Data Protection Notice (Version: GDPR 2.0 dated 25.02.2022)
muva Kempten GmbH is the responsible controller for this website and, as the provider of a teleservice, must inform you at the beginning of your visit about the nature, scope and purposes of the collection and use of personal data in a precise, transparent, comprehensible and easily accessible form in clear and simple language. This content must be available to you at all times.
We attach great importance to the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the currently applicable European and national laws.
In the following data protection notice, we would like to show you how we handle your personal data and how you can contact us:
muva kempten GmbH
muva kempten GmbH
Commercial register number: HRB 13347
Managing director: Dr. Monika Knödlseder
Telephone: +49 831 5290-0
Our Data Protection Officer
muva kempten GmbH
Data Protection Officer
87437 Kempten (Allgäu)
If you have any questions about data protection or other data protection-related concerns, please feel free to send an email to the following email address: email@example.com.
For better comprehensibility, we make no gender-specific differentiation. The terms used apply, in the context of equal treatment, to all genders. The meaning of the terminology used, for example ‘personal data’ or its ‘processing’ can be found in Article 4 GDPR.
Personal data processed within the scope of this website include the following
- Inventory data (e.g., name and addresses of customers),
- Contract data (e.g., services used, payment information),
- Usage data (e.g., pages visited on our website) and
- Content data (e.g., entries in online forms)
Data protection notice
We guarantee that we only use your data in connection with processing your inquiries and for internal purposes, as well as for providing the services you have requested or to make content available.
Legal basis for the data processing
- Performance of our contractual obligations
- Processing is legally prescribed
- You have provided consent electronically (e.g., by subscribing to the newsletter)
- Enforcing our legitimate interests
We would be happy to show you where the above-named legal bases are regulated:
Processing for the fulfillment of our services and implementation of contractual measures.
Art. 6 para. 1 lit. b) GDPR
Processing for the fulfillment of our legal obligations
Art. 6 para. 1 lit. c) GDPR
Art. 6 para. 1 lit. a) and Art. 7 GDPR
Processing for the protection of our legitimate interests
Art. 6 para. 1 lit. f) GDPR
Transfer of personal data to third parties
We advise you that a transfer of data to third parties may take place when you use our website.
Transfers of personal data to a third country or an international organization
‘Third countries’ mean countries in which the GDPR is not a directly applicable law. Basically, this includes all countries outside the EU, respectively, the European Economic Area.
A transfer of personal data to a third country or an international organization may occur. In this respect, the EU Commission’s decision on the adequacy of the third country or international organization’s level of protection is taken into account. This states that it is a safe third country or a safe international organization that offers an adequate level of protection.
Length of storage of your personal data
We adhere to the principles of data economy and data avoidance. This means that we only store your data for as long as it is needed to fulfil the previously named purposes, or as laid down by the manifold storage periods provided for by the legislator. If the relevant purpose no longer exists, respectively after expiry of the appropriate period, your data are routinely blocked, respectively erased, in accordance with the statutory provisions.
If you contact us over the website, you consent to electronic communication. Personal data will be processed in the context of using electronic communication to contact us. The information that you provide will be stored exclusively for the purposes of processing your inquiry and for possible follow-up questions.
We would like to advise you of the legal grounds:
- Processing to deliver our services and carry out contractual measures. Art. 6 Para. 1 lit. b) GDPR
We advise you that emails can be read or changed, unnoticed and without authorization, during transmission. Furthermore, we would also like to bring to your attention that we use software to filter unwanted emails (spam filter). Emails can be rejected by the spam filter if they are wrongly identified as spam due to the presence of certain characteristics.
What are your rights?
a) Right of access
You have the right to obtain information about your stored data free of charge. Upon request, we will tell you in writing, what personal data about you we have stored. This also includes the origin and recipient of your data, as well as the purpose of the data processing.
b) Right to rectification
If your data that we have stored is incorrect, you have the right to have it rectified. You can demand the restriction of the processing of your personal data if, for example, the accuracy of your personal data is contested.
c) Right to block data
Furthermore, you can have your data blocked. So that a blocking of your data can be taken into consideration at all times, the data must be held in a lock file for control purposes.
d) Right to erasure (‘right to be forgotten’)
You can demand the erasure of your personal data provided that no legal retention obligation exists. If such an obligation exists, we will block your data if you request us to. If the relevant legal requirements are met, we will delete your personal data even without you requesting it.
e) Right to data portability
You are entitled to demand that the personal data transferred to us is made available in a format which enables it to be transmitted to another location.
f) Right to complain to a supervisory authority
You have the option of approaching one of the data protection supervisory authorities with a complaint.
