A passing on of this data to third parties does not take place in general, unless it is necessary to pursue our claims or there is a legal obligation according to Art. 6 paragraph 1 point (c) GDPR.

Getting in contact

When you contact us (e.g. by email), your details will be processed in accordance with Art. 6 paragraph 1 point (b) GDPR.

User information can be stored in our Customer Relationship Management System (“CRM System”) or comparable request organization.

We delete the requests if they are no longer necessary. We review the requirement every two years; requests from customers who have a customer account are stored permanently and are linked to the customer account. In the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) archiving obligation).

Collection of access data and log files

We collect data on the basis of our legitimate interests in accordance with Art. 6 paragraph 1 point (f) GDPR on any access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for a maximum of three months for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.

Online presence in social media

We maintain on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. DSGVO online presences within social networks and platforms to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within social networks and platforms, e.g. write articles on our websites or send us messages.

For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the information provided by the providers linked below.

Cookies

Cookies are information that is transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

We use “session cookies”, which are only stored for the duration of the current visit on our website. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online services and log out or close your browser, for example.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online service.

Sending e-mails

We use the following service providers to send e-mails:

  • Mailjet SAS, 13-13 bis, rue de l’Aubrac, 75012 Paris, France.
    More information on the processing of user data can be found in the Mailjet privacy policy: https://www.mailjet.de/privacy-policy/
  • 1&1 Internet SE, Elgendorfer Straße 57, 56410 Montabaur, Germany.
    More information on the processing of user data can be found in the 1&1 privacy policy: https://hosting.1und1.de/terms-gtc/terms-privacy/
    The service providers are used on basis of our legitimate interests according to Art. 6 paragraph 1 point (f) GDPR and a data processing agreement according to Art. 28 paragraph 3 sentence 1 GDPR.

Hosting

For the provision of our online services we use the hosting provider Contabo GmbH, Aschauer Straße 32a, 81549 Munich, Germany.
More information on the processing of user data can be found in the Contabo privacy policy: https://contabo.de/datenschutz.html
The service provider is used on the basis of our legitimate interests in accordance with Art. 6 paragraph 1 point (f) GDPR and a data processing agreement in accordance with Art. 28 paragraph 3 sentence 1 GDPR.

Telephony

For telephony services we use the telephony provider sipgate GmbH, Gladbacher Str. 74, 40219 Düsseldorf, Germany.
More information on the processing of user data can be found in the sipgate privacy policy: https://www.sipgate.de/datenschutz
The service provider is used on the basis of our legitimate interests in accordance with Art. 6 paragraph 1 point (f) GDPR and a data processing agreement in accordance with Art. 28 paragraph 3 sentence 1 GDPR.

Map services

Google Maps

On our website and in our Android apps, we use the Google Maps service to display maps, among other things. Service provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, IP addresses and location data of users. The data can be processed in the USA.

More information on the processing of user data can be found in the Google privacy policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

Apple Maps

In our iOS apps we use the Apple Maps service to display maps, among other things. Service provider is Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. The data processed may include, in particular, IP addresses and location data of users. The data can be processed in the USA.

More information on the processing of user data can be found in the Apple privacy policy: https://www.apple.com/legal/privacy/en-ww/