SEARCH
REGION: NETHERLANDS
EN
NL
Data Protection Information CHG-MERIDIAN

DATA PROTECTION INFORMATION

CHG-MERIDIAN AG, represented by the chairman of the board of management, Dr. Mathias Wagner, is the provider of, and therefore responsible for, the commercial and business related online offering.

Data protection declaration

A. General Information

Data Protection

We are delighted about the visit of our website. CHG-MERIDIAN AG (hereinafter ‘CHG-MERIDIAN AG’, ‘we’ or ‘us’) attaches great importance to the security of users’ data and compliance with data protection provisions.
Hereinafter, we would like to inform about how personal data is processed on our website.
With the following privacy policy, we would like to show you how we handle your personal data and how you can contact us.

CHG-MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany

E-mail address: info@chg-meridian.com
Web: www.chg-meridian.com

Telephone: +49 751 503-0
Fax: +49 751 503-66

Chairman of the supervisory board: Jürgen Mossakowski
Chairman of the board: Dr. Mathias Wagner
Board: Daniel Welzer, Oliver Schorer, Ulrich Bergmann

Registry court Ulm HRB 551857

Tax office Weingarten
VAT identification number: DE 146349520

Court of jurisdiction Ravensburg
Applicable law: Law of the Federal Republic of Germany

our data protection officer
If you have any questions, you can contact our data protection officer at

Benjamin Hummer, E-mail address: privacy@chg-meridian.com

B. Terminology

For better comprehensibility, we have refrained from gender-specific distinctions in our privacy poli-cy. In the interest of equal treatment, the corresponding terms apply to both genders.

The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR, such as “personal data” and “processing”.

The personal data of users processed within the scope of this online offer includes inventory data (e.g., names and addresses of customer), contract data (e.g., used services, names of clerks, pay-ment information), usage data (e.g., visited websites on our online offer, interest in our products) and content data (e.g., entries in the contact form).

“Users” here includes all categories of data subjects affected by the data processing. This includes, for example, our business partners, customers, interested parties and other visitors of our online of-fering.

Each of the company names or brand names mentioned in this privacy policy is the property of the respective company. The mention of brands and names is for purely informative purpose.

C. Specific Information

Automated data processing (log files etc.)

Our website can be visited without actively providing personal information about the user. However, every time our website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website the user visited us from, the date and duration of the visit and the name of the file accessed, as well the IP address of the device used (for security reasons, such as to recognise attacks on our website) for a duration of 7 days. This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about the person of the user. This data is not merged with other data sources. Legal base for the processing of the data is Art. 6 (1) (f) GDPR. We process and use the data for the following purposes: 1. to provide the website, 2. to improve our websites and to prevent and 3. identify errors/malfunctions and the abuse of the website. The processing is based on legiti-mate interests to ensure the functionality of the website and its error-free, secure operation, as well as to adapt this website to suit users’ needs.

 

Use of cookies (general, functionality, opt-out links etc.)

We use ‘cookies’ on our website to make visiting our website more attractive and to enable certain functions to be used. The use of cookies serves our legitimate interest in making a visit to our web-site as pleasant as possible and is based on article 6 (1) (f) GDPR. Cookies are standard internet technology used to store and retrieve login details and other usage information for all the users of a website. Cookies are small text files that are deposited on your end device. They enable us to store user settings, inter alia, to ensure that our website can be shown in a format tailored to your device. Some of the cookies we use are deleted after the end of a browser session, i.e. when closing the browser (known as ‘session cookies’). Other cookies remain on the user’s end device and enable us or our partner companies to recognise the browser on the next visit (known as ‘persistent cookies’).

The browser can be set so that the user is informed when cookies are to be stored and can decide whether to accept them in each individual situation, to accept them under certain circumstances, or to exclude them in general. In addition, cookies can be retrospectively deleted to remove data that the website stored on your computer. Deactivating cookies (known as ‘opting out’) can limit our website’s functionality in some respects.

Categories of data subjects: 
Website visitors, users of online services

Opt-out:  
Internet Explorer:
https://support.microsoft.com/de-de/help/17442  

Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de

Safari:
https://support.apple.com/de-de/HT201265  

Legal bases:       
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
The pertinent legal basis is specifically stated for each tool in question.

Legitimate interests:              
Storing of opt-in preferences, presentation of the website, assurance of the website's functionality, provision of user status across the entire website, recognition for the next website visitors, user-friendly online offering, assurance of the chat function

 

Web analysis and optimisation

We use tools for web analysis and reach measurement so that we can evaluate user flows to our online offering. To do so, we collect information about the behaviour, interests or demographics of our users, such as their age, gender, and so on. This helps us to recognise the times at which our online offering, its functions, and content are frequented the most or accessed more than once. In addition, we can use the information that has been collected to determine whether our online offering requires optimisation or adjustment.

The information collected for this purpose is stored in cookies or deployed in similar procedures used for reach measurements and optimisation. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. In this case, the data is changed so that the actual identity of the user is not known to us, nor the provider of the tool used. The changed data is often stored in user profiles.

Categories of data subjects:  
Website visitors, users of online services

Data categories:                    
Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos)

Purposes of processing:
Website analyses, reach measurement, utilisation and assessment of website interaction, lead evaluation

Legal bases:                          
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)

Legitimate interests:              
Optimisation and further development of the website, increase in profits, customer loyalty and acquisition

 

etracker

Tool:                           
etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany

Privacy:                      
https://www.etracker.com/datenschutz/

Opt-out-link:
https://www.etracker.com/datenschutz/

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

6Sense Insights, Inc.

