We are pleased about your visit on our website and your interest in our products and services. Protecting your privacy is important to MDESIGN. This privacy statement explains our practices regarding the collection, use and disclosure of your personal data, through the use of our website, products and services.
Controller within the meaning of the General Data Protection Regulation ("GDPR") is:
MDESIGN Vertriebsgesellschaft mbH ("We", "Us" or "Our")
Phone: +49 234 30703-60
Fax: +49 234 30703-69
2. Data Protection Officer
3. Collection and processing of your personal data
3.1 Performance of our business activity (contractual relationship)
We process personal data to entering into contracts, to perform or to complete contracts with customers and business partners. The performance of contractual obligations can include per example the offer preparation, the handling of an order, the provision of our products and services, the provision of customer support services or the improvement of our products and services. Therefor we collect a variety of information, which may include:
- Master data: Full name, salutation and title, position and department
- Contact data: Company name and address, phone number, fax, email address, homepage
- Payment data: Account and credit card data
- Contract data: Customer number, contract relationship, purchased products and services
- Other data: Notes on authorizations, communication data, contact history
3.2 Legal authorization
In certain cases we are legally obligated to process personal data. Such legal obligations can occur from specific regulations of the national business, commercial, tax and social law as well as form the European legislation.
3.3 Advertising purposes
Personal data can be processed for advertising purposes or market and opinion research. For example after the purchase of MDESIGN we send information about similar products or services per email. Or we inform you about our latest software updates and upcoming events. You have the right to object this processing of your personal data at any time.
We process personal data for purposes of facilitating communication with you. This is per example the case if you fill in our contact form or if you contact us by email, by phone, by mail or by social media. When contacting us through one of the mentioned communications media we collect the following data:
- the company name and address;
- your first and family name as well as title;
- your position and division;
- your telephone number;
- your email address; and
- content and type of your inquiry
We use this data to execute a business contract with our customers or to communicate with you and answer your inquiry. Legal basis for the processing is our legitimate interest.
3.5 Usage of our website
3.5.1 Access to our website
If you visit our website for mere information purposes, your web browser automatically transfers data to our web servers, whereby the data referred to in the following will be recorded during ongoing sessions:
- IP address
- directory protection log-in
- data and time of the request
- contents of the request (specific page)
- status code
- the transferred data volume
- website from which you were referred to our website (referrer URL)
- user agent
- accessed host name
In this context, IP addresses will be stored anonymously by deleting the last block of numbers, that is, 127.0.0.1 turns into 127.0.0.x; Ipv6 addresses will also be anonymized. The anonymized IP addresses will be stored for 60 days. Information about used directory protection log-ins will be anonymized after one day.
This data will be processed and stored to guarantee smooth connection establishment and comfortable website use, but also to identify disruptions and for security reasons.
For the use our website, we place "cookies" on your computer. Cookies are small data fragments stored on your device (computer, laptop, tablet, smartphone) in the form of text files whenever you load websites in your browser. The following cookie categories will be loaded for our website:
- Transient cookies: Transient cookies and/or temporary cookies will be automatically deleted at the end of your session (such as by closing your browser) and include, in particular, session cookies. They store the "session ID" with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized if you return to our website.
- Persistent cookies: Persistent cookies and/or function cookies remember all the selected user settings to improve the user experience for you. As an example, we use a function cookie to store your consent to cookie tracking. These cookies will be deleted only at the end of a defined period.
3.5.3 Analysis and advertising tools
i. Google Analytics
We use "Google Analytics" to analyze the visitor traffic and their behavior on our website and to continuously derive optimization measures for our website. Google Analytics is a web analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, hereinafter referred to as "Google"). Google Analytics uses "cookies" to enable an analysis of the use of the website. Generally, information which these cookies generate (such as browser types and versions) will be transferred to servers based in the US and provided to us on an anonymous basis.
On this website, we have extended Google Analytics by the "anonymize_IP" code. This guarantees that your IP address will be masked, so that all data will be collected anonymously. Only in exceptional cases will complete IP addresses be transmitted to a US-based Google server and shortened there.
You can prevent your data from being collected and prevent Google from processing them. For this purpose, please download and install a browser plug-in available at the below link: https://tools.google.com/dlpage/gaoptout?hl=en.
ii. Google AdWords
For our internet presence, we use Google AdWords, including conversion tracking. Google AdWords is a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, hereinafter referred to as "Google").
