BACK

 

Data Privacy Statement

We are pleased to welcome you to our website and with your interest in msg Rethink Compliance GmbH. Not only is offering our customers end-to-end support very important to us, but so is ensuring that your personal information is protected.

The following explains the actions we take when you visit our website – naturally in compliance with applicable data security regulations, which information we collect and how we process it.

Furthermore, we inform you here about the processing of your personal data by HubSpot in the context of customer relationship management and the use of online forms.

Should our data privacy statement change, it will be updated on this page in order to keep you informed as to which data msg Rethink Compliance GmbH stores and uses.

The most important data privacy information can be found below. We have organized the information by topic.

 

I. Name and address of the responsible party

Responsible for the collection, processing and use of your personal data pursuant to the EU General Data Protection Regulation is:

msg Rethink Compliance GmbH
Amelia-Mary-Earhart-Straße 14
60549 Frankfurt am Main
Germany

Telephone:  +49 69 580045-0
E-mail: info@msg-compliance.com

Should you wish to object to the collection, processing or use of your data by msg Rethink Compliance GmbH as set forth in these data privacy policies as a whole or in regard to specific measures, please e-mail or mail your objection to the aforementioned address.

 

II. Name and address of the data protection officer

Data protection officer of the responsible party is:

Claus Bauer
msg systems ag
Robert-Bürkle-Straße 1
85737 Ismaning
Deutschland

 

III. General information on data processing

1. Why we use data

We wish to constantly improve our offers and make them more attractive. The only way for us to optimize the contents of the msg Internet sites to better meet your demands is to identify which sections of our Internet sites are most commonly visited and on which the most time is spent. Should you entrust us with your personal information, msg Rethink Compliance GmbH shall use such for the technical administration of the websites, customer management, product surveys and marketing; however, we shall only do so to the extent that is necessary. The more we understand what you want, the faster you will be able to find the information you are looking for on our Internet sites.

2. Information on the collection of personal information

The following provides information on the collection of personal information when using our website, and within our customer relationship management. Personal information includes all information that relates to you personally, e.g., name, address, e-mail address, telephone number, user behavior, etc.

In addition to the information you share with us, we also analyze how you use our services and offers in order to lead you to the information that might interest you more quickly and in order to constantly optimize our service.

3. Legal basis for processing personal information

Numeral 6, Para. 1, Item a of the General Data Protection Regulation (GDPR) forms the legal basis for any consent we obtain from relevant persons for the operations involved in processing personal information.

Numeral 6, Para. 1, Item b of the General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal information in order to fulfill a contract when the relevant person is one of the contract parties. This includes processing operations necessary to complete measures that precede the contract.

Numeral 6, Para. 1, Item c of the General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal information to the extent such is necessary in order to comply with legal obligations to which our company is subject.

Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR) forms the legal basis for any processing necessary to ensure a legitimate interest of our company or a third party, as long as such do not outweigh the interests, fundamental rights and fundamental freedoms of the person in question.

4. Data deletion and retention period

The personal information of the relevant person shall be deleted or locked as soon as the purpose for which such was stored is no longer applicable. Storage beyond such is possible if provided by European or national lawmakers in laws or other regulations to which the responsible party is subject under Union law. Data shall also be locked or deleted once the retention period prescribed in the given norms expires, unless storage of the data is still required in order to conclude or fulfill a contract.

 

IV. Provision of the website

1. Collection of personal information when visiting our website

The only personal information we collect when you visit our websites is the information your browser communicates to our servers. When you browse our website, we collect the information required on the technical side to display our website and to ensure stability and security. The following information is collected in such cases:

  • User’s IP address
  • Date and time of your inquiry
  • Content of the request (specific site)
  • Respective data volume transmitted
  • Website from which the inquiry is received
  • Information on the browser type
  • User’s operating system
  • Language and version of the browser software
  • Websites from which the user’s system accesses our Internet site
  • Websites the user's system accesses from our website

This information is also stored in our system’s log files. This information is not stored together with other personal information.

2. Legal basis for the data processing

Legal basis for the temporary storage of data and log files is Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR).

3. Purpose of the processing

The IP address must be temporarily stored by the system in order to enable the delivery of the website to the user’s computer. To that end, the user’s IP address must be stored for the duration of the session. IP addresses are required for problem diagnosis, website administration and demographic information.

The information recorded is solely used for data security reasons, specifically to prevent attack attempts on our web server, and for statistical analysis.

4. Retention period

Data is deleted as soon as it is no longer required for the purpose it was collected. Any information collected in order to provide the website is deleted as soon as the respective session is terminated.

Information stored in log files is deleted no later than after seven (7) days. Storage beyond that period is also possible. In that case, the user’s IP addresses are deleted or rendered anonymous so that it can no longer be collated to the client that used it to access the site.

5. Objection and removal options

Information must be collected in order to provide the website and information must be stored in log files in order to operate the Internet site. As a result, the user does not have the option to object in this case.

 

V. Use of cookies and third-party services

1. Description and scope of data collection

Consent to the use of services is given through Usercentrics Consent Management. A visit to the msg websites is not possible without prior selection and confirmation of the services used. The settings selected by the user can be extended and/or revoked at any time.

2. Usercentrics Consent Management Platform

To view the full privacy policy, you must deactivate your pop-up blocker.

 

 

 

VI. HubSpot

1. DESCRIPTION AND SCOPE OF DATA PROCESSING

Customer Relationship Management

We use HubSpot as our primary customer relationship management system (CRM system) to store the personal data we receive from you in the course of initiating business or from existing business relationships.

This information is used for customer care and is used by us for targeted marketing measures as well as for sales purposes.

This includes, among other things,

  • Information about new products and advisory services
  • Information about events such as online seminars, training offers and on-site events
  • Industry trends
  • Company news

HubSpot enables us to track whether and when you have opened an email you have received from us and which links you open in it.

HubSpot forms (online forms) and landing pages

We also use so-called HubSpot landing pages and HubSpot forms on our homepage. These forms can be contact forms, forms for downloading or ordering our publications, or forms for registering for events or newsletters. When you use these forms, a new contact is created for you in our customer relationship management system with all the data you have provided.

When visiting a HubSpot landing page, you will be informed about the use of cookies. These are used to register your visit on the landing page. Only when using the HubSpot form on the landing page, a contact is created for you in our customer relationship management system and your landing page visit is stored there.

HubSpot is a software company from the USA with a branch in Ireland: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500, https://www.hubspot.de. For more information on HubSpot's privacy policy, please visit the following HubSpot page: https://legal.hubspot.com/de/privacy-policy. All of HubSpot's resources on EU data protection can be found here: https://legal.hubspot.com/de/datenschutz.

2. CATEGORIES OF DATA PROCESSED

In the course of using HubSpot as a customer relationship management system, the following data is collected and stored by us, provided that it has been made available by you or results from the business relationship.

  • Last name and first name
  • Company and address
  • E-mail address
  • Telephone number
  • Position/role in the company
  • E-mail message
  • Duration of business relationship
  • Contact information and activity
  • Email information
  • Web analytics history
  • Conversion information
  • IP address from contact form usage
  • Preferred language

3. ORIGIN OF DATA

Within the scope of using HubSpot as a customer relationship management system, data is collected from the following sources:

  • Personal contacts
  • Previous business relationships
  • Emails received from you
  • Business cards received from you
  • Data provided by you for contact purposes (e.g. at events and trade fairs)
  • Participation in events organised by us
  • Content syndication

Furthermore, the information you provide when using HubSpot forms and landing pages is stored in HubSpot.

4. LEGAL BASIS FOR DATA PROCESSING

The processing of your personal data in the context of customer relationship management is based on our legitimate interest in storing the data we have received from you in a suitable digital format and using it to maintain the business relationship and for direct marketing. The processing is thus carried out on the basis of Art. 6 (1) lit. f DSGVO.

By using our HubSpot forms, you agree to the storage and processing of your personal data, and consent to us informing you via email about important compliance topics, industry trends, news on products and services or interesting event offers. The processing is then carried out on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DSGVO.

5. PURPOSE OF DATA PROCESSING

The processing of your data serves the purpose of maintaining the business relationship. Furthermore, we use your data for planning and implementing direct marketing activities as well as for sales purposes.

Furthermore, we process your data in order to process your enquiries made via the HubSpot forms.

6. PROCESSING IN THIRD COUNTRIES

We store your personal data in our customer relationship management system HubSpot. The data is stored by Hubspot in the USA. When processing in third countries, the same level of protection as in the European Union cannot always be guaranteed. For the USA, the European Commission has denied an adequate level of protection. Processing in third countries is nevertheless permissible, provided that certain guarantees are in place. Such guarantees can arise in particular from relevant contractual clauses. In its decision of 5 February 2010 (2010/87/EU), the European Commission formulated standard contractual clauses and defined these as appropriate guarantees. msg Rethink Compliance GmbH therefore agrees these standard contractual clauses with all processors in third countries.

