1. Information on the processing of personal data (data protection information)
1.1 Person responsible
The person responsible pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is:
Maximator Hydrogen GmbH
Mathias Kurras, CEO
Petriblick 2, 99734 Nordhausen
Phone: 03631 65100 0
1.2 Data Protection Officer
You can contact our data protection officer at:
Gesellschaft für Personaldienstleistungen mbH
Phone: +49 561 78968-80
2. General information on the collection of personal data
With the following information, we inform you transparently about the type and scope of the processing of personal data,
- in the context of your visit to our website
- the use of our online offers
- external online presences on social media platforms
- in the context of application procedures
- our branch business
- as well as in business relationships with customers and service providers
The legal basis for our data protection is in particular the requirements of the General Data Protection Regulation (GDPR) and the supplementary regulations of the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).
2.1 Purpose / legal basis of processing
In such cases where we obtain your consent for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract concluded between you and us, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
In the event that the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.
In the event that the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR is the legal basis for the processing.
If cookies or similar technologies are set during data processing, these are stored or accessed in a user's terminal device (e.g. device fingerprinting) in accordance with Section 25 (1) TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR.
2.2 Disclosure of personal data
If, in the course of our processing, we transfer your personal data to other bodies or disclose it to them, this is done exclusively on the basis of one of the legal bases mentioned. The recipients of this data may include, for example, payment service providers in the context of the fulfillment of the contract. In such cases, in which we are obliged to do so by law or by court order, we must transmit your data to bodies entitled to receive information.
If external service providers support us in the processing of your data (e.g. data analysis, newsletter dispatch), this is done within the framework of order processing in accordance with Art. 28 GDPR. In doing so, we only conclude appropriate contracts with service providers that offer sufficient guarantees that appropriate technical and organizational measures ensure the protection of your data.
2.3 Data transfer to third countries
Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is in accordance with the legal requirements. Subject to express consent or contractually or legally required transfer, we only process or allow the data to be processed in third countries with a recognised level of data protection or in accordance with Art. 44 et seq. GDPR on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission (information page of the EU Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
2.4 Storage of data
As soon as the respective purpose for storage no longer applies, we will delete or block your personal data. In addition, your personal data will only be stored if special statutory retention periods (in particular commercial and tax retention obligations) at national or European level prevent deletion.
Our data protection information is based on terms that are used in the GDPR and are defined therein. In order to ensure that our data protection regulations are easy to read and understand, we would like to explain the most important terms in advance.
3.1 Personal data
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
3.3 Person responsible
"Person responsible" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data do not identify an identified or identifiable natural person. can be assigned.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with Union law or the law of the Member States shall not be regarded as recipients.
3.7 Third party
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
"Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
4. Rights of data subjects
The processing of personal data gives rise to rights for you as the natural person concerned, which you can exercise against us at any time. These are:
- Right to revoke a declaration of consent under data protection law in accordance with Art. 7 para. 3 GDPR
- Right to information about your personal data stored by us in accordance with Art. 15 GDPR
- Right to rectification of inaccurate or incomplete data pursuant to Art. 16 GDPR
- Right to deletion of your data stored by us in accordance with Art. 17 GDPR
- Right to restriction of the processing of your data in accordance with Art. 18 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right of objection pursuant to Art. 21 GDPR
- Automated decisions in individual cases including profiling in accordance with Art. 22 GDPR.
4.1 Right to information
You have the right to know from us whether and, if so, which personal data we process from you and to request copies of your personal data from us. Please note that your right to information may be limited in certain circumstances in accordance with legal requirements.
4.2 Right to rectification
If the information concerning you is not (or no longer) correct, you have the right to request the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data.
4.3 Right to deletion
In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately, e.g. if the data is no longer required for the purposes pursued and the statutory retention and archiving regulations do not prevent deletion.
4.4 Right to restriction of processing
Within the framework of the requirements of Art. 18 GDPR, you have the right to request a restriction of the processing of data concerning you, e.g. if you have lodged an objection to the processing, for the duration of the examination whether the objection can be granted.
4.5 Right to data portability
You have the right to have data that you have provided to us handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent that it is technically feasible.
4.6 Right to revoke a declaration of consent under data protection law
If the processing of your personal data is based on consent given to us, you have the right to revoke this consent at any time. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Please send your revocation informally to Maximator Hydrogen GmbH, Petriblick 2, 99734 Nordhausen, firstname.lastname@example.org. We would like to point out that your objection can also be made in further proceedings or must be made for technical reasons. Further information on this can be found in the services described.
4.7 Right to object to processing
Under the conditions of Art. 21 para. 1 GDPR may be subject to data processing on the basis of Art. 6 (1) (e) or (f) GDPR for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.
Please address your objection informally to Maximator Hydrogen GmbH, Petriblick 2, 99734 Nordhausen, email@example.com. We would like to point out that your objection can also be made in further proceedings or must be made for technical reasons. Further information on this can be found in the services described.
4.8 Right to lodge a complaint with the Data Protection Authority
In accordance with Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible for our company is:
The Thuringian Data Protection Commissioner
PO Box 90 04 55
Phone: 03 61/57 311 29 00
4.9 Automatic decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
5. Use of online services
In the following, we will inform you when and in what context data is processed when using our online services.
5.1 Collection of personal data when visiting our website
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you view our website, we collect the data mentioned below. These are technically necessary in order to display our website to you and to ensure the stability and security of the presentation. The legal basis for the storage of information in the form of cookies or in the server log file on your terminal equipment or access to this information in your terminal device is § 25 para. 2 no. 2 TTDSG. The associated data processing is based on Art. 6 para. 1 lit. f GDPR:
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status / HTTP status code
– Amount of data transferred in each case
– Website from which the request originates
– Operating system and its interface
This data is temporarily stored in the log files of our system for a maximum of seven days. It is possible to store them for a longer period of time, but in this case the IP addresses will be partially deleted or alienated so that it is no longer possible to assign them to the calling client.
In addition to the aforementioned data, cookies are stored on your device (e.g. PC, laptop, smartphone) when you use our website. Cookies are small text files that are stored on your device, assigned to the browser you are using, and through which certain information flows to the site that sets the cookie (in this case, us). Cookies cannot run programs or transmit malware to your devices. They serve to make the online offer more user-friendly and effective overall.
This website uses the following types of cookies, the scope and functionality of which are explained below:
5.2.1 Transient cookies
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
5.2.2 Persistent cookies
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
In addition to the cookies set by us as the controller, cookies offered by other providers are also used. We process these cookies on the basis of your consent in accordance with Art. 6 para. 1 lit. a and § 25 para. 1 TTDSG (storage of cookies or access to information in a terminal device (e.g. via device fingerprinting). Further information on the use and cooperation with external service providers can be found within the data protection information of the respective online offers.
You can configure your browser settings according to your wishes and, for example, refuse to accept cookies from external providers or reject all cookies. However, we would like to point out that you may not be able to use all the functions of this website. If you have agreed to the acceptance of cookies and would like to object to this for the future, you can delete the stored cookies in the settings of the browser you are using.
5.3 Cookie settings in web browsers
Web browsers can be set to notify you when cookies are set or to reject or disable cookies in general or in part. By deactivating and deleting all cookies, you can also revoke a previously given consent. If you deactivate or restrict cookies using your browser, you may not be able to offer various functions on our website. You can delete stored cookies at any time using your web browser, even automatically.
You can find out more about these options of the most commonly used browsers via the following links:
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer
Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
Apple Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac Microsoft
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
If no restrictions have been made to the cookie settings, cookies, which enable and ensure the necessary technical functions, remain on your device until the browser is closed, other cookies may remain on your device for a longer period of time. The exact cookie durations are displayed under the cookie settings.
5.4 SSL or TLS encryption
Our website uses TLS encryption (formerly SSL) for security and protection when transmitting confidential content. Orders or contact requests that you send to us are thus made using transport encryption. Depending on the browser type, you can recognize these either by the lock symbol and/or by the https protocol in the address bar.
5.5 External Hosting
We host our website externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include all information relating to the users of our online offer that is generated in the course of use and communication, such as, in particular, content data (e.g. entries in online forms); Usage data (e.g. websites visited, access times); Meta/communication data (e.g. device information, IP addresses).
We collect the aforementioned data in order to be able to guarantee a secure, fast and efficient provision of our online offer. The legal basis for storing information in the form of cookies on your terminal equipment or accessing this information in your terminal device is Section 25 (2) No. 2 TTDSG. The associated processing of your data is carried out in accordance with Art. 6 para. 1 lit. f GDPR due to our legitimate interest in the correct presentation and functionality of our website.
