Information on data protection - MackSmaTec GmbH privacy policy

The high demands that you place on us and our services as well as our customer care are the guiding principle for us when handling your data. Our aim is to create and maintain the basis for a trusting relationship with our partners and interested parties. The confidentiality and integrity of your personal data is of particular concern to us. We will therefore process and use your data carefully, for the intended purpose or in accordance with your consent and in accordance with the statutory provisions on data protection.

In the following sections, this data protection notice describes how we, MackSmaTec GmbH, process your personal data and would like to inform you about this processing in accordance with Articles 12 and 13 of the General Data Protection Regulation (GDPR).

1 Scope of application

This information on data protection relates to the homepage of MackSmaTec GmbH (https://macksmatec.de/) and for the personal data collected via this website. This data protection information does not apply to external websites that can be accessed via links, for example.

2. responsible party

MackSmaTec GmbH, represented by the Managing Director Mr. Thomas Mack, is responsible for data processing.

MackSmaTec GmbH
Sonnenacker 2
99834 Gerstungen OT Marksuhl

Phone: +49 36925 929 - 0
E-mail: info@macksmatec.de

3. contact details of the company data protection officer

The external company data protection officer of the controller is

Dr. Licht und Partner Wirtschaftsjuristen
v. d. Dr. iur. Christoph Licht, LL.M.
Altmarkt 9
98574 Schmalkalden

E-mail: dsb@lichtupartner.de

4. general information on data processing

As the website operator, we take data protection very seriously and treat your personal data confidentially and only in accordance with the statutory provisions. We recommend that you read our information on data protection at regular intervals, as this may change due to the constant further development of our website or offers or due to legal or official requirements. In this data protection information, we use terms (e.g. "personal data" or "processing") that are defined in Art. 4 No. 1, 2 of the GDPR.

a. Scope of the processing of personal data

In principle, we only process personal data to the extent necessary to provide a functional website and our content and services.
The processing of personal data of our users only takes place regularly with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

b. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 subpara. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 subpara. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which we as MackSmaTec GmbH are subject, Art. 6 para. 1 subpara. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 subpara. 1 lit. d GDPR serves as the legal basis. If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Art. 6 para. 1 subpara. 1 lit. e GDPR serves as the legal basis. If the processing of personal data is necessary to safeguard a legitimate interest of MackSmaTec GmbH, which is not carried out in fulfillment of our tasks assigned by law, etc., or of a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 subpara. 1 lit. f GDPR serves as the legal basis for the processing. This includes the use of the website. Every time users access our website, data about this process is collected and used for the duration of the usage process to provide the content of the website.

c. Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

d. Order processing

We have concluded an order processing contract with IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, https://www.ionos.de/ and fully implement the strict requirements of the German data protection authorities.

e. SSL/TSL encryption

Our website uses SSL/TSL encryption for security reasons and to protect the transmission of confidential data. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If encryption is active, the data that you transmit to us via the website cannot be read by third parties.

f. Recipients/data categories

In principle, the data listed above is only processed by MackSmaTec GmbH and its processors IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, https://www.ionos.de/ and Samt & Seidel KG, Petersberg 15, 99084 Erfurt, https://www.samt-seidel.com/.

g. Provision of personal data

The processing of your data is absolutely necessary for the provision of our website and the creation of log files. If this is not done, smooth website operation cannot be guaranteed. If your data were not provided, you would not be able to properly access our online presence and our content and services.

5 Provision of the website and creation of log files

a. Description and scope of data processing

Each time our website is accessed, the provider automatically collects and stores data and information from the computer system of the accessing computer in so-called server log files. The following data is collected and transmitted to us:

1. name of the retrieved file
2. date and time of the retrieval
3. the amount of data transferred, if applicable
4. notification of whether the retrieval was successful
5. description of the type of web browser used
6. operating system used
7. host name of the accessing computer
8. requests from the domain
9. anonymized IP address of the accessing host system

Server logs are not merged with other data sources and are only checked if there are indications of unlawful use.