The transfer of data therefore takes place on the basis of appropriate guarantees within the meaning of Art. 46 (1) in conjunction with Art. 46 (2) (c). Art. 46 para. 2 lit. c DSGVO.

7. DURATION OF STORAGE

We will store your personal data until we receive an order from you to delete it.

8. RIGHTS OF THE DATA SUBJECT

You have the right to obtain information about the data we have processed about you at any time. Furthermore, you have the right to have data stored about you corrected or deleted, as well as to restrict its processing or to object to it altogether.

To assert your claims, you can send us an e-mail to the above e-mail address or use the postal address given above.

9. POSSIBILITY OF COMPLAINT TO THE COMPETENT SUPERVISORY AUTHORITY

In the event of violations of data protection law, the person concerned has the right to lodge a complaint with the competent supervisory authorities. The competent supervisory authority for data protection issues is, for example, the "Hessian Commissioner for Data Protection and Freedom of Information (HBDI)". Furthermore, you can find a list of data protection officers and their contact details at the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

VII. Where is my information processed?

Your information is processed in Germany. Data is also processed in European and non-European foreign countries within the legally permissible limits.

 

VIII. How safe is my information?

msg Rethink Compliance GmbH has taken extensive technical and operational safety precautions in accordance with applicable European law to protect your information from unauthorized access and misuse.

 

IX. Will my information be shared with third parties?

No information with be shared with third-parties, with the exception of the companies of the msg group and HubSpot.

 

X. Rights held by the affected person

Anytime your personal information is processed you are considered an affected person pursuant to the GDPR and you have the following rights in connection with the responsible party:

1. Right to disclosure

You have the right to request information on the scope, origin and recipient of stored information, as well as the purpose of the storage, at no charge to you.

2. Right to correction

You have the right to demand a correction and/or completion from the responsible party should the processed personal information related to you be incorrect or incomplete. The responsible party must make the corrections without delay.

3. Right to deletion

You have the right to request that the responsible party immediately delete any personal information related to you and the responsible party is required to delete said data without delay should any of the following reasons apply:

(1) The personal information related to you is no longer required for the purpose it was collected or processed in any other manner.

(2) You revoke the consent on which the processing was based pursuant to Numeral 6, Para. 1, Item a or Numeral 9, Para. 2, Item a of the General Data Protection Regulation (GDPR) and there is no other legal basis for the processing.

(3) You submit an objection to the processing pursuant to Numeral 21, Para. 1 of the General Data Protection Regulation (GDPR) and no legitimate reasons for the processing that have precedence over your objection exist, or you submit an objection to the processing pursuant to Numeral 21, Para. 2 of the General Data Protection Regulation (GDPR).

(4) The personal information related to you was processed unlawfully.

(5) The deletion of the personal information related to you is necessary in order to meet a legal obligation under Union law or the law of the member states to which the responsible party is subject.

(6) The personal information related to you was collected in relation to services offered by the information company pursuant to Numeral 8, Para. 1 of the General Data Protection Regulation (GDPR).

4. Right to data portability

You have the right to obtain the personal information related to you and which you shared with the responsible party in a structured, commonly used and machine-readable format.

5. Right of objection

You have the right, for reasons arising from your particular situation, to object to the processing of personal information related to you, which was being processed pursuant to Numeral 6, Para. 1, Item e or f of the General Data Protection Regulation (GDPR), at any time; this includes any profiling based on these policies.

The responsible party will cease processing any personal information related to you unless they can provide proof urgent, protection-worthy reasons for the processing that outweigh your interests, rights and freedoms or unless the processing serves the enforcement, exercising or defense of legitimate claims.

You have the right to revoke your privacy consent statement at any time. Revoking your consent shall not affect the legitimacy of the processing that was performed with your consent up to the time your consent was revoked.

6. Right to submit complaint to supervisory body

Notwithstanding other administrative or legal remedy, you will generally have the right to submit a complaint to a supervisory body, specifically in the member state of your place of residence, your place of employment or the location of the alleged breach, if you are of the opinion that the processing of the personal information related to you violates the GDPR.

The supervisory body to which the complaint is submitted shall inform the complainant of the status and results of the complaint, including the option of legal remedy pursuant to Numeral 78 of the GDPR.

 

Version: 06/05/2021