Tool:     
6Sense Insights, Inc., 450 Mission Street Suite 201, San Francisco CA 94105, US

Privacy                
https://6sense.com/privacy-policy/

Opt-Out-Link:
https://6sense.com/privacy-policy/

Legal base:         
Consent (Art. 6 Abs. 1 lit. a) GDPR)

WiredMinds

Tool:                           
WiredMinds GmbH, Lindenspürstraße 32, 70176 Stuttgart, Germany

Privacy:                      
https://wiredminds.de/datenschutz/

Legal base:                 
Consent (article 6 (1) (a) GDPR)

Exclude from tracking

Online marketing

We process personal data within the framework of online marketing, particularly regarding potential interests and to measure the effectiveness of our marketing measures, with the aim of continually boosting our reach and the prominence of our online offering.

We store the relevant information in cookies or use similar procedures for the purpose of measuring the effectiveness of our marketing measures and identifying potential interests. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. If so, the data is changed so that the actual identity of the user is not known to us, nor the provider of the tool used. The changed data is often stored in user profiles.

In the event that user profiles are stored, the data can be used, read, supplemented, and expanded on the server of the online marketing procedure when other online offerings are visited that use the same online marketing procedure.

We can calculate the success of our adverts using summarised data that is made available to us by the provider of the online marketing procedure (known as ‘conversion measurement’). As part of these conversion measurements, we can trace whether a marketing measure caused a visitor to our online offering to decide to make a purchase. This evaluation serves to analyse the success of our online marketing.

Categories of data subjects:  
Website visitors, users of online services, prospective customers, communication partners, business partners and contractual partners

Data categories:                    
Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), location data, contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos)

Purposes of processing:       
Marketing (sometimes interest-based and behavioural, as well), conversion measurement, target group formation, click tracking, development of marketing strategies and increase in the efficiency of campaigns

Legal bases:                          
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)

Legitimate interests:              
Optimisation and further development of the website, increase in profits, customer loyalty and acquisition,

 

etracker

Tool:                           
etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany

Privacy:                      
https://www.etracker.com/datenschutz/

Opt-out-link:
https://www.etracker.com/datenschutz/

Legal base:                 
Consent (article 6 (1) (a) GDPR)
 

Google AdWords and conversion measurement

Tool:                           
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy:                      
https://policies.google.com/privacy

Opt-out-link:              
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal base:                 
Consent (article 6 (1) (a) GDPR)
 

Google Doubleclick and Static

Tool:                           
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy:                      
https://policies.google.com/privacy

Opt-out-link:              
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

LinkedIn Analytics and Insight Tag

Tool:                           
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Privacy:                     
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Opt-out-link:              
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

Presence on social media

We maintain online presences on social networks and career platforms so we can exchange infor-mation with users registered there and easily contact them.

Sometimes, data belonging to social network users is used for market research and, by extension, for advertising purposes. Users’ usage behaviour, such as their stated interests, can lead to user profiles being created and used in order to adapt adverts to suit the interests of the target group. To this end, cookies are normally stored on users’ end devices, which sometimes occurs regardless of whether you are a registered user of the social network.

In conjunction with the use of social media, we also make use of the associated messenger services to communicate easily with users. We would like to point out that the security of some services can depend on the user's account settings. Even in cases of end-to-end encryption, the service provider can draw conclusions about the fact that the user is communicating with us, when they do so, and, on occasion, capture location data.

Depending on where the social network is operated, the user data can be processed outside the Eu-ropean Union or outside the European Economic Area. This can lead to risks for users because it is more difficult for them to assert their rights, for example.

Categories of data subjects:  
Registered users and non-registered users of the social network

Data categories:                    
Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses)

Purposes of processing:       
Increase in the reach, networking of users

Legal bases:                          
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)

Legitimate interests:             
Interaction and communication on social media pages, increase in profits, findings regarding target groups

 

Instagram

Tool:                          
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy:                     
https://help.instagram.com/519522125107875 and https://www.facebook.com/about/privacy

Opt-out-link:              
https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

 

Facebook

Tool:                           
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy:                      
https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum

Opt-out-link:              
https://www.facebook.com/policies/cookies/

 

LinkedIn

Tool:                          
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Privacy:                      
https://www.linkedin.com/legal/privacy-policy

Opt-out-link:               
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

Kununu

Tool:                          
New Work SE, Dammtorstr. 30, 20354 Hamburg, Germany

Privacy:                     
https://privacy.xing.com/de/datenschutzerklaerung

Opt-out-link:               
https://nats.xing.com/optout.html?popup=1

 

Vimeo

Tool:                          
Vimeo Inc., 555 West 18th Street New York, New York 10011, USA

Privacy:                      
https://vimeo.com/privacy

Opt-Out-Link:             
https://vimeo.com/cookie_policy

 

YouTube

Tool:                          
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy:                      
https://policies.google.com/privacy?hl=de&gl=de

Opt-out-link:              
https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

 

Xing

Tool:                          
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Privacy:                      
https://privacy.xing.com/de/datenschutzerklaerung

Opt-out-link:               
https://nats.xing.com/optout.html?popup=1

 

Plug-ins and integrated third-party content

We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, depictions, buttons or contributions (hereinafter termed ‘content’) can be inte-grated.

To enable visitors to our online offering to be shown content, the third-party provider in question pro-cesses the user’s IP address, inter alia, to transmit the content to the browser and display it. It is not possible to integrate third-party content without this processing taking place.

Sometimes, additional information is collected via ‘pixel tags’ or web beacons through which the third-party provider receives information about the use of the content or visitor traffic to our online offering, technical information about the user's browser or operating system, the visit time or referring websites. The data collected in this manner is stored in cookies on the user’s end device.

We have taken security precautions to prevent this data from being automatically transferred, with the aim of protecting the personal data of visitors to our online offering. This data is only transferred if the visitor uses the buttons or click on the third-party content.