Our employees are obliged to maintain confidentiality regarding personal data. All data that is located on our servers and "hosted" (i.e. stored) there is protected against unauthorized access by security systems connected in series. All servers operated on which personal data of MackSmaTec GmbH customers are processed or recorded are located in the Federal Republic of Germany. If MackSmaTec GmbH commissions partner companies to perform certain services, the data protection provisions shall be transferred in the contracts with the partner and the partners shall be obliged to comply with data protection.

b. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The aforementioned data is processed by us for the following purposes:

1. to ensure a smooth connection to the website
2. to ensure convenient use of our website
3. to determine the amount of data transmitted
4. evaluation of system security and stability and
5. for other administrative purposes

Data is stored in log files on the one hand for security reasons, e.g. to be able to clarify cases of misuse, and on the other hand to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

c. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 subpara. 1 lit. f GDPR.

d. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client. If data has to be retained for reasons of proof, it is excluded from deletion until the incident has been finally clarified. This data is not stored together with other personal data of the user.

e. Right of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

f. Recipients/data categories

In principle, the data listed above (5. lit. a. 1 - 9) is only processed by MackSmaTec GmbH and its processors IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, https://www.ionos.de/ and Samt & Seidel KG, Petersberg 15, 99084 Erfurt, https://www.samt-seidel.com/.

g. Provision of personal data

6. e-mail contact

a. Description and scope of data processing

It is possible to contact us on our website via the email addresses provided. In this case, the user's personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

b. Purpose of data processing

The processing of personal data in the case of e-mail contact serves us solely to process the contact. This also constitutes the necessary legitimate interest in processing the data.

c. Legal basis for the processing

If contact is made via the email addresses provided, the user's personal data transmitted with the email will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 subpara. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 subpara. 1 lit. b GDPR.

Processing of the personal data transmitted by you is necessary for the purpose of processing your request.

d. Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. A conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

e. Possibility of objection and removal

If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The revocation of consent and the revocation of storage must be made in writing by e-mail. All personal data stored in the course of contacting us will be deleted in this case.

f. Recipients/data categories

In principle, your personal data will only be processed by MackSmaTec GmbH if you send an inquiry by email.

g. Provision of personal data

If you contact us with an inquiry, request, etc. via e-mail, the information you provide is voluntary. However, if you fail to do so, we will not be able to inform you of the result. In such cases, failure to provide personal data may mean that your request cannot be processed due to a lack of complete facts and no possibility of further inquiry. In addition, failure to provide the data may have legal disadvantages for you, such as non-processing and non-provision of services.

7. contact outside the homepage (by post/telephone)

a. Description and scope of data processing

You also have the option of contacting us outside of the website. This can be done by post or by telephone.

If you contact us by post, the following personal data in particular will be processed:

- Your contact details
- Surname
- First name
- Street, house number
- Zip code and place of residence
- Other data transmitted in the course of contacting us

If you contact us by telephone, the following personal data in particular will be processed:

- Surname
- First name
- telephone number
- Time of the call
- Other data transmitted in the course of making contact

b. Purpose of the data processing

The processing of the personal data serves us solely to process the contact and to be able to enter into conversation with you in relation to your request.

c. Legal basis for data processing

The legal basis for the processing of your personal data is Art. 6 para. 1 subpara. 1 lit. a GDPR (consent of the data subject) and Art. 6 para. 1 subpara. 1 lit. f GDPR (legitimate interest of us as the controller). Our legitimate interest is to offer you various options for contacting us at any time and responding to your inquiries. If your contact is aimed at the conclusion of a contract, the legal basis for the processing of your personal data is Art. 6 para. 1 subpara. 1 lit. b GDPR.

d. Duration of storage

Your personal data will be deleted as soon as it is no longer required for the purpose for which it was stored. For personal data sent by post or telephone, this is the case when the respective conversation has ended. A conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

e. Possibility of objection and removal

If you contact us by post or telephone, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. The objection to storage must be made in writing by e-mail or post.
All personal data stored in the course of making contact will be deleted in this case.

f. Recipients/data categories

In principle, your personal data will only be processed by MackSmaTec GmbH in the event of a postal inquiry or by telephone.

g. Provision of personal data

If you contact us with a postal or telephone inquiry, application, etc., the information you provide is voluntary. However, if you fail to do so, you cannot be informed of the result. In these cases, failure to provide personal data may mean that your request cannot be processed due to a lack of complete facts and no possibility of further inquiry. In addition, failure to provide the data may have legal disadvantages for you, such as non-processing and non-provision of services.

