Compulsory Data Protection Information

I. Introduction

As the data controller, we, Meetrics GmbH, Alexanderstrasse 7, 10178 Berlin, Germany, datenschutz@meetrics.de, would like to explain below, which types of data we are processing and how.

II. Data Protection Officer

Our Data Protection Officer Thomas Werning is available to answer any questions related to data protection.

You can contact him here:
werning.com GmbH – Dieselstrasse 12 – 32791 Lage – teamDatenschutz@werning.com – +49 5232 980-4700

We are providing this compulsory data protection information to comply with our information duties as the data controller pursuant to articles 12 to 14 of the EU GDPR.

III. Information regarding data collection and processing

Below, you will find information about the personal data (this term refers to any details that are or can be used to identify you as a natural person (subsequently referred to as “data subject”) that may be collected.

Such data includes:

  • customer master data required to handle the contract/provide the services, name, address, email address, data related to payment processing, correspondence (such as letters or emails exchanged with you), advertising and sales data (e.g. information about new offers that might be of interest to you sent by mail or by email, subject to your consent)
  • Details from contact initiation, such as the name, phone number, email address
  • Supplier data, such as the name, phone number, email address
  • Employee data, such as the name, address, bank details, religious affiliation, staff number, social insurance number, log data produced when using the IT systems, and other specific categories of personal data
  • Applicant data, such as the name, address, email address, marital status, religious affiliation
  • Data produced in video surveillance

IV. Right to lodge a complaint

You have the right to lodge a complaint with the competent supervisory authority Berliner Beauftragte für Datenschutz und Informationsfreiheit, https://www.datenschutz-berlin.de/, or with any other supervisory authority, if you are under the impression that personal data referring to you is being processed in violation of the General Data Protection Regulation.

V. Purposes of processing

1. Customer data/potential customers

Purposes of processing

We process data that we receive in the context of handling our business relationship with you. We receive these details directly from you. This happens when you send us an enquiry or a contact request, when you place an order and in order processing (see item “Information regarding data collection and processing”).

Legal basis:

It is necessary to collect and process data to handle the contract. These activities take place pursuant to article 6 section 1 sentence 1 b) of the EU GDPR. Use of data for direct advertising is based on article 6 section 1 sentence 1 f) of the EU GDPR. It is in our legitimate interest to draw your attention to special offers by means of direct advertising. Your data is not disclosed to any third parties, unless required by law, such as to the financial authorities due to tax law requirements. The data is deleted, as soon as it is no longer needed for the purpose of processing, or after the end of any applicable legal retention periods (e.g. in the case of relevant accounting records that must be retained pursuant to tax and commercial law: 10 years; commercial and business correspondence: 6 years; information about suppliers, types, quantities, purchases, deliveries: 3 years).

You have the right to object to the use of your data for direct advertising purposes at any time. You also have the right to request access to the data stored about you, to demand that any incorrect details are corrected, and that any unlawfully stored data is erased. Furthermore, you have the right to lodge a complaint with a supervisory authority (see item “Right to lodge a complaint”).

Duration of data storage

Upon provision of the contractually due services, your personal data will be stored for 2 years to handle any warranty claims – for 2 years to fulfil our guarantee obligations – for 3 years to handle any subsequent orders (requested at the time the contract is concluded or later) – for 10 years for purposes related to tax law.

Erasure of data

Your personal data will be erased after the periods indicated above have expired, at the latest.

2. Suppliers

Purpose of processing

We process data that we receive in the context of handling our business relationship with you. We receive these details directly from you when placing an order or in the context of order processing (see item “Information regarding data collection and processing”).

Legal basis:

Die It is necessary to collect and process data to handle the contract. These activities take place pursuant to article 6 section 1 sentence 1 b) of the EU GDPR. Your data is not disclosed to any third parties, unless required by law, such as to the financial authorities due to tax law requirements. The data is deleted, as soon as it is no longer needed for the purpose of processing, or after the end of any applicable legal retention periods (e.g. in the case of relevant accounting records that must be retained pursuant to tax and commercial law: 10 years; commercial and business correspondence: 6 years; information about suppliers, types, quantities, purchases, deliveries: 3 years).

You have the right to request access to the data stored about you, to demand that any incorrect details are corrected, and that any unlawfully stored data is erased. Furthermore, you have the right to lodge a complaint with a supervisory authority (see item “Right to lodge a complaint”).

3. Employee data

Please refer to the separate template that must be provided to employees.