The supervisory authority responsible for is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27, 91522 Ansbach, Germany
Telephone: +49 981 53-1300
Fax: +49 981 53-981300
The complaint form can be accessed under the following link: https://www.lda.bayern.de/de/beschwerde.html
Note: It is also possible to make a complaint to any data protection supervisory authority within the EU.
g) Right to object
You always have the option to object to the processing of your data in accordance with Art. 6 Para. 1 letters e) and f) at any time, for reasons arising from your particular situation; this also applies to profiling based on these provisions.
muva kempten GmbH will then stop processing your personal data unless it can be shown that there are compelling legitimate grounds for processing which outweigh your interests, rights and freedoms, or the processing is for the purpose of establishing, exercising, or defending legal claims.
If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you for the purposes of this type of advertising; this also applies to profiling to the extent that it is related to such direct marketing. In the event of such an objection, we will no longer process your personal data for the purpose of direct marketing. It is sufficient to send us an appropriate e-mail.
h) Right to withdraw consent
You have the option to withdraw your consent to the processing of your data at any time, with future effect, without giving any reason. You will not be disadvantaged in any way by withdrawing your consent. It is sufficient to send us an appropriate e-mail.
However, such an objection does not affect the legality of processing procedures which have already been carried out on the legal basis of Art. 6 Para. 1 letter. a) GDPR.
To exercise your rights as a data subject, send an e-mail to us at the following address: firstname.lastname@example.org
Protection of your personal data
We take state of the art contractual, technical and organizational security precautions to ensure compliance with the provisions of the data protection laws and thus protect the processed data against accidental or deliberate manipulation, loss, destruction or against access by unauthorized persons.
In particular, our security measures include the encrypted transfer of data between your browser and our server. 256-bit-SSL (AES 256) encryption technology is used for this.
Therefore, your personal data is protected in the following points (extract):
a) Ensuring the confidentiality of your personal data
To ensure the confidentiality of the personal data which we store, we have taken various measures to control access, entry and admission.
b) Ensuring the integrity of your personal data
To ensure the integrity of the personal data which we store, we have taken various measures to control transmission and input.
c) Ensure availability of your personal data
To ensure the availability of the personal data which we store, we have taken various measures to control orders and availability.
The security measures employed are continually being improved in accordance with technical development. Despite these precautions, we are unable to guarantee the security of your data transfers to our website because of the insecure nature of the internet. For this reason, any data transfer you make is at your own risk.
Protection of minors
Persons who are under 16 can only provide us with their personal information with the express consent of the persons having parental responsibility. These data will be processed in accordance with our privacy notice.
Server Log Files
The website provider automatically collects and stores information in so-called server log files which are automatically transmitted to us by your browser. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
These data are not combined with other data sources.
The legal basis for this data processing is Art. 6 para, 1 lit. f). GDPR, our legitimate interest.
We offer applicants the opportunity to apply online on our website. As a requirement for acceptance in the application process, applicants must provide us with all the personal data required for a well-founded and informed assessment and selection, by using the form.
The information required includes general personal information (name, address, telephone, or electronic contact details) and performance-specific evidence of the qualifications required for a position. It is possible that health-related information may also be required if it must be given special consideration under labor and social law, in the interest of the applicant's social protection.
We use the Prescreen service, which belongs to New Work SE, Strandkai 1, 20457 Hamburg, Germany, for application management.
A candidate profile is produced using the data and documents provided. Applicants can also view and manage other applications with the created candidate profiles. We have concluded an order processing contract with New Work SE, which obliges New Work SE to protect our customers’ data and not to pass them on to third parties.
More information about Prescreen can be found here: https://prescreen.io/en/privacy-policy/
Your data is transmitted to us using state of the art encryption and processed exclusively for the purpose of processing your application.
The legal basis for the processing is Art. 6 Para. 1 lit. b) GDPR in conjunction with Section 26 Para. 1 FDPA, in the sense of which going through the application process is considered to be the initiation of an employment contract. Insofar as applicants are requested to provide special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g., health data such as information about severely disabled status) as part of the application process, the processing is carried out in accordance with Art. 9 (2) (b) GDPR so that we can exercise the rights and fulfill our obligations arising from labor law and social security and social protection law.
Building on this, or alternatively, the processing of the special categories of data may also be based on Art. 9 (1) (h) GDPR if it is carried out for the purposes of preventative health care or occupational medicine, for assessing the applicant's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector.
If, in the course of the evaluation described above, the applicant is not selected, or if an ap-plicant withdraws their application prematurely, the data they provided will be deleted after appropriate notification, at the latest after three months. This period is determined on the basis of our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to meet our obligations to provide evidence under the regula-tions regarding equal treatment of applicants.
You may also consent to us retaining your application documents in an applicant pool for longer than the defined retention period of three months after completion of the application process, so that you may be considered for another position in our company.
IYour consent is effective for a period of twelve months after the expiration of the above-mentioned three month period. This also applies to “special categories of personal data” according to Art. 9 para. 2a) GDPR (E.g., a photograph which allows recognition of an ethnic origin, a religious affiliation, information about a severe disability etc.), provided that you have transmitted it to us. Your application documents will be erased when the above-mentioned period has ended.
In the event of a successful application, the data provided will be further processed for the purposes of conducting the employment relationship on the basis of Art. 6 Para. 1 lit. b) GDPR in conjunction with Section 26 Para. 1 FDPA.
Customer portal for electronic data transmission
As a customer, you can register for electronic data transmission in our online portal and use web-based services.
We process the following personal data for the registration:
- Email address
- possibly telephone number
- Fax number
- Mobile telephone number
If you use our portal, we store your data to the extent that it is necessary for fulfilling the contract. We also store the data that you provide voluntarily while you are using the portal, provided that you do not delete them first. You can manage and change all the information in the protected customer area. The legal basis is Art. 6 Abs. 1 lit. f GDPR
If you register for our email newsletter, we will regularly send you information about our offers. Personal data is collected for this. The only obligatory information needed for sending the newsletter is your email address. The provision of any other data is voluntary, and it will be used so that we can address you personally. We will use these data for our own advertising purposes in the form of the email newsletter, provided that you have expressly consented in the following way:
"Yes, I want to subscribe to the newsletter! I have taken note of the data protection information"
We use the so-called double opt in process for sending the newsletter. This means that we will only send you an email newsletter when you have expressly confirmed that you consent to the newsletter being sent. We send you a confirmation email which asks you to confirm that you want to receive the newsletter in future by clicking on the appropriate link.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Abs. 1 lit. a) GDPR. When you register for the newsletter, we store your IP address registered by the internet service provider (ISP) as well as the time of registration, so that a possible misuse of your email address can be traced at a later time.
You can unsubscribe from the newsletter at any time by using the link provided in the newsletter or by sending us an appropriate message to email@example.com. After deregistration, your email address will be removed from our newsletter mailing list without delay and added to a lock file to ensure revocation.
Newsletter delivery via CleverReach
We use the technical service provider CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Deutschland (“CleverReach”), for the delivery of our newsletter, to whom we transmit the data you provide when registering for the newsletter. This transmission takes place in accordance with Art. 6 para. 1 lit. f) GDPR and serves our legitimate interest in using a promotionally effective, secure and user-friendly newsletter system. The data you input (E.g., email address) are stored on CleverReach’s servers in Germany or Ireland.
With the help of so-called conversion tracking, it is also possible to analyze whether a predefined action occurs after clicking a link in the newsletter. Technical information is also collected (E.g., click rates, opening rates). The data is collected exclusively pseudonymized and are not connected with your other personal data. A direct reference to a particular person is precluded. These data are only used for the statistical analysis of newspaper campaigns. The results of these analyses can be used to better match future newsletters to your interests.
If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
We have concluded an order processing contract with CleverReach, which obliges CleverReach to protect our customers’ data and not to pass them on to third parties.
Further information about data analysis by CleverReach can be found here: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
You can access CleverReach’s data protection notice at: https://www.cleverreach.com/en/privacy-policy/
Transfer of personal data for order processing
In the course of order processing, the personal data which we have collected are passed to the contracted transport company, as far as this is necessary for the delivery of the goods. We pass payment data to the commissioned credit institution in the context of payment processing.
Payment by “prepayment/on account”: With these types of payment, you receive an invoice and transfer the invoice amount to the muva kempten GmbH bank account.
Transmission of your data to shipping service providers
Goods are delivered by the following transport service providers:
DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn
United Parcel Service Deutschland S.à r.l. & Co. OHG (UPS), Görlitzer Straße 1, D-41460 Neuss
DPD Deutschland GmbH, Wailandtstraße 1, D-63741 Aschaffenburg
GO! Express & Logistics Deutschland GmbH, Brühler Straße 9, D-53119 Bonn
If you have given us your consent during the ordering process, we will pass on your email address and/or telephone number before delivery, for the purpose of arranging a delivery appointment or sending a delivery notification, in accordance with Art. 6 para. 1lit. a GDPR. Otherwise, we only pass on the name of the recipient and the delivery address for the purpose of delivery, in accordance with Art. 6 para. 1 lit. b GDPR. Data is only passed on when it is necessary for the delivery of the goods. In this case, it is not possible to arrange a delivery date in advance or send a delivery notification.
The consent can be revoked at any time with future effect with respect to us, muva kempten GmbH or the transport service provider.
Changing our privacy notices
We reserve the right to amend our privacy notices at short notice so that they always comply with the current legal requirements or in order to implement changes to our services. This could apply, for example, to the introduction of new services. The new privacy notices would then apply to your next visit.
Please also note our further data protection information on: