Privacy Policy in accordance with Art. 13/14 GDPR

 

Dear Sir or Madam,

With this Privacy Policy, we would like to inform you about the processing of your personal data by MKN Maschinenfabrik Kurt Neubauer GmbH & Co. KG and the rights to which you have been entitled as a data subject under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) since May 25, 2018.


Controller responsible for the processing of your personal data

MKN Maschinenfabrik Kurt Neubauer GmbH & Co. KG

Halberstädter Straße 2a

38300 Wolfenbüttel, Germany

Phone: +49 5331 89-0

Fax: +49 5331 89-280

Email: info@mkn.de

 

Data protection officer

You can reach our data protection officer at:

Post:

Anna Bauer

c/o LINET Services GmbH

Hinter dem Turme 12a

38114 Braunschweig

Email: datenschutzwhatever@mkn.de

 

Information for business partners (customers, suppliers, service providers, etc.)

Data source

As a rule, you provide us with your personal data when you place your order or within the scope of our business relationship. This means that we collect your personal data directly from you.

However, we may also process personal data that was not collected by us. The source of the data may be public sources. These are:

  • the phone book
  • the results of a Google search
  • debtors’ register
  • land registers
  • register of companies and associations

Further, we may receive your personal information from third party, non-public sources in certain cases. These are:
 

  • Public authorities:

Public authorities occasionally share your personal information with us to enable us to carry out your requests and the associated service.

 

  • Our business partners

Companies affiliated with us in the course of a business relationship occasionally forward your personal data to us to enable us to carry out your requests and the associated service.


Purposes and legal basis of data processing

We process your personal data exclusively in accordance with the legal requirements of GDPR, the BDSG and any relevant sector-specific laws. Therefore, we process your data if there is a contractual basis for doing so, to protect our legitimate interest, if you have given us your consent to process the data, or a law permits the processing of your data or obliges us to process it.
 

1. Data processing for the purpose of fulfilling a contract or carrying out pre-contractual measures.

We process your personal data insofar as this is necessary for the implementation of pre-contractual measures, for the conclusion of the contract, the execution of the contract and the termination of the contractual relationship. In addition to the data of the service or goods ordered by you, this includes your first name, last name, customer number and address.

To enable us to process your contract properly and to contact you as quickly as possible, for example in the event of queries or issues, we also process your address and/or your telephone or mobile phone number and/or your email address, insofar as you have provided us with these for this purpose.

The legal basis for data processing for the fulfilment of a contract and the implementation of pre-contractual measures is usually Art. 6(1)(b) GDPR.
 

2. Data processing for the purpose of safeguarding the legitimate interests of the controller or a third party

We additionally process your data to the extent necessary to protect our legitimate interests or the legitimate interests of a third party. The processing carried out by us on the basis of a legitimate interest regularly includes direct advertising for our own products, the compilation of internal statistics, the investigation of criminal offences, measures to ensure the proper operation of our IT infrastructure, as well as the transmission of your personal data to credit agencies to check your creditworthiness.

The legal basis for data processing to protect the legitimate interests of the controller or a third party is Art. 6(1)(f) GDPR.
 

3. Data processing for the fulfilment of a legal obligation

We also process your data if this is necessary for the fulfilment of a legal obligation to which we are subject. The obligations to be fulfilled by us include in particular the retention obligations under tax law and commercial law as well as retention obligations within the scope of the warranty.

The legal basis for processing for compliance with a legal obligation is Art. 6(1)(c) GDPR in conjunction with the relevant legal standard in each case.
 

4. Data processing based on consent and for other purposes

We may process your personal data if you have given your express consent for us to do so (see Art. 6(1)(a) GDPR). In these cases we will provide you with additional data protection information separately as part of the consent process. You can revoke any consent provided at any time using the contact details above.

If we process your personal data in the future for other purposes not listed in this Privacy Policy, we will inform you separately in accordance with the legal requirements.
 

