1. General notes and mandatory disclosures
Note on the party responsible for handling your data, or “controller.”
The controller responsible for data processing on this website is as follows:
Mibau Holding GmbH
Tel.: +49 4777 9339-31
A “controller” is an individual person or legal entity that determines, on its own or with others, the purposes and means applied in processing personal data such as names and e-mail addresses.
SSL and TLS encryption
This website transmits sensitive and personal information, such as when you send requests or orders to the website owner, using SSL and TLS encryption for security and protection. An encrypted connection is clearly marked as such by the address field in your browser showing a padlock icon and the prefix https:// instead of http:// in front of the URL.
No third party (“man in the middle”) will be able to read the data you send us once an SSL/TLS-encrypted connection has been enabled.
2. Data collection on our website
Server log files
This website’s provider collects and stores server log files that your browser automatically sends us. These include:
• Browser type and version
• Operating system
• Referrer URL
• Host name of the user’s computer
• Time of server request
• IP address
The data collected will not be combined with data from other sources.
GDPR Art. 6.1 (f) allows this form of data processing for the purposes of contract preparation, management, and fulfilment. The data will be deleted automatically within fourteen days.
Contact by e-mail or contact form
We will process data personal data you have provided by contacting us, such as by e-mail or using one of our contact forms, according to GDPR Art. 6.1 (b) for the purposes of contract preparation, management, and fulfilment of your request, or GDPR Art. 6.1 (f) to protect our own vested interests in responding to or fulfilling an enquiry you have sent us.
We also use a “session cookie” as necessary to display the correct language and error messages. The cookie is labelled “mibau-stema.de” for easy recognition and will be deleted automatically when you leave our website.
You may configure your browser to tell you when it is about to save a cookie, to allow this once for certain cases or to reject all cookies, or to delete all cookies automatically after closing the browser. Note that if you choose to disable cookies, you might not be able to use all the features on our website.
Who receives your personal data; transmission to third countries
3. Plugins and tools
Processing usage data by integrating fonts
We use the MyFonts service from the Monotype Imaging Inc. third-party provider based in the USA (“Monotype”). This is a paid service charged by page view count, which involves a tracking script on our website that allows Monotype to count the number of page views from users. This does not involve processing any personal data. The IP address used in accessing the page is stored anonymously, so your data will always be processed anonymously while outside the scope of the GDPR (cf. GDPR Recital 26).
Our website uses YouTube, a Google service for playing videos. This feature displays videos from a Google server in an iFrame on the website. The “Extended data protection mode” option is enabled, which means that to the best of our knowledge, no personal user data on our website will be processed before a playing a video based on information we have from Google.
A connection to Google servers will however be established as soon as you start playing a YouTube video on our website, informing the Google server about the page you visited.
Google may also save various cookies on your device or use comparable recognition technologies such as device fingerprinting when you start a video. This allows Google to obtain information on users visiting this website. This information is used for collecting video statistics towards improving user-friendliness and preventing fraud, among other things.
Other data processing operations may also be triggered once you start playing a YouTube video; we have no control over this.
We cannot rule out the possibility of your personal data being transmitted to Google servers located in the USA. Data protection standards in the US are less stringent than in the EU. In particular, this means that US authorities may access your personal data more easily, and that you only have limited rights to appeal against such activity. Enabling the YouTube video feature automatically entails your explicit consent to your data being transmitted to Google and servers in the USA as described above.
We embed YouTube videos on web pages in our website to provide you with relevant content directly without requiring you to leave our website. This allows us to improve our service and user experience for you, making it more interesting and attractive. This justifies our vested interest according to GDPR Art. 6.1 (f).
Once you have given your corresponding consent, your data will only be processed according to Section 25 Para. 1 of the Telecommunications and Telemedia Data Protection Act (TTDSG) in connection with GDPR Art. 6.1 (a) (consent) and Art. 49.1 (a) (consent to transfer your data to a third country). Activating the video function by clicking on it automatically entails consent. Your data will be transferred to Google as described above when you use this feature.
You may always revoke any consent you have given; however, this will not affect the legitimacy of any processing previously performed on the basis of consent you have given prior to revocation.
You may revoke this consent at any time by clicking on the image of the cookie in the lower right corner and disabling the option on YouTube.
More general information on data privacy at Google is available at
https://www.google.de/intl/de/policies/ (external link to Google) and
https://www.google.com/policies/privacy (external link to Google).
4. Your rights
Revoking your consent to personal data processing
Your consent is required to enable some of the cookies and plugins on this website. You may always withdraw any consent you have previously given. To do so, set the corresponding option by clicking the cookie shown below on the right.
Information, restriction, deletion
You may always request information without charge on your personal data that we have stored, its origin and recipient and purpose of processing, and have the data corrected, restricted, or erased within the scope of statutory provisions. If you have any questions about this or other topics concerning data privacy and protection, please do not hesitate to contact us the address given in the legal notices.
Right to object
GDPR Art. 21.1 allows you to object against your personal data being processed according to Art. 6.1 (e) and (f), including profiling, for reasons arising from your particular situation. We will satisfy your above rights as long as the statutory requirements for asserting these rights are met. GSDPR Art. 21.2 allows you to object your personal data being processed for direct advertising; this includes profiling as related to direct advertising.
Right to data portability
You have the right to have your personal data that we have automatically processed with your consent towards fulfilling a contract sent to you or any third party named by you in a common electronically readable format. We can only transmit your data to another data controller named by you as requested as long as it is technically feasible for us to do so.
Contact; right to objection