We use the following hosting provider:
All-INKL.COM, Hauptstraße 68, 02742 Friedersdorf
Further information on data protection can be found at https://all-inkl.com/datenschutzinformationen/.
In addition, we have concluded a contract for order data processing (AV). This contract regulates the scope, type and purpose of the access options of the above-mentioned provider(s) to the data. The access options are limited only to necessary accesses that are necessary for the fulfillment of the hosting services and in compliance with the GDPR.
6.1 Contact form
When you contact us via a contact form, the data you provide (your e-mail address, if applicable. Your name, telephone number, the content of your message) will be stored by us in order to comply with your request. The processing of the data entered in the contact form is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. If your contact request is related to the fulfillment of the contract or the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. We delete the data arising in this context after the storage is no longer necessary or restrict the processing if there are legal storage obligations. You can revoke this consent at any time. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
6.2 Enquiry by e-mail, telephone, fax
When you contact us by e-mail, telephone or fax, the personal data you provide (your e-mail address, if applicable. Your name, telephone number, the content of your message) will be stored by us in order to process your request. We will not pass on this data without your consent.
The data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR, if your request is related to the fulfillment of the contract or is necessary for the implementation of pre-contractual measures. In all other cases, we process your data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and/or on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in particular in the effective processing of your request.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
7. Messenger services
We use messenger services to stay in touch with customers and prospects. In addition, we use the services to draw attention to our services and products.
User data may be processed outside the European Union. This may result in risks for you as a user, and it may make it more difficult to enforce your rights. When selecting the messenger services we use, we make sure that the operators undertake to comply with the data protection standards of the European Union.
If you use our messenger service, we are Maximator Hydrogen GmbH, Petriblick 2, 99734 Nordhausen, Germany, in accordance with Art. 26 GDPR and other data protection regulations together with the provider of the respective messenger service.
We have no influence on the processing of personal data by the respective service provider. For example, messenger services may use your data for market research and advertising purposes. Among other things, user behavior can be analyzed and a user profile can be created from the resulting interests of the user. Messenger services can read the contact data on the end devices you use and, if necessary, pass them on to third parties. Persons who are not registered as users with the respective messenger service may also be affected by the data processing.
Messenger services provide statistical data of different categories. These statistics are generated and provided by the respective messenger service provider. As users of the messenger service, we have no influence on the generation and presentation. We use the data available in aggregated form to make our posts and activities in our messenger channel more attractive for customers and prospects. Due to the constant development of service providers, the availability and processing of data are changing, so that we refer to the current data protection declarations of the service providers for further details.
7.1 Legal basis
For the use of messenger services, including the processing of users' personal data, we ask for your consent to provide up-to-date and supportive information and interaction options for and with our customers and interested parties in accordance with Art. 6 para. 1 lit. a GDPR. If necessary, consent can also be given by registration. If the consent also includes the storage of cookies or access to information in a user's end device, Section 25 (1) TTDSG is also the legal basis.
7.2 Storage period
The data collected directly by us via the messenger services will be deleted from our systems as soon as the purpose for its processing no longer applies, you request us to delete it or revoke your consent to storage. Mandatory statutory provisions – in particular retention periods – remain unaffected.
7.3 Rights of data subjects
In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the service provider.
Despite joint responsibility, we would like to point out that we do not have complete access to your personal data. For this reason, you should contact the provider of the messenger service directly for requests for information and the assertion of data subject rights. This is because only the providers have access to user data and can take direct action and provide information. If you would like support in this, please contact us.
7.4 Our messenger services:
Service provider information: WhatsApp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
On the WhatsApp website:
8. Analysis tools
8.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to and stored by Google on servers in the United States. However, if IP anonymisation (AnonymizeIP) is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google's servers in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
This website uses Google Analytics with the extension "Anonymize IP". As a result, IP addresses are processed in abbreviated form, so that a personal reference can be almost impossible. Insofar as the data collected about you is personally identifiable, it will be deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
We also use Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
9. Marketing tools
9.1 Google Tag Manager
This website uses the "Google Tag Manager", a service of Google Ireland Limited. Google Tag Manager offers the possibility to manage website tags via an interface. The Google Tag Manager tool that implements the tags is a cookie-less domain. However, the Google Tag Manager collects your IP address, which can also be transmitted to Google's parent company in the USA.