Categories of recipients of the personal data

1. External service providers and affiliated companies

Our external service providers as well as our affiliated companies that perform data processing on our behalf are contractually obliged as defined in Art. 28 GDPR to handle the personal data in accordance with the applicable regulations to the extent required by law. Where these companies come into contact with your personal data, we have ensured that they comply with the provisions of data protection laws by means of legal, technical and organisational measures as well as regular checks. We currently use the following types of service providers to process your data:

  • Portal host
  • Advertising agency
  • Banks
  • Certified public accountant
  • Collection agency
  • Lawyers

2. Third parties

We may make your personal data available to the authorities if this is required as part of our legal notification obligations. In addition, your personal data will be transferred to our tax advisor if this is necessary for their activities.

3. Data transfer to a third country

We do not generally transfer your personal data to a third country or to an international organisation outside the European Economic Area (EEA). If we do carry out such a transfer in individual cases, this will only be made to those third countries for which an adequacy decision has been issued by the European Commission or the appropriate level of data protection has been ensured by suitable or adequate safeguards (e.g. binding corporate rules or EU standard contractual clauses).


Duration of data storage

We only store your personal data for the period for which it is required in the context of the above-mentioned purposes, as well as for the period during which it is reasonable to expect potential legal claims to be brought against us. The statutory limitation period for such claims can range from three to thirty years in individual cases.

In addition, we store your personal data insofar as we are obliged to do so within the scope of the statutory obligations to provide proof and to retain data (e.g. in accordance with the German Commercial Code, the German Fiscal Code or the German Money Laundering Act). The statutory retention periods can be up to ten years. Furthermore, special obligations to provide evidence may exist in exceptional cases that make it necessary for your personal data to be retained for a longer period of time.

 

Information for applicants

Data source

As a rule, you provide us with your personal data along with your application. This means that we collect your personal data directly from you.

However, we may also process personal data that was not collected by us. The source of the data may be public sources. These are:

  • the phone book
  • the results of a Google search

Further, we may receive your personal information from third party, non-public sources in certain cases. These are:

  • Recruitment agencies:

We occasionally engage recruitment agencies to find suitable personnel to fill vacancies. In the course of this, your application documents will be forwarded to us in order to continue the application process.

 

  • Professional social networks

We use professional social networks such as XING or LinkedIn to find suitable personnel to fill vacancies and to approach these persons if necessary. Furthermore, our application portal offers the capability for you to transfer your resume and other data from a professional social network. Accordingly, your personal data is not collected directly from you, but comes from the professional social network.  

 

  • Federal Employment Agency

We use the data from the German Federal Employment Agency to find suitable personnel to fill vacancies and, if necessary, to approach these persons. Accordingly, your personal data is not collected directly from you, but comes from the Federal Employment Agency. 

 

Purposes and legal basis of data processing

We process your personal data exclusively in accordance with the legal requirements of GDPR, the BDSG and any relevant sector-specific laws. We therefore process your data for the purpose of carrying out the application process or if you have given us your consent to process the data.

1. Data processing for the purpose of carrying out the application process

We process your personal data insofar as this is necessary for the performance of the application process. This includes your contact details (surname, first name, postal address, telephone number, email address), your full application documents (such as photo, CV, certificates, references) and all data that you disclose to us in the course of the application process. The legal basis for data processing for the purpose of the employment relationship is usually Art. 6(1)(b) GDPR, Art. 88 GDPR in conjunction with section 26 BDSG.

2. Data processing on the basis of consent

We may process your personal data if you have given your express consent for us to do so (see Art. 6(1)(a) GDPR). In these cases we will provide you with additional data protection information separately as part of the consent process. You can revoke any consent provided at any time using the contact details above.

If we process your personal data in the future for other purposes not listed in this Privacy Policy, we will inform you separately in accordance with the legal requirements.


Duration of data storage

We store your personal data only for the duration of the application process, as well as for the period during which it is reasonable to expect potential legal claims to be brought against us. The statutory limitation period for such claims in the context of the application process is six months after the end of the application process.

If you have given us consent to process your data, your data will be processed until such time as you revoke your consent.

