Seite wählen

Privacy Policy

Welcome to the MDSS GmbH website. We appreciate your interest in our company. Protection of the personal data you entrust to us is a priority and we want you to feel safe and secure when you visit our website or use our online offers.

Principles of data processing

In order to fulfill the information obligations towards our customers, suppliers and interested parties in accordance with Art. 12, 13 of the General Data Protection Regulation (GDPR), we are pleased to provide you with our data protection information below:

 

Who is responsible for data processing?

The person responsible in terms of data protection law is the
MDSS GmbH
Schiffgraben 41
30175 Hannover
Tel: +49 (0) 511 6262 8630

 

Which of your data do we process? And for what purposes?

If we have received data from you, we will only process it for the purposes for which we have collected it.
These purposes are usually:
  • Communication for the fulfillment of the contract
  • Information about our goods and services
  • Reference for new customers
  • Invoicing and debits
  • Safeguarding warranty claims
This data is usually:
  • Your personal data (e.g. surname, first name, title, form of address, …)
  • Contact details (e.g. email address, telephone number, mobile number, …)
  • Transaction data (e.g. IBAN, BIC, creditworthiness…)
Other personal data that you provide to us during the pre-contractual/contractual relationship. Please note that we cannot list all potential data. However, we only collect data that you actively provide to us or that is publicly accessible. You can check specific information in one of our websites.
Data processing for other purposes will only be considered if the necessary legal requirements in accordance with Art. 6 (4) GDPR are met. In this case, we will, of course, comply with any information obligations under Art. 13 (3) GDPR and Art. 14 (4) GDPR.

 

What is the legal basis for this?

The legal basis for the processing of personal data could be:
  • Consent (Art. 6 (1) (a) GDPR)
  • Data processing for the performance of contracts (Art. 6 (1) (b) GDPR)
  • Data processing based on a balance of interests (Art. 6 (1) (f) GDPR)
  • Data processing for compliance with a legal obligation (Art. 6 (1) (c) GDPR)
If personal data is processed on the basis of your consent, you have the right to revoke your consent to us at any time with effect for the future. You can address the objection to our data protection officer, whom we will introduce below.
In the case of direct advertising, the permissible legal basis is consent in accordance with Art. 6 (1) point a GDPR pursuant to Section 7 of the German Unfair Competition Act (UWG). For existing customers who rely on existing customer relationships, the exception of Section 7 (3) UWG applies, according to which consent is not required; the legal basis of Art. 6 (1) points b and f GDPR applies here. We justify our legitimate interest in accordance with recital 47 of the GDPR; we have a legitimate interest in providing our customers with information about our goods and services. As the data subject, you have the right to object to the processing of personal data for these purposes, taking into account the provisions of Art. 21 GDPR.

 

How long is the data stored?

We process the data for as long as is necessary for the respective purpose.
Insofar as statutory retention obligations exist – e.g. in commercial or tax law – the personal data concerned will be stored for the duration of the retention obligation. After the retention obligation has expired, we will check whether there is any further need for processing. If there is no longer any need, the data will be deleted.
In principle, we check data towards the end of a calendar year with regard to the requirement for further processing. Due to the amount of data, this check is carried out with regard to specific types of data or purposes of processing.
Of course, you can request information about the data we have stored about you at any time (see below) and, if it is no longer required, request that it be deleted or its processing restricted.

 

To which recipients will the data be forwarded?

In principle, your personal data will only be forwarded to third parties if this is necessary for the execution of the contract with you, if the forwarding is permissible on the basis of a weighing of interests within the meaning of Art. 6 (1) point f GDPR, if we are legally obliged to forward the data or if you have given your consent to this extent.
In the context of tax and commercial law requirements, data may be passed on to tax advisors, credit institutions and other tax authorities.
In our case, third parties are not service providers and affiliated companies that have to comply with our data protection requirements. For this purpose, we have concluded order processing contracts and thus ensure that you can also exercise your rights against them.

 

Where is the data processed?

We process your personal data mainly in data centers in the European Union, so the General Data Protection Regulation applies to the processing at all times. Where data is not processed there, we have taken safety measures (such as binding rules) to ensure that data processing is made in accordance with the level expected within the EU, as laid down by Art. 44 GDPR.

 

Your rights as a data subject

You have the right to request information about the personal data concerning you that we process in accordance with Art. 15 GDPR. If a request for information is not made in writing, we ask for your understanding that we may then require you to provide proof that you are the person you claim to be.
Furthermore, you have the right to request the correction or deletion of your personal data or to restrict its processing to the extent permitted by law in accordance with Art. 16, 17 and 18 GDPR.
Besides, you have the right to object to the processing within the scope of the legal requirements. The same applies to the right to data portability. In particular, you have the right to object to the processing of your data in accordance with Article 21 (1) and (2) GDPR in the context of Article 6 (1) point f GDPR. You can report the objection informally to our data protection officer at the following addresses:

 

Our data protection officer

We have appointed an external data protection officer in our company. You can contact them using the following options:
E-mail: privacy@mdssar.com

 

Right to lodge a complaint

You have the right to lodge a complaint about our processing of personal data with a data protection supervisory authority.