Data Protection Policy

Thank you for visiting our website and for the interest you have shown in our company and our products. Protecting your privacy while processing your personal data and maintaining the security of all business data is an important issue to us that we take into account in all our business processes. The personal data that we collect from you during your visit to our website is processed confidentially and only in accordance with statutory provisions. Data protection and information security form part of our company policy. The websites accessible via the mapal.com domain are provided by MAPAL Dr. Kress KG (hereinafter referred to as MAPAL). MAPAL websites may contain links to websites of other providers which are not covered by this data protection policy.

Personal data are those items of data that make it possible to identify you. Here the issue is not whether it is possible to identify you based on a single piece of information. The more information and data that can be combined, the more accurately the person can be identified. Personal data include, e.g., the name, address, age, e-mail address and telephone number of a person.

1. Collection, processing and storage of personal data by MAPAL

MAPAL collects, processes and saves your personal data only if these actions are permitted by statutory regulations or you have given your consent. We obtain these data in two ways: either you provide the data to us or we collect the data during the utilisation of our services.
The provision of personal data as part of this website is prescribed neither by law nor by contract, nor is it necessary in order to enter into an agreement. However, there are some services of this website or that we otherwise offer that you will not be able to use if you do not provide data.
 

1.1. Data you share with us

Generally speaking, you can use our website without directly providing us with personal information. For some services, we will ask you to provide personal information that is needed for us to be able to provide the service, or so that we can carry out the respective service quickly and in a user-friendly manner. Detailed information on all of the services that are offered by MAPAL on this website can be found under “Individual services” (see below in section 3).

1.2. Data we obtain during your utilisation of our services

Some data are produced automatically and for technical reasons when you visit our website. The following information is acquired without any action on your part and saved until it is deleted automatically:
  • IP address,
  • Web browser used, including language and browser software version
  • Operating system and the respective interface
  • Web page from which access is made (Referrer URL)
  • Date and time of the access.
The data stated are processed by us for the following purposes:
  • To ensure the smooth establishment of a connection to the website,
  • To ensure our website is pleasant to use,
  • To evaluate the system security and system stability.
  • To evaluate statistics
The legal basis for the processing of the data is art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest stems from the purposes stated above for collecting the data. Under no circumstances do we use the data collected to identify you.

We also use cookies when you visit our website. You will find more detailed explanations in point 2 of this data privacy statement.

1.3. Forwarding of data

In general, we do not pass on personal data to third parties. If data is transferred to third parties in individual cases, then the transfer is carried out on the basis of appropriate agreements.

In individual cases, it may be necessary for us to transfer information to recipients in so-called “third countries” for other purposes, such as the execution of contracts. “Third countries” are countries outside of the European Union or the Agreement on the European Economic Area, where it cannot necessarily be assumed that there is a level of data protection comparable to that within the European Union. If the information that is transferred includes personal data, prior to any such transfer, we will ensure that the third country or the recipient in the third country guarantees the necessary adequate level of data protection. This may in particular result from an “adequacy decision” granted by the European Commission, which determines that there is an adequate level of data protection for a specific third country as a whole. Alternatively, we can base the transfer of data on “EU standard contractual clauses” that have been agreed with a data recipient. Further information on appropriate and adequate safeguards necessary for ensuring a sufficient level of data protection is available upon request.

Further information on EU standard contractual clauses can be found via https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and information on adequacy decisions via https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

Through appropriate measures and regular controls, we ensure that the data we collect cannot be viewed or accessed by unauthorized persons from outside.

2. Usage of cookies

2.1. Terminology

"Cookies" are small files that your browser creates automatically and saves on your device (laptop, tablet, smartphone, etc.).

Information related to the specific device used is saved in the cookies. This does not mean that we obtain direct knowledge of your identity by this means. The usage of cookies is to make it pleasanter for you to use our website. Here it is possible to differentiate between the following types of cookies.

  • Necessary cookies
    Necessary cookies are required for the operation of a website and are essential to navigate it and use its features. These cookies are not permanently stored on your computer or device and are deleted when you close the browser (session cookies).
  • Statistical cookies
    Statistical cookies allow us to track the number of visitors and traffic sources in order to measure and improve the performance of the website. They are also used to find out if problems or errors occur on certain pages, which pages are the most popular and how visitors navigate the website. They collect and statistically evaluate the use of web pages.
  • Marketing cookies
    Marketing cookies are used to follow visitors around the website. The intention is to track the usage of web pages in order to show content that is relevant and appealing to the individual user, and therefore more valuable to publishers and advertising third parties

2.2. Usage at MAPAL

By using cookies, which are necessary for the operation of our website, the processing of your personal data is carried out based on Art. 6(1)(f) GDPR for the purposes of safeguarding our legitimate interest in the smooth operation of our website. This necessity is also given in the sense of Art 25 (2) TTDSG. Otherwise, we will only process your personal data in connection with cookies (particularly for the purposes of analysis and advertising) if you have provided us with your prior consent in accordance with Art. 6 (1)(a) GDPR and Art 25 (2) TTDSG. Processing is carried out for the purposes of advertising, market research and designing our website so that it meets your needs.