We use AdWords conversion tracking to provide you with targeted advertisements for our products. If you click on a Google advertisement, the conversion tracking function places a cookie on your device. These "conversion cookies" lose their validity at the end of a 30-day period and, apart from that, they do not serve to identify you personally.
To the extent that the relevant cookie is still valid and you visit this website within a given period, we and Google can see that you clicked on one of our Google advertisements and that you were then referred to our internet presence.
Based on information which they obtained this way, Google prepares and provides us with statistics concerning the visits of our internet presence. Also, we receive information about the number of users who clicked on our advertisement(s) and about the pages of our internet presence which had subsequently been accessed. However, neither we nor third parties who also use Google AdWords will be enabled to identify you on the basis of this information.
By accordingly adjusting your web browser settings, you can also prevent or limit the installation of cookies and you can erase any cookies which have already been placed at any time. The required steps and measures, however, depend on the internet browser which you actually use for accessing the website. Therefore, please consult your internet browser "Help" function or documentation and/or contact the manufacturer and/or support if you have any questions in this regard.
iii. Google Web Fonts
For the uniform display of fonts, we use web fonts for this website provided by Google. Whenever you access the website, your browser will download the required web fonts into your browser cache in order to correctly display texts and fonts. For this purpose, your browser must establish a connection to the Google servers based in the United States. This way, Google is informed that our website was accessed via your IP address.
For further information on data processing by Google, please refer to https://policies.google.com/privacy?hl=en.
3.5.4 Subscription to the e-newsletter
On this website, you can subscribe to our newsletter offer free of charge to regularly receive information on new products, training offers and events as well as tips and tricks. For this purpose, we need to have your first and family name, title and email address. Any personal data collected in this context will be exclusively used to send newsletters to you - on the basis of your consent. We use the "double opt-in procedure" for the subscription. For this, we will send a message after your registration to the email address you have specified in which you will be asked to confirm your subscription. You may revoke this consent at any time with effect for the future, e.g. by clicking on the relevant "Unsubscribe" link which is included in each newsletter or by sending an email to firstname.lastname@example.org.
3.5.5 Trial version
On our website, you can request a free-of-charge MDESIGN trial version. This trial version is provided either as a download or cloud solution via AWS AppStream 2.0. The trial version is valid for up to 14 days and begins on the day you install MDESIGN with temporary licenses or start the cloud solution. If you request the delivery of a test version, we collect information to identify you. This includes:
- the company name
- your first and family name as well as title
- your address (post code and city /town)
- your telephone number; and
- your email address
We will use this information to provide you with the download link for our trial version and to remind you when the trial period is about to expire. If the cloud solution is provided via AWS AppStream 2.0, your first and last name and your email address will be integrated into our account at AppStream 2.0 from Amazon Web Services, Inc. as a user name. Your email address will also be used to send you the access data for this service. Registration for the free trial version is voluntary and you may decide, at any time, whether or not to revoke your consent.
You can find data protection notice from Amazon Web Services, Inc. (AWS) under the following link: https://aws.amazon.com/privacy/?nc1=h_ls
3.5.6 Registration for customer and download portals
Some of our services require registration (such as MDESIGN Roloff/Matek edition). Any data required for registration will be collected during the registration process; this shall include, but not be limited to, your first and family name, title, email address and a password. We will store the requested data to manage your access to the relevant product for which you registered.
The MDESIGN customer forum is intended for customers who concluded a valid service agreement. In order to enable you to have access to the customer forum provided on our website, we process personal data (customer number and password); access data will be delivered by letter after purchasing MDESIGN.
On our website, you can purchase certain products (MDESIGN student). Purchase orders will be processed by Verifone, an associated payment services provider. The following data will be collected for purchasing the products:
- your first and family name;
- your address (street, number, city/town, country)
- your email address
- the payment type and currency
This is not a group company, but rather a company with which we concluded contractual agreements. For more information on data processing by Verifone, please refer to https://www.2checkout.com/legal/privacy/.
3.5.8 Third-Party links in the context of our website and services
Our and MDESIGN include many links referring to companies with which we maintain business relationships. Neither can we provide a guarantee for these external contents nor will we be responsible for them to comply with applicable data protection requirements. The providers or operators of linked websites shall be exclusively liable for the contents and data protection measures. You should exercise caution and check third parties' privacy policies for websites and services which you use.