8 MATOMO web analysis

a. Description and scope of data processing

We use the MATOMO analysis tool on our website. MATOMO is an analysis program that can be used to analyze user flows on the website. This is used for quality assurance and optimization of the website. The following data is read out when MATOMO is used:

Three bytes of the IP address of the user's accessing system (anonymized IP address)
The website accessed
The website from which the user accessed the page on our website (referrer)
The subpages that are accessed from the accessed page
The time spent on the website
The frequency with which the website is accessed

We use MATOMO with certain settings via the Privacy Manager plugin. This automatically anonymizes IP addresses in order to make it more difficult to identify individuals. By using MATOMO, personal data is only stored on a local server or a server within the European Economic Area (EEA). With your consent, we use the open source software MATOMO to analyze and statistically evaluate the use of the website. Cookies are used for this purpose. The information obtained about website usage is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the use of the website. The data collected is not passed on to third parties. The IP addresses are anonymized (IP masking) so that they cannot be assigned to individual users.

b. Purpose of data processing

The processing of the user's personal data with the help of MATOMO enables us to analyze the surfing behavior of our users. By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our own website and its user-friendliness as well as our offer.

c. Legal basis for data processing

The legal basis for the processing of your personal data is your consent within the meaning of Art. 6 para. 1 subpara. 1 lit. a in conjunction with Art. 7 GDPR and Section 25 para. 1 TDDDG. Consent may not be required if anonymized settings are used (anonymization of the IP address, global deactivation of cookies). In this so-called log analytics mode, data processing is carried out on the basis of legitimate interest within the meaning of Art. 6 para. 1 subpara. 1 lit. f GDPR.

d. Duration of storage

The data stored through the use of MATOMO is deleted as soon as it is no longer required for our recording and analysis purposes. In our case, this is after 12 months.

e. Right of objection and removal

You have the option to revoke your consent at any time, free of charge. However, this does not affect the lawfulness of the processing carried out on the basis of your consent, i.e. the withdrawal of your consent will affect future processing.

f. Recipients/data categories

In principle, your personal data is processed exclusively by MackSmaTec GmbH. Your data will not be processed by recipients outside the European Economic Area (EEA).

g. Provision of personal data

When you visit our website and choose to be tracked by MATOMO, the information you provide is voluntary. The use of MATOMO serves the quality assurance and optimization of the website. Failure to provide the data may be detrimental to the improvement of the website, in particular its user-friendliness.

9. meta (Facebook, Instagram)

a. Description and scope of data processing

We maintain publicly accessible profiles in various social networks. Your visit to these profiles triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data we collect, use and store when you visit our profiles. Personal data is data that can be assigned to you as a specific person (e.g. name, age, address, photos, e-mail addresses, possibly also IP addresses). We also inform you about your rights with regard to the processing of your personal data. You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles in social networks. These functionalities will not be available to you, or only to a limited extent, if you do not provide us with your personal data. Our website contains a plug-in that takes you to our profiles on the social networks Facebook and Instagram by actively clicking on it.

b. Purpose of the data processing

The purpose of processing your personal data is to display, present and provide information via social media.

c. Legal basis for the processing

As soon as you have agreed to the content by actively clicking on the "Facebook plug-in" or "Instagram plug-in", you consent to your data being transferred to Facebook/Instagram in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. If you use our profiles on social networks to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us exclusively for the purpose of contacting you. The legal basis for data collection is therefore also Art. 6 para. 1 subpara. 1 lit. f GDPR. So-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR) are used as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

d. Duration of storage

How Facebook and Instagram use the data from visits to Facebook pages/Instagram pages for their own purposes, to what extent activities on the Facebook page/Instagram pages are assigned to individual users, how long Facebook/Instagram stores this data and whether data from a visit to the Facebook page/Instagram pages is passed on to third parties is not conclusively and clearly stated by Facebook/Instagram and is not known to us.

