MIGAL.CO has taken all reasonable steps to ensure the best possible protection of personal data processed on this site. The processing of these data is always consistent with the general data protection regulation (GDPR) and the national data protection rules applicable to MIGAL.CO GmbH.
Nevertheless, data transfers via the Internet can in principle have security shortcomings, so absolute protection can not be guaranteed.
These terms are defined as follows:
a) Personal data
This is all information relating to an identified or identifiable natural person (hereinafter referred to as the "registered"). A physical person is considered identifiable, identifiable directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more features, the expression of the physical, genetic, mental, economic, cultural or social identity of the physical person;
Treatment means any process or series of transactions related to personal data such as collection, entry, organization, classification, storage, adaptation or modification, reading, request, use, with or without the help of automated procedures; publication by transfer, transmission or other form of availability, approximation or association, limitation, erasure or destruction.
d) The limitation of treatment
Limitation of processing is the marking of stored personal data in order to limit their future treatment
Profiling is a type of automated personal data processing that involves the use of this personal information to evaluate certain personal aspects of a physical person, especially aspects of work performance, financial situation, health, predicting preferences, interests, trustworthiness, behaviour, location or change of the individual's place.
Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a registered without further information, provided that this information is kept separate and subject to technical and organizational measures and is not attributable to an identified or identifiable natural person.
g) The person in charge or the data controller
The person in charge or the data controller is the natural or legal person, public authority, institution or body who alone or with others decides on the purposes and methods of processing personal data. When the purpose and procedure for such treatment is determined by Union or national legislation, the controller or the specific criteria for his appointment may be determined by Union or national law
h) The processor
The processor is a natural or legal person, public authority, agency or other organization that processes personal data on behalf of the principal.
i) The recipient
The recipient is a natural or legal person, agency or other entity to which the personal information is disclosed, whether a third party or not. However, authorities that may receive personal data under Union or national law relating to a particular mission shall not be considered as recipients.
j) Third party
The third party is a natural or legal person, public authority, body or organization, with the exception of the registered, the data controller, the processor and the competent persons responsible for the controller or the processor.
Consent is given voluntarily and unambiguously by the registered for each individual case in the form of a declaration or other clear confirmation by which the registered person indicates that he / she allows processing of personal data.
"Cookies" are text files that the browser places on the user's computer when a web page is opened. They store data from site visits, the details of which data depend on the type and purpose of the cookie.
2. Name and address of the controller
Responsible for data protection is:
represented by its managers: Martin Erl and Robert Lahnsteiner
Phone: 0049 - 9951 69059-0
3. Collection of general data and information
MIGAL.CO GmbH website collects a wealth of data and general information when the site is visited by a registered or an automated system. This data and general information are stored in the server's log files. May be registered:
(1) Type of browser used
(2) Time and date of the visit of the web page
(3) Type of operating system used
(4) The web page from which you had access to our site (Referrer)
(5) The secondary web pages found on our website,
(6) Internet protocol (IP) address, stored, provided
that instead of the actual IP address, e.g. 188.8.131.52 an IP address 123.123.123.XXX is stored, where XXX is a random value between 1 and 254. The reference to a personal identity is no longer possible.
When using this data and general information, no conclusion is made about the registered. This information is necessary to (1) properly provide the content on our site; (2) optimize the content of our site and promote it; (3) ensure continued operation of our computer systems and technologies on our site; 4) provide law enforcement authorities with the information they need to apply the law in the event of a cyber attack. This anonymously collected data and information is evaluated by MIGAL.CO GmbH and its hosting service provider, 1 & 1 Internet SE, represented by its directors: Eric Tholomé, Hüseyin Dogan, Hans Henning Kettler, Matthias Steinberg, Achim Weiss, Elgendorfer S 57, 56410 Montabaur, Germany, firstly, statistically and further, to increase the integrity and data security of our company. The anonymous data in the server's log files is stored separately from personal data provided by a registered, so that no associated data connection or registration can be formed.
For all other features on the site (see points 5-6), the information mentioned in paragraph 3 is also (re) registered. This is also the case for the above reasons.