Google Tag Manager ensures that other tags are triggered, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags that are implemented with Google Tag Manager.
The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR (consent) and § 25 para. 1 TTDSG.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
10. Embedded third-party content
10.1 Google Fonts
We use "Google Fonts" on our website, a service of Google Ireland Limited (hereinafter referred to as "Google"). The service gives us the opportunity to use external fonts, so-called Google Fonts. For this purpose, when you visit our website, the required Google Font is loaded from your browser into the browser cache. This is necessary so that your browser can display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display. The integration of these web fonts is done by a server call, usually at a Google server in the USA. This transmits to the server which of our Internet pages you have visited. The IP address of the browser of your device is also stored by Google. We have no influence on the scope and further use of the data collected and processed by Google through the use of Google Web Fonts.
We use Google Web Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a DSGV and § 25 para. 1 TTDSG.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Third-party information: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland
Further information on Google Web Fonts can be found under https://fonts.google.com/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1 and https://www.google.com/fonts#AboutPlace:about.
10.2 Google Fonts (Local)
We use "Google Fonts" on our website, a service of Google Ireland Limited (hereinafter referred to as "Google"). The service gives us the opportunity to use external fonts, so-called Google Fonts. The Google Fonts are installed locally on our server. A connection to Google servers does not take place.
11. Online video conferencing tools
11.1 Microsoft Teams
We use the "Microsoft Teams" tool to conduct telephone and video conferences, online meetings, video consultations, digital coaching and/or webinars (hereinafter: "online meetings"). Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
If you access the Microsoft Teams (https://teams.microsoft.com/) website, Microsoft is responsible for data processing. The access to this website is necessary for the download of the necessary software if it should not or cannot be used directly and without downloading via an Internet browser.
11.1.1 Data categories
When using Microsoft Teams, various types of data are processed. The total volume of data processing also depends on the information provided by the user before, during and after an "online meeting".
In principle, the following personal data may be processed:
User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional)
Meeting metadata: topic, description (optional), date, time, duration, participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in by telephone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
Text, audio and video data: You may have the option of using the chat, question or survey functions in an "online meeting". The text entries you make will be processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data of a microphone and a possible video camera of the end device are processed during the meeting. The data transfer from camera and microphone can be switched off or muted at any time and by any user independently via the Microsoft Teams applications.
In order to participate in an "online meeting" or to enter the "meeting room", at least your name is required.
11.1.2 Storage of data
There will be no recording of the "online meetings". If we want to record "online meetings", we will inform you in advance and obtain consent. The fact of the recording is also displayed to you in the Microsoft Teams app.
The content of the chats is logged when Microsoft uses Microsoft Teams. If it is necessary for the purpose of logging the results of an online meeting, chat content may also be logged by us.
In the case of webinars, we may also process the questions asked by webinar participants for the purpose of recording and following up on webinars.
Automated decision-making within the meaning of Art. 22 GDPR does not apply.
11.1.3 Legal basis for data processing
Insofar as personal data of employees of Maximator Hydrogen GmbH are processed, § 26 BDSG is the legal basis for data processing.
If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Microsoft Teams, Art. 6 para. 1 lit. f GDPR is the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings".
In all other respects, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
11.1.4 Recipients / disclosure of data
Personal data processed in connection with participation in "online meetings" will not be disclosed to third parties unless they are specifically intended for disclosure. Apart from this, data will only be passed on to third parties if we are legally obliged to do so (e.g. by court order) or if the data subjects have expressly consented to the disclosure of their data.
The provider of Microsoft Teams, who supports us in conducting "online meetings", necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing contract with Microsoft.
Microsoft is obliged to comply with the legal requirements of the applicable data protection law via the order processing concluded with Microsoft Teams, on the basis of EU standard contractual clauses. A currently valid version can be viewed at the following link:
11.1.5 Data processing outside the European Union
Data processing outside the European Union (EU) does not take place as a matter of principle, as we have limited our storage location to data centers in the European Union. However, we cannot completely rule out routing or storage on servers outside the European Union at the processor Microsoft.