Should an employment relationship result from your application, the retention periods for employee data apply accordingly.

 

Information for employees

Data source

As a rule, we collect your personal data directly from you via our personnel questionnaire at the time your employment relationship begins.

However, we may also process personal data that was not collected by us. The source of the data may be public sources. These are:

  • Banks (e.g. for attachment and transfer orders or declarations of assignment)
  • Courts (e.g. for pension equalisation)
  • Tax and social security authorities

Further, we may receive your personal information from third party, non-public sources in certain cases. These are:
 

  • Contract recruitment agency

If you are employed by us as a contract worker, we will generally receive your personal data from the contract employment agency we have engaged to supply you.

 

  • Temporary recruitment agency

If you are employed by us as a temporary worker, we will generally receive your personal data from the temporary employment agency we have engaged to supply you.

 

  • Business taken over as part of a transfer of an undertaking

In the context of a transfer of an undertaking, it may happen that we do not collect your personal data directly from you, but receive it from the transferred undertaking.

 

  • Affiliated companies

If you are employed by a company affiliated with us, your personal data originates from this affiliated company and is processed by us, for example for standardised personnel administration.


Purposes and legal basis of data processing

We process your personal data exclusively in accordance with the legal requirements of GDPR, the BDSG and any relevant sector-specific laws. Therefore, we process your data if an employment relationship exists, we have a legitimate interest in processing your data, you have given us your consent to process the data,, or a law permits the processing of your data or obliges us to process it.

1. Data processing for the purpose of employment

We process your personal data insofar as this is necessary for the implementation of the employment relationship. This data includes, among other things, name, address, bank details, start date, exit date, tax ID, tax class, church tax, child allowances, health insurance fund, social security number, remuneration according to employment contract or collective agreement, attendances and absences, overtime, direct insurance, capital-forming benefits, date of birth.

The legal basis for data processing for the purpose of the employment relationship is usually Art. 6(1)(b) GDPR, Art. 88 GDPR in conjunction with section 26 BDSG.

2. Data processing for the purpose of safeguarding the legitimate interests of the controller or a third party

We additionally process your data to the extent necessary to protect our legitimate interests or the legitimate interests of a third party. The processing we carry out on the basis of a legitimate interest regularly includes the compilation of internal statistics, the investigation of criminal offences, and measures to ensure the proper operation of our IT infrastructure.

The legal basis for data processing to protect the legitimate interests of the controller or a third party is Art. 6(1)(f) GDPR.

3. Data processing for the fulfilment of a legal obligation

We also process your data if this is necessary for the fulfilment of a legal obligation to which we are subject. The obligations we are required to fulfil include in particular the retention obligations under tax law and employment law.

The legal basis for processing for compliance with a legal obligation is Art. 6(1)(c) GDPR in conjunction with the relevant legal standard in each case.

4. Recordings of calls
If we contact you by telephone for sales purposes, we may obtain your consent for further promotional contact. To prove that you agree to be contacted for advertising purposes, we would like to record your consent to telephone calls being recorded for documentation purposes. However, this will not be done without your consent.

Before the call is recorded, you will be informed about the data processing and then asked whether you agree to the recording of the call. For this, you will be prompted to press the “1” key or answer the question with “yes”.... Provided you have pressed the “1” key or answered “yes”, the recording of the call will start. The legal basis of the recording is your consent pursuant to Art. 6(1)(1)(a) GDPR that you have given by pressing the “1” button or answering “yes” . Consent is voluntary and can be refused without giving reasons. Furthermore, the consent can be revoked at any time with effect for the future at datenschutzwhatever@mkn.de. If you revoke your consent, we will delete the stored recording of your call.

We will store the recording of the call for such time as is necessary for documentation purposes or until you revoke your consent. The recording of the call will not be shared with third parties.”

5. Data processing based on consent and for other purposes

We may also process your personal data if you have given your express consent for us to do so (see Art. 6(1)(a) GDPR). In these cases we will provide you with additional data protection information separately as part of the consent process. You can revoke any consent provided at any time using the contact details above.