Most browsers allow you to restrict storage of cookies or to configure the browser to notify you as soon as a cookie is set. You can also delete cookies from your computer's hard disk at any time. However, please note that the use and the particular usability of our website is limited without cookies.
5. Contact opportunities through the website
The MIGAL.CO GmbH website contains features that enable fast electronic contact, including contact form and e-mail address. If a registered person contacts the controller via e-mail or via the contact form, the personal data transferred by the registered person is automatically saved. These personal data, voluntarily transferred by a person to the controller, are stored for the purpose of processing or contacting the registered. There is no transfer of personal data to third parties.
The registered person can sign up on the registry's website and provide personal information. The data collected during the registration depends on the contents of the entry template. Personal data recorded by the registered person must be collected and stored by the controller for internal use only and for personal purposes.
The registry administrator may initiate the transfer to one or more processors, such as its hosting service provider, who also uses personal data for internal use only that may be attributed to the controller.
Registration is voluntary through the provision of personal data and is used by the controller to provide content and / or services to the registered person. The enrolled persons whose personal data are stored can at any time change personal data registered at the time of registration or delete them completely from the data controller's database.
In addition, the rights referred to in paragraph 8 also apply to the data collected at the time of registration.
7. Systematic removal and blocking of personal data
The data controller processes and stores the personal data of the registered only for the period necessary to achieve the purpose of the storage or in accordance with European directives and regulations or any other legislator in the laws or regulations to which the controller is subject.
If the purpose of the storage is outdated or if a storage period prescribed by European directives and regulations or other relevant legislatures expires, personal data will be blocked or removed systematically in accordance with the legal provisions.
8. Rights of the registered person
a) Right to Confirmation
Each registered person has, according to the European Supervisory Authority's regulations, the right to require the controller to confirm whether personal data relating to him / her is being processed. If a registered person wishes to avail himself of this right of confirmation, he or she may at any time contact any employee of the controller.
b) Right to Information
Each concerned person has, at any time, the right granted by the lawyer and the European Supervisory Authority, to access the data of the data controller free of charge for the personal data recorded on him / her and to obtain a copy of this information. In addition, the legislator and the European Supervisory Authority have granted the registered person information on the following data:
- the purpose of treatment
- the categories of personal data being processed
- the recipients or categories of recipients to whom personal data have or should still be disclosed, in particular recipients in third countries or international organizations
- if possible, the expected duration of the storage of personal data or, if this is not possible, the criteria for determining this duration
- the existence of a right to rectify or delete personal data about him or her, or to limit the treatment of the person responsible or a right to oppose this treatment
- the existence of a right to appeal to a supervisory authority if personal data is not collected from the person concerned
- all available information about the origin of the data
- the existence of an automated decision making including profiling under Article 22.1 and 22.4 of the GDPR and - at least in these cases - meaningful information about the current logic and the extent and expected impact of such treatment on the registered person
In addition, the registered person has the right to access with regard to the transfer of personal data to a third country or to an international organization. If so, the person concerned is entitled to receive information about appropriate guarantees in connection with the transfer.
If a registered person wishes to avail himself of this right of information, he or she may at any time contact any employee of the controller.
c) Right to rectification
The person concerned with the processing of personal data has the right granted by the European legislator to demand immediate correction of incorrect personal data about him or her. In addition, the registered person has the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into account the purpose of the treatment.
If concerned person wishes to use this right to rectification, he or she may contact any employee at any time with the data controller.
d) Right of erasure (right to be forgotten)
The person concerned with the processing of personal data has the right granted by the legislator and the European Supervisory Authority to require that the controller immediately delete personal data about him or her, provided that one of the following reasons is met and that processing is not required:
- Personal data has been collected for purpose or processed in ways no longer required.
- The person concerned revokes the consent on which the treatment was based pursuant to Section 6.1a of the GDPR or Article 9.2a of the GDPR and there is no other legal basis for the treatment.
- The registered objects to the processing of data relating to him or her in accordance with Article 21.1 of the GDPR, and there are no legitimate reasons for the treatment or the registered opposes the treatment in accordance with Article 21.2, GDPR.