e. Possibility of objection and removal

If you wish to object to the processing of your data by us on Facebook/Instagram as a whole or for individual measures, you can do so using the contact details provided above. You can also object to the processing of Insights data by Facebook/Instagram. You can also object to data processing by Facebook/Instagram by contacting us. We will forward your objection immediately. Please note that in the event of such an objection, the use of the Facebook or Instagram page and the retrieval of the services and information offered here may only be possible to a limited extent or not at all.

f. Recipients/data categories

When you access a Facebook page or Instagram, the IP address assigned to your device is transmitted to Facebook/Instagram. According to Facebook/Instagram, this IP address is anonymized (for "German" IP addresses). Facebook/Instagram also stores information about the end devices of its users (e.g. as part of the "login notification" function); Facebook/Instagram may thus be able to assign IP addresses to individual users. If you are currently logged in to Facebook/Instagram as a user, a cookie with your Facebook ID/Instagram ID is stored on your device. This enables Facebook/Instagram to track that you have visited this page and how you have used it. This also applies to all other Facebook/Instagram pages. Facebook buttons integrated into websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer content or advertising tailored to you.

g. Provision of personal data

When you visit our profiles, your personal data is collected, used and stored not only by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the data protection declarations of the respective operator:

The privacy policy for the social network Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, can be viewed at https://www.facebook.com/about/privacy/update?ref=old_policy;

The privacy policy for the social network Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA, can be viewed at https://help.instagram.com/155833707900388

10. embedded videos by YouTube

a. Description and scope of data processing

The MackSmaTec GmbH website uses plugins from the YouTube video portal and embeds YouTube videos. These are stored on the servers of the provider YouTube and played from our website via embedding. The videos are embedded with the option for extended data protection settings activated. This means that no data is passed on when you access an internal MackSmaTec GmbH page with an embedded video from our YouTube channel. Only if you have actively consented to data processing by clicking on the "Load video" button will such a video start to play and a connection to the YouTube servers be established, meaning that user-specific data in the form of YouTube cookies and DoubleClick cookies will be stored or

comparable recognition technologies (e.g. device fingerprinting) are used and may be automatically transmitted to YouTube or Google Inc, Amphitheater Parkway, Mountain View, CA 94043, USA. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. As YouTube is a service of Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland), this data is transmitted regardless of whether the user has a Google user account through which they are logged in or whether they do not have an account. If the user is logged in via their own Google account, this data may be assigned to them directly by Google. If the user does not want this assignment to their profile, they must log out before playing the video.

b. Purpose of the data processing

The use of YouTube is not absolutely necessary for the receipt of information about our website and is therefore voluntary for you. However, the integration of YouTube videos into our website is in the interest of an appealing presentation of our website and for advertising and information purposes.

c. Legal basis for data processing

By actively clicking on the "Load video" button, you expressly consent to the use of YouTube and the associated processing of your personal data. In this respect, the legal basis is your consent within the meaning of Art. 6 para. 1 subpara. 1 lit. a GDPR.

Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur- lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

d. Duration of storage

We do not process any additional personal data in the context of the use of YouTube videos on our website. We have no influence on the type, scope and duration of the data processed by YouTube, the type of processing and use or the transfer of this data to third parties. We also have no effective control options. In addition, your consent to the display of YouTube content is not saved. When you end the browser session, your consent is deleted, i.e. when you call up the pages on which YouTube content is integrated again, they are again provided with a "Load video" button and you must agree again if you want to see the content.

e. Possibility of objection and removal

Consent to video playback is valid until you leave the embedding page. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. To exercise your right to object to the creation of user profiles, you must contact Google/Youtube exclusively and directly. If you do not agree to the transfer of your personal data to Google/Youtube, do not click on the "Load video" button in the grayed-out area. No data will then be transmitted to Google, but no video will be played.

Alternatively, you also have the option of changing your personal settings in Google's data protection center(https://www.google.com/policies/privacy/).

f. Recipients/data categories

In principle, the data listed above (see Section 10 lit. a) is processed by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland.

g. Provision of personal data

You are neither legally nor contractually obliged to use YouTube, so the use of YouTube and the information you provide is voluntary. However, if you fail to do so, you will not be able to use YouTube and thus play the videos, which is your only disadvantage.

