Data Protection Policy
Personal data are those items of data that make it possible to identify you. Here the issue is not whether it is possible to identify you based on a single piece of information. The more information and data that can be combined, the more accurately the person can be identified. Personal data include, e.g., the name, address, age, e-mail address and telephone number of a person.
1. Collection, processing and storage of personal data by MAPAL
MAPAL collects, processes and saves your personal data only if these actions are permitted by statutory regulations or you have given your consent. We obtain these data in two ways: either you provide the data to us or we collect the data during the utilisation of our services.
The provision of personal data as part of this website is prescribed neither by law nor by contract, nor is it necessary in order to enter into an agreement. However, there are some services of this website or that we otherwise offer that you will not be able to use if you do not provide data.
1.1. Data you share with usGenerally speaking, you can use our website without directly providing us with personal information. For some services, we will ask you to provide personal information that is needed for us to be able to provide the service, or so that we can carry out the respective service quickly and in a user-friendly manner. Detailed information on all of the services that are offered by MAPAL on this website can be found under “Individual services” (see below in section 3).
1.2. Data we obtain during your utilisation of our servicesSome data are produced automatically and for technical reasons when you visit our website. The following information is acquired without any action on your part and saved until it is deleted automatically:
- IP address,
- Web browser used, including language and browser software version
- Operating system and the respective interface
- Web page from which access is made (Referrer URL)
- Date and time of the access.
- To ensure the smooth establishment of a connection to the website,
- To ensure our website is pleasant to use,
- To evaluate the system security and system stability.
- To evaluate statistics
1.3. Forwarding of dataIn general, we do not pass on personal data to third parties. If data is transferred to third parties in individual cases, then the transfer is carried out on the basis of appropriate agreements.
In individual cases, it may be necessary for us to transfer information to recipients in so-called “third countries” for other purposes, such as the execution of contracts. “Third countries” are countries outside of the European Union or the Agreement on the European Economic Area, where it cannot necessarily be assumed that there is a level of data protection comparable to that within the European Union. If the information that is transferred includes personal data, prior to any such transfer, we will ensure that the third country or the recipient in the third country guarantees the necessary adequate level of data protection. This may in particular result from an “adequacy decision” granted by the European Commission, which determines that there is an adequate level of data protection for a specific third country as a whole. Alternatively, we can base the transfer of data on “EU standard contractual clauses” that have been agreed with a data recipient. Further information on appropriate and adequate safeguards necessary for ensuring a sufficient level of data protection is available upon request.
Further information on EU standard contractual clauses can be found via https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and information on adequacy decisions via https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Through appropriate measures and regular controls, we ensure that the data we collect cannot be viewed or accessed by unauthorized persons from outside.
2. Usage of cookies
"Cookies" are small files that your browser creates automatically and saves on your device (laptop, tablet, smartphone, etc.).
Information related to the specific device used is saved in the cookies. This does not mean that we obtain direct knowledge of your identity by this means. The usage of cookies is to make it pleasanter for you to use our website. Here it is possible to differentiate between the following types of cookies.
Cookies that are imperative for the operation of a website and that are essential for navigating on the website and using its functions. These cookies are not saved permanently on your computer or device and are deleted when you close your browser (session cookies).
Statistical, analytical and performance cookies make it possible to acquire and count the number of visitors and traffic sources for measuring and improving the performance of the website. They are also used to find out whether problems or errors occur on certain pages, which pages are the most popular and how visitors navigate on the website. Analytical/performance cookies are deleted after a defined retention period.
Tracking cookies are used to track the visits and individual activities on websites. They are used to acquire and evaluate the utilisation of websites statistically. These cookies are automatically deleted after a defined time.
2.2. Usage at MAPAL
In your browser you can display the cookies on your computer, delete the cookies or set up the configuration such that not all of the cookies or no cookies are saved any longer. Please note that some functions may not work or may not work correctly if you deactivate the usage of cookies.
3. Individual services
3.2. Email newsletter
If you register for the MAPAL Newsletter, you provide your express consent. For this purpose we will need your e-mail address. You can receive a more personalised newsletter by providing us with further information about your company, as well as name and contact information.
Individual links in the newsletter are personalised so that we can recognise which content is of particular interest to readers and so we can improve our range of services on this basis.To be able to answer your query quickly and specifically, you should provide us with further information on your company, as well as your name and contact data.
By means of a tracking pixel in the newsletter, we may also receive information on whether the newsletter has been opened. You can prevent this in your e-mail system by not allowing any external images.
Your data will be used only for the purpose of sending the newsletter as per art. 6 para. 1 lit. a GDPR. For this purpose we use a tool from a service provider; the service provider receives your data within the statutorily permitted, contractually regulated framework. You can view, change or delete your data at any time.
