Freelancer / Project Management

Privacy policy

Introduction

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter referred to as “data”) that we process, for which purposes, and to what extent. This privacy policy applies to all personal data processing carried out by us, both within the scope of our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as “online offering”).

The terms used are not gender-specific.

As of: October 2024

  • Introduction
  • Responsibility
  • Overview of Processing
  • Relevant Legal Bases
  • Encryption
  • Transfer of Personal Data
  • Data Processing in Third Countries
  • Data Deletion
  • Use of Cookies
  • Contact and Inquiry Management
  • Presence on Social Networks (Social Media)
  • Changes and Updates to the Privacy Policy
  • Rights of Data Subjects
  • Definitions of Terms

Introduction

Matthias Noack
mn-engineering
Weilerstr. 4
78343 Gaienhofen
Germany

Email: matthias.noack@mn-engineering.com
Imprint

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the affected individuals.

Types of Data Processed:

  • Contact data
  • Content data
  • Usage data
  • Meta/communication data

Categories of Data Subjects:

  • Communication partners
  • Users

Purposes of Processing:

  • Handling contact inquiries and communication
  • Management and response to inquiries
  • Feedback
  • Marketing
  • Provision of our online offering and user-friendliness

Relevant Legal Bases

Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection regulations in your or our country of residence or business may apply. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations in Germany apply. This includes, in particular, the Federal Data Protection Act (BDSG), which contains specific regulations on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for purposes of employment relationships (§ 26 BDSG), especially with regard to the establishment, implementation, or termination of employment relationships and the consent of employees. Additionally, state data protection laws of the individual federal states may apply.

Encryption

TLS Encryption (https): To protect the data you transmit via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.

Transfer of Personal Data

In the course of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. The recipients of this data may include service providers tasked with IT duties or providers of services and content integrated into a website. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements with the recipients of your data to protect it.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing occurs in the context of using third-party services or disclosing or transferring data to other individuals, entities, or companies, this is done only in accordance with legal requirements.

Subject to express consent or legally required transfer, we process or have the data processed only in third countries with a recognized data protection level, contractual obligations through so-called standard protection clauses of the EU Commission, existing certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page:  https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Presence on Social Networks (Social Media)

We maintain online presences within social networks and process users’ data in this context to communicate with users active there or to offer information about us.

We point out that users’ data may be processed outside the European Union. This may pose risks to users, for example, by making it more difficult to enforce users’ rights.

Furthermore, users’ data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on users’ behavior and resulting interests. The usage profiles can, in turn, be used to place advertisements inside and outside the networks that are presumably tailored to the users’ interests. For these purposes, cookies are usually stored on users’ devices, where users’ usage behavior and interests are stored. Moreover, data independent of the devices used by users may also be stored in the usage profiles (especially if users are members of the respective platforms and are logged in).

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy policies and statements of the operators of the respective networks.

We also point out that in the case of information requests and the assertion of data subject rights, these can be most effectively asserted with the providers. Only the providers have access to the users’ data and can directly take appropriate measures and provide information. Should you still require assistance, you can contact us.

  • Types of Data Processed: Contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Handling contact inquiries and communication; feedback (e.g., collecting feedback via online form); marketing.
  • Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further Notes on Processing Procedures, Methods, and Services:

  • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website:

Modification and Update of the Privacy Policy

We kindly ask you to regularly review the content of our privacy policy. We will adjust the privacy policy as soon as changes in our data processing activities make this necessary. We will inform you if these changes require an action on your part (e.g., consent) or if an individual notification becomes necessary.

Insofar as we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses can change over time. We ask that you verify the information before making contact.

Rights of Data Subjects

As a data subject under the GDPR, you have various rights, which are particularly derived from Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right to Access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to Rectification: You have the right to request the completion of data concerning you or the correction of inaccurate data concerning you, in accordance with legal requirements.
  • Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to request that data concerning you be deleted immediately, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.
  • Right to Data Portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.
  • Complaint to Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, especially in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.

Definitions

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined mainly in Article 4 GDPR. The legal definitions are binding. The following explanations are intended primarily to aid understanding. The terms are listed alphabetically.

  • Personal Data: “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Controller: The term “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data, such as collecting, evaluating, storing, transmitting, or deleting.
Email Call Linkedin
© 2024 mn-engineering / Matthias Noack
Privacy Policy Imprint