In your browser you can display the cookies on your computer, delete the cookies or set up the configuration such that not all of the cookies or no cookies are saved any longer. Please note that some functions may not work or may not work correctly if you deactivate the usage of cookies. All cookies are automatically deleted after a defined period of time. You can track the expiration times in each case in our cookie banner.

3. Individual services

3.1. HubSpot

On this website we use the service of HubSpot Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
HubSpot is an integrated software solution that we use to cover the following aspects of our online marketing: email marketing, social media publishing, reporting, tracking, contact management including user segmentation, landing pages. In addition, we also use HubSpot to provide contact forms. 
We use all collected information exclusively for customer communication and to optimize our marketing measures. As part of the optimization of our marketing measures, the following data may be collected and processed via HubSpot:

  • Geographical position
  • Browser type
  • Domain name
  • Pages viewed within the MAPAL Group
  • Version of the operating system
  • Internet service provider
  • IP address
  • Device identification
  • Duration of visit
  • Operating system
  • Access times
  • Device model and version
  • Data entered in contact forms
  • Personalization and use of our newsletter

The data is stored and processed on the servers of our software partner HubSpot Ireland. In this respect, HubSpot acts as our order processor and processes the data exclusively according to our instructions. We use the IP address in a shortened version. 

If we obtain your consent for certain online marketing measures (e.g. tracking or newsletters), the legal basis for the processing is your consent in accordance with Art. 6 (1) lit. a DSGVO. Insofar as the data processing takes place initiation and/or for the fulfillment of a contract with you, the legal basis is Art. 6 para. 1 lit. b) DSGVO. Otherwise, the data processing is based on the legal basis of Article 6 (1) (f) DSGVO, according to which the processing of personal data is possible even without the consent of the data subject, if the processing is necessary for the protection of the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, override. Here, we invoke our interest in direct marketing pursuant to Recital 47 a.E. GDPR. Our legitimate interest also follows from the fact that specific online marketing measures enable us to ensure the effectiveness of the campaigns we create and the effective use of the resources deployed for this purpose.

If you do not want HubSpot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future. To do so, simply use the cookie banner. In the "Marketing" section, you can open the list of cookies set via "Show cookie information". Set the slider with the name "HubSpot" to "Off" and confirm your selection via the "Save" button.

In addition, you have the right to object to processing based on legitimate interest. Details can be found in chapter 4.3 of this privacy notice. 

Furthermore, we delete the personal data collected via HubSpot as soon as the purpose for which it was collected has been achieved, unless legal retention periods prevent deletion.

Here you can find more information about HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy as well as https://www.hubspot.com/security.

3.2. Email newsletter

If you register for the MAPAL Newsletter, you provide your express consent. For this purpose we will need your e-mail address. You can receive a more personalised newsletter by providing us with further information about your company, as well as name and contact information.
Individual links in the newsletter are personalised so that we can recognise which content is of particular interest to readers and so we can improve our range of services on this basis.To be able to answer your query quickly and specifically, you should provide us with further information on your company, as well as your name and contact data.
By means of a tracking pixel in the newsletter, we may also receive information on whether the newsletter has been opened. You can prevent this in your e-mail system by not allowing any external images.
Your data will be used only for the purpose of sending the newsletter as per art. 6 para. 1 lit. a GDPR. For this purpose we use a tool from a service provider; the service provider receives your data within the statutorily permitted, contractually regulated framework. You can view, change or delete your data at any time.

3.3. Online Shop

The data that we collect about you in our online shop is used exclusively to ensure a trouble-free ordering process. It is necessary to register and create a customer account before you can place an order in our online shop. To create a customer account, you will need to provide us with personal data such as your name, address, telephone number and e-mail address. We process your personal data in connection with the customer account, so that we can provide our services and protect our legitimate interests based on Art. 6 (1)(b) and (f) GDPR. We have a legitimate interest in being able to offer the service to our users and to avoid interruptions and attempted fraud.
We will delete your data stored within the customer account, at the latest when you inform us that we should delete your profile, unless applicable law obliges or entitles us to retain the data longer.
In the case of parcel deliveries and freight forwarding deliveries, we pass on your name, address and telephone number to our contractually bound service providers so that they can process the delivery and communicate with you if necessary to announce and coordinate the delivery. The legal basis for the associated data processing is Art. 6 Para. 1 b) GDPR, i.e. the processing of your data is necessary for the fulfilment of the purchase contracts and delivery agreements.
We use the same tracking functions in the online shop as on our website. The purpose of this is to optimise the online shop. Please see the relevant chapter of this data privacy policy for more information.