If we process your personal data in the future for other purposes not listed in this Privacy Policy, we will inform you of this separately in accordance with the legal requirements.


Categories of recipients of the personal data

1. External service providers and affiliated companies

Our external service providers as well as our affiliated companies that perform data processing on our behalf are contractually obliged as defined in Art. 28 GDPR to handle the personal data in accordance with the applicable regulations to the extent required by law. Where these companies come into contact with your personal data, we have ensured that they comply with the provisions of data protection laws by means of legal, technical and organisational measures as well as regular checks.

2. Third parties

We may make your personal data available to the authorities if this is required as part of our legal notification obligations. In addition, your personal data will be transferred to the tax and social security authorities if this is necessary for their activities.

3. Data transfer to a third country

We do not generally transfer your personal data to a third country or to an international organisation outside the European Economic Area (EEA). If we do carry out such a transfer in individual cases, this will only be made to those third countries for which an adequacy decision has been issued by the European Commission or the appropriate level of data protection has been ensured by suitable or adequate safeguards (e.g. binding corporate rules or EU standard contractual clauses).


Duration of data storage

We store your personal data only for the period for which the processing of your data is necessary for the employment relationship, as well as for the period during which it is reasonable to expect potential legal claims to be brought against us. The statutory limitation period for such claims can range from three to thirty years in individual cases.

In addition, we store your personal data insofar as we are obliged to do so within the scope of the statutory obligations to provide proof and to retain data (e.g. in accordance with the German Commercial Code, the German Fiscal Code or the German Money Laundering Act). The statutory retention periods can be up to ten years. Furthermore, special obligations to provide evidence may exist in exceptional cases that make it necessary for your personal data to be retained for a longer period of time.


Information for participants in competitions

Data source

As a rule, you provide us with your personal data in the course of your participation in the competition. In doing so, we collect your personal data directly from you.

However, we may also process personal data that was not collected by us. The source of the data may be public sources. These are:

  • the phone book
  • the results of a Google search
  • the press

Furthermore, we may receive your personal data from third parties – non-public sources – in certain cases in the course of conducting a competition. These are:
 

  • Social networks

If we conduct a competition on a social network via our social media presence, your personal data will generally be disclosed to us via the social network.

 

  • Marketing service providers

If a marketing service provider conducts a competition on our behalf and in our name, it will generally collect your personal data and forward it to us.

 

  • Business partners

If one of our business partners (e.g. a trade fair operator) is commissioned by us to carry out a competition on our behalf, this partner will collect your personal data and transmit and forward it to us.

 

Purposes and legal basis of data processing

We process your personal data exclusively in accordance with the legal requirements of GDPR, the BDSG and any relevant sector-specific laws. We will therefore process your data if there is a contractual basis for this, you have given us your consent to process the data, or a law permits the processing of your data or obliges us to process it.

1. Data processing for the purpose of fulfilling a contract (competition)

We process your personal data to the extent necessary for the implementation of the competition and the associated conclusion of the contract. In addition to the data processed in the context of participation in the competition, this includes your first name, last name, customer number (if any) and address.

In order to enable proper execution of the competition and to be able to contact you as quickly as possible, for example in the event of queries or issues, we also process your address and/or your telephone or mobile phone number and/or your email address, insofar as you have provided us with these for this purpose.

The legal basis for data processing for the fulfilment of a contract is usually Art. 6(1)(b) GDPR.

2. Data processing for the fulfilment of a legal obligation

We also process your data if this is necessary for the fulfilment of a legal obligation to which we are subject. The obligations to be fulfilled by us include in particular the retention obligations under tax law and commercial law.

The legal basis for processing for compliance with a legal obligation is Art. 6(1)(c) GDPR in conjunction with the relevant legal standard in each case.

3. Data processing based on consent and for other purposes

We may process your personal data if you have given your express consent for us to do so (see Art. 6(1)(a) GDPR). In these cases we will provide you with additional data protection information separately as part of the consent process. You can revoke any consent provided at any time using the contact details above.

