Data Protection Policy
pursuant to the EU General Data Protection Regulation (GDPR)
(Regulation EU (2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46EC in the Official Journal of the European Union, OJ L 119/1; Date of effect: 25 May 2018).
For the website www.miomio.com
We, MIO MIO GmbH, Haselünne, take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the data protection regulations of German and European law (particularly in accordance with the EU General Data Protection Regulation/GDPR and the German Telemedia Act/TMG) and the following policy
This data protection policy applies to our website alone. If you are directed to other websites after clicking on links on our website, please obtain information about the treatment and processing of your personal data from the corresponding website.
The legal basis of data processing also on websites mainly comprises the following provisions and legal regulations:
- Your consent (Art. 6 para. 1 letter a GDPR)
- Performance of contracts or other legal relationships (Art. 6 para. 1 letter b GDPR)
- Safeguarding of legitimate interests / Weighing of interests (Art. 6 para. 1 letter f GDPR)
In accordance with the principles of data minimisation and data economy, we process personal data only for as long as necessary within the meaning of the following policy or for as long as prescribed by law (statutory retention period). If the purpose or right of processing collected personal data no longer applies or if the permissible retention period expires, we block or erase the data unless the continued processing of these data for a limited period of time is necessary particularly for the following purposes:
- Compliance with retention periods under commercial law and tax law, particularly in accordance with the German Commercial Code (HGB) and Tax Code (AO). The retention or documentation periods specified therein range from two years to at most ten years.
- Preservation of evidence within the scope of the statute of limitations. According to Sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), these limitation periods may be as long as 30 years, although the regular limitation period is three years.
- Warranty or guarantee claims on your part
In order to respect a data lock at any time, it is necessary to keep the data in a lock file for control purposes. Barring the existence of a statutory archiving obligation, you may also demand the erasure of such data. Given the existence of a statutory archiving obligation, we will lock these data if you want this. Insofar as the provision of personal data is specified by law or contract or is required for the conclusion of a contract, we refer to the detrimental effects of non-provision.
Particularly the following terms used in this agreement are defined in Art. 4 GDPR as follows:
- Personal data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Data subject: Any identified or identifiable person whose personal data are processed by the controller.
- Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Please refer to Art. 4 GDPR (https://dejure.org/gesetze/GDPR ) for additional definitions.
Name and contact data of the controller and the company’s data protection officer
This data protection information only applies to data processing by the operator of this website as the controller: MIO MIO GmbH, Neuer Grund 24, 49740 Haselünne, Germany (hereinafter “MIO MIO”), email: firstname.lastname@example.org , telephone: +49 (0)5961/502-4, fax: +49 (0)5961/502-378.
The data protection officer of MIO MIO can be reached as follows:
Telephone: +49(0) 5961/502-0
Fax: +49(0) 5961/502-268
Email address: email@example.com
Collection and storage of personal data; nature and purpose of use
Calling up the website (server logfiles)
When this website www.miomio.com is called up, information is automatically sent to the server of this website by the browser in use on your terminal device. This information is temporarily stored in a logfile. The following information is recorded without any action on your part and stored until automatic erasure:
- IP address of the requesting computer (host name)
- Date and time of access
- Name and URL of the called-up file
- Website from where this website was accessed (referrer URL)
- Browser used and possibly also the operating system of your computer
- Name of your access provider.
No conclusions regarding your personal identity can be drawn from this automatically generated information. The aforementioned data are processed by us for the following purposes:
- Assurance of a smooth connection to the website
- Assurance of the comfortable use of our website
- Evaluation of system security and stability
- For other administrative purposes.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 letter f of the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EGC(General Data Protection Regulation, hereinafter GDPR). Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data to draw conclusions regarding your personal identity.
Age verification is not performed on this website and therefore no specific data are used by us and no cookies or the like are placed for this purpose.
Contacting us / contact form
We offer you the option of contacting us using a form on this website. If you wish to make use of this option, you must enter a name and a valid email address so that we know who is asking the question and can answer it. You can voluntarily provide other information, particularly in the message field.
You can also contact us by regular mail or at firstname.lastname@example.org (see the contact data in the Publication details). We will then process those data that you transmit to us in your contact request; besides purely technical data (see 2.a above), such data can particularly also include real names (first and last name), usernames, addresses (street address, postal code, city), telephone numbers and email addresses.
We process the data we receive in your contact request for the purpose of properly responding to your request.
After responding to your request, the personal data collected by us and received from you in connection with your contact request will be automatically erased unless there is a legitimate interest in further retention for a limited period of time (e.g. job applicant data) or you give us your consent not to erase the data.
