Data privacy statement
1. Data protection, controller and data privacy officer
We would like to inform you about how we collect personal data when you use our website. Personal data is any data which relates to you personally, such as your name, address, e-mail addresses, and user behavior.
The controller responsible for processing your personal data through this website is
Jung von Matt AG Glashüttenstraße 79 20357 Hamburg Tel.: +49 40 4321-0 Fax: +49 40 4321-2121 e-mail: firstname.lastname@example.org
You can contact our data privacy officer using the email address email@example.com or our postal address, with the addition of ‘The Data Privacy Officer’.
To make our website easier to use, we use functional cookies, in which we e.g. store your language settings. Using functional cookies represents a legitimate interest on our part. The legal basis of this is also Art. 6, Par. 1 lit. f GDPR.
Cookies are small text files which are copied onto your hard drive and deleted again automatically according to the settings in your browser or after a defined period. Cookies cannot execute any programs or place viruses on your computer. They serve to make the website more user-friendly and effective as a whole.
Information on tracking cookies can be found in Section 5 below.
3. Information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.
4. Personal details
(1) If you use our website for information only, without registering or otherwise providing us with information, then we will only collect the personal data which your browser sends to our server. If you wish to view our website, we will collect the following information, which is technically necessary to display our website to you and to ensure it remains stable and secure (the legal basis is Art. 6 Par. 1 cl. 1 lit. f GDPR):
Date and time of enquiry
Time zone difference from Greenwich Mean Time (GMT)
Content of request (actual page)
Access status / HTTP status code
Quantity of data transmitted
Website from which the request was sent
Operating system and its interface
Language and version of browser software.
Logfile information is kept for a maximum of seven days for security reasons (such as the investigation of misuse and fraudulent activities), then it is deleted. Any data which needs to be kept for evidence purposes will not be deleted until the particular case has been resolved fully. The legal basis is Art. 6 Par. 1, lit. f GDPR.
(2) Personal data is only collected by us if and to the extent that you provide it to us on your own account, such as when making contact or submitting an application. We will handle this data confidentially and only use it for the original purpose for which it was sent, which is usually for processing and handling your enquiry. Your data is not usually given to third parties, unless we are obliged or legally allowed to, or if you have given us your consent, or if we have been ordered to do so by the authorities. If your enquiry relates to one of our group companies, then we will of course forward it to that company. If you contact us by e-mail, then your e-mail will be stored in our mail system. We may store your enquiry and the data associated with it in our CRM system. The e-mails themselves are not stored with their content encrypted. Our contact form is transport-encrypted using SSL/TLS, which you can recognize by the ‘https’ before the URL. Our mail server also uses conventional transport encryption protocols. The legal basis of this is Art. 6 Par. 1 lit. b GDPR.
5. Data protection in the application process
(1) In the event of an application, we process the data you provide us with voluntarily for the purpose of performing and handling the application process. The only people to receive the data are those involved in the application process in the human resources department, who may forward your application to other group companies if you have applied to them or if we believe that your application may be of interest to one of our group companies. The legal basis of this is Art. 6 Par. 1 lit. b GDPR.
(2) If we turn down your application, then we will not store your data for more than six months after the end of the application process. This storage period relates to the assertion of claims under the AGG (German Equal Treatment Act) and our associated legitimate interest in defending ourselves against such claims. The legal basis of this is Art. 6 Par. 1 lit. f GDPR.
(3) If you give your consent to be included in our applicant pool, then we can agree on a different period with you. You may revoke this consent at any time with future effect. The legal basis for that is Art. 6 Par. 1 lit. a GDPR.
