Privacy policy
1. Privacy at a glance
General information
The following information gives a basic overview of what happens to your personal data when you visit this website. Personal data is all data with which you are personally identifiable. For detailed information on the subject of privacy, see our privacy policy, which can be found below this text.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the “Note on the controller” section of this privacy policy.
How do we collect your data?
Firstly, your data are collected when you disclose them to us. This can include, for example, data that you enter in a contact form.
Other data is automatically or with your consent collected by our IT systems when you visit the website. This is primarily technical data (e.g. web browser, operating system or time of the page visit). This data is collected automatically as soon as you access this website.
What do we use your data for?
Some data are collected in order to ensure the faultless provision of the website. Other data can be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipients and purpose of your stored personal data free of charge at any time. You also have the right to request the rectification or deletion of this data. If you have given your consent for your data to be processed, you may withdraw your consent at any time with effect for the future. You also have the right to request the restriction of the processing of your personal data in specific cases. Furthermore, you have a right lodge a complaint with the competent supervisory authority.
To do so, and in case of any other questions on the topic of privacy, you can contact us at any time.
2. Hosting
External hosting
This website is hosted by an external service provider (host). The personal data that is collected on this website is stored on the host’s servers. This may primarily include IP addresses, contact enquiries, meta and communication data, contract data, contact details, names, website access instances and other data generated via a website.
The use of the host is for the purpose of fulfilling a contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interests of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 (1) (f) GDPR).
Our host will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with respect to such data.
We use the following host:
SICOR KDL GmbH<br/> Krumbacher Str. 20b<br/> D-87719 Mindelheim
Data processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
3. General information and mandatory information
Privacy
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.
Various personal data is collected when you use this website. Personal data are all data with which you are personally identifiable. The present privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
We point out that the transmission of data over the Internet (e.g. when communicating by e-mail) may involve gaps in security. It is not possible to protect data completely against access by third parties.
Note on the controller
The data processing controller on this website is:
MHM Entwicklungs GmbH
Kemptener Straße 1
D-87749 Hawangen
Telefon: +49 (0)8332 92 33 2090
E-mail: info@massivholzmauer.de
The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Storage period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
Designation of a data protection officer as mandated by law
We have appointed a data protection officer for our company.
Maximilian Thanner<br/> EDV-COMPAS GMBH & CO. KG<br/> Fraunhoferstraße 12<br/> D-87700 Memmingen
Telephone: +49 (0) 8331 95050<br/> E-mail: datenschutz@edv-compas.de
Information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure third countries. If these tools are active, your personal data may potentially be transferred to these third countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g. the Secret Service) may process, analyse, and permanently store your personal data for surveillance purposes. We have no control over these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your previously given consent at any time. The legality of data processing carried out up to the time of the revocation shall remain unaffected by the revocation.
Right to object to data collection in special cases; right to object to direct advertising (Art. 21 GDPR)
IN THE EVENT THAT DATA IS PROCESSED ON THE BASIS OF ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION AT ANY TIME. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS PRIVACY POLICY. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).
IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21 (2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory authority, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
Right to data portability
You have the right to demand that any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
SSL or TLS encryption
For security reasons and to protect the transfer of confidential content such as orders or enquiries that you send to us as the website operator, this site uses SSL or TLS encryption. An encrypted connection can be recognised by the fact that the address line of the browser changes from “http://” to “https://” and the padlock icon in the browser line.
When SSL or TLS encryption is activated, the data that you transfer to us cannot be read by third parties.
Information, deletion and rectification
Within the framework of the applicable legal provisions, you have, at all times, the right to receive information about your stored personal data, its origin and recipients, and the purpose of data processing free of charge and, if necessary, the right to the rectification or deletion of this data. To do so, and in case of any other questions on the topic of personal data, you can contact us at any time.
Right to restriction of processing
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:
- In the event that you should dispute the correctness of your data stored by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the deletion of this data.
- If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its deletion.
- If you have raised an objection pursuant to Art. 21 (1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – with the exception of their storage – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.
Objection to unsolicited advertising e-mails
We herewith object to the use of contact information published in compliance with the legal notice obligation for the purpose of sending advertising and information material that has not been expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of advertising information, for instance via SPAM messages.
4. Data collection on this website
Server log files
The provider of these pages collects and automatically stores information in server log files, which your browser automatically transmits to us. This includes:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not combined with other data sources.
This data is collected on the basis of Art. 6 (1) (f) GDPR. The operator of the website has a legitimate interest in the technically flawless depiction and the optimisation of the operator’s website. In order to achieve this, server log files must be recorded.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass this data on without your consent.
The processing of this data is based on Art. 6 (1) (b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.
The data entered by you in the contact form shall remain with us until you request the deletion of the data, revoke your consent to the storage of the data, or the purpose of the data storage is no longer applicable (e.g. once the processing of your enquiry is completed). Mandatory legal provisions – particularly legal retention periods – shall remain unaffected.
Registration on this website
You have the option to register on this website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise, we shall reject the registration.
To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process.
We shall process the data entered during the registration process for the implementation of the user relationship based on the registration and, where necessary, for the processing of other contracts (Art. 6 (1) (a) GDPR).
The data recorded during the registration process shall be stored by us as long as you are registered on this website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention periods.
5. Social media
Facebook plug-ins (Like & Share button)
Plug-ins from the social network Facebook are integrated into this website. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data collected will also be transferred to the USA and other third countries.
You can recognise the Facebook plug-ins through the Facebook logo or the “Like” button on this website. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/?locale=en_GB.
When you visit our site, a direct connection between your browser and the Facebook server is established via the plug-in. This enables Facebook to receive information that you have visited our site from your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the contents of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that, as provider of the web pages, we have no knowledge of the content of the data transmitted or of its use by Facebook. Further information on this is available in Facebooks’s privacy policy: https://en-gb.facebook.com/privacy/explanation.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
The Facebook plug-in is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in achieving the widest possible degree of visibility on social media. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6 (1) (a) GDPR. This declaration of consent may be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://en-gb.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
Twitter plug-in
This website integrates functions of the social media service Twitter. These functions are provided by the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. If you use Twitter and the retweet function, the websites visited by you are linked to your Twitter account and disclosed to other users. Data is also transferred to Twitter in the process. Please note that, as provider of the web pages, we have no knowledge of the content of the data transmitted or of its use by Twitter. Further information on this is available in Twitter’s privacy policy. https://twitter.com/en/privacy.
The Twitter plug-in is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in achieving the widest possible degree of visibility on social media. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6 (1) (a) GDPR. This declaration of consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You can amend your privacy settings with Twitter at https://twitter.com/account/settings.
Instagram plug-in
This website also integrates functions of the social media service Instagram. These functions are provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If you click the Instagram button while logged into your Instagram account, you can link the contents of this website to your Instagram profile. This allows Instagram to associate your visit to this website with your user account. Please note that, as provider of the web pages, we have no knowledge of the content of the data transmitted or of its use by Instagram.
Data is stored and analysed on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in achieving the widest possible degree of visibility on social media. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6 (1) (a) GDPR. This declaration of consent may be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://en-gb.facebook.com/help/566994660333381.Further information on this is available at https://instagram.com/about/legal/privacy/.
6. Analysis tools and advertising
Matomo (formerly Piwik)
This website uses the open-source web analysis service Matomo. Matomo uses technologies that make it possible to recognise the user across multiple pages with the aim of analysing the user patterns (e.g. cookies or device fingerprinting). The information recorded by Matomo about the use of this website will be stored on our server. Prior to storage, the IP address will first be anonymised.
Through Matomo, we are able to collect and analyse data on the use of our website by visitors to it. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
This analytical tool is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the analysis of user patterns in order to optimise the operator’s web offerings and advertising. If a respective declaration of consent (e.g. an agreement to the storage of cookies) has been obtained, the data shall be processed exclusively on the basis of Art. 6 (1) (a) GDPR. This declaration of consent may be revoked at any time.
IP anonymisation<br/> When analysing with Matomo, we use IP anonymisation. In this case, your IP address is truncated before analysis so that it can no longer be clearly assigned to you.
Hosting<br/> We host Matomo with the following third-party provider:
SICOR KDL GmbH<br/> DAS IT & INTERNET SYSTEMHAUS<br/> Krumbacher Straße 20b<br/> D-87719 Mindelheim
Data processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
7. Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you consent to receiving the newsletter. Further data will not be collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form is therefore processed solely on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of data processing operations carried out shall remain unaffected by the revocation.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or when the purpose is no longer applicable. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. (1) (f) GDPR.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
8. Plug-ins and tools
Google Fonts (local hosting)
To ensure a uniform presentation, this site uses Web Fonts, which are provided by Google. The Google Fonts are installed locally. There is no connection to Google servers.
You can find further information about Google Fonts at https://developers.google.com/fonts/faq and in the Google privacy policy: https://policies.google.com/privacy?hl=en.