Data privacy

PRIVACY POLICY

This Privacy Policy (version: GDPR 1.0 dated May 15, 2018) was created by:

Deutsche Datenschutzkanzlei, Munich Data Privacy Office – www.deutsche-datenschutzkanzlei.de

Data protection

We, meteocontrol GmbH, are the party responsible for this online offering and, as the provider of a teleservice, are obligated to notify you on our online offering at the start of your visit about the nature, scope and purposes of collection and use of personal data in a precise, transparent, understandable and easily accessible form and in clear and simple language. You must be able to access the content of that notification at all times. We are therefore obligated to inform you as to what personal data is collected or used. Personal data denotes any information concerning an identified or identifiable natural person.

We attach utmost importance to the security of your data and to compliance with data protection regulations. The collection, processing and use of personal data are subject to the provisions of prevailing European and national law.

In the following Privacy Policy, we wish to present how we handle your personal data and how you can contact us:

meteocontrol GmbH
Spicherer Straße 48
D-86157 Augsburg
Commercial Register-No.: HRB 16415
Managing Director: Cheng Liu
Phone: +49 821 346660
E-Mail: info@meteocontrol.com

 

Our Data Protection Officer

If you have any questions, you can contact our Data Protection Officer:

Sven Lenz
Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
Germany - 87435 Kempten
E-Mail: datenschutz@meteocontrol.de

 

  A.         General information

For a definition of the terms used, such as “personal data” or “processing” of it, please refer to Article 4 of the EU General Data Protection Regulation (GDPR).

The personal data of users processed as part of this online offering includes master data (e.g. the names and addresses of customers), contract data (e.g. services utilized, names of clerical staff, payment information), utilization data (e.g. the websites visited on our online offering, interest in our products) and content data (e.g. data entered in the contact form).

“User” covers all categories of persons affected by data processing (“data subjects”). That includes, for example, our business partners, customers, prospective customers and other visitors to our online offering.

B.         Specific information

Privacy Policy

Privacy Policy for this online offering and other disclosures related to the information that has to be provided in accordance with Article 13 GDPR when personal data of the data subject is collected

We warrant that we collect, process, store and use the data we gather from you solely to handle your requests and for internal purposes, as well as to provide you with the services you requested or content.

Grounds for data processing

We process users’ personal data only in compliance with the relevant data protection regulations. Users’ data is processed only in the following cases permitted by law:

 

  •     So that we can provide our contractual services (e.g. to handle orders) and online services
  •     Where processing of it is prescribed by law
  •     Where you have given your consent
  •     Pursuant to our legitimate interests (e.g. interest in analyzing and optimizing our online offering, operating it cost-effectively and ensuring its security within the meaning of Article 6 (1) point (f)  GDPR, in particular in measuring reach and creating profiles for advertising and marketing purposes, as well as collecting access data and use of third-party services)  

 

We also wish to show you the legal grounds for the above as defined in the GDPR:

Consent

Article 6 (1) point (a) and Article 7 GDPR

Processing to fulfill our services and perform contractual measures

Article 6 (1) point (b) GDPR

Processing to fulfill our legal obligations

Article 6 (1) point (c) GDPR

Processing to safeguard our legitimate interests

Article 6 (1) point (f) GDPR

Transmission of data to third parties

Data is transmitted to third parties only in compliance with the statutory stipulations. We pass on users’ data to third parties only if, for example, that is necessary for performance of a contract or on the basis of legitimate interests in enabling our business operations to be conducted economically and efficiently.

If we use subcontractors to provide our services, we take suitable legal precautions and appropriate technical and organizational measures to ensure personal data is protected in compliance with relevant statutory regulations.

We wish to point out that data is transmitted by Google Analytics when our online offering is used.

Transfer of data to a third country or international organization

“Third country” denotes countries where the GDPR does not apply directly. Basically, that means all countries outside the EU and the European Economic Area.

Data is transferred to a third country or international organization. That is done if there are suitable and adequate safeguards and enforceable rights and effective legal remedies for you.

You can find a copy of the suitable safeguards under the following links:

    Privacy Shield: https://www.privacyshield.gov/list

    Standard contractual clauses:

          https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF

Length of time for which your personal data is stored

We abide by the principles of data economy and data reduction. That means we store your data provided to us only for as long as required to fulfill the above purposes or as defined by the various retention periods prescribed by law. If the purpose no longer applies or such retention periods have expired, your data is blocked or erased routinely and in compliance with statutory regulations.

We have created an internal concept at the company to ensure that.

Contacting us

If you contact us by e-mail, phone, fax, contact form, etc., you consent to electronic communication. Personal data is collected as part of your contact with us. Your data is encrypted by SSL when transferred. The particulars you provide are stored solely for the purpose of handling your request and possible questions in response to it.

We wish to present the legal grounds for that:

Processing to fulfill our services and perform contractual measures

Article 6 (1) point (b) GDPR

Processing to safeguard our legitimate interests

Article 6 (1) point (f) GDPR

We use software to maintain our customer data (CRM system) or similar software pursuant to our legitimate interests (efficient and quick handling of users’ requests).

To enable that, we have concluded with the provider an agreement containing standard contractual clauses (https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF), in which the provider undertakes to process user data only in accordance with our instructions and to comply with a level of data protection commensurate to that in the EU. The provider is also certified under the Privacy Shield Framework and so offers a safeguard that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzX1AAK&status=Active).

We wish to point out that e-mails may be read and changed without authorization and without a user noticing when they are transferred. We also wish to point out that we use software to filter unwanted e-mails (spam filter). The spam filter may reject e-mails if they are falsely identified as spam due to specific features.

What rights do you have?

a)         Right to access and obtain information

You have the right to be provided free of charge with information on the data stored on you. Upon request, we will inform you in writing, in compliance with prevailing law, of what personal data we have stored on you. That also includes the origin and recipients of your data and the purpose for which it is processed.

b)         Right to rectification

You have the right to demand rectification of your data we have stored if it is incorrect. As part of that, you can demand that processing of it be restricted, for example if the accuracy of the personal data is contested by you.

c)         Right to blocking

You can also have your data blocked. In order to ensure blocking of your data at any time, the data in question must be available on a black list for control purposes

d)         Right to erasure

You can also request erasure of your personal data, provided there are no statutory obligations to retain it. If such an obligation exists, we will block your data upon request. If the appropriate legal requirements are met, we will also erase your personal data without a request from you to do so.

e)         Right to data portability

You are entitled to demand that we provide you with the personal data supplied to us in a format that allows it to be transferred to another body.

f )         Right to lodge complaints with a supervisory authority

You can lodge complaints with one of the data protection supervisory authorities.
The data protection supervisory authority responsible for our company is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA = Bavarian Data Protection Authority)

Promenade 27, 91522 Ansbach, Germany

Phone: +49 981 53-1300

Fax: +49 981 53-981300

You can open the form for submitting complaints to the Bayerisches Landesamt für Datenschutzaufsicht at: https://www.lda.bayern.de/en/complaint.html

g)         Right to object

You can object to use of your data for internal purposes at any time with effect for the future. You merely need to send an e-mail to that effect to datenschutz@meteocontrol.com. However, such withdrawal of consent does not affect the lawfulness of the processing activities conducted up to that point. Processing of data on all other legal grounds, such as in steps prior to entering into a contract (see above), shall not be affected by that.

Protection of your personal data

We take state-of-the-art contractual, organizational and technical measures to ensure compliance with data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

The security measures include in particular encrypted transfer of data between your browser and our server. 128-bit SSL (AES 128) encryption technology is used in that.

Your personal data is protected with regard to the following aspects (excerpt):

a)         To safeguard the confidentiality of your personal data

In order to safeguard the confidentiality of your personal data we store, we have taken various measures to control access to premises, equipment and data.

b)         To safeguard the integrity of your personal data

In order to safeguard the integrity of your personal data we store, we have taken various measures to control transmission and input of data.

c)          To safeguard the availability of your personal data

In order to safeguard the availability of your personal data we store, we have taken various order and availability control measures.

The security measures used are continuously improved to reflect technological advances. Despite these precautions, we cannot guarantee secure transfer of data to our online offering due to the insecure nature of the Internet. Consequently, you transfer data to our online offering at your own risk at all times.

Protection of minors

Persons under the age of 16 are not allowed to send personal data to us without the consent of their parent or guardian. Persons under the age of 16 are allowed to send personal data to us only if we have received the explicit consent of their parent or guardian. This data is processed in accordance with this data privacy policy.

Cookies

Control of cookies by the user

Browser cookies: You can set all browsers so that cookies are only accepted upon request. You can also set them so that only cookies whose pages you are currently visiting are accepted. All browsers offer functions to enable selective deletion of cookies. You can also disable acceptance of cookies in general, but if you do so, that may impair the user-friendliness of this online offering.

Use of first-party cookies (Google Analytics cookies)

Google Analytics cookies log:

  • Unique users – Google Analytics cookies record and group your data. All activities during a visit are grouped. Setting Google Analytics cookies means that a distinction is made between users and unique users.
  • Activities of users – Google Analytics cookies also store data on the time a visit to the online offering starts and ends and how many pages you have viewed. When the browser is closed or if the user is inactive for a longer time (30 minutes as standard), the user session is ended and the cookie records the visit as ended. The date and time of the first visit is also recorded. The total number of visits per unique user is also logged. External link: https://marketingplatform.google.com/about/analytics/terms/us/ 

You can prevent recording of the data relating to use of the online offering and generated by the cookie (including your IP address) and processing of this data by Google by downloading and installing the browser plug-in available under the following link: External link: https://tools.google.com/dlpage/gaoptout?hl=en.

More information can be found in the section “Web analytics service Google Analytics / Universal Analytics.”

Use of third-party cookies

Third-party providers use [further] cookies (third-party cookies) in our online offering by displaying editorial texts or advertising. The third-party providers are also subject to stringent data privacy requirements as regards personal data being able to be used to identify specific persons.

Lifetime of the cookies used

Cookies are administered by the web server of our online offering. This online offering uses: Session cookies (once-only use)
Lifetime: Until this online offering is closed

Disabling or removing cookies (opt-out)

Every web browser has an option for restricting or deleting cookies. You can obtain more information about this subject on the following websites:

Web analytics service Google Analytics / Universal Analytics

We use Google Analytics, a web analytics service run by Google Inc. (“Google”). Google Analytics uses cookies. These are text files that are saved on your computer and enable analysis of the online offering’s use. The information on the use of this online offering generated by the cookie is usually sent to a Google server in the USA and stored there. The data is therefore transferred to a third country. That is done if there are suitable and adequate safeguards and enforceable rights and effective legal remedies for you.

You can find a copy of the suitable safeguards under the following links:

However, if IP anonymization is activated in our online offering, your IP address will be abbreviated by Google beforehand within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area.

Only in exceptional cases is the complete IP address sent to a Google server in the USA and abbreviated there. Google will use this information on our behalf to evaluate use of the online offering, to compile reports on activities relating to the online offering and to provide other services for us relating to use of the online offering and Internet. The IP address sent from your browser as part of Google Analytics is not combined by Google with other data. You can prevent the storage of cookies by activating the respective setting in your browser software. However, we point out that in this case some functions of this online offering may not be able to be used to their full extent.

We point out that this online offering uses Google Analytics with the extension “_anonymizeIp()”, which means that IP addresses are only processed further in abbreviated form in order to prevent them being directly linked to a particular individual.

We also use Google Analytics reports to record demographic features and interests.

The data that we send and that is linked with cookies, user identifiers (e.g. a user ID) or advertising IDs is automatically erased after 14 months. Data whose retention period has ended is erased automatically once a month. You can find more information on the terms of service and data privacy at https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en.

You can also prevent recording of the data relating to use of the online offering and generated by the cookie (including your IP address) and processing of this data by Google by downloading and installing the browser plug-in available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=en.

LinkedIn Insight-Tag

We use LinkedIn Insight-Tag, an analysis service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn Ireland"). LinkedIn Insight-Tag is a small piece of JavaScript code used to generate campaign reports and information about visitors to our website. The information generated by the LinkedIn Insight-Tag, including URL, referrer URL, IP address, device and browser properties, timestamps and page views, is encrypted and transmitted directly to LinkedIn for storage.

Please note that the data will be anonymized by LinkedIn within seven days and the anonymized data will be deleted by LinkedIn within 90 days. We do not receive any personal data from LinkedIn, only aggregated reports.