A secure level of data protection is ensured by the conclusion of supplemented EU standard data protection clauses as well as technical and organizational measures. The data is encrypted, for example, during transport over the Internet and is therefore generally protected against unauthorized access by third parties. Furthermore, in a statement dated July 20, 2020, with regard to personal data stored by Microsoft in the USA and Europe and which may be subject to official requests for information from authorities in the USA, Microsoft guarantees that such orders that would allow access to personal data will be challenged in court.
11.1.6 Further information on data protection in Microsoft Teams
https://privacy.microsoft.com/de-de/privacystatement (section "Online Services for Business"), as well as: https://www.microsoft.com/de-de/trust-center/privacy/customer-data-definitions.
For technical support and training within the framework of our products, we use the TeamViewer software. We also offer online meetings and webinars via TeamViewer.
If you wish to make use of our services, you must download the TeamViewer software from the provider using a link provided by us and run it on your computer. For this purpose, only the data protection provisions of TeamViewer GmbH as your contractual partner for the use of the software, which can be accessed at www.teamviewer.com/de/datenschutzerklaerung/, apply.
The data processing is carried out on the basis of the consent of the user in accordance with Art. 6 para. 1 lit. a GDPR. If the processing is related to the fulfillment of the contract or the implementation of pre-contractual measures, we also process your data on the basis of Art. 6 para. 1 lit. b GDPR.
If we become aware of personal data in the course of using TeamViewer, this is done solely for the provision of the service requested by you and not for the processing of the data on your behalf. If we are to process personal data on your behalf using TeamViewer, we ask you to conclude an order processing agreement in advance.
As part of a remote access, you can cancel it at any time by exiting the TeamViewer software. We do not store such data and we were the data secrecy for them.
12. Social media presences
12.1 Information on social media
We operate publicly accessible profiles on social networks to draw attention to our services and products. There we would like to get in touch with you as a visitor and user of these pages as well as our website.
User data may be processed outside the European Union. This may result in risks for you as a user, and it may make it more difficult to enforce your rights. When selecting the social media platforms we use, we make sure that the operators commit to complying with EU data protection standards.
If you visit one of our social media sites (e.g. Facebook, Instagram or LinkedIn), we, Maximator Hydrogen GmbH, Petriblick 2, 99734 Nordhausen, Germany, are jointly responsible with the operator of the respective social media platform within the meaning of the GDPR and other data protection regulations.
12.1.1 Data processing on social media platforms
Statistical data of different categories can be accessed by us via social media platforms. These statistics are generated and provided by the social media operator. As the operator of the fan page, we have no influence on the generation and presentation. We use this data available in aggregated form (total number of page views, "likes", page activities, post interactions, reach, video views, post reach, comments, shared content, answers, proportion of men and women, origin in terms of country and city, language, views and clicks in the shop, clicks on route planners, clicks on telephone numbers) to make our posts and activities on our fan page more attractive to users. Due to the constant development of social media platforms, the availability and processing of data is changing, so we refer to the privacy policies of the platforms for further details.
12.1.2 Legal basis
The operation of these fan pages, including the processing of users' personal data, is based on our legitimate interests in a contemporary and supportive information and interaction option for and with our users and visitors in accordance with Art. 6 para. 1 lit. f. GDPR. Under certain circumstances, you may also have given a platform operator your consent to data processing, in which case Art. 6 para. 1 lit. a GDPR is the legal basis.
For a comprehensive description of the respective data processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information of the corresponding platform operator.
12.1.3 Storage period
The data collected directly by us via the social media presences will be deleted from our systems as soon as the purpose for which it was stored no longer applies, you request us to delete it or revoke your consent to its storage. Stored cookies remain on your device until they are deleted by you. Mandatory legal provisions – esp. Retention periods – remain unaffected.
12.1.4 Assertion of rights
In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective portal (e.g. Facebook).
Despite joint responsibility, we would like to point out that we do not have complete access to your personal data. For this reason, you should contact the providers of the social media platforms directly for requests for information and the assertion of data subject rights. This is because only the providers have access to user data and can take direct action and provide information. If you need help with this, please contact us: Maximator Hydrogen GmbH, Petriblick 2, 99734 Nordhausen, firstname.lastname@example.org.