3.3. Online ShopThe data that we collect about you in our online shop is used exclusively to ensure a trouble-free ordering process. It is necessary to register and create a customer account before you can place an order in our online shop. To create a customer account, you will need to provide us with personal data such as your name, address, telephone number and e-mail address. We process your personal data in connection with the customer account, so that we can provide our services and protect our legitimate interests based on Art. 6 (1)(b) and (f) GDPR. We have a legitimate interest in being able to offer the service to our users and to avoid interruptions and attempted fraud.
We will delete your data stored within the customer account, at the latest when you inform us that we should delete your profile, unless applicable law obliges or entitles us to retain the data longer.
In the case of parcel deliveries and freight forwarding deliveries, we pass on your name, address and telephone number to our contractually bound service providers so that they can process the delivery and communicate with you if necessary to announce and coordinate the delivery. The legal basis for the associated data processing is Art. 6 Para. 1 b) GDPR, i.e. the processing of your data is necessary for the fulfilment of the purchase contracts and delivery agreements.
3.4. Catalogue mailingTo mail our catalogues we need your name, your address as well as how to contact you if you are absent. For this purpose we collect your telephone number as well as your e-mail address. These data are processed based on art. 6 para. 1 sentence 1 lit. f GDPR.
We use these data once for mailing the catalogues and brochures required. A service provider undertakes the picking and mailing of print media for us. This service provider uses your data once within the statutorily permitted, contractually regulated framework to safeguard the provision and mailing of catalogues and brochures. Your data will then be deleted without delay.
3.5. Google Analytics
We use Google Analytics on our website, which is a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This function is only activated if you grant us your consent in accordance with Point a) of Art. 6(1) GDPR or Point a) of Art. 49(1). Google Analytics uses “cookies”. These are text files that are placed on your computer to help the website analyse how users use the site. The information that is generated by the cookie regarding your use of the website is usually transferred to a Google server in the US where it is stored. We have activated IP shortening on this website so that your IP address is shortened in advance by Google within member states of the European Union, or in other co-contracting countries to the agreement on the European Economic Area.
It is only in exceptional cases that your full IP address will be transferred to a Google server in the US and shortened there. Google will use this information on our behalf in order to evaluate your use of the website, to compile reports regarding website activities, and to provide us with further services that are related to website and internet usage. The IP address that your browser transmits within the framework of Google Analytics is not combined with other data from Google.
Any of your personal data that is collected in connection with Google Analytics will be deleted or anonymised after 14 months.
It is possible to stop cookies being saved on your computer by adjusting your browser software accordingly; however, it is important to note that if you choose to do this, you may not be able to use all the functionalities of the website to their full extent.
3.6. Google DoubleClick
Doubleclick by Google is a service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).This function is only activated if you grant us your consent in accordance with Point a) of Art. 6(1) GDPR or Point a) of Art. 49(1).
The use of DoubleClick cookies merely allows Google and its partner websites to display adverts on the basis of previous visits to our website or other websites. The information generated by the cookies will be transmitted to and stored by Google on a server in the USA for analysis. Data are transmitted by Google to third parties solely for compliance with legal stipulations or as part of contract data processing. In no event will Google compile your data with other data recorded by Google.
3.7. Google Tag Manager
Google Tag Manager is used on this website. Google Tag Manager makes it possible to manage website tags via an interface. The tag manager tool itself (which implements the tags) is a cookieless domain and does not contain any personal data. The tool makes it possible to trigger other tags, which may in turn record data. Google Tag Manager does not access these data. If deactivation takes place on domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
This function is only activated if you grant us your consent in accordance with Point a) of Art. 6(1) GDPR or Point a) of Art. 49(1).
3.8. Careers portalPlease do not send your application via e-mail; please use our encrypted career portal instead.
When using our online recruitment portal, it is important to us that your personal data is protected to the greatest extent possible. All personal data that we collect and process as part of an application is protected against unauthorised access and manipulation through technical and organisational measures.
The legal basis for data processing with regard to your application is Art. 88 GDPR in connection with Section 26(1) Federal Data Protection Act (BDSG) as well as, where applicable, your consent to data processing.
The data controller – in the event of an application for a specifically
advertised position – is the company advertising, and their address details can be found in the advert in question. When applying for a specific position, your data will only be provided to other recruiters within the MAPAL corporate group if you consent to this when your data is recorded.
If you do not provide the necessary personal data, you cannot participate in the application process.
When you set up your general application profile on our platform, MAPAL Dr. Kress KG shall be the data controller in this respect. If you use an automatic CV reader from a third-party provider (such as XING or LinkedIn) and use it to transfer your details to the application management system, your personal data will also be collected, processed and used by third parties for the purpose of the application process. Before using automatic CV reading, separate consent to the processing of your personal data must be granted.
When you submit an application, it is ensured that your data are automatically erased from our systems as soon as the purpose for which we collected your data has been fulfilled. Routines are put in place to ensure that data are erased after the purpose for collection or the underlying storage period has expired. The following erasure deadlines are planned for this purpose:
- Application data for a specific position will be erased six months after a negative decision.