4. Participants of measures according to the Social Security Code (SGB)

Purpose of processing

We process data that we receive in the context of implementing the measure. We receive these details directly from you or from the body responsible for the measure.

Legal basis:

It is necessary to collect and process data to handle the contract. These activities take place pursuant to article 6 section 1 sentence 1 b) of the EU GDPR. Use for direct advertising is based on article 6 section 1 sentence f) EU GDPR and SGB 3 § 318 (including in the context of data transfer). Your data is not disclosed to any third parties, unless required by law, such as to the financial authorities due to tax law requirements. The data is deleted, as soon as it is no longer needed for the purpose of processing, or after the end of any applicable legal retention periods (e.g. in the case of relevant accounting records that must be retained pursuant to tax and commercial law: 10 years; commercial and business correspondence: 6 years; information about suppliers, types, quantities, purchases, deliveries: 3 years).

You also have the right to request access to the data stored about you, to demand that any incorrect details are corrected, and that any unlawfully stored data is erased. Furthermore, you have the right to lodge a complaint with a supervisory authority (see item “Right to lodge a complaint”).

Duration of data storage

Upon provision of the contractually due services, your personal data will be stored for 2 years to handle any warranty claims – for 2 years to fulfil our guarantee obligations – for 3 years to handle any subsequent orders (requested at the time the contract is concluded or later) – for 10 years for purposes related to tax law. The data is stored for 10 years as evidence of implementation and for 10 years for documentation purposes.

5. Newsletters

Purpose of processing

If you would like to receive the newsletter advertised on our website, we will require your email address. Registration for the newsletter takes place in the form of a double opt-in process. This means that after registering, you will receive an email asking you to confirm your registration. This process is designed to prevent that unauthorised individuals use your email address to register. Information about your registration for the newsletter is recorded (the registration and confirmation times are logged, as well as the IP address). These records enable us to provide evidence of the registration process in line with legal requirements.

You can revoke your consent to the storage of your email address (and optionally your first and surname to allow us to address you personally) and its use for sending the newsletter including performance measurement at any time. At the bottom of each newsletter, you will find a link that allows you to unsubscribe. Before erasing unsubscribed email addresses, we may store them for up to 2 years as evidence of formerly granted consent.

Legal basis for sending newsletters and measuring their performance:

These activities take place based on consent granted by the recipients according to article 6 section 1 sentence 1 a) EU GDPR and article 7 EU GDPR in conjunction with § 7 section 2 no. 3 UWG (Fair Trade Law), or based on legal authorisation pursuant to § 7 section 3 UWG.
Article 6 section 1 sentence 1 f) also applies: Our legitimate interest in measuring the performance of our newsletters, arises from the fact that information about our users’ reading habits based on whether a newsletter is opened and when, and which links are clicked, enables us to produce and distribute useful content based on personal preferences.

The legal basis of logging is article 6 section 1 sentence 1 f) EU GDPR. Our legitimate interest arises from the fact that we are using a secure and user-friendly newsletter system that is helpful for sending out the newsletters and protects the personal data of our subscribers. It also enables us to provide evidence of consent granted.

You have the right to request access to the data stored about you, to demand that any incorrect details are corrected, and that any unlawfully stored data is erased. Furthermore, you have the right to lodge a complaint with a supervisory authority (see item “Right to lodge a complaint”).

6. Applicants

Purpose of processing

Applications submitted online, by email or through the post: If you apply with us due to a job advertisement, we will collect your personal data, such as your first and surname, address, phone number, email address, attachments (covering letter, curriculum vitae, certificates, photograph) and store this information for the duration of the selection process.

Online: Upon activating the check box and sending the form, you explicitly agree that we may collect, process and use the transmitted data for the purpose of handling the application. This applies in particular for sensitive information regarding your mental and physical health, race, ethnic background, political views, religious or philosophical beliefs, memberships in unions or political parties, or regarding your sexual life.

Your data will be used by authorised members of the personnel department and the company management for processing in the context of the selection process only. Your personal data will not be disclosed to any third parties.

If the specific position you have applied for has already been filled, but you might qualify for future employment or employment with a partner company or subsidiary, we will request your explicit approval before we continue to store your data or pass on your application, unless you have agreed to such storage or disclosure in your application.

If you send an unsolicited application to our general contact email address, the content of your application email may be viewed by unauthorised staff members. Our staff members are instructed to pass on any application documents to the personnel department immediately without opening them, and to delete the incoming email. If you would like to avoid this, please get in touch by phone before sending your application, and we will provide you with the contact details of the correct contact partner.