3.4. Catalogue mailing

To mail our catalogues we need your name, your address as well as how to contact you if you are absent. For this purpose we collect your telephone number as well as your e-mail address. These data are processed based on art. 6 para. 1 sentence 1 lit. f GDPR.
We use these data once for mailing the catalogues and brochures required. A service provider undertakes the picking and mailing of print media for us. This service provider uses your data once within the statutorily permitted, contractually regulated framework to safeguard the provision and mailing of catalogues and brochures. Your data will then be deleted without delay.

3.5. Google Analytics

We use Google Analytics on our website, which is a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This function is only activated if you grant us your consent in accordance with Point a) of Art. 6(1) GDPR or Point a) of Art. 49(1). Google Analytics uses “cookies”. These are text files that are placed on your computer to help the website analyse how users use the site. The information that is generated by the cookie regarding your use of the website is usually transferred to a Google server in the US where it is stored. We have activated IP shortening on this website so that your IP address is shortened in advance by Google within member states of the European Union, or in other co-contracting countries to the agreement on the European Economic Area.
It is only in exceptional cases that your full IP address will be transferred to a Google server in the US and shortened there. Google will use this information on our behalf in order to evaluate your use of the website, to compile reports regarding website activities, and to provide us with further services that are related to website and internet usage. The IP address that your browser transmits within the framework of Google Analytics is not combined with other data from Google.
Any of your personal data that is collected in connection with Google Analytics will be deleted or anonymised after 14 months.
It is possible to stop cookies being saved on your computer by adjusting your browser software accordingly; however, it is important to note that if you choose to do this, you may not be able to use all the functionalities of the website to their full extent.

3.6. Google DoubleClick

Doubleclick by Google is a service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).This function is only activated if you grant us your consent in accordance with Point a) of Art. 6(1) GDPR or Point a) of Art. 49(1). 
Doubleclick by Google uses cookies to show you adverts that are relevant for you. It assigns your browser a pseudonymous identification number (ID) to check which adverts have been displayed in your browser and which adverts have been loaded. The cookies do not contain any personal information.
The use of DoubleClick cookies merely allows Google and its partner websites to display adverts on the basis of previous visits to our website or other websites. The information generated by the cookies will be transmitted to and stored by Google on a server in the USA for analysis. Data are transmitted by Google to third parties solely for compliance with legal stipulations or as part of contract data processing. In no event will Google compile your data with other data recorded by Google.

3.7. Google Tag Manager

Google Tag Manager is used on this website. Google Tag Manager makes it possible to manage website tags via an interface. The tag manager tool itself (which implements the tags) is a cookieless domain and does not contain any personal data. The tool makes it possible to trigger other tags, which may in turn record data. Google Tag Manager does not access these data. If deactivation takes place on domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
This function is only activated if you grant us your consent in accordance with Point a) of Art. 6(1) GDPR or Point a) of Art. 49(1).
 

3.8. Careers portal

Please do not send your application via e-mail; please use our encrypted career portal instead.
When using our online recruitment portal, it is important to us that your personal data is protected to the greatest extent possible. All personal data that we collect and process as part of an application is protected against unauthorised access and manipulation through technical and organisational measures.
The legal basis for data processing with regard to your application is Art. 88 GDPR in connection with Section 26(1) Federal Data Protection Act (BDSG) as well as, where applicable, your consent to data processing.
The data controller – in the event of an application for a specifically
advertised position – is the company advertising, and their address details can be found in the advert in question. When applying for a specific position, your data will only be provided to other recruiters within the MAPAL corporate group if you consent to this when your data is recorded.
If you do not provide the necessary personal data, you cannot participate in the application process.
When you set up your general application profile on our platform, MAPAL Dr. Kress KG shall be the data controller in this respect. If you use an automatic CV reader from a third-party provider (such as XING or LinkedIn) and use it to transfer your details to the application management system, your personal data will also be collected, processed and used by third parties for the purpose of the application process. Before using automatic CV reading, separate consent to the processing of your personal data must be granted.
When you submit an application, it is ensured that your data are automatically erased from our systems as soon as the purpose for which we collected your data has been fulfilled. Routines are put in place to ensure that data are erased after the purpose for collection or the underlying storage period has expired. The following erasure deadlines are planned for this purpose:
  • Application data for a specific position will be erased six months after a negative decision.
  • If you have created a general profile on our platform, we will erase it automatically after twelve months if you do not update your profile yourself.
  • In addition to automatic erasure, you have the option to delete your profile yourself at any time.