Categories of data subjects:  
Users of plug-ins or third-party content

Data categories:                    
Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses) contact data (e.g. email address, telephone number), Master data (e.g. name, address)

Purposes of processing:       
Design of our online offering, increase in the reach of adverts on social media, sharing of contributions and content, interest-based and behavioural marketing, cross-device tracking

Legal bases:                          
Consent (article 6 (1) (a) GDPR)

 

Facebook social plugins

Tool:                          
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy:                      
https://www.facebook.com/privacy/explanation

Opt-out-link:              
https://www.facebook.com/policies/cookies/

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

Google Api's

Tool:                          
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy:                      
https://policies.google.com/privacy?hl=de&gl=de

Opt-out-link:              
https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

LinkedIn plug-ins

Tool:                          
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Privacy:                      
https://www.linkedin.com/legal/privacy-policy

Opt-out-link:              
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

YouTube

Tool:                          
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy:                      
https://policies.google.com/privacy?hl=de&gl=de

Opt-out-link:              
https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

Xing plug-ins and buttons

Tool:                          
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Privacy:                      
https://privacy.xing.com/de/datenschutzerklaerung

Opt-out-link:              
https://nats.xing.com/optout.html?popup=1

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

Perbit Recruiting

Tool:                          
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Privacy:                      
https://perbit.com/datenschutz/

Opt-out-link:              
https://nats.xing.com/optout.html?popup=1

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

Vimeo

Tool:                          
Vimeo Inc., 555 West 18th Street New York, New York 10011, USA

Privacy:                      
https://vimeo.com/privacy

Opt-out-link:              
https://vimeo.com/cookie_policy

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

Online conferences and meetings

We make use of the opportunity to hold online conferences and meetings. To do so, we use offer-ings provided by other carefully selected providers.

When actively using offerings of this nature, data regarding the participants in the communication is processed and stored on the servers of the third-party services used, provided this data is necessary for the communication process. In addition, usage data and metadata can also be processed.

Categories of data subjects:  
Participants in the online offering in question (conference, meeting, webinar)

Data categories:                    
Master data (e.g. name, address), contact data (e.g. email address, telephone number), Content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses)

Purposes of processing:       
Processing of enquiries, increase in efficiency, promotion of cross-company or cross-location collaboration

Legal bases:                          
Consent (article 6 (1) (a) GDPR)

 

TeamViewer

Tool:                           
TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany

Privacy:                      
https://www.teamviewer.com/de/datenschutzerklaerung/

Legal base:                 
Consent (article 6 (1) (a) GDPR)

 

Contacting us

On our online offering, we offer the option of contacting us directly or requesting information via var-ious contact options.

In the event of contact being made, we process the data of the person making the enquiry to the ex-tent necessary for answering or handling their enquiry. The data processed can vary depending on the method via which contact is made with us.

We want to point out, that e-mails can be read or changed unauthorized and unnoticed during trans-mission. Furthermore, we would like to point out that we use software to filter undesired e-mails (spam filter). The spam filter can reject e-mails if they have been erroneously identified as spam by certain chararcetristics.

Categories of data subjects:  
Individuals submitting an enquiry

Data categories:                    
Master data (e.g., name, address), contact data (e.g., email address, telephone number), content data (e.g., text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)

Purposes of processing:       
Processing requests

Legal bases:                          
Consent (article 6 (1) (a) GDPR), performance of contract (article 6 (1) (b) GDPR)

 

Newsletter and mass communication (including tracking)

On our online offering, users have the option of subscribing to our newsletter. We only send newsletters to recipients who have agreed to receive the newsletter, and within the framework of statutory provisions.

An email address must be provided to subscribe to our newsletter. If applicable, we collect extra data, such as your name to include a personal greeting in our newsletter.

Our newsletter is only sent after the ‘double opt-in procedure’ has been fully completed. If visitors to our online offering decide to receive our newsletter, they will receive a confirmation email that serves to prevent the fraudulent input of wrong email addresses and preclude a single, possibly accidental, click from causing the newsletter to be sent. The subscription to our newsletter can be ended at any time with future effect. An unsubscription (opt-out) link is given at the end of every newsletter.

In addition, we are obliged to provide proof that our subscribers actually want to receive the newsletter. To this end, we collect and store their IP address, along with the time of subscription and unsubscription.

Our newsletters are designed so that we can obtain findings about improvements, target groups or the reading behaviour of our subscribers. We are able to do this thanks to a 'web beacon’ or tracking pixel that reacts to interactions with the newsletter, such as looking at whether links are clicked on, whether the newsletter is opened at all, or at what time the newsletter is read. We can associate this information with individual subscribers.

Categories of data subjects:    
Newsletter subscribers

Data categories:    
Master data (e.g. name, address), contact data (e.g. email address, telephone number), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, inter-est in content, access times)

Purposes of processing:    
Marketing, increase in customer loyalty and new customer acquisition, analysis and evaluation of the campaigns’ success

Legal bases:     
Consent (article 6 (1) (a) GDPR)

 

Microsoft Dynamics Marketing

Tool:        
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Privacy:
https://privacy.microsoft.com/de-de/privacystatement

 

Provision of whitepaper

On our online offering, visitors have the opportunity to request Whitepaper, so that we can provide them with recent or relevant information.

We collect personal data via a form and make the provision of our free services dependent on the subscription to our newsletter. In this case, consent is obtained via a double-opt-in procedure both for the processing of user data for the distribution of the Whitepaper and for the subscription to our mailings, which are each freely withdrawable separately.

Categories of data subjects:    
Interested persons who specifically request our information material

Data categories:    
IP address, form-data (form of address, name, email address, telephone number

Purposes of processing:    
Marketing, acquisition of new customers, sales increase

Legal bases:     
Consent (article 6 (1) (a) GDPR)


Microsoft Dynamics Marketing
Tool:        
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Privacy:     
https://privacy.microsoft.com/de-de/privacystatement

 

Data transfer

We are a globally active company headquartered in Germany. Data of visitors to our online offering is stored in our central customer database in Germany, in compliance with the pertinent data protection provisions, and is processed across the group for internal administrative purposes. It is not processed for purposes other than administrative ones.