12.2 Our social networks
Provider: Meta Platforms, Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, IrelandAgreement on joint processing of personal data on Facebook Pages: https://www.facebook.com/legal/terms/page_controller_addendum
13 Data protection for applications
We offer you the opportunity to apply to us by e-mail, post, via online application form, messenger or via our career portal. In the following, we will inform you about the scope, purpose and use of your personal data collected as part of the application process.
13.1 Scope and purpose of data collection
In order for us to be able to consider you in the application process for a specific position, customary and meaningful application documents are required, with which you inform us about your personality profile and your qualifications.
The personal data provided by you as part of your application and transmitted to us usually includes: cover letter, curriculum vitae with the usual personal details (first and last name, date of birth, address, telephone number, e-mail address, photo) as well as evidence and certificates.
As a matter of principle, we only use your application documents to decide whether to fill the position for which you have expressly applied. We process the personal data provided to us only to the extent necessary for the purpose of deciding on the establishment of an employment relationship with us. The legal basis for this is Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG (new), insofar as it concerns information that we receive from you as part of the application process (name, contact details, date of birth, information on your professional qualifications and school education or information on professional training). If you voluntarily provide us with further information, we will process it on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. In the course of the application process, further personal data may be collected from you personally and from generally accessible sources for this information purpose. Your personal data will only be passed on within our company to persons who are involved in the processing of your application.
If we process personal data about you in order to defend against legal claims asserted by you against us arising from the application process, we refer to Art. 6 para. 1 lit. f GDPR. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
In order to get an overview of our range of applicants, we statistically evaluate information on incoming applications. Even after deletion of your application documents, we may use anonymized data that does not allow any conclusions to be drawn about your person.
If you submit an unsolicited application that does not relate to a specific position, we will include your application documents as part of filling decisions about all possible positions. We will make the applicant data available for retrieval in automated searches for selected decision-makers in our company so that they can find out about your personality profile and qualifications. In this case, too, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR in conjunction with Art. 28 GDPR, § 26 para. 1 BDSG (new).
13.2 Categories of recipients of personal data
Your personal data will only be transferred to third parties for the purposes listed below. We will only pass on your personal data, which we have received as part of the application process, to third parties if:
- In accordance with Art. 6 para. 1 lit. a GDPR, § 26 BDSG (new) have given your express consent to this,
- the disclosure in accordance with Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- in the event that there is a reason for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR there is a legal obligation as well as - this is legally permissible and according to Art. 6 para. 1 lit. b GDPR, § 26 para. 1 sentence 1 BDSG (new) is necessary for the establishment or processing of contractual relationships with you.
Furthermore, your data will be processed on the basis of Art. 28 GDPR to technical service providers who use your data exclusively on our behalf and under no circumstances for their own business purposes. These are IT service providers, hosting providers or providers of applicant tracking systems.
A transfer of your data to third countries outside the EU or the European Economic Area is not intended.
13.3 Retention period of the data
If we are unable to make you a job offer, if you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after completion of the application process (retention period) in order to ensure the details of the application process in the event of discrepancies (Art. 6 para. 1 lit. f GDPR).
You have the option of consenting to the use of your application documents to fill other positions. Let us know at the appropriate point in the application process. If you choose this option, we will accept it in accordance with Art. 6 para. 1 lit. a GDPR into our talent pool. Your application will then be stored by us for a maximum of 12 months until revoked. You can revoke your consent at any time for the future. A justified revocation has no influence on data processing operations that have already taken place.
If an application process leads to hiring, we will process your application documents on the basis of Art. 6 para. 1 lit. b GDPR, § 26 para. 1 BDSG-neu in your personnel file, for the purpose of establishing the employment relationship as well as the personality profile described by you and your aforementioned qualifications on which the recruitment is based.
13.4 Provision of data
The provision of your personal data is not required by law in the initiation phase of an employment relationship. However, the provision of personal data is necessary for the conclusion of an employment contract with us. This means that if you do not provide us with any personal data in an application, we cannot and will not enter into an employment relationship with you.
13.5 Automated decision-making
There is no automated decision in individual cases within the meaning of Art. 22 GDPR. This means that we personally evaluate your application and the decision on your application is not based exclusively on automated processing.