Data processing for the purpose of contacting us is performed in accordance with Art. 6 para. 1 S. 1 letter a GDPR on the basis of your voluntarily given consent.
Disclosure of data
Your personal data are transferred to third parties only for the purposes set out below. We disclose your personal data to third parties only
- If you have given your express consent to such disclosure in accordance with Art. 6 para. 1 sentence 1 letter a GDPR
- If the disclosure is necessary for the establishment, exercise or defence of legal rights in accordance with Art. 6 para. 1 sentence 1 letter f GDPR and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data
- If there is a legal obligation to disclose the data according to Art. 6 para. 1 sentence 1 letter c GDPR
- If this is legally permissible and is necessary for the performance of a contract with you according to Art. 6 para. 1 sentence 1 letter b GDPR
- On the basis of a processing contract between us and a processor according to Art. 28 GDPR
If we intend to use the personal data for another purpose than the aforementioned purposes, we will provide information about this other purpose and all other relevant information to you before beginning such processing according to Art. 13 para. 2 GDPR.
We use the following cookies:
- Session cookies
- Google Analytics cookies
- Flockler Cookies (see Item 6 below)
Information related to the specifically used terminal device is stored in a cookie. However, this does not mean that we directly obtain knowledge of your personal identity.
You can prevent the use and placement of cookies by blocking the placement of cookies in your browser (you can find information on this subject in the help function of your browser). Opt-out cookies prevent the future collection of data when you visit this website. Please note, however, that it may not be possible to fully use all the functions of this website in this case.
- Session cookies to recognise that you have already visited individual pages of our website. They are only stored in the work memory of the user’s computer. A randomly generated unique identification number known as a session ID is stored in a session cookie. A cookie also contains information about its origin and storage period. These cookies are not capable of storing any other data. Session cookies are erased when the website session ends.
- Temporary cookies that are stored on your terminal device for a certain, defined period of time. When you visit our website again to utilise our services, such cookies automatically recognise that you have already visited our website and store the entries and settings you have made so that you do not have to enter them again.
- Cookies for statistical data collection and for the purpose of optimising our website offering (see Item 5). These cookies also make it possible to automatically recognise that you have already visited our website when you visit again. These cookies are automatically erased after a defined period of time.
The data processed by cookies are necessary for the aforementioned purposes of safeguarding our legitimate interests and those of third parties according to Art. 6 para. 1 sentence 1 letter f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notification always appears before a new cookie is created. However, the complete deactivation of cookies can mean that you will not be able to use all the functions of our website. It is usually not possible to suppress session cookies (see 4.a above).
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 letter f GDPR. We use these tracking measures to ensure the need-based design and continuous optimisation of our website. We also use tracking measures to statistically track the use of our website and evaluate these data for the purpose of optimising our website offering for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision of the GDPR.
The data processing purposes and data categories are described in the respective tracking tools.
This website uses Google Analytics, a web analytics service of Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). It also uses Universal Analytics. This version of Google Analytics makes it possible to assign a pseudonymous user ID to data, sessions and interactions across multiple devices in order to analyse the user’s activity on multiple devices (including cross-device tracking).
As part of this activity, pseudonymised user profiles are generated and cookies are used (see Item 4 above). The data collected by the cookie about your use of this website, including
- The browser type/ version
- The operating system used
- The referrer URL (the previously visited website)
- The host name of the accessing computer (IP address, truncated)
- Time of server call-up
are usually transferred to a Google server in the United States and stored there.
However, if IP anonymisation is activated on this website, Google will first truncate the IP address of users located in one of the member states of the European Union or the other signatory states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the United States and truncated there. The IP address transmitted by the browser used for the purposes Google Analytics is not commingled with other data of Google. Google will use this information on behalf of the operator of this website to evaluate the use of the website, compile reports on website activities and provide other services related to website use and Internet use to the website operator. For these purposes, the legitimate interest primarily lies in data processing. The legal basis for the use of Google Analytics is Art. 6 para. 1 letter f GDPR. Sessions and campaigns are ended after a certain period of time. Normally, sessions are ended after 30 minutes of no activity and campaigns are ended after six months. The maximum time limit for campaigns is two years.