Legal basis:                            
Legitimate interests (article 6 (1) (f) GDPR )

Legitimate interests:              
‘Small-group exemption’, centralised management and administration within the company to make use of synergy effects, cost savings, increased efficiency

It may be necessary for us to disclose personal data for the performance of contracts or to comply with legal obligations. If the data necessary in this regard is not provided to us, it may be the case that the contract cannot be concluded with the data subject. It may also be necessary for us to engage service providers for the provision of our service or the provision of our online offer. Since it cannot be ruled out that these receive personal data of the visitors of our online offer, their engagement always takes place in accordance with the GDPR. We use the following service providers for the provision of our online offer:

 

Magnolia

Tool:                           
Magnolia International Ltd., Oslo Str. 2, 4142 Münchenstein, Switzerland

Privacy:                      
https://www.magnolia-cms.com/de_DE/legal/privacy.html

 

Indevis

Tool:                          
indevis IT-Consulting and Solutions GmbH, Irschenhauser Straße 10, 81379 München

Privacy:                      
https://indevis.de/datenschutz

 

Consent manager

Tool:                           
consentmanager gmbh, Eppendorfer Weg 183, 20253 Hamburg, Germany

Privacy:                      
https://www.consentmanager.net/datenschutz

 

We transfer data to countries outside the EEA (known as ‘third countries’). This occurs due to the above-mentioned purposes (transfer within the group and/or to other recipients). Transfer is only effected to fulfil our contractual and legal obligations, or on the basis of the consent that the data subject granted prior to this. In addition, the transfer is only effected in compliance with the applicable data protection laws, in particular taking into account Art. 44 et seq. GDPR, for example on the basis of adequacy decisions issued by the European Commission or other appropriate safeguards (e.g., standard data protection clauses, etc.).

 

Storage period

In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations, or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).

 

Automated decision-making

We do not use automated decision-making or profiling.

 

Legal bases

The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states and can, if applicable, be applied alongside or in addition to the GDPR.

Consent:                                            
Article 6 (1) (a) GDPR serves as the legal basis for processing procedures regarding which we have sought consent for a particular purpose of processing.

Performance of a contract:                
Article 6 (1) (b) serves as the legal basis for processing required to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.

Legal obligation:                               
Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.

Vital interests:                                   
Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.

Public interest:                                  
Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.

Legitimate interest:                           
Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not outweighed by the interests or fundamental rights and fundamental freedoms of the data subject that require personal data to be protected, particularly if the data subject is a child.

 

Rights of the data subject

Right of access:                                
Pursuant to article 15 GDPR, data subjects have the right to request confirmation as to whether we process data relating to them. They can request access to their data, along with the additional information listed in article 15 (1) GDPR and a copy of their data.

Right to rectification:                        
Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.

Right to erasure:
Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.

Right to data portability:                   
Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.

Right to lodge a complaint:               
In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under article 77 GDPR.

Right to object:                                  
If personal data is processed on the basis of legitimate interests pursuant to article 6 (1) (1) (f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.

 

Withdrawal of consent

Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to datenschutz@chg-meridian.com is sufficient. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.

 

Protection of personal data

We implement contractual, organizational, and technical security measures in accordance with the state of the art to ensure compliance with the provisions of data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

The security measures include in particular the encrypted transmission of data between your browser and our server. For this, a 256-bit-SSL (AES 256) encryption technology is used. This includes your IP-address.

In this context, your personal data is protected within the scope of the following points (excerpt):

  1. Maintaining the confidentiality of your personal data
    In order to maintain confidentiality of your personal data stored at our systems, we have taken various measures to control physical access, electronic access and internal access.
  2. Maintaining the integrity of your personal data
    In order to maintain integrity of your personal data stored at our systems, we have taken various measures to control data transfer and data entry.
  3. Maintaining the availability of your personal data
    In order to maintain integrity of your personal data stored at our systems, we have taken various measures to control order and availability.

The implemented security measures are continuously improved in line with technological developments. Despite these measures, we cannot guarantee the security of your data transmission to our online service due to the insecure nature of the Internet. For this reason, any data transmission from you to our online service is at your own risk.

External links

Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.

Amendments

We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.

Business Data protection declaration

1 Introduction and scope

The CHG-MERIDIAN AG (CHG) is committed to process personal data responsibly and in compliance with the applicable data protection laws in all countries in which the company operates.

This European Union (“EU”) Customer/Vendor Data Protection Notice (the “Notice”) describes the types of personal data CHG collects, how CHG uses that personal data, with whom the CHG shares your personal data, and the rights you, as a data subject, have regarding the CHG`s use of the personal data. This notice also describes the measures CHG takes to protect the security of the data and how you can contact us about our data protection practices.

2 Contact details of the Data Controllers

The CHG-entities responsible for the collection and use of your personal data (the Data Controllers) in your home country for the purposes described in this notice are:

 

Contact information can be found here.

3 Contact details of the Data Protection Manager

A Data Protection Officer (“DPO”) is designated. The DPO is involved in all issues related to the protection of your personal data. In particular, the DPO is in charge of monitoring and ensuring compliance with this notice and the applicable data protection laws. They will also provide advice on data protection matters upon request.

For any clarification or additional information you may need in order to fully understand this Notice, please contact:

dataprotection@chg-meridian.com

4 Purposes of data processing and legal basis

CHG processes personal data in accordance with applicable data protection laws and regulations and only for limited, explicit and legitimate purposes. CHG will not use personal data for any purpose that is incompatible with the original purpose for which it was collected unless you provide your prior explicit consent for further use.

Personal data relating to customers/vendors may be processed for the purposes of:

  • Managing commercial relationships with current and potential clients;
  • Managing commercial relationships with current and potential suppliers and vendors;
  • Carrying out promotional operations;
  • Conducting statistical surveys and marketing studies, etc.

CHG ensures that our internal governance procedures clearly specify the reasons behind decisions to use personal data for alternative processing purposes. Prior to using your personal data for a purpose other than the one for which it was initially collected, you will be informed about such new purpose.