Personal data have been processed illegally.
- The deletion of personal data is necessary to comply with a statutory obligation under Union or national law for which the controller is subject.
- Personal data have been collected in connection with information society services offered in accordance with Article 8 (1) of the GDPR.
If one of the above reasons is met and a registered person wishes to delete personal data stored by MIGAL.CO GmbH, he or she may at any time contact an employee of the data controller.
If the personal data has been published by MIGAL.CO GmbH and if our company is obliged to remove the personal data as responsible in accordance with Article 17.1 of the GDPR, we will take appropriate measures taking into account the available technology and the costs of technical implementation, to inform other registry administrators of the processing of published personal data that the registered has requested to wipe out, so that any links to such personal data or to copies or repetitions of these personal data will be deleted unless further processing is required.
Note that deleted data can still be recovered due to caching systems, search engines, proxy servers, and the like without always being present in systems that fall under our sphere of influence.
e) Right to limitation of treatment
The person concerned with the processing of personal data has a right granted by the legislator and the European Supervisory Authority to require the controller to limit personal data provided that one of the following reasons is met:
- The accuracy of personal data is questioned by the registered for a period that allows the controller to verify the accuracy of the personal data.
- The processing is unlawful and the registered opposes their erasure and demands the limitation of the use of personal data instead.
- The person in charge no longer needs personal data for treatment purposes, but the registrant needs them to claim, exercise or defend legal requirements.
- the registered has objections to the treatment under Article 21.1 of the GDPR, and it is not yet clear whether the responsible person's justified reasons outweigh the registration.
If one of the above conditions is met and a registered person requests the restriction of personal data stored by MIGAL.CO GmbH, he or she may at any time contact an employee of the data controller.
f) Right to data portability
The person concerned with the processing of personal data is entitled under the European directives and regulations to obtain personal data about him or her that the registered has made available to the controller in a common, structured and machine-readable format. He or she shall also be entitled to transfer such information to another responsible person, without prejudice to the controller to whom such information has been made available, provided that the processing is based on consent in accordance with Article 6 (1) (a) of the GDPR or Article 9.1 b 2 a of the GDPR or on an agreement under Article 6 (1) (b) of the GDPR and through automated processes, except where processing is necessary for the performance of a public interest or public authority exercise transferred to the responsible person.
Furthermore, the registered person has the right to transfer personal data directly from one person to another by exercising the right to data portability under Article 20.1 of the GDPR, as far as possible and unless it affects the rights and freedoms of others
In order to claim the right to transfer data, the registered may at any time contact an employee of the controller.
g) Right to objections
The person concerned with the processing of personal data has been granted, by the European Directive and the supervisory authority, the right to appeal for the processing of personal data pertaining to him or her in accordance with Article 6 (1), point (e) or f of the GDPR at any time, for reasons arising from his or her particular situation. This also applies to profiling based on these provisions.
In opposition, MIGAL.CO will no longer process your personal data if we can not display legitimate grounds for consideration considering the interests, rights and freedoms of the registered or that the treatment is intended to enforce, exercise or defend legal requirements.
If MIGAL.CO GmbH processes personal data for using direct mail services, the registered has the right to object to the processing of personal data for advertising purposes at any time. This also applies to profiling as long as it is linked to such direct mail services. If the registered person opposes the processing of MIGAL.CO GmbH for direct marketing, we will no longer process personal data for these purposes.
In addition, the registered person has the right to oppose the processing of personal data about him or her for scientific or historical research or for statistical purposes in accordance with Article 89 (1) of the GDPR, unless such treatment is necessary to fulfil a mission of public interest.
In order to exercise the right to objections, the registered may contact an employee directly with the controller. The registered is also free to exercise, despite the use of information society services, Directive 2002/58 / EC his right to object through automatic procedures using technical specifications.
h) Automated decisions in individual cases, including profiling
The person concerned with the processing of personal data has the right, as recognized by the legislator and the European Supervisory Authority, not to be subject to a decision based solely on automatic processing, including profiling, unless the decision (1) is necessary to conclude or implement an agreement between the registered and the controller, or (2) is authorized under Union law or the Member States to which the controller is subject and where such legislation contains appropriate measures to protect the registered's rights and liberties and his or her legitimate interests; or ) with the registered's express consent.