If we process your personal data in the future for other purposes not listed in this Privacy Policy, we will inform you of this separately in accordance with the legal requirements.


Categories of recipients of the personal data
1. External service providers and affiliated companies

Our external service providers as well as our affiliated companies that perform data processing on our behalf are contractually obliged as defined in Art. 28 GDPR to handle the personal data in accordance with the applicable regulations to the extent required by law. Where these companies come into contact with your personal data, we have ensured that they comply with the provisions of data protection laws by means of legal, technical and organisational measures as well as regular checks. We currently use the following types of service providers to process your data:

2. Third parties

We may make your personal data available to the authorities if this is required as part of our legal notification obligations.

3. Data transfer to a third country

We do not generally transfer your personal data to a third country or to an international organisation outside the European Economic Area (EEA). If we do carry out such a transfer in individual cases, this will only be made to those third countries for which an adequacy decision has been issued by the European Commission or the appropriate level of data protection has been ensured by suitable or adequate safeguards (e.g. binding corporate rules or EU standard contractual clauses).


Duration of data storage

We store your personal data only for the period for which the processing of your data is necessary for the execution of the competition and for the period during which it is reasonable to expect potential legal claims to be brought against us. The statutory limitation period for such claims can range from three to thirty years in individual cases.

If you have given us your consent to process your personal data, this data will be processed on the basis of the consent until you revoke your consent.

In addition, we store your personal data insofar as we are obliged to do so within the scope of the statutory obligations to provide proof and to retain data (e.g. in accordance with the German Commercial Code, the German Fiscal Code or the German Money Laundering Act). The statutory retention periods can be up to ten years. Furthermore, special obligations to provide evidence may exist in exceptional cases that make it necessary for your personal data to be retained for a longer period of time.


Rights of data subjects

As a data subject, you have the following rights against us pursuant to Art. 15 et seq. GDPR. Please contact us by email at datenschutz@mkn.de. Alternatively, please notify us of your request by post to the above address.

1. Right of access to information

You have the right to request information from us as to whether we are processing personal data relating to you. If so, you have the right to request information about this personal data from us.

2. Right to rectification

You have the right to request that we rectify any inaccurate personal data concerning you.

3. Right to erasure

In certain cases, you have the right to demand that we erase personal data relating to you without delay.

4. Right to restriction of processing

In certain cases, you have the right to demand that we restrict processing.

5. Right to data portability

You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format.

6. Right to object to processing

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR. If as we use your data for direct advertising, you can object to this at any time.

7. Right of revocation

If you have given us permission to use personal data, you can revoke this permission at any time.

8. Right to complain to the data protection supervisory authority

In addition, you have the possibility to complain to the competent data protection supervisory authority about the processing of your personal data. The data protection supervisory authority responsible for us is:

The State Commissioner for Data Protection of Lower Saxony
Prinzenstrasse 5
30159 Hanover
Germany

If you have any further questions or comments, please feel free to contact us or our data protection officer at any time.

 

Privacy settings

We use cookies and pixels on our website. Through this, we want to continuously improve our website and make it more user-friendly in order to offer you the best online experience. We collect and store data for marketing and optimisation purposes to personalise content and advertisements, create user profiles and analyse access to our website. We use Google Analytics cookies and Facebook pixels for this purpose. The user data may be passed on to other responsible parties (in particular Google and Facebook) who may process the data outside the European Economic Area. By clicking on “Agree”, you consent to the processing of all cookies and pixels for the purposes stipulated above. Consent is voluntary and can be revoked or adjusted at any time through the cookie settings. For further information on this and data processing through cookies, please see our data privacy statement and in the cookie settings. Legal notice

Your settings for this website

We use the following non-technically necessary cookies on our website. By ticking the box, you consent to the processing of the clicked cookies or pixels. Consent is voluntary and can be revoked or adjusted at any time through the cookie settings. For further information on this and data processing through cookies, please see our data privacy statement.