  • Prevention and investigation of criminal offenses

Insofar as not exclusively for the fulfillment of legal requirements, we process personal data in order to respond to inquiries from investigating authorities that are legitimately submitted to us. When responding to inquiries, we comply with the data protection principles of the GDPR.

5 Categories of personal data processed

The provision of personal data is a requirement necessary to enter into a contract with CHG or a requirement by law or regulation for the CHG to administer your customer/vendor relationship. The personal data processed is limited to the data necessary for carrying out the purpose for which such personal data is collected.

Personal data processed includes the following:

  • Business information (such as name of organization, department and job title);
  • Contractual information (such as date of agreement, type of commercial relationship, etc.).

CHG will not collect personal data if such collection is prohibited under the applicable data protection laws.

In no case will personal data revealing religious beliefs, racial or ethnic origin, political opinions, philosophical beliefs, trade union membership or concerning sex life be processed in the customer/vendor context.

CHG will maintain personal data in a manner that ensures it is accurate, complete and up-to-date.

6 Data Security

CHG has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such risk analysis includes an analysis of the risk of compromising the rights of the data subject, costs of implementation, and the nature, scope, context and purposes for data processing.

The measures include

(i)     encryption of personal data where applicable/appropriate;

(ii)    the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;

(iii)   the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and

(iv)   a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

7 Recipients of personal data

CHG will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the function for which such access is granted.

Authorization to access personal data will always be linked to the function so that no authorization will be extended to access personal data on a personal basis. Service providers will only receive personal data according to the purposes of the service agreement with the Company.

8 International data transfers

International data transfers refer to transfers of personal data outside of the European Economic Area (“EEA”). The international footprint of CHG involves the transfer of personal data to and from other group companies or third parties, which may be located outside the EEA. CHG will ensure that when personal data is transferred to countries that have different standards of data protection, appropriate safeguards to adequately protect the personal data are implemented to secure such data transfers in compliance with applicable data protection laws. CHG has implemented Data Transfer agreements based on EU model clauses to cover international data transfers and a copy of these agreements can be obtained by contacting the DPO.

9 Retention of personal data

CHG will not retain your Personal data for longer than is allowed under the applicable data protection laws and regulations or for longer that is justified for the purposes for which it was originally collected or otherwise processed, subject to applicable local retention requirements.

10 Data Protection rights

Under applicable data protection laws, you will benefit from the following rights:

  • Right to access to, rectification and erasure of personal information;
  • Right to restriction of processing and to object to processing;
  • Right of data portability to the extent applicable;
  • Right to withdraw consent where the processing is based on consent; and
  • Right to lodge a complaint with the supervisory authority.

11 Miscellaneous

This notice may be revised and amended from time to time and appropriate notice about any amendments will be given.

CHG is allowed to adapt the text of this notice only in order to be compliant with local legislation by means of an addendum attached to this notice. In case of any discrepancies between this notice and a specific local addendum made in accordance with local law, the terms of the latter will prevail.

Online Application

Data privacy statement for online applications

Dear applicant we are pleased that you are interested in the CHG-MERIDIAN and applied for a job in our company. Subsequently we want to inform you about the processing of personal data in connection with your application.

Please read the information and regulations listed below carefully before transmitting your data to us.

Who is in charge of data processing

CHG-MERIDIAN AG
Franz-Beer Straße 111
88250 Weingarten

Telephone +49 751 5030
Fax +49 751 50366
E-Mail-address info@chg-meridian.com

You will find further information regarding our company, details on the authorized representatives and moreover further contact opportunities in our imprint .


Which data is processed by us? And for what reason?
We process the data, which was sent to us with your application, in order to examine your suitability for the position and execute the application procedure.


What´s the legal basis for that ?
The legal basis for processing your personal data in this application procedure primarily is section 26 BDSG-neu (Germany), article 6 (1) lit. b) GDPR . As set out there, the processing of that data is permitted, which is necessary in connection with the decision of an explanation of an employment.

If data, e.g. to enforce rights, should be necessary after the termination of the application procedure, data processing based on the requirements of article 6 GDPR, especially for the percipience of justified interest stated in article 6 (1) GDPR will take place. We are interested in claiming or defending demands.


How long will the data be stored?
The data of applicants will be, in case of a letter of refusal, deleted after 6 months.

If you received a confirmation for a spot in our company within our application procedure, your data will be transmitted from our applicant-data-system into our Human resource management system.


To which recipients will data be transmitted.
For our application procedure we use a specialized Software provider. The provider operates as a service provider and it is possible that in connection with maintenance of the systems they receive knowledge of your personal data. We concluded a so called contract data processing with the provider, which secures the valid usage of the data.

Your application data will be sighted by the HR-Department after its entry. Suitable applications will be transferred to the responsible people, regarding the respective vacant spot, internally. Following that the further process will be decided. Inside the company only people have access to your data, to whom it is necessary to ensure a proper procedure of the applicant procedure.


Where will the data be processed?
The data will exclusively be processed in computer centers in Germany.

Your rights as an affected.

You have the right-get information about your personal data processed by us

Should an information inquiry not be made in writing, please understand that we will require, if necessary, proof that verifies that you are the person you are impersonating.

Furthermore you have the right of correction, deletion or restriction of spreading as far as you are legally allowed.

Furthermore have the right of objection regarding the spreading within the frame of the legal requirements.

The revocation has to be sent to the responsible, Benjamin Hummer by mail or E-mail at  dataprotection@chg-meridian.com


Our Data Protection officer
We have named a Data protection officer in our company. You are able to contact him as following.

CHG-MERIDIAN AG
Benjamin Hummer
Franz-Beer-Straße 111
88250 Weingarten
E-Mail: dataprotection@chg-meridian.com


Right of appeal
You have the right to complain at the responsible supervisory authority for data protection about personal data being processed.


Acceptance
By ticking the check-box you give your express consent for CHG-MERIDIAN AG to collect, process and use the data you sent to us, in compliance with section 26 BDSG-neu (Germany), article 6 (1) lit. b), and for the purpose of processing applications. Your data will only be shared if you give your consent by ticking the check-box.

About sensitive data: We expressly point out that applications, especially CVs, credentials and any other information you send to us, may contain especially sensitive details on mental and physical health, racial and ethnic background, political opinions, religious and philosophical convictions, memberships in unions and political parties, and sexual life. When you share such information with us in your online application, you expressly agree to permit CHG-MERIDIAN AG to collect, process and use these details for the purpose of processing applications. The processing of such data takes place in compliance with the data protection agreement and any other relevant legislation.


Contact point/Data protection manager
If you have any questions with regard to data protection or would like to exercise you right to information or withdrawal of consent, please contact (dataprotection@chg-meridian.com).


Amendments to this privacy statement
CHG-MERIDIAN AG reserves the right to amend this privacy statement at any time. We furthermore draw your attention to the general data protection provisions for our websites .

Video declaration

Video data protection notice

Name and contact details of the data controller

CHG-MERIDIAN
Franz-Beer-Strasse 111
88250 Weingarten
Germany

Tel: +49 (0)751 5030
Email: info@chg-meridian.com

Contact details of the data protection officer

Benjamin Hummer
Franz-Beer-Strasse 111
88250 Weingarten
Germany

Tel: +49 (0)751 503 246
Email: dataprotection@chg-meridian.com

Purpose and legal basis of data processing
Article 6(1) (f) GDPR in conjunction with section 4 FDPA (new)

Building security
Enhancing the sense of security
Deterrence

Legitimate interests
Prevention of vandalism
Forensic purposes
Prevention of theft

Duration of storage
Data collected is stored for seven days

Recipients of data and categories of recipients (if data collection takes place)

No transmission of data to non-EU countries or international organizations is intended.

Notice regarding the rights of data subjects
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. Where that is the case, the data subject has the right of access to personal data concerning him or her, and to the information listed in Article 15 GDPR.

The data subject has the right to request that the controller rectify any incorrect personal data or complete any incomplete personal data (Article 16 GDPR).

The data subject has the right to request that the controller erase personal data concerning him or her without undue delay, provided that the reason given is listed in Article 17 GDPR, e.g. the personal data is no longer required in relation to the purposes for which it was collected or otherwise processed (right to erasure).

The data subject has the right to request that the controller restrict processing if one of the conditions listed in Article 18 GDPR applies (for example, the accuracy of the personal data is contested by the data subject), for a period enabling the controller to verify its accuracy.

The data subject has the right to object to the processing of personal data concerning him or her at any time on grounds relating to his or her particular situation. The controller may then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims (Article 21 GDPR).

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory body if the data subject considers that the processing of personal data concerning him or her infringes the GDPR (Article 77 GDPR). The data subject may lodge the complaint with any supervisory body in the Member State of his or her habitual residence, place of work, or place of the alleged infringement. In Baden-Württemberg, the supervisory authority is the State Representative for Data Protection and Freedom of Information for Baden-Württemberg.
The postal address is Postfach 10 29 32, 70025 Stuttgart, Germany.
Please use the street address for parcels: Lautenschlagerstraße 20, 70173 Stuttgart, Germany.

Competition Declaration

Data protection information pursuant to article 13 GDPR

CHG-MERIDIAN AG is a company based in Germany. The data that we collect is stored in our central customer database in Germany. CHG-MERIDIAN AG is the controller as defined by data protection law.

Purpose of and legal basis for the processing of your personal data
We collect and process personal data (personal master data) in accordance with the provisions of the General Data Protection Regulation (GDPR). The legal basis for this data processing is article 6 (1) sentence 1 letter a) GDPR. The personal data of the competition entrant will be collected, processed, and used for the purpose of running the competition and for marketing purposes. The scope of data processing is set out in the specific consent form.

Transfer of data within the Group
Your data will be passed on within the Group in order to run the competition and for marketing purposes. Where data is exchanged within the Group, this is done in order to run the competition or for marketing purposes and is done on the basis of your consent. We may also have an interest in passing on this data for internal administrative purposes. If your data is processed outside Europe, it will be transferred in compliance with all applicable data protection legislation.

Transfer of data to other recipients
Your data will be collected and submitted to us by our external service provider IDG Business Media GmbH for the purpose of running the competition.

CHG-MERIDIAN AG does not transfer the data to other recipients. Where data is transferred to other recipients, this is done only to the extent necessary to run the competition. The service providers that we deploy act only on our instructions and process the data only for the specified purpose, unless they are authorized to further process the data on the basis of consent provided to them. The data is not used for any other purposes.

Data transfer to a non-EU country or international organization
Where we transfer data to a non-EU country, this takes place solely within the Group. Data is not transferred to a company or international organization beyond this scope.

Existence of automated decision making, including profiling
Our Company does not carry out automated decision making or profiling.

Duration of storage
Data is deleted as soon as it is no longer needed for processing purposes and provided that record retention periods do not prevent it from being erased.

Your rights
At all times, you have a right to access your stored personal data free of charge, as well as a right to rectification, data portability, and erasure of this data. If statutory record retention requirements mean that the data cannot be erased, we will have it blocked instead. You are also entitled to object to the processing of this data or to demand that we restrict its processing.

You also have the right to complain to a regulator.

If data is processed on the basis of your consent, you may revoke this consent at any time with effect for the future.

Requests for information must be submitted to:

CHG MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany

E-Mail: info@chg-meridian.com 
Web: www.chg-meridian.com 

Telephone: +49 751 503-0
Telefax: +49 751 503-66


Data Protection Officer:
You can contact our data protection officer via email. 
Herr Benjamin Hummer
E-Mail: datenschutz@chg-meridian.com

Data protection information of TESMA®

1 General Information

Introduction

We, CHG-MERIDIAN AG, are the controller of this online offering. As the provider of a teleservice, we have to notify you about the nature, scope and purposes of the collection and use of personal data, in a precise, transparent, understandable and easily accessible form and in clear and simple language, at the start of your visit to our online offering. You must be able to access the content of this notification at any time. As a result, we are obliged to notify you of the types of personal data that are collected or used. Personal data is any information relating to an identified or identifiable natural person.