3.9. Social media

On our pages in social media (YouTube, Twitter, LinkedIn, Xing, kununu, Instagram, Facebook) we offer you, based on art. 6 para. 1 sentence 1 lit. f GDPR, comprehensive personal support and the possibility of remaining in contact with us. These media services collect, in certain circumstances, personal data, e.g. via the profile you have saved there.
It cannot be excluded that data on every visitor to these pages will be collected by the companies listed above. For information on the purpose and scope of the collection of data and the further processing and utilisation of the data by these companies, as well as your related rights and the settings you can make to protect your privacy, please refer to the data privacy notices issued by:


4. Your rights

Of course, you retain control over all the personal data you make available to us on visiting the website and using our services. The following rights are available to you; you can make use of these rights free of charge.

4.1. Right to access

You have the right at any time to receive information, free of charge, about any of your personal data that we retain. This includes information regarding how long and for which purpose we process the data, where it comes from, and to which recipients or categories of recipients we transfer it. You can also obtain a copy of this data from us.

4.2. Right to revoke consent granted

You have the right to revoke consent you have granted to process personal data at any time with effect for the future. If you revoke your consent, we will delete the related data without delay, provided further processing cannot be allowed on a legal basis for processing. The revocation of your consent does not affect the legality of processing undertaken up until revocation.

4.3. Right to object

If we process your personal data in the context of a weighing of interests in our legitimate interest, you have at any time the right, for reasons based on your specific situation, to object to this processing with effect for the future.
If you make use of your right to object, we will cease the processing of the related data. The right to continue processing is retained, however, if we can demonstrate compelling, legitimate reasons for the processing that outweigh your interests, fundamental rights and fundamental freedoms, or if processing is for the purpose of the assertion, exercise or defence of legal claims.
If we process your personal data for direct advertising, you have the right to appeal against the processing of your personal data for the purpose of such advertising.

4.4. Right to data portability

You have the right to request for your personal data to be transferred from us to another entity. Art. 20 GDPR sets out the relevant details and restrictions. The exercise of this right is without prejudice to your right of deletion.

4.5. Right to rectification, deletion or restriction of the processing

You have the right to correct, delete or restrict the processing of your personal data.

4.6. Right to lodge a complaint

You have the right to complain to a supervisory authority or our company if you should have a reason for complaint. To make use of rights in relation to our company, please contact the persons listed at the end of the data privacy statement.

5. Retention period

Generally speaking, we retain personal data for as long as it is necessary for the purposes of processing, or we have a legitimate interest in such retention and your interests in not retaining the data do not outweigh our own. This means that we only retain your data for as long as this is necessary for the provision of our website and associated services, or for as long as we are legally obliged to retain your data. As soon as personal data is no longer required for the purposes of processing, or retention of this data is not legally permissible, we will delete any personal data without the data subject needing to intervene.

Personal data that we are required to retain in order to fulfil our retention obligations will be retained until the end of the respective retention requirement. If we retain personal data exclusively for the fulfilment of retention requirements, any processing in this respect is generally restricted, so that the data can only be accessed if this should be necessary in relation to the legal obligation to retain data.

6. Automated decision making

In connection with the processing of your personal data as described in this data protection policy, we do not, as a matter of principle, use automated decision making (including profiling) in terms of Art. 22 GDPR. If we make use of such procedures in individual cases, we will naturally inform you of this separately.

7. Data security

We use the widespread SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser. You can see whether an individual page from our website is transmitted encrypted by the closed depiction of the key or lock symbol in the status bar in your browser.

We also make use of suitable technical and organisational measures to protect your data against accidental or wilful manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with the state-of-the-art.

8. Responsible for data collection

The Data Protection Office is responsible for the processing of personal data (in terms of Art. 4 (7) GDPR) and therefore responsible for any questions, requests for information, applications, complaints or criticism regarding our data protection:

MAPAL Dr. Kress KG
Data protection department
Obere Bahnstraße 13
73431 Aalen
Germany

Data protection officer
The correct implementation of data protection in our organisation is undertaken by a data protection officer. If you have issues in relation to the processing of your personal data, you can also contact this officer directly:
datenschutz@mapal.com