- If you have created a general profile on our platform, we will erase it automatically after twelve months if you do not update your profile yourself.
- In addition to automatic erasure, you have the option to delete your profile yourself at any time.
3.9. Social mediaOn our pages in social media (YouTube, Twitter, LinkedIn, Xing, kununu, Instagram, Facebook) we offer you, based on art. 6 para. 1 sentence 1 lit. f GDPR, comprehensive personal support and the possibility of remaining in contact with us. These media services collect, in certain circumstances, personal data, e.g. via the profile you have saved there.
It cannot be excluded that data on every visitor to these pages will be collected by the companies listed above. For information on the purpose and scope of the collection of data and the further processing and utilisation of the data by these companies, as well as your related rights and the settings you can make to protect your privacy, please refer to the data privacy notices issued by:
- YouTube: https://www.google.de/intl/de/policies/privacy/
- Twitter: https://twitter.com/de/privacy
- LinkedIn: https://www.linkedin.com/static?key=privacy_policy
- Xing: https://www.xing.com/privacy
- kununu: https://privacy.xing.com/de/datenschutzerklaerung
- Instagram: https://www.instagram.com/legal/privacy/
- Facebook: https://de-de.facebook.com/privacy/explanation/
Of course, you retain control over all the personal data you make available to us on visiting the website and using our services. The following rights are available to you; you can make use of these rights free of charge.
4. Your rights
4.1. Right to accessYou have the right at any time to receive information, free of charge, about any of your personal data that we retain. This includes information regarding how long and for which purpose we process the data, where it comes from, and to which recipients or categories of recipients we transfer it. You can also obtain a copy of this data from us.
4.2. Right to revoke consent grantedYou have the right to revoke consent you have granted to process personal data at any time with effect for the future. If you revoke your consent, we will delete the related data without delay, provided further processing cannot be allowed on a legal basis for processing. The revocation of your consent does not affect the legality of processing undertaken up until revocation.
4.3. Right to objectIf we process your personal data in the context of a weighing of interests in our legitimate interest, you have at any time the right, for reasons based on your specific situation, to object to this processing with effect for the future.
If you make use of your right to object, we will cease the processing of the related data. The right to continue processing is retained, however, if we can demonstrate compelling, legitimate reasons for the processing that outweigh your interests, fundamental rights and fundamental freedoms, or if processing is for the purpose of the assertion, exercise or defence of legal claims.
If we process your personal data for direct advertising, you have the right to appeal against the processing of your personal data for the purpose of such advertising.
4.4. Right to data portabilityYou have the right to request for your personal data to be transferred from us to another entity. Art. 20 GDPR sets out the relevant details and restrictions. The exercise of this right is without prejudice to your right of deletion.
4.5. Right to rectification, deletion or restriction of the processingYou have the right to correct, delete or restrict the processing of your personal data.
4.6. Right to lodge a complaintYou have the right to complain to a supervisory authority or our company if you should have a reason for complaint. To make use of rights in relation to our company, please contact the persons listed at the end of the data privacy statement.
5. Retention periodGenerally speaking, we retain personal data for as long as it is necessary for the purposes of processing, or we have a legitimate interest in such retention and your interests in not retaining the data do not outweigh our own. This means that we only retain your data for as long as this is necessary for the provision of our website and associated services, or for as long as we are legally obliged to retain your data. As soon as personal data is no longer required for the purposes of processing, or retention of this data is not legally permissible, we will delete any personal data without the data subject needing to intervene.
Personal data that we are required to retain in order to fulfil our retention obligations will be retained until the end of the respective retention requirement. If we retain personal data exclusively for the fulfilment of retention requirements, any processing in this respect is generally restricted, so that the data can only be accessed if this should be necessary in relation to the legal obligation to retain data.
6. Automated decision makingIn connection with the processing of your personal data as described in this data protection policy, we do not, as a matter of principle, use automated decision making (including profiling) in terms of Art. 22 GDPR. If we make use of such procedures in individual cases, we will naturally inform you of this separately.
7. Data securityWe use the widespread SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser. You can see whether an individual page from our website is transmitted encrypted by the closed depiction of the key or lock symbol in the status bar in your browser.
We also make use of suitable technical and organisational measures to protect your data against accidental or wilful manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with the state-of-the-art.
8. Responsible for data collectionThe Data Protection Office is responsible for the processing of personal data (in terms of Art. 4 (7) GDPR) and therefore responsible for any questions, requests for information, applications, complaints or criticism regarding our data protection:
MAPAL Dr. Kress KG
Data protection department
Obere Bahnstraße 13
Data protection officer
The correct implementation of data protection in our organisation is undertaken by a data protection officer. If you have issues in relation to the processing of your personal data, you can also contact this officer directly: