Welcome to our website and thank you for your interest in MHP Management- und IT-Beratung GmbH and in our services. Your privacy is an important concern to us. We exercise great care in the protection of your personal data and their strictly confidential processing. Your personal data will be exclusively processed in compliance with the applicable provisions under data protection law, rules, and regulations.
1. DATA CONTROLLER AND DATA PROTECTION OFFICER; CONTACT
The Data Controller within the meaning of data protection laws, rules, and regulations is:
MHP Management- und IT-Beratung GmbH
Film- und Medienzentrum
D- 71638 Ludwigsburg
Phone: +49 (0)7141 7856-0
If you have any questions regarding data protection, please contact our data protection officer at dataprivacy(at)mhp.com.
2. SUBJECT MATTER
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This shall include data such as the name, email account, phone number, position and/or role, but also any other information that may be relevant when negotiating or in the course of a business relationship.
3. COLLECTION AND PROCESSING OF PERSONAL DATA
We will give you an overview of the purposes and legal basis of data processing within the scope of our business relationship in the sections below.
3.1 DATA PROCESSING FOR A CONTRACTUAL RELATIONSHIP
We process personal data if this is required for preparing and performing the contract concluded with you. The purposes depend on the particular contract, and include, in particular, the necessary measures prior to contract conclusion, the answering of your related questions, the transmission of offer and project status and invoicing information, the communication in the course of contract performance, the processing of contracts concluded, andcustomer service prior, during and after the business relationship we with you.
Data processing is permissible, if this processing occurs in connection with the purpose of the contract.
For further details on the purposes of data processing please refer to the contract documents.
Your data will be processed pursuant to Art. 6, par. 1, lit. b of the GDPR. In this regard, you will need to provide any personal data that we need for preparing and carrying out our business relationship with you. In the absence of this information, we will not be able to process your inquiry and/or to perform the contract.
We will delete your personal data if this personal data is no longer needed for negotiating and conducting a business relationship with you and if this deletion does not conflict with statutory retention periods.
3.2 DATA PROCESSING DUE TO STATUTORY REQUIREMENTS
We will also process your personal data for the purpose of compliance with statutory requirements that apply to us. These requirements may exist under the trade, tax, money laundering, financial, or criminal code. The processing purposes are determined by the applicable statutory duty; generally, data processing will only serve the purpose of compliance with monitoring and disclosure duties under national law.
Your data will be processed pursuant to Art. 6, par. 1, lit c. of the GDPR. If we collect data in compliance of a legal obligation, you will need to provide any personal data that we need to comply with our legal obligation. In the absence of this information, we may not be able to process your inquiry.
We will delete your personal data when the legal obligation to store your data ceases to exist, provided, however, this deletion does not conflict with statutory retention periods.
3.3 DATA PROCESSING DUE TO LEGITIMATE INTEREST
We will also process personal data for the purposing of exercising our own legitimate interests or those of third parties. The legitimate interests, which coincide with the particular purpose, include, but are not limited to: Ensure the technical operation, responding to inquiries that are not related to the contract, ensure data security, ensure data availability, and rectification of errors and faults.
Your data will be processed pursuant to Art. 6, par. 1, lit. f of the GDPR. In the event we need to disclose data for these purposes, we will expressly notify you of this circumstance. In the absence of this information, we may not be able to process your inquiry.
We will delete your personal data if it is no longer required for the purposes we pursue and if no other statutory provisions apply. However, if the latter should be true, we will delete your data after all of statutory provisions cease to apply.
3.4. TELEPHONE CONTACT
In the event that we initially contact you by phone, we have generated your data from public sources.
Our interest in the initial telephone contact overrides the interest of the data subject, since we exclusively contact B2B customers via contact channels available from public sources and the contact refers to specific processes in connection with the business activity of the person concerned.
During this initial phone call, we will merely inquire whether this particular person is interested in establishing a contact with MHP and do not present our services comprehensively.
3.5. DATA PROCESSING FOR ADVERTISING PURPOSES
CRM and advertising measures are subject to certain legal requirements. Processing personal data for advertising purposes is permissible, it this use is compatible with the purpose for which this data had initially been collected. If data is exclusively collected for advertising purposes, we need your consent to the processing of your data for advertising purposes.
If you withdraw your consent to the use of your data for advertising purposes, the continued use of your data for these purposes is not permissible and it will be deleted without undue delay with effect for the future regarding these purposes.
3.6. CONSENT TO DATA PROCESSING
Processing of personal data is permissible with the prior written consent from the affected customer. If you should have granted your consent for certain purposes, the purposes are determined by the contents of the relevant statement of consent.
Your data will be processed pursuant to Art. 6, par. 1, lit. a of the GDPR.
You may withdraw your consent at any time, which, however, will not affect the legitimacy of data processing prior to the date of withdrawal.
We will delete your personal data without undue delay when you withdraw your consent or if we no longer need the data for the purposes pursued by us unless this act conflicts with statutory retention periods.
4. DATA DELETION AND STORAGE PERIOD
For data storage periods of personal data please refer to the relevant data processing chapter. In addition, the following general rule shall apply: we will store your personal data only as long as required for meeting the purposes or – if a consent was granted – as long as you do not withdraw your consent. In the event you withdraw your consent, we will delete your personal data without undue delay, unless their continued processing is permissible under the applicable statutory provisions. We will also delete your personal data if we are obligated to do so subject statutory requirements.
5. RECIPIENTS OF PERSONAL DATA
In-house recipients: Within MHP, only those employees will be allowed access that need access to personal data in accordance with the purposes set forth above in section 3.
Generally, your data will not be transmitted to third parties outside MHP, unless this is a mandatory statutory duty or if this data transmission is required for performing the contract, or if you have granted your express prior consent. External service providers and partner companies will only receive your data to the extent necessary for processing your inquiry. However, in these events, the scope of data transmitted will be restricted to the necessary minimum amount of data. To the extent our service providers have access to your personal data, we shall ensure that these will comply with the data protection law, rules, and regulations in the same manner. Please note the corresponding privacy policies of these service providers. The corresponding service provider is responsible for the contents of third-party services, provided, however, that we will monitor the services for their compliance with statutory provisions to the extent reasonable.
External recipients: Your data will be forwarded to service providers that perform services on our behalf and assist MHP in the provision of its services.
If your personal data is processed by commissioned service providers, these activities will be carried out within the scope of data processing pursuant to Art. 28 of the GDPR.
The service providers referred to above will only be granted access to such personal data that is needed for carrying out the corresponding tasks. These service providers are not allowed to pass on your personal data or to use it for any other purpose, in particular, for their own advertising or marketing purposes.
To the extent external service providers have access to your personal data, we have ensured by legal measures, privacy by default and by design, and through regular reviews and inspections that they will comply with the applicable data protection laws, rules, and regulations. Your personal data will not be transmitted to other companies for commercial purposes.
6. DATA PROCESSING IN THIRD COUNTRIES
In the event data is transmitted to third parties whose registered office, place of residence, or place of data processing is not within a member state of the European Union or another country that is a party to the Agreement on the European Economic Area, we will ensure prior to passing on your data that, except for the statutorily permitted exceptions, the recipient complies with a reasonable level of data protection (e.g., based on an adequacy decision of the European Commission or the agreement on the so-called EU Standard Contract Clauses of the European Union with the recipient) or that you have provided your sufficient consent.
7. AUTOMATED DECISION-MAKING
We neither use automated decision-making nor profiling.
8. DATA SECURITY
We use technical and organizational safeguards (privacy by default and by design) to protect your personal data against coincidental or willful manipulation, loss, destruction, or access by unauthorized parties. Our security measures will be continuously improved based on the state of the art.
9. RIGHTS OF THE DATA SUBJECT
If your personal data is processed, you are a “data subject” within the meaning of the GDPR and you are entitled to the following claims against the “controller”:
Right of access pursuant to Article 15 of the GDPR
You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed. If we have processed your personal data, you are entitled to further rights to access set forth in Article 15 of the GDPR.
Right to rectification
If data that we collected on you is inaccurate or incomplete, you may claim the rectification without undue delay pursuant to Article 16 of the GDPR.
Right to restriction of processing
Subject to Article 18 GDPR, you may also have the right to claim the restriction of processing of personal data concerning you. Where processing has been restricted, your personal data shall only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. We will notify you before the restriction is lifted.
Right to erasure
If one or more of the grounds listed in Article 17 par. 1 of the GDPR apply, you may claim the erasure of personal data concerning you without undue delay, unless there is an exception pursuant to Article 17, par. 3 of the GDPR.
Right to notification
If you have asserted the right to rectification, erasure of personal data, or restriction of processing, we are obligated pursuant to Article 19 of the GDPR to notify all recipients to whom personal data has been disclosed, unless this proves impossible or involves disproportionate effort. In addition, you have the right to be informed about who these recipients are. You may exercise your right to be informed of those recipients against the controller.
Right to data portability
Furthermore, pursuant to Article 20 of the GDPR, you have the right to receive the personal data concerning you in machine readable format and to transmit this data to another controller without hindrance, provided, however, that the conditions enumerated in Article 20, par. 1, lit. a of the GDPR exist, or to demand to have the personal data transmitted directly from us another controller, where technically feasible and if this does not adversely affect the rights and freedoms of others. This right shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object at any time to the processing of personal data concerning you by written notice to MHP which is based on Article 6, par 1, lit. f of the GDPR. We shall not longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the assertion, exercise or defense of legal claims.
Right to withdraw the consent under data protection law, rules, and regulations
You may withdraw your data protection consent at any time by notifying MHP. The withdrawal of consent shall not affect the lawfulness of processing based on this consent before its withdrawal.
Right to lodge complaints with the supervisory authority:
Furthermore, you have the right to lodge a complaint with the competent supervisory authority, if you consider that the processing of your personal data violates the applicable statutory provisions, rules, and regulations. In this case, you may contact the Data Protection Authority having competence at your place of residence or in your country or the Data Protection Authority having competence at our place of business.
How to contact us or to exercise your rights:
If you should have any questions on the processing of your personal data, your rights as a data subject, or any consent that may have been granted, you may contact us free of charge. If you wish to exercise any or all of your rights, please email us at firstname.lastname@example.org or write a letter to the address set forth in section 1 above.
10. THIRD PARTY OFFERS
Third party services that we refer to within the scope of our business relationship were and are designed and provided by third parties. We have no control over the design, contents, and functionality of these third party services. We expressly advise you that we do not assume any responsibility for any contents included in third-party offers. If applicable, please obtain information on these third party offers directly from the service providers.
11. LAST REVISED: