Data protection
1. About us
We, Meguin GmbH & Co. KG Mineraloelwerke, are the data controller for the collection, processing and storage of your data. You can always consult our details in our Legal Notice.
The careful handling of your personal data has our top priority. When processing data, we comply with the statutory provisions of, for example, the General Data Protection Regulation (GDPR) and the associated national provisions.
This privacy policy applies to all our company websites that can be accessed under our domains (www.meguin.de, www.megun.biz) as well as our social network pages (Facebook). If when exploring our services you change to websites administered by other operators, other data protection rules will apply, for which the individual operators will be responsible.
As we would like to provide you with a comprehensive overview of the processing of personal data in our group of companies, you will find below an overview of all our services in which we collect and process personal data.
If separate or additional terms and conditions apply to individual services or if we ask for your consent, we will inform you of this separately before using the respective service (e.g. for subscribing to the newsletter or purchasing in our online shop).
We also take various security measures to protect your personal data. For instance, transfer of data between your web browser and our service is generally encrypted for transport, and we also have a large number of technical and organizational measures designed to protect your data at all times.
2. Why we process your data
Generally speaking, you may use our website without disclosing your identity. If you wish to register for one of our personalized services, use our online shop, subscribe to our newsletter or contact us, we will ask you for your name and other personal information. It is your decision whether to provide this (extended) data. Mandatory data which we need to obtain from you for providing our services are noted as such.
Your personal data will be collected and processed for the following purposes on the following legal bases:
- Contract initiation pursuant to Art. 6(1) sentence 1 points a and b GDPR
- Contract execution pursuant to Art. 6(1) sentence 1 point b GDPR
- Customer management pursuant to Art. 6(1) sentence 1 points b, c and f GDPR
- Communication and data exchange pursuant to Art. 6(1) sentence 1 points a, b, c, f GDPR
- Public image and advertising pursuant to Art. 6(1) sentence 1 point f GDPR
- Implementation of declarations of consent pursuant to Art. 6(1) sentence 1 point a GDPR
- Ensuring the proper operation of a data processing system pursuant to Art. 6(1) sentence 1 points c and f GDPR
- Applicant selection procedures within the framework of personnel and resource management pursuant to Art. 6(1) sentence 1 points a, b GDPR in association with Section 26 German Federal Data Protection Act (BDSG)
3. What data about you do we collect and process?
We collect various categories of personal data from you. Personal data means all information which can be referred to an identified or identifiable natural person; natural persons will be deemed identifiable if they can be identified directly or indirectly, especially by correlation with an identifier, such as a name. Personal data include information such as your name, address, telephone number and date of birth (if provided). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of individual websites operated by us or the number of users of a site – is not personal data. This includes directly and indirectly collected data. In both cases, data are only collected to the necessary extent; data are processed solely for the purposes given in point 2. Deciding whether to transfer data to us that will optimize the use of our services for you, but is not absolutely necessary, is a matter for you. Such data fields are known as ‘voluntary’.
Directly collected data comprise:
- E-mail address, e.g. for the purpose of subscribing to the newsletter or contacting us via our contact form.
- Application details, for the purpose of carrying out our online application process.
- Data that you actively and deliberately provide to us as part of the use of our services.
- Other data that you voluntarily provide to us, e.g. data fields that you have filled out and that are marked as 'voluntary'.
In addition, data about you is collected indirectly when you use our services:
- Technical connection data, for example, the called up page of our web offer, your IP address shortened by the last three digits, date and time of the call-up, end device used, browser configuration data.
- Data collected as part of website and newsletter tracking.
Minors:
Our website is not directed at minors and we do not knowingly collect personal data from minors.
If persons under the age of 16 disclose personal data to us, this is only permitted if parents or legal guardians have themselves consented or approved the consent of the young person. Pursuant to Art. 8(2) GDPR, the contact details of the parent or legal guardian must be communicated to us as evidence of the consent or the approval of the parent or legal guardian. These data and the data of the minor will then be processed in accordance with this Privacy Policy.
If we determine that a minor under the age of 16 has sent us personal data without the parent or guardian consenting themselves or agreeing to the consent of the minor, we will erase the data immediately.
4. Who has access to your data and to whom do we disclose your data?
4.1. Access
Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to work with this personal data to fulfill their assignments.
If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.
We also use service providers for performing services and processing your data (e.g. for hosting, mailing of letters or e-mails, the maintenance and analysis of databases, the safeguarding of our web servers or for website tracking). If special rules apply here, we have subsequently performed them in connection with the individual service. These service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All processors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services, or to the extent to which you have consented to the processing and use of your data.
4.2. Data exchange within the group of companies
Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and is only for internal administrative purposes. By group of companies we mean affiliated companies as defined by Art. 4 No. 19 GDPR.
4.3 Transfer to third countries and legal basis
The servers of some of the service providers we use are located in the USA and other countries outside the European Union. Companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data are processed in a country without a recognized high data protection level such as the European Union has, we ensure by contractual provisions or other recognized instruments that your personal data are appropriately protected. We expressly draw your attention to this again in the context of the individual services.
Insofar as personal data is transferred to third countries, this takes place on the basis of the EU standard contract in accordance with Art. 46 (2) point c GDPR or on the basis of your consent pursuant to Art. 49(1) point a GDPR.
Processors are also contractually obliged to secure data transfers to third countries (e.g. by other processors) by means of suitable guarantees.
4.4 Transfer to law enforcement and criminal investigation authorities
In exceptional cases, we transfer personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the German Code of Criminal Procedure (Strafprozessordnung), the German Tax Code (Abgabenordnung), the Money Laundering Act (Geldwäschegesetz) or state police laws.
5. Storage duration
We store personal data within the scope of legal regulations or your consent.
We use the following criteria to determine the specific storage duration:
We save personal data until the purposes for which they were collected expire (e.g. upon the termination of a contractual relationship or with the last activity, if no continuing obligation exists, or in the case of a withdrawal of your consent for specific data processing).
Storage beyond this only occurs if
- Legal storage obligations (e.g. pursuant to AO (German Tax Code) and HGB (German Commercial Code)) exist;
- The data is still required for the enforcement and exertion of legal claims or for defending against legal claims, e.g. due to technological and forensic requirements for the defense of attacks on our webservers and their prosecution;
- preventing the deletion of the interests of affected persons worth protecting; or
- there is another exception as per Art. 17(3) GDPR.
6. Your rights
6.1 Right to information and data portability
You have a right to information about the personal data processed by us at any time.
If the data processing is based on your consent or on a contract pursuant to Art. 6(1)GDPR sentence 1 point b , you may, pursuant to Art. 20(1) GDPR, also request that you receive the personal data stored about you in a structured, established and machine-readable format. At your request, we will also transfer these data directly to a recipient determined by you.
6.2 Right to rectification, restriction and erasure
Furthermore, pursuant to Art. 16 to 18 GDPR, you may request that we rectify, restrict (block) or erase your personal data if we have processed the data incorrectly, if there are grounds for restricting further data processing or if the data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to erasure may be restricted by legal retention periods.
6.3 Rights to object
If our data processing is based exclusively on our legitimate interest pursuant to Art. 6(1) sentence 1 point f GDPR, you may object to this processing pursuant to Art. 21(1) GDPR. We will then stop processing your data unless we can show grounds for processing that are worthy of protection and which override your interests, rights and freedoms, or the processing serves to enforce, exercise or defend a legal claim. Furthermore, you always have the right to withdraw the use of your data for the purpose of direct advertising with future effect, as per art. 21 section 2 GDPR.
6.4 Right of complaint to the supervisory authority
You are free to lodge a complaint with a supervisory authority if you believe that our processing of your personal data is in breach of the European General Data Protection Regulation or other national and international data protection laws.
The contact details of the supervisory authority responsible for us are as follows:
National Data Protection and Freedom of Information Officers
Fritz-Dobisch-Straße 12
66111 Saarbrücken, Germany
poststelle@datenschutz.saarland.de
6.5 Contact details
To exercise your rights, you can send us an informal message to the contact details below. Please also address the withdrawal of your consent to the contact details below, indicating which declaration of consent you wish to withdraw:
Data Controller | Data Protection Officer |
Meguin GmbH & Co. KG Mineraloelwerke Rodener Str. 25 66740 Saarlouis, Germany | it.sec GmbH Einsteinstraße 55 89077 Ulm, Germany |
7. Use of our website – profiling, cookies and web tracking
7.1. Basic information about cookies and opting out
We use so-called cookies in some areas of our website, e.g. to recognize the preferences of visitors and to design the website accordingly. This simplifies navigation and enables a high degree of website user-friendliness. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor’s hard drive. They allow information to be stored for a certain period of time and permit the identification of the visitor’s computer. For better user guidance and individual service presentation, we use permanent cookies.
We also use so-called session cookies, which are automatically erased when you close your browser. You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. This takes place in order to check the authorization of actions and authentication of the requesting user of our services. The legal bases are Art. 6(1) sentence 1 point c GDRP in conjunction with Art. 32 and Art. 6(1) sentence 1 point f GDPR. Our legitimate interest is the safeguarding of our webserver, in order to defend itself against attacks, for example, and ensuring the functionality of our services.
Cookies that are not technically required are only used after your express consent, which you can, of course, withdraw at any time.
As part of our cookie banners on our website, you have agreed to the following declaration concerning this matter:
We use cookies to personalize content and ads, to provide social media functions, and to analyze traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the services.
If you completely exclude the use of cookies, you will not be able to use individual functions of our website – including the possibility of a cookie-based opt-out of tracking. If applicable, please allow the opt-out cookies of the services for which you would like to prevent the tracking.
Please also consider that deleting all cookies leads to the opt-out cookies also being deleted. You will therefore have to reset these. Furthermore, cookies are associated with the browser, which means that they have to be specially set in each browser used by you on each device used by you. The links required for this can be found in the following in the description of the respective service.
You can find an overview of the cookies used and your settings for these at any time in our COOKIE BANNER. Under “Show details”, you can view the groupings and the respective cookies that fall under them.
7.2 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies, text files which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie concerning your use of this website is generally passed on to a Google server in the USA and saved there. In the event that IP anonymization should be activated on this website, your IP address is first abbreviated by Google within member states of the European Union or in other signatories to the agreement regarding the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to the use of the website and of the Internet to the website operator. The IP address transferred from your browser as part of Google Analytics is not added to other Google data.
We only use Google Analytics with your consent in accordance with Art. 6(1) sentence 1 point a GDPR.
You can also avoid the saving of cookies by appropriately adjusting your browser software; however, we would like to make you aware of the fact, that in this case it is possible that you will not be able to use all the functions of this website. Furthermore, you can prevent the recording of the data created by the cookie and related to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link. The current link is: http://tools.google.com/dlpage/gaoptout?hl=de.
Data recipient: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
7.3. Google Tag Manager
Google Tag Manager is a Google product that allows us to manage website tags from applications such as Google Analytics via an interface. The Tag Manager is a cookie-free domain and does not collect any personal data.
7.4. GA Audience
Our website uses GA Audience, a service provided by Google. Among other things, GA Audience uses cookies that are stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) and that allow analysis of the use of the corresponding devices. Some of the data is evaluated across devices. GA Audience receives access to the cookies created as part of the use of Google AdWords and Google Analytics. As part of the use, data, in particular the IP address and activities of the users, may be transmitted to a server of Google LLC and stored there. Google LLC may also transfer this information to third parties where required to do so by law or where third parties process this data. You can object to the collection and transfer of personal data (in particular your IP address) as well as the processing of this data by deactivating the execution of Java-Script in your browser or installing a tool such as 'NoScript'. Furthermore, you can prevent the recording of the data created by the Google cookie and related to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). Further information on data protection when using GA Audience can be found at the following link: https://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283
We only use GA Audience with your consent in accordance with Art. 6(1) sentence 1 point a GDPR.
Data recipient: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
7.5. DoubleClick by Google
DoubleClick by Google uses cookies to show you advertisements that are relevant to you. A pseudonymous identification number is assigned to your browser in order to check which advertisements were displayed in your browser and which advertisements were accessed. Cookies do not contain any personal information. The use of DoubleClick cookies only allows Google and its partner websites to display advertisements based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted and stored by Google for evaluation. Google will only transfer this data to third parties if this is required by law or as part of order processing. Google will not merge your data with other data collected by Google.
If you do not consent to this form of processing, you can prevent the storage of cookies by setting your browser accordingly. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the websites and from processing this data by Google by downloading and installing the browser plug-in available here http://tools.google.com/dlpage/gaoptout?hl=de . Alternatively, you can also deactivate the DoubleClick cookies on this page http://www.google.com/ads/preferences/html/opt-out.html.
Data recipient: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
7.6. Google reCAPTCHA
Our website uses the “Google reCAPTCHA” service, which is intended to distinguish between intentional data entry by a natural person and machine or automated misuse of data. The IP address and any other data required by Google to provide the service will be transmitted to Google. The data is processed in accordance with Art. 6(1) sentence 1 point f GDPR. Our legitimate interest is to determine whether a request actually originates from a natural person and needs to be processed in order to avoid unnecessary sorting out of spam e-mails.
Data recipient: Google Ireland Ltd, Gordon House, 4 Barrow St, Dublin, D04 E5WE, Ireland.
7.7. Google Maps
Our website uses the Google Maps service to show you the locations of the controller and, if necessary, to enable route planning. When Google Maps is called up on this website, data (e.g. your IP address, the address entered as part of route planning) is transmitted to Google.
We only use Google Maps with your consent, Art. 6(1) sentence 1 point a GDPR.
The Google Maps page is therefore integrated using a local preview and is only activated when you click on the link displayed there. Your browser then establishes a direct connection to Google. We have no influence on whether or how Google actually uses the data (purpose, storage, deletion, disclosure, transfer, profiling). We also have no effective methods for controlling this. We do not store any data.
An agreement within the meaning of Art. 26(1) GDPR is available.
Further information on data protection at Google can be found at: https://policies.google.com/privacy?hl=de&gl=de
The separate data protection provisions for Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps.html
Data recipient: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
7.8. Usercentrics Consent Management Platform
We use the consent management service Cookiebot from Usercentrics on our website.
The following data is processed via cookies and pixels that are placed in the browser: opt-in and opt-out data, referrer URL, user agent, user settings, consent ID, time of consent, consent type, template version, banner language.
The purpose of data processing is to obtain, manage and document the consent of users to cookies and tools used on our website and to inform the user about this.
The legal basis for data processing is Art. 6(1) sentence 1 point c GDPR.
Recipient: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark
8. Further information and rules regarding individual services
8.1. Newsletter
Upon your express request, we will send you our monthly newsletter on the topics you have selected as well as information about our company. Please note that delivery can only take place if you have expressly confirmed your subscription request once again as part of our double opt-in procedure.
The personal data collected as part of the newsletter registration is used exclusively for sending and personalizing the newsletter (e.g. to address you by name). You can revoke your consent to the storage of personal data that you have given us for the sending of the newsletter at any time with effect for the future. For the purpose of withdrawing consent, each newsletter contains a corresponding link; alternatively, you can also contact us directly so that we can implement your withdrawal. We have provided you with details of the consent given to us in the double opt-in e-mail.
8.2 Contact form
Data that you send us via our contact form will be processed for the purpose of communication and data exchange, i.e. to answer your specific inquiry. These data are stored as long as their processing is required for these purposes or until the expiry of any subsequent retention periods.
8.3 Online application process
We offer you the opportunity to apply to us online. The data you enter and the file attachments you send are transmitted via a transport-secured connection. Your electronic application data will be received by the relevant HR department and only forwarded to the department responsible for the position in question or to the persons in charge of processing. All parties involved will treat your application documents with the necessary care and with absolute confidentiality.
After completion of the applicant selection procedure, we will keep your application documents for another 3 months and then erase them or destroy any copies if we have not concluded a contract of employment with you. Should we wish to include your application documents in our applicant pool, we will contact you to this effect. In the notification you can actively consent to the further storage of your documents.
Please note that applications that you send us by e-mail will be transfered to us unencrypted. We therefore recommend that you use the online application portal.
8.4 Data processing for the purpose of direct advertising
8.4.1. Direct mail advertising
To the extent permitted by law, we may also use your name and the postal address known to us for the sending of advertising for our own offers. The legal basis for this is Art. 6(1) sentence 1 point f GDPR in conjunction with GDPR recital 47. Our legitimate interest is the promotion of sales or demand among our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time with future effect. A notification in text form to the contact details above is sufficient. We will then delete your data from our distribution list. The data that is evidence for your objection will then kept for a further 6 years as per Art. 17(3) point e GDPR. However, during this time your personal data are blocked from further processing.
8.4.2. Telephone advertising
To the extent permitted by law, for business customers, we may also use your name, company affiliation and your stated telephone number, in order to inform you of our own offers that we presume you will be interested in. The legal basis is Art. 6(1) sentence 1 point f GDPR in conjunction with GDPR recital 47, and the German Unfair Competition Act (UWG), Section 7-2 (2). Our legitimate interest is the promotion of sales or demand among our existing business customers. Of course, you can object to the processing of your data for advertising purposes at any time with future effect. A notification in text form to the contact details above is sufficient. We will then delete your data from our distribution list. The data that is evidence for your objection will then kept for a further 6 years as per Art. 17(3) point e GDPR. However, during this time your personal data are blocked from further processing.
9. Corporate presence (‘Fanpages’) on social networks
9.1. General information
We would like to point out that our fan pages in the social networks are just one of a number of ways of getting in touch with us and receiving information from us. Alternatively, the information offered via our fan pages can also be accessed on our website, for example.
Additional information on the individual social networks can be found in the following sections.
Categories of data subjects: | Fanpage visitors that are registered with the social network and those that are not. Data subjects’ are hereby notified that they are responsible for their own use of the relevant social network and its related functions. This applies, in particular, to the use of interactive functions (e.g. sharing, rating). |
Categories of personal data: | Data that we process from registered visitors to our fanpage: User ID or user name that they have registered with, freely available profile information (e.g. names, occupation, addresses, contact information, and where applicable particular categories of personal data such as religious affiliation, health data etc.), data arising from the sharing of content, exchanging messages and communication, data required as part of processing the contract to become a registered user; in other respects we only process pseudonymized data such as statistics and insights about how users interact with posts, pages, videos and other content made available on the fanpage (page activity, page views, “likes” data, reach, general demographics, location and interest related data by age, gender, state, city, language), evaluations of the success and background of our adverts. We are unable to match the pseudonymized data with the corresponding identifying features (e.g. name). We are, therefore, unable to identify individual visitors that remain anonymous to us. |
Data that we process from non-registered visitors to our fanpage: pseudonymized data such as statistics and insights about how users interact with posts, pages, videos and other content made available on the fanpage (page activity, page views, “likes” data, reach, general demographics, location and interest related data by age, gender, state, city, language), evaluations of the success and background of our adverts. We are unable to match the pseudonymized data with the corresponding identifying features (e.g. name). We are, therefore, unable to identify individual visitors that remain anonymous to us. | |
Data origins | We receive data either directly from the data subjects or from the platform operator. |
Legal basis for processing data | We process data on the following legal bases:
We only process special categories of personal data, if at all, on the following legal bases:
|
Purpose of data processing | The data is being processed for the following purposes:
|
Categories of recipients, transfer to third countries | Only our employees and service providers that look after our fanpage and require data for the above mentioned purposes have access to data we process. If the data subjects have posted their data publicly on our fanpage, then it will be accessible by our registered and, where applicable, non-registered users. Also from third countries. |
Rights of the data subjects | Data subjects are entitled to various rights with regard to the processing of their data, which they can assert directly against the platform operator on the basis of the agreement within the meaning of Art. 26(1) GDPR. More detailed information on the rights of data subjects can be found in section 6 of this privacy policy. Furthermore, data subjects generally have the right not to be subject to automated individual decision-making pursuant to Art. 22 (1) GDPR. If such an automated decision is permitted as per Art. 22 (2) points a to c GDPR, the data subject is afforded the following rights as per Art. 22 (3) GDPR: the right to express their point of view, the right to obtain human intervention on the part of the controller, the right to contest the automated decision (right of appeal). Further information about social networks and how data subjects can protect their data, can be found here: https://www.youngdata.de/. Facebook |
9.2. Facebook
Social network: | Facebook: https://www.facebook.com/ |
This fanpage is operated jointly with (‘platform operator’): | Meta Platforms Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland |
An agreement in line with Art. 26 (1) GDPR has been drawn up between those with joint responsibility to determine who is responsible for what in relation to GDPR | The agreement within the meaning of Art. 26 (1) GDPR can be found using the following link: https://www.facebook.com/legal/controller_addendum The platform operator will make the main contents of this agreement available to the data subjects. We have no influence on whether or how the platform operator actually uses data (purpose, storage, deletion, disclosure, transmission, profiling). We also have no effective methods for controlling this. |
Data privacy contact information: | The platform operator’s data protection officer can be contacted using the following web form: https://www.facebook.com/help/contact/540977946302970 |
Legal basis for processing data | The legal bases used by the platform operator for the processing of data can be found using the following link: https://www.facebook.com/about/privacy/legal_bases |
Data transfer to third countries | Regardless of where the data subject resides, the platform operator will transfer data to the United states, Ireland and any other country where the platform operator does business, store it there and process it in other ways. Data transfers to third countries related hereto are covered by a European Commission adequacy decision as per Art. 45 GDPR or through appropriate safeguards as per Art. 46 GDPR: https://www.facebook.com/privacy/explanation |
More information | Further information, in particular on the categories of personal data, the origin of the data, the storage period, the purposes of data processing and the categories of recipients, can be found at the following links: |
The supervisory authority responsible for the platform operator is (Art. 77 GDPR) | Data Protection Commission 21 Fitzwilliam Square, Dublin 2 Website: https://www.dataprotection.ie/en/contact/how-contact-us |