We set great store by ensuring that your data is secure and by complying with the provisions of data protection legislation. The collection, processing and use of personal data is subject to the provisions of currently applicable European and national laws.

We would like to use the below Privacy Policy to show you how we handle your personal data and how you can contact us:

CHG-MERIDIAN AG
Franz-Beer-Straße 111
88250 Weingarten
Germany

Email: info@chg-meridian.com
Website: www.chg-meridian.com
Telephone: +49 751 503-0
Fax: +49 751 503-66

Chairman of the Supervisory Board: Jürgen Mossakowski
Chairman of the Board of Management: Dr Mathias Wagner
Board of Management: Frank Kottmann, Oliver Schorer, Ulrich Bergmann

Register Court: Ulm HRB 551857

Tax Office: Weingarten
VAT ID no.: DE 146349520

Court of Jurisdiction: Ravensburg
Applicable law: Law of the Federal Republic of Germany (FRG)

Our data protection officer
If you have any questions, you can contact our data protection officer as follows: Benjamin Hummer, email: datenschutz@chg-meridian.com

 

Terminology

To improve readability, our Privacy Policy does not differentiate between genders. In the interests of equality, the corresponding terminology refers to both genders.

Article 4 of the EU General Data Protection Regulation (GDPR) details the meaning of the terminology that is used, such as ‘personal data’ or the ‘processing’ of this.

Users’ personal data processed within the framework of this online offering includes inventory data (e.g. customers’ names and addresses), contract data (e.g. services used, names of administrators, payment information), usage data (e.g. websites within our online offering that were visited, interest in our products) and content-related data (e.g. information entered into a contact form).

Here, the term ‘user’ refers to all categories of data subjects affected by data processing. For example, this includes our business partners, customers, prospective customers and other visitors to our online offering.

 

The legal basis of processing

Article 6 (1) (a) GDPR serves as the legal basis for processing when we have sought consent for a particular purpose of processing.

If personal data needs to be processed for the performance of a contract to which the data subject is a party, as is the case for processing operations relating to the delivery of goods or the rendering of a service or consideration in return, for example, processing is based on article 6 (1) (b) GDPR. The same applies to processing operations required for taking steps prior to entering into a contract, such as in cases of enquiries relating to our products or services.

If we are subject to a legal obligation that makes it necessary to process personal data, such as the fulfilment of obligations under tax law, processing is based on article 6 (1) (c) GDPR.

If personal data needs to be processed to protect vital interests of the data subject or of another natural person, processing is based on article 6 (1) (d) GDPR.

Finally, processing can be based on article 6 (1) (f) GDPR. Processing is carried out on this legal basis if the processing is necessary to protect our legitimate interest or that of a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not override this.

2 General use of online services

The processing of personal data

You can visit our website without actively providing information about yourself as an individual. However, we automatically store access data (server log files) every time the website is accessed. This data includes the name of your internet service provider, the operating system used, the website you visit us from, the date and duration of your visit or the name of the file requested, for example. We also store data for security reasons, e.g. we store the IP address of the computer used so that we can recognise attacks on our websites. This data is solely used to improve our offering and cannot enable conclusions to be drawn about you as an individual. This data is not merged with other sources of data.

The legal basis for data processing is article 6 (1) (f) GDPR. We process and use data for the following purposes:

  1. providing CHG-MERIDIAN AG's websites,
  2. improving our websites and
  3. preventing and recognising errors/malfunctions and the misuse of the websites.

This type of data processing is either undertaken for the performance of the contract regarding the use of CHG-MERIDIAN AG’s website or because we have a legitimate interest in guaranteeing the functionality and error-free operation of CHF-MERIDIAN AG's websites and adapting these websites to suit users’ requirements.

After users have logged into TESMA® within our customer area, log files are processed and stored with an additional user identifier that is assigned internally.

After the user has logged into TESMA®, these log files encompass the following data: user identifier, browser version, the operating system used and the date and duration of the visit.

We process data within this framework to fulfil our contractual obligation to our customers and to render our service. The legal basis for data processing within this framework is article 6 (1) (b) GDPR. In addition, we are contractually bound to instructions under a processor contract and have suitable technical and organisational measures in place to protect the rights of the data subject.

 

Email contact

If you send us enquiries or information via email, your details (email address, content of your email, subject line of your email, and date/time), including the contact information provided by you in it (e.g. signature, such as first name, last name, telephone number if given, address) will be stored for the purpose of handling the enquiry and dealing with follow-up questions. We will not disclose this information without your consent. The legal basis for the collection and processing of the data is article 6 (1) (a) GDPR.

Users are reminded that emails can be read or changed while they are being transferred, without this act being authorised or detected. CHG-MERIDIAN AG uses software to filter out undesired emails (a spam filter). The spam filter means that the system can put emails into the spam folder if certain characteristics cause them to be wrongly identified as spam, meaning that they may not reach us.

The data you provide remains with us until you request that it is erased, you withdraw your consent for the storage of the data or the purpose of storing the data lapses (e.g. once your enquiry has been processed to completion). Mandatory statutory provisions, particularly retention periods, remain unaffected by this.

3 Use of TESMA®

Cookie-based services

We use ‘cookies’ on our websites to make visiting our website a more attractive experience and to enable certain functions to be used. Cookies are small text files that are stored on your end device. They are a standard internet technology for storing and accessing log-in details and other user information for all users of CHG-MERIDIAN AG’s websites. They also enable us to store user settings, permitting our websites to be displayed in a format tailored to your device.

The use of cookies serves our legitimate interest in making your visit to our website as enjoyable as possible and preventing you from inputting information multiple times or adjusting your settings repeatedly. The legal basis for this is article 6 (1) (f) GDPR.