14. Stationary business premises
14.1 Security Cameras
For the purpose of detecting crimes and protecting property and vandalism, as well as for the prevention of them, we use video surveillance in our branches. There is no sound recording. The legal basis is Art. 6 para. 1 lit. f GDPR. The use of video surveillance is indicated by a clearly visible pictogram in the branches. As a matter of principle, we delete the resulting footage from the security cameras 7 days after recording. In the event of a criminal offence, we reserve the right to store the image material until the purpose for which it was collected no longer applies. The images will not be transmitted to third parties, with the exception of investigating authorities that request the images in the event of a criminal offence. For installation and maintenance, maintenance companies commissioned by us may have access to stored data.
14.2 Use of guest Wi-Fi
We provide you with access to the Internet in the form of Wi-Fi access ("guest Wi-Fi") in our business premises for free use. In the following, we inform you about the personal data collected in this context.
14.2.1 Processing purposes and legal basis
The data processing is carried out for the purpose of the technical provision of a guest WLAN and to ensure smooth use by our guests. The processing is necessary for the performance of a contract (provision of Internet access via the guest WLAN) pursuant to Art. 6 (1) (b) GDPR.
Furthermore, we process your data to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in ensuring the security of our information technology systems and in defending against liability claims in the event of non-compliant use of the guest WLAN.
14.2.2 Data categories and data origin
When using our guest WLAN, the Mac address and host name of your device, log data (log files) on the type and scope of use of the service are stored in this context. This data cannot be directly assigned to your person. In addition, each device is assigned its own IP address.
The data is transmitted directly to us by our guests when they register for the guest WLAN.
We do not pass on your personal data to third parties. Your data will only be passed on or transmitted if it is necessary for the execution of the contract, if it is based on a legal basis, if there is a legitimate interest or on the basis of your prior consent.
If external service providers support us in the processing of your data (e.g. IT service providers), this is done within the framework of order processing in accordance with Art. 28 GDPR. In doing so, we only conclude appropriate contracts with service providers that offer sufficient guarantees that appropriate technical and organizational measures ensure the protection of your data.
14.2.4 Data transfer to a third country
A transfer of data to third countries does not take place and is not intended.
14.2.5 Duration of storage
The data will be deleted by us on a regular basis, but no later than 7 Tagen.es, unless longer storage of the personal data is required by law or is necessary to assert, exercise or defend legal claims.
14.2.6 Provision of data
The provision of personal data about the data subject is technically necessary for the use of the guest WLAN. Without this data, you will not be able to use our guest Wi-Fi.
15. Business relationships
The following information shows you how we handle your data when you contact us, when contract negotiations take place with us and/or when contractual agreements exist with us.
15.1 Processing purposes and legal basis
The data processing is carried out for the purpose of contract processing. The processing of your data is required in accordance with Art. 6 para. 1 lit. b GDPR for the initiation and fulfillment of contracts.
Furthermore, the processing of your personal data may be carried out on the basis of Art. 6 para. 1 lit. f GDPR may be necessary to protect our legitimate interests. Our legitimate interests consist in the avoidance of economic disadvantages through credit checks, invitations to events, assertion of legal claims and avoidance of legal disadvantages (e.g. in the event of insolvencies), defence against dangers and liability claims and avoidance of legal risks, e-mails, prevention of criminal offences.
15.2 Data category and data origin
We process the following categories of data: Master and contact data: title, name (first and last name), department and function in the company, address, e-mail, telephone, fax, date of birth, purchase history, contract data, billing data.
The data from the aforementioned data categories were transmitted directly to us by our customers and interested parties.
We do not pass on your personal data to third parties. Excluded from this are our service partners if this is necessary for the fulfillment of the contract, such as parcel and letter deliverers, banks for the collection of direct debits, tax authorities, if necessary further enumerations such as credit agencies, etc.
15.4 Duration of storage
The data stored about you will be deleted after fulfillment of the contract, provided that there are no further legal obligations to retain it. These include, for example, commercial and financial law data. These will be deleted after ten years in accordance with the legal regulations, unless longer retention periods are prescribed or necessary for legitimate reasons. If you revoke your consent to the use of your data, it will be deleted immediately, unless the above reasons speak against it.
15.5 Right to object
You have the right to object to the processing. You can object to the use of your data at any time for the future.
15.6 Provision of data
The provision of personal data is contractually required or necessary for the conclusion of a contract. If the required personal data is not provided, we would not be able to enter into a business relationship with you.