11 LinkedIn

a. Description and scope of data processing

We use social plugins from the social media network LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA94043, USA, on our website. The social plug-ins may be feeds, content sharing or links to our LinkedIn page. The social plug-ins are clearly marked with the familiar LinkedIn logo and allow, for example, interesting content to be shared directly via our website. For the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data processing.

Your visit to the profile triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles. Personal data is data that can be assigned to you as a specific person (e.g. name, age, address, photos, e-mail addresses, possibly also IP addresses). We also inform you about your rights with regard to the processing of your personal data. You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profile in social networks. These functionalities will not be available to you, or only to a limited extent, if you do not provide us with your personal data. Our website contains a plug-in that takes you to our LinkedIn social network profile when you actively click on it.

b. Purpose of the data processing

The purpose of processing your personal data is to display, present and inform you via social media, in particular to provide you with a convenient and smart option for finding and responding to job vacancies. We regularly post interesting jobs, news or reports. That is why we have created the option on our website to share interesting content directly on LinkedIn or to link directly to our LinkedIn page. We regard integrated social plug-ins as an extended service on our website.

c. Legal basis for the processing

As soon as you have agreed to the content by actively clicking on the "LinkedIn plug-in", you consent to your data being transferred to LinkedIn in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR.

If you use our profiles in social networks to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us exclusively for the purpose of contacting you. The legal basis for data collection is therefore also Art. 6 para. 1 subpara. 1 lit. f GDPR. So-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR) are used as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

d. Duration of storage

In principle, LinkedIn retains your personal data for as long as the company considers it necessary to provide its own services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregated and anonymized form even after you delete your account. As soon as you delete your account, other people will no longer be able to see your data within one day. LinkedIn generally deletes the data within 30 days. However, LinkedIn retains data if it is required by law. Data that can no longer be assigned to a person remains stored even after the account has been closed. The data is stored on various servers in America and presumably also in Europe.

LinkedIn does not conclusively and clearly state how it uses the data from visits to LinkedIn pages for its own purposes, to what extent activities on the LinkedIn page are assigned to individual users, how long LinkedIn stores this data and whether data from a visit to the LinkedIn pages is passed on to third parties, and we are not aware of this.

e. Right of objection and removal

If you wish to object to the processing of your data by us on LinkedIn as a whole or for individual measures, you can do so using the contact details provided above. You can also object to the processing of Insights data by LinkedIn. You can also object to data processing by LinkedIn by contacting us. We will forward your objection immediately. Please note that in the event of such an objection, the use of the LinkedIn page and the retrieval of the services and information offered via it may only be possible to a limited extent or not at all.

f. Recipients/data categories

When you access a LinkedIn page, the IP address assigned to your device is transmitted to LinkedIn. LinkedIn may also store information about the end devices of its users; LinkedIn may thus be able to assign IP addresses to individual users. If you are currently logged in to LinkedIn as a user, a cookie with your LinkedIn ID is stored on your device. This enables LinkedIn to track that you have visited this page and how you have used it. This also applies to all other LinkedIn pages. LinkedIn buttons integrated into websites enable LinkedIn to record your visits to these websites and assign them to your LinkedIn profile. This data can be used to tailor content or advertising to you.

g. Provision of personal data

LinkedIn does not store any personal data simply by integrating the social plugins. LinkedIn calls this data, which is generated by plugins, passive impressions. However, if you click on a social plugin, for example to share our content, the platform stores personal data as so-called "active impressions". This happens regardless of whether you have a LinkedIn account or not. If you are logged in, the data collected will be assigned to your account.

When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This happens even if you do not have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the data protection declarations of the respective operator:

The privacy policy for the social network LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA94043, USA, can be viewed at https://de.linkedin.com/legal/privacy-policy;

12. communication via Team Viewer

a. Description and scope of data processing

We use the "TeamViewer" tool on our website to conduct telephone conferences, online meetings, video conferences and/or other online services such as webinars. "TeamViewer" is a tool from TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. Details on data processing can be found in TeamViewer's privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.

TeamViewer collects data from users who create an account with TeamViewer and uses profiling measures to create a comprehensive user profile. This is intended to help offer customers the most suitable products possible. TeamViewer itself states that it relies on pseudonymized data as far as possible. Teamviewer also processes data collected during audio and video conferences. For example, the provider stores data such as user names, e-mail addresses and IP addresses, but also the preferred language / meeting metadata, such as date, time, meeting ID, telephone numbers, location, text, audio and video data. You may also have the option of using the chat function in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the respective applications.

b. Purpose of the data processing

We collect your data for the purpose of processing your inquiries and holding telephone conferences, online meetings and video conferences.

c. Legal basis for the processing

d. Duration of storage

e. Right of objection and removal

In the context of video and telephone conferences, you can object to the storage of your personal data at any time. In such a case, the video conference etc. cannot be continued. The objection must be made in writing by e-mail. All personal data stored in the course of the conference will be deleted in this case.

f. Recipients/data categories

Access to your personal data is only granted to those bodies that require it to fulfill their respective tasks. Your data will only be passed on to the provider/processor of the conference software used, TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen.

g. Provision of personal data

When using conferences via TeamViewer Germany GmbH, the provision of your data is voluntary. Without this information, however, no conference and support can be provided. Failure to provide personal data may mean that your request cannot be processed or cannot be processed in full. In this context, there may also be legal disadvantages for you, in particular the non-provision of conferences.

13 Microsoft Teams

a. Description and scope of data processing

On our website, you have the option of using Microsoft Teams to conduct telephone conferences, online meetings, video conferences and/or other online services such as webinars. Among other things, Microsoft Teams stores the company name, company address, e-mail address and telephone number. The application also records saved files, conversation histories and the information stored in the Planner. If companies hold meetings with Microsoft Teams, the software stores the IP addresses of the participants, for example. Some of this data is personal data. Microsoft itself states that it does not use the data collected for advertising purposes.

b. Purpose of the data processing

We collect your data for the purpose of processing your inquiries and holding telephone conferences, online meetings and video conferences.

c. Legal basis for the processing

The legal basis for the processing of your personal data is your consent within the meaning of Art. 6 para. 1 subpara. 1 lit. a in conjunction with Art. 7 GDPR and § 25 para. 1 TDDDG and / or Art. 6 para. 1 subpara. 1 lit. b GDPR in the performance of a contract or the implementation of pre-contractual measures at the request of the data subject. So-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR) are used as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

d. Duration of storage

Your personal data will be deleted as soon as it is no longer required for the fulfillment of the purpose. The data will only be stored until the service has been completed. At the end of the session, the connection establishment is deleted. The online session is not recorded. After the end of the session, the connection setup is deleted. The online session is not recorded. Messages, group titles, images, files shared in the chat, calendar items, user profile, contacts, user access code, group access code, presence status messages are available until they are deleted, the user leaves the conversation or the authorization is updated. Call histories are kept for 30 days. Diagnostic data is retained for up to 13 months and can be controlled by the user under the privacy settings on the Microsoft Account page. Meeting recordings are usually deleted automatically after 60 days.

e. Possibility of objection and removal

f. Recipients/data categories

Access to your personal data is only granted to those bodies that require it to fulfill their respective tasks. Your data will only be passed on to the provider/processor of the conference software used, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

g. Provision of personal data

When using conferences via Microsoft Teams, the provision of your data is voluntary. Without this information, however, no conference and support can be provided. Failure to provide personal data may mean that your request cannot be processed or cannot be processed in full. This may also result in legal disadvantages for you, in particular the non-provision of conferences.

The privacy policy for Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA can be found at https://www.microsoft.com/de-de/privacy/privacystatement.

14 Rights of data subjects

Due to the processing of your personal data, you have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to object* (Art. 21 GDPR). You also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller (Art. 20 GDPR). In addition, you can lodge a complaint with the data protection officer if you are of the opinion that MackSmaTec GmbH has not complied with data protection regulations when processing your personal data. You also have the right to lodge a complaint with the data protection supervisory authority. In Thuringia, this is the State Commissioner for Data Protection and Freedom of Information (TLfDI), Häßlerstraße 8, 99096 Erfurt, www.tlfdi.de.

*Note: You have the right to object to the processing of your personal data by MackSmaTec GmbH (controller) on grounds relating to your particular situation.