Some of the cookies we use are deleted after the end of the browser session, or, in other words, after you close your browser (known as ‘session cookies’). Other cookies remain on your end device and make it possible for us or our partner companies to recognise your browser during your next visit (known as ‘persistent cookies’).

You can adjust your browser's settings so you are informed when cookies are placed and can make an individual decision as to whether to accept them, accept them under certain circumstances or universally exclude them. In addition, cookies can be retrospectively deleted to remove data that websites have stored on your computer. If cookies are deactivated, this may limit the functionality of CHG-MERIDIAN AG ’s websites.

Deactivate or remove cookies (opt-out)

Web browsers offer options for limiting and deleting cookies. Further information on this can be found on the following websites:

 

Our services

Registering on the website and logging in

You have the option of registering on our website. Registration serves the purpose of offering you content or services that can only be offered to registered users due to the nature of the matter at hand. To do so, we require the following data: first name and last name, email address. This data is required for registration, and by extension, for the fulfilment of our contractual obligation.

Logging into our website with your log-in details also leads to the IP address provided by the data subject’s internet service provider (ISP), the date, and the time of log-in being stored. This data is stored because this is the only way that the misuse of our services can be prevented and because this data is required, when necessary, to shed light on crimes that have been committed. To this extent, this data needs to be stored for our protection. In principle, this data is not disclosed to third parties, unless there is a statutory obligation for disclosure or the disclosure is in the interests of law enforcement.

The legal basis for processing is the performance of a contract pursuant to article 6 (1) (b) GDPR.

Contact form/enquiries

On our website, you have the option of sending us enquiries via a contact form. Here, your details from the contact form (content of your enquiry, subject line of your enquiry and date), including the contact details you provide (first name, last name, company, telephone number and email), are stored by us for the purpose of handling the enquiry and in the event of follow-up questions. The legal basis for the collection and processing of the data is article 6 (1) (a) GDPR.

The data provided by you via the contact form remains with us until you request that it is erased, you withdraw your consent for the storage of the data or the purpose of storing the data lapses (e.g. once your enquiry has been processed to completion). Mandatory statutory provisions, particularly retention periods, remain unaffected by this.

Shop function

Our websites give you the option of using shop functions. To this end, we collect additional contact and address data for the following purposes:

We process your data for the following purposes:

  • To process your order and, if necessary, return your order
  • In addition, we process your data to manage your personal account
  • To send text messages about your order’s shipment status
  • To make contact in the event that there are problems with delivering your goods

We may need to disclose this data to third parties such as processors, shipping services, banks, the tax office etc. in order to fulfil our contractual obligations. The legal basis for the collection and processing of data is article 6 (1) (b) GDPR.  This data remains stored for the entire usage period. Mandatory statutory provisions, particularly retention periods as per the provisions of trade law and tax law, remain unaffected by this.

Feedback function

Our websites give you the option of leaving feedback. This feedback can be accessed by the TESMA community. Your comment will be stored and published with the user name stated by you and details about when the comment was left. In addition, the IP address of the data subject provided by the internet service provider will be logged as well.

Information service

When you write a comment, you can tick a box for our email service. This will inform you if other users leave a comment on your post. You can turn off notifications at any time by clicking the link within the email.

4 Data security

CHG MERIDIAN AG has implemented appropriate technical and organizational measures to ensure a level of security, appropriate to the risk. This type of risk analysis includes estimating the risk that the data subject’s rights will be compromised, the costs of implementation and the nature, scope, context and purpose of data processing.

These measures encompass:

  1. encrypting personal data, provided this is necessary and appropriate;
  2. ensuring the confidentiality, integrity and availability of the processing systems and services, and their reliability in the event of malfunction;
  3. guaranteeing the availability of and access to personal data in the event of a physical or technical incident, and its timely restoration;
  4. creating a procedure for regularly reviewing and assessing the effectiveness of technical and organisational measures to guarantee the security of processing.

5 Data transfer

Recipients of personal data

CHG-MERIDIAN AG only grants access to personal data if this is absolutely necessary. This access is limited to the personal data required for the purpose in question.

The authorisation for access to personal data is always associated with a purpose, meaning that universal approval for access to personal data is not granted. Service providers only receive personal data in line with the purpose of their contractual relationship with the company.

 

International data transfer

International data transfer relates to the transfer of personal data outside the European Economic Area (EEA). The international presence of CHG-MERIDIAN AG involves the transfer of personal data from and to other group companies or third parties located outside the EEA. When personal data is transferred to countries with different data protection standards, CHF MERIDIAN AG will ensure that suitable measures are taken to provide personal data with adequate protection, ensuring that data transfers are performed in compliance with the applicable data protection legislation. CHG-MERIDIAN AG has implemented data transfer agreements on the basis of EU standard contractual clauses to cover international data transfers. The data protection officer can provide a copy of these agreements on request.

6 Storage periods

CHG-MERIDIAN AG will not process your personal data for longer than permissible in line with applicable data protection legislation and provisions. This applies subject to the applicable local retention requirements.

7 Note regarding minors

This online offering is not suitable for minors under the age of 16. Individuals who are under the age of 16 may not transfer personal data to CHF-MERIDIAN AG without the permission of their parent or guardian.

8 Your rights

Within the framework of the applicable data protection legislation, you have the following rights:

  • The right of access, the right to rectification, and the right to erasure of personal data;
  • The right to restriction of processing and the right to object to processing;
  • The right to data portability, as applicable;
  • The right to revoke your consent to processing; and
  • The right to file a complaint with the supervisory authority.

9 Final provisions

External links

Our website contains links to websites offered by other providers, We hereby indicate that we have no influence over the content of the linked websites and their providers’ compliance with the provisions of data protection legislation.

 

Changes to our Privacy Policy

This Privacy Policy can be changed and expanded from time to time. CHF-MERIDIAN AG is only permitted to adapt this Privacy Policy to take local and general legal provisions into account. In the event that this Privacy Policy contradicts with a specific local law, local laws take precedence.