On our behalf, LinkedIn will use this information for optimization and marketing purposes because of our legitimate interest in statistical analysis of user behavior. This means:

  • to compile reports on the activities of our campaigns
  • to display further advertisements

Web analytics service Sentry

meteocontrol GmbH uses Sentry from the company Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA. Data is collected and stored to create anonymized user profiles. They are used solely to analyze errors and to monitor system stability. Cookies are used for that. Cookies are small text files that are saved locally on the user’s computer system and so enable it to be recognized the next time the user visits meteocontrol GmbH’s portals. Users can opt out from data being collected and stored by Sentry at any time with future effect by disabling cookies in their browser settings. However, meteocontrol GmbH points out that in this case some functions of the portals may not be able to be used to their full extent. More information on Sentry can be found at https://sentry.io. Sentry’s Privacy Policy can be called at https://sentry.io/privacy/.

Subscription to the meteocontrol e-mail newsletter

We send you the latest information about meteocontrol if you subscribe to our e-mail newsletter. The only information you must always disclose so that you can receive the newsletter is your e-mail address.

We use a double opt-in procedure for sending the newsletter. We only send you an e-mail newsletter if you explicitly confirm your consent to being sent our newsletter. We then send you a confirmation e-mail, which you are asked to confirm by clicking on the link in question if you wish to receive our newsletter in the future.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6 (1) point (a) GDPR. When you subscribe to the newsletter, we store your IP address entered by your Internet service provider, as well as the date and time you subscribed, as later proof if your e-mail address is misused.

You can cancel your subscription to the newsletter at any time using the link for that purpose in the newsletter or by sending notification to that effect to the controller specified at the start of this Privacy Policy. After you have canceled your subscription, your e-mail address is deleted from our newsletter mailing list without undue delay, unless you have explicitly consented to further use of your data.

We use the third-party provider Campaign Monitor, which is operated by Campaign Monitor Pty Ltd, 404/3-5 Stapleton Ave, Sutherland NSW 2232, Sydney, Australia, to send our newsletter. Campaign Monitor offers extensive means of analyzing how the newsletters are opened and used. These analyses relate to groups of persons and are not used by us to analyze individual newsletter recipients. You can find more information on the provider Campaign Monitor and data protection at Campaign Monitor under http://www.campaignmonitor.com/privacy. You can cancel your subscription at any time, either by sending notification to that effect to the contact address specified below or using the link for that purpose in the newsletter.

In addition, Campaign Monitor states that it can use this data in pseudonymous form, i.e. the data is not assigned to a specific user, to optimize or improve its own services, such as to technically optimize mailing and presentation of the newsletters or for statistical purposes in order to determine the countries the recipients come from. However, this service provider does not use the data of our newsletter recipients to write to them itself or to transmit the data to third parties. If you wish to opt out of data analysis for statistical purposes, you must completely cancel your subscription to the newsletter.

Newsletter distribution via Mailchimp

Our e-mail newsletter is distributed by the technical service provider The Rocket Science Group, LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (https://mailchimp.com), to whom we transmit the data you provide when you register for our newsletter. This transmission takes place pursuant to Article 6 (1) point (f) GDPR and serves our legitimate interest in using this data for a newsletter system that is secure, user-friendly, and has a positive advertising effect. Please note that your data is usually transmitted to a Mailchimp server in the USA and stored there.

Mailchimp uses this data to distribute and statistically evaluate the newsletter on our behalf. For purposes of evaluation, the transmitted e-mail messages contain web beacons or tracking pixels that are one-pixel image files stored on our website. They make it possible to determine whether a newsletter was opened by the recipient and what links, if any, were clicked.

Mailchimp uses these web beacons to generate automated general and non-personal statistics on recipients’ reactions to our newsletter campaigns. Pursuant to Article 6 (1) point (f) GDPR, the web beacons also collect and process data on the individual newsletter recipient (e-mail address, time and date the newsletter is retrieved, IP address, browser type and operating system). This is based on our legitimate interest in the statistical assessment of our newsletter campaigns with the aim of optimizing advertising communication and orienting it more effectively to recipients’ interests. This data enables the identity of the newsletter recipient to be individually determined and is used by Mailchimp for the automated production of statistics that reveal whether a particular recipient has opened a newsletter.

 

If you wish to opt out of data analysis for statistical purposes, you must cancel your subscription to the newsletter.

Mailchimp can also use this data itself pursuant to Article 6 (1) point (f) GDPR on the basis of its own legitimate interest in a need-based design and the optimization of its service as well as for market research purposes, such as to identify the countries in which recipients are located. However, Mailchimp does not use the data of our newsletter recipients to write to them itself, nor does it transmit the data to third parties.