4. Legal bases of the processing
We process personal data in compliance with the provisions under the European Union General Data Protection Regulation (GDPR) and with applicable national law. In concrete terms, our data processing activities are generally based on at least one of the four conditions below:
- you have provided us with your consent for the processing of your personal data for one or more purposes (Art. 6 para. 1 letter a GDPR);
- processing is required to fulfil a contract between us or to perform pre-contractual measures resulting from your enquiry (Art. 6 para. 1 letter b GDPR);
- processing is required to fulfil legal obligations to which we are subject (such as the retention of documents for commercial and tax law purposes) (Art. 6 para. 1 letter c GDPR);
- processing is required to protect our or a third party's legitimate interests (Art. 6 para. 1 letter f GDPR).
If necessary, the above bases of processing can be combined. If you fail to provide personal data which we require in relation to your request for a program trial version or a purchase, the relevant trial version will not be provided and the purchase process will not be completed.
5. Data disclosure
Our employees have access to your personal data if this is required for us to fulfil their tasks. Our partner companies (TEDATA GmbH and DriveConcepts GmbH) have access to your personal data as well so that they, as an example, can render services on our behalf or so that we can fulfil customer management activities. In addition, your personal will be transferred to third parties who were commissioned with fulfilling certain tasks for us. This may include, without limitation, advertising agencies, printing companies or IT/payment/telecommunication service providers. Third parties with whom we cooperate and who have access to your personal data are subject to written data processing agreements which guarantee that the relevant data will be exclusively used for the above purposes.
6. Transfer of data to third countries outside the EEA
Yes, your personal data may be transferred to single or several external service providers outside the EU and/or the EEA. For example, personal data will be transferred when you visit our website (Google LLC), purchase our products (MDESIGN student and MDESIGN student pro) via our online shop (Verifone) or participate in our webinars (LogMeIn Inc.). The transfer is subject to legally recognized adequacy mechanisms such as EU standard contractual clauses: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en
To the extent that we process and use your personal data to establish, execute and terminate contractual relationships with you, we store your personal for as long as this is prescribed by statutory retention periods based on German civil, commercial (Handelsgesetzbuch - HGB) and tax (Abgabenordnung - AO) law provisions.
If personal data storage is based on our legitimate interest or on your consent, we will store your personal data for as long as you do not object to their usage or revoke your consent. However, in cases where the law requires us to store your personal data for longer periods or where we need them to assert legal claims, will store your personal data until the end of the relevant periods or until all our claims were settled.
When you visit the website, we use the common SSL procedure (Secure Socket Layer) in combination with the respective highest degree of encryption that is supported by your browser. This usually is a 256-bit encryption. If your browser does not support 256 bit encryption, we will use the 128 bit v3 technology instead. Whether or not individual pages of our website use encryption is indicated by the green lock icon in your browser window. Apart from the above, we use appropriate technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or access by unauthorized third parties. Our security measures are subject to continuous advancement according to technological developments.
9. Rights of the data subject
a) Right to withdraw (Art. 7 GDPR)
You have the right to withdraw your consent at any time. Please note, however, that the withdrawal of your consent is only possible if the processing of your personal data is not necessary to perform a contract or for the compliance with a legal obligation which we are subject.
b) Right of access (Art. 15 GDPR)
You have the right to obtain from us whether or not your personal data are being processed.
c) Right to rectification (Art. 16 GDPR)
You have the right to obtain from us the rectification of inaccurate personal data as well as the completion of incomplete personal data concerning you.
d) Right to erasure (Art. 17 GDPR)
You have the right to obtain from us the erasure of your personal data, if the processing is not necessary for compliance with legal obligation to which we are subject or to establish, exercise or defend legal claims.
e) Right to restriction of processing (Art. 18 GDPR)
You have the right to obtain from us the restriction of processing your personal data if one of the conditions in Article 18 paragraph 1 letter a - d is given.
f) Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data, which you provided us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance.
g) Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on letters (e) or (f) of Article 6 paragraph 1, including profiling based on those provisions. If you object, we will only process your personal data if we can prove compelling legitimate reasons that outweigh your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
h) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority. Responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Phone: +49 211 38424-0