The legal basis for processing pre-contract data is article 6 section 1 sentence 1 b) EU GDPR.

If you do not instruct us otherwise, we will erase your data 6 months after the end of the application process and will destroy any applications received by postal mail. Owing to the long application and selection periods for trainees, we may store their data for up to 18 months in Germany.

Provided that the respective legal requirements apply, you have the following rights: Right of access to the data stored with us; right to have your data corrected, erased and its use restricted, right to object to data processing and right to data portability. Of course you can also request at any time that your entire application documents are deleted or destroyed. To do so, please send an email to: hr@meetrics.com.

7. Server data collection

The following link will take you to the data protection statement on our website: https://www.meetrics.com/en/data-privacy/.

8. Video surveillance

Purpose of processing

We use video surveillance to prevent vandalism and theft, to exercise our rights as the residents of our premises, to protect people and property, to prevent industrial espionage, to control access to our premises and to prevent burglaries. In our role as the data controller, we process personal image files that are produced in the context of video surveillance on our premises.
These files are stored for 3 weeks.

The legal basis is article 6 section 1 sentence 1 f) EU GDPR. Our legitimate interest is to prevent burglaries, to protect our property and to control access to our premises.

This data is only disclosed to the investigating authorities in the event of a criminal act.

You have the right to request that we as the data controller inform you, whether any personal data referring to you is processed: if this is the case, you have the right to receive access to such personal data, and to demand that any incorrect data is corrected or unlawfully stored data is erased. Furthermore, you have the right to lodge a complaint with a supervisory authority (see item “Right to lodge a complaint”).

Our Data Protection Officer is available to answer any questions: datenschutz@meetrics.de.

9. Partners

Purpose of processing

We process personal data to enable partners to take part in the general meetings and to exercise their rights in the context of the general meetings.

The legal basis for processing is article 6 section 1 sentence 1 c) EU GDPR.

Only personal data that is required for performing the services ordered is provided. The service providers will only process this data as instructed by the customer.

In the context of the general meeting and within the framework of legal regulations, personal data is provided to the partners and company representatives in the form of the list of participants. This personal data is stored in line with the statutory obligations and eventually erased.

VI. Categories of recipients

In the context of service provision, we rely on service providers for specific areas in which access to personal data cannot be ruled out. Separate confidentiality and data protection agreements are in place with these service providers.

These categories of recipients are:

  • External processors (article 28 EU GDPR) who process your data according to our instructions, in particular in the areas of IT services, tax, logistics and printing services.
  • Public bodies and institutions (financial authorities), where there are legal or official obligations.
  • Other recipients for which you have granted your approval to data transmission.

The data is only disclosed to any authorities, if overriding legal regulations apply.

VII. Advertising and right to object

First and surnames and addresses are also collected for advertising purposes (for mailing offers and information about further services). You may object to the processing of your data for advertising purposes at any time and without stating any reasons. To do so, please contact us: datenschutz@meetrics.com

VIII. Objection to data storage

Legitimate business interests from a data protection point of view apply for our further processing of data for 10 years for handling any future orders (requested at the time the contract is concluded or later). You may object to such processing at any time by contacting us: datenschutz@meetrics.com

IX. Obligation to provide information

It is usually not possible to conclude a contract if you do not provide your correct details.

X. Data subject rights

According to article 15 EU GDPR, you have the right to obtain information about the personal data stored about you, including any recipients and the intended duration of storage. If any incorrect personal data is being processed, you have the right to have such data corrected (article 16 EU GDPR). If the respective legal requirements apply, you can demand that your personal data is erased or that processing is restricted, and you may object to the processing of your data (articles 17, 18 and 21 EU GDPR).

If you wish for your data to be erased while we are still bound to observe legal retention periods, access to your data will be restricted (blocked). The same rule shall apply in the case of an objection. You can exercise your right to data portability, provided that we and the recipient are technically able to fulfill these requirements.

Our Data Protection Officer is available to answer any questions regarding your data subject rights: info@werning.com.

XI. Topicality and updating of this compulsory information

We reserve the right to adjust the content of this compulsory information at any time. We usually do so in the case of any further developments or legal adjustments. The latest version of our compulsory information is available via a link to our website.

This statement was published in: April 2021

Further information about handling personal data is available here: https://www.datenschutz-berlin.de/