To protect your data in the USA, we have concluded a data processing agreement with Mailchimp to enable the transmission of your personal data to Mailchimp. If you are interested, you can view this data processing agreement at the following site: https://mailchimp.com/legal/data-processing-addendum/ Furthermore, Mailchimp is certified according to the EU–US Privacy Shield data protection agreement and has thus committed itself to abide by EU data protection requirements.

You can view Mailchimp’s Privacy Policy here: https://mailchimp.com/legal/privacy/

Disclosure of personal data for handling orders

We shall disclose the personal data collected by us to the transport company tasked with delivering the goods in order to fulfill contracts, where this is necessary to deliver the goods. We shall disclose payment data to the commissioned bank as part of handling payments.

If we make delivery before payment (only in the case of purchases on account), we reserve the right to conduct a creditworthiness check so as to safeguard our legitimate interests. The personal data required for this creditworthiness check shall be sent by us to Euler Hermes Deutschland AG, Friedensallee 254, 22763 Hamburg, Germany. The credit report can include probability ratings (scores). If scores are included in the credit report, they are based on scientifically acknowledged mathematical-statistical methods. Among other things, address data is taken into account in calculating scores. The result of the creditworthiness check shall be used solely for the purpose of taking a decision on the establishment, execution or termination of a contractual relationship. The recipient may use the data disclosed in such a way only to perform the task for which it was collected. Any other use of the information is not permitted.

If you decide to pay by credit card through the payment service provider Concardis, the payment shall be handled through the payment service provider Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany, to whom we disclose the information provided as part of the ordering process, along with information on your order. Your data shall be disclosed solely for the purpose of handling payments with the payment service provider Concardis.

If you decide to pay by credit card through the payment service provider TeleCash, the payment shall be handled through the payment service provider TeleCash GmbH & Co. KG, Konrad-Adenauer-Allee 1, 61118 Bad Vilbel, Germany, to whom we disclose the information provided as part of the ordering process, along with information on your order. Your data shall be disclosed solely for the purpose of handling payments with the payment service provider TeleCash.

Amendments to our data privacy regulations

We reserve the right to adapt our Privacy Policy from time to time so that it always complies with the latest statutory requirements or to reflect changes to our services in the Privacy Policy. That may be the case, for example, if new services are launched. The new Privacy Policy will then apply when you visit our online offering again.

Trademark protection

Every company logo, trade name or trademark specified here is the property of the company in question. Marks and names are specified purely for informational purposes.

C.         Regulations specific to Russia

The following applies to users domiciled in the Russian Federation:

The above services in our online offering are not intended for citizens of the Russian Federation who are resident in Russia.

If you are a Russian citizen who is resident in Russia, you are hereby explicitly notified that any personal data you disclose using this online offering is provided solely at your own risk and under your own responsibility. You also consent to not hold us responsible for any failure to comply with the laws of the Russian Federation. 

Microsoft Bookings

meteocontrol Australia Pty Ltd uses Microsoft Bookings for online appointment booking.

Microsoft Bookings is software provided by Microsoft Ireland Operations Limited. The connection to the service is only established when you call up the online booking function via a link or button on our website, in an email or in the newsletter. To make an appointment, your entries in the form are transferred to Microsoft.

Microsoft Bookings is part of the cloud application Office 365. Microsoft reserves the right to process customer data for its own business purposes. This poses a data protection risk for Microsoft Bookings users. Please note that we have no influence on Microsoft's data processing activities. To the extent that Microsoft Bookings processes personal data in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for such use and, as such, is responsible for compliance with all applicable laws and obligations of a data controller. For more information on the purpose and scope of data collection and its processing by Microsoft Bookings, please refer to Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

The data you entered when making an appointment online, but at least your name, e-mail address and telephone number as well as metadata, e.g. date, time, phone number, IP address, will be processed. The legitimate interest for the processing results from our claim to offer you a user-friendly website with a wide range of functions and to give you the opportunity to make an appointment with us quickly and easily at any time if required.

Please note that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.

You have the option to revoke your consent to data processing or to object to the use of the data at any time. In this case, the intended contact is no longer possible or communication that has already begun can no longer be continued. The data will be deleted as soon as it is no longer required to achieve the purpose.

If you want to contact us on the matter:

meteocontrol Australia Pty Ltd
L3 / 697 Collins Street,
Docklands VIC 3008, Australia
Phone +61 3 9068 3951
E-mail      info-au@meteocontrol.com or legal@meteocontrol.com