Besides the possibility of preventing the storage of cookies by setting your browser software accordingly (in that case, an opt-out cookie is stored in your device to prevent the future collection of your data when you visit this website; the opt-out cookie only applies within this browser and for our website and is stored on your device; if you erase all the cookies in this browser, you must place the opt-out cookie again), you can also prevent the collection of data generated by the cookies in relation to the use of our website (including the IP address) by Google and the processing of these data by Google by downloading the browser add-on from https://tools.google.com/dlpage/gaoptout?hl=de and installing it (deactivation add-on). To prevent the collection of data by Universal Analytics across different devices, you must perform the opt-out on all systems you use. The opt-out cookie is placed here: [google_analytics_optout]Opt-Out-Cookie setzen[/google_analytics_optout](disabling tracking). To prevent the collection of data by Universal Analytics across different devices, you must perform the opt-out on all systems you use. Please note that you may not be able to fully use all the functions of this website if you use this opt-out.
These data are also transferred to third parties if this is legally prescribed or insofar as third parties process these data on behalf of Google (see Item 3 above). Your IP address is never commingled with other data of Google. The IP addresses are anonymised so that it is not possible to identify individual users (IP masking, anonymizeIP).
You can find additional information on data protection in relation to Google Analytics in the Google Analytics help function (https://support.google.com/analytics/answer/6004245?hl=de).
Social media plug-ins
We use the Flockler social media plug-in to personalise the use of our website as much as possible. Various “SHARE” buttons are used for this purpose.
When you call up our website, your browser establishes a direct connection with Flockler’s servers. The content of the plug-in is sent by Flockler directly to your browser and is integrated from there into the website. However, Flockler does not store any of your personal data. Nevertheless, Flockler cookies are placed on your device (see Item 4 above.)
When the plug-in is placed on your device, however, Flockler is informed that your browser has called up our website even if you do not have a Flockler account or are not logged in to Flockler at the time.
If you are logged in to Flockler, Flockler can attribute your visit of our website to your Flockler account. If you click on the “SHARE” button, for example, the corresponding information is likewise transmitted directly to a Flockler server in the United States.
If you do not want Flockler to attribute the data collected from our website to your Flockler account, you must log out of your Flockler account before visiting our website.
Rights of the data subject
You have the right, without charge in every case,
- In accordance with Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may obtain information about the purposes of the processing, the category of personal data, the category of recipients to whom your data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if they were not collected by us, and the existence of automated decision making, including profiling, and any meaningful information about the details of such processing;
- In accordance with Art. 16 GDPR, to obtain without undue delay the rectification of inaccurate personal data or the completion of incomplete personal data stored with us;
- In accordance with Art. 17 GDPR, to obtain the erasure of personal data stored with us unless processing is necessary for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims; the same applies for restriction of processing;
- In accordance with Art. 18 GDPR, to obtain the restriction of processing of your personal data insofar as the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of your personal data, we no longer need the personal data but you require these data for the establishment, exercise and defence of legal claims, or you have objected to the processing of your personal data in accordance with Art. 21 GDPR;
- In accordance with Art. 20 GDPR, to receive the personal data you have given to us in a structured, commonly used and machine-readable format, or to have the personal data transmitted to another controller;
- In accordance with Art. 7 para. 3 GDPR, at any time to withdraw the consent you have given to us. In this case, we may no longer continue the data processing performed on the basis of this consent in the future;
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision (1) is necessary for entering into or performing a contract between the data subject and the controller, or (2) is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent. If the decision is necessary (1) for entering into or performing a contract between the data subject and the controller, or (2) is based on the data subject’s explicit consent, Berentzen-Gruppe Aktiengesellschaft will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision. If the data subject wishes to exercise rights related to automated decisions, he or she can always contact an employee of the controller, and
- Lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. For this purpose, you can usually turn to the supervisory authority with jurisdiction over your habitual residence or place of work or our company’s registered head office.
To exercise your rights as a data subject, please send an email to email@example.com.
Right to object/ right to revoke consent
If your personal data are processed on the basis of legitimate interests according to Art. 6 para. 1 sentence 1 letter f GDPR, you have the right according to Art. 21 GDPR to object to the processing of your personal data or revoke any consent given to processing on grounds relating to your particular situation or object to or revoke your consent to direct marketing. In the latter case, you have a general right to object or revoke your consent without stating grounds relating to your particular situation.
If you wish to exercise your right of revocation or objection, you only need to send an email to firstname.lastname@example.org .
When you visit our website, we use the common SSL (Secure Socket Layer) protocol in combination with the highest level of encryption supported by your browser, which is normally a 256-bit encryption. You can tell whether an individual page of our website is being transmitted under encryption from the closed lock-and-key symbol in the lower status bar of your browser.
We also employ appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or access by unauthorised third parties. Our security measures are continuously improved on the basis of technological advances.
Current status and modification of this data protection policy
This data protection policy is currently valid. The status is 25 May 2018 (date of effect of the GDPR).
The further development of our website and related offerings or changing legal or official requirements could make it necessary for us to modify this data protection policy.