6. Google Analytics / tracking cookies
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. Google may consolidate these data in a profile that is allocated to the respective user or the user’s device. Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored. This analysis tool is used on the basis of Art. 6(1)(f) GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
On this website, we have activated the IP anonymization function. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
Demographic parameters provided by Google Analytics
This website uses the “demographic characteristics” function of Google Analytics, to be able to display to the website visitor compatible ads within the Google advertising network. This allows reports to be created that contain information about the age, gender, and interests of the website visitors. The sources of this information are interest-related advertising by Google as well as visitor data obtained from third-party providers. This data cannot be allocated to a specific individual. You have the option to deactivate this function at any time by making pertinent settings changes for advertising in your Google account or you can generally prohibit the recording of your data by Google Analytics as explained in section “Objection to the recording of data”.
Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g.,DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. For details, please click the following link: https://support.google.com/analytics/answer/7667196?hl=en
7. Hosting with Amazon Web Services (AWS)
We are hosting our website with AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter referred to as “AWS”).
When you visit our website, your personal data will be processed on AWS servers. This may also result in the transfer of personal data to the parent company of AWS in the United States. The transfer of data to the US is based on the EU’s standard contractual clauses. For details please consult: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
AWS is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in a depiction of our website that is as reliable as possible. If your respective consent was obtained, processing will occur exclusively based on Art. 6(1)(a) GDPR. This consent may be revoked at any time.
Execution of a contract data processing agreement
We have concluded a contract processing agreement with AWS. This is a contract mandated by data privacy laws that guarantees that AWS processes the personal data of our website visitors only based on our instructions and in compliance with the GDPR.
8. Vimeo Without Tracking (Do-Not-Track)
This website uses plugins of the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
Whenever you visit one of our pages featuring Vimeo videos, a connection with the servers of Vimeo is established. In conjunction with this, the Vimeo server receives information about which of our sites you have visited. Vimeo also receives your IP address. However, we have set up Vimeo in such a way that Vimeo cannot track your user activities and does not place any cookies.
We use Vimeo to make our online presentation attractive for you. This is a legitimate interest on our part pursuant to Art. 6(1)(f) GDPR. If a respective declaration of consent was requested (e.g. concerning the storage of cookies), processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.
9. Facebook page
We run the Facebook page https://www.facebook.com/JungvonMatt/ so that we can communicate and connect with Facebook users. Facebook collects data on how users interact with this page and processes this data outside the EU. To compensate for any detrimental effects this could have, Facebook maintains Privacy Shield certification (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active), which commits it to observe EU data protection standards. Facebook routinely uses the personal data generated by the use of our Facebook page for the purposes of advertising, analytics, and market research, for example in order to develop a profile of your interests and habits so that it can display ads tailored specifically to you. Facebook can also directly associate your activities on our Facebook page with your Facebook account (if you have one). In addition, Facebook provides us with a variety of aggregate data, from which it is generally not possible to infer information about individual users. We use the insights from this data to make our service more relevant for you. The lawful basis for processing is our legitimate interest (as per GDPR article 6(1)(f)) in communicating with our users in a precisely targeted, effective way.
10. Your rights
(1)You have the right to find out whether we are processing your personal data at any time, according to Art. 15 GDPR. If we are, then we have other additional information duties as a result.
(2)You also have the right to have your data corrected pursuant to Art. 16 GDPR, deleted according to Art. 17 GDPR and for its processing to be limited pursuant to Art. 18 GDPR, provided no other legal regulations say otherwise.
(3)Of course, you can at any time revoke your consent to have your data processed according to Art. 6 Par. 1 lit. a or Art. 9, Par. 2 lit. a GDPR without providing reasons. This does not affect the legality of processing done up to that point.
(4)You also have the right to data portability according to Art. 20 GDPR.
(5)You also have, pursuant to Art. 21 GDPR, the right to object to the processing of your data, in particular processing on the basis of Art. 6 Par. 1 lit. e or f GDPR. Should you wish to exercise that right, please tell us the reason why you do not want us to keep processing your personal data the way we are. If your objection is justified, we will assess the case and either stop processing your data, amend the way we do it, or inform you of the compelling reasons we have for continuing to process it, these reasons being deemed worthy of protection.
(6)You also have the right to complain to the responsible regulatory authorities, which can be found here (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).
Last revision: November 2019