If the decision (1) is required to conclude or implement an agreement between the registered and the controller or (2) with the explicit consent of the data subject, MIGAL.CO GmbH shall take appropriate measures to protect rights and freedoms, protect the legitimate interests of the registered, including at least the right of the controller to get a person to intervene, to express his or her own position and to oppose the decision.
If the person concerned wants to claim automatic decision-making rights, he or she may contact an employee with the supervisor at any time.
i) Right to revoke data protection consent
The person concerned with the processing of personal data has the right granted by the European legislator to require that consent for processing personal data about him or her shall be terminated.
If the registered person wishes to exercise the right to withdraw a consent, he / she may contact an employee at any time with the supervisor.
9. Responsible for links
Our offer contains links to external third-party sites, whose content we have no impact on. Therefore, we can not take any responsibility for these external contents. For the content of the linked pages, the supplier or the respective owner of the pages is always responsible, as applicable to us as far as we are responsible in some cases.
At the time of the link, it was verified that the sites did not contain any violations of law. The illegal content could not be identified at the time of the link.
However, a permanent check of the content on the linked pages is not reasonable without concrete evidence of an infringement. When reporting violations, we will remove these links immediately.
10. Privacy Notice for the Use and Use of Google Analytics (with anonymity feature)
The data controller has integrated the Google Analytics component (with anonymization feature) on this site. Google Analytics is a Web analytics service. Web Analytics carries out the collection, compilation and analysis of data about visitors' browsing behaviour. A web-based service collects, among other things, data on the site from which a registered person has arrived at a site (so-called referrals), on the site's secondary pages visited, or on the frequency and duration of the stay. A web analysis is primarily used to optimize a website and for an analysis of the costs and benefits of advertising on the Internet.
The operator of Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The data controller uses "_gat._anonymizeIp" for web analyses through Google Analytics. By using this add-on, the IP address of the registered Internet access will be shortened and anonymized by Google if access to our site is from a Member State of the European Union or from another state that has signed the European Economic Area agreement.
The purpose of the Google Analytics elements is to analyze the flow of visitors to our site. For example, Google uses data and information obtained to evaluate the use of our site, compile online reports that present the activities on our web pages, and provide other services related to the use of our site.
Google Analytics uses a cookie on the registered computer system. By using this cookie, Google can analyze the use of our site. At each entry on one of the separate pages on this site, run by the data controller and on which a Google Analytics component has been integrated, the web browsers in the registered's computer system are automatically managed by the relevant Google Analytics component to transfer data to Google for online analysis. As part of this technical process, Google is informed of personal information, such as the registered IP address, which is used, inter alia, by Google to track visitors' origin and clicks and allow payment of commission.
Cookies store personally identifiable information such as access time, the location from which access was made and the frequency of the visitor's visit to the site. When you visit our site, your personal information, including the IP address of the Internet connection used by the registered person, is transferred to Google in the United States. This personal information is stored by Google in the United States. Google may transfer these personal data collected through the technical process to third parties.
The registered person can, as noted above, at any time prevent cookies from being placed by our site, using a parameter appropriate for the browser used, and in constant contradiction to the setting of cookies and thus permanently oppose the receipt of cookies. Such a setting of the browser used would also prevent Google from setting up a cookie on the registered person's computer system. Additionally, a cookie already defined by Google Analytics can be deleted at any time via the browser or other software.
11. Legal basis of treatment
Art. In company, article 6 (I) point (a) of the GDPR, sets the legal basis for the processing of operations for which we seek your consent for a particular treatment purpose. If the processing of personal data is necessary to perform a contract in which the registered party is a party, such as the case of the processing necessary for supply of goods or other services or remuneration, the treatment is based on Article 6 (I) point (b) of the GDPR. This also applies to the processes required for conducting negotiation measures, for example, when examining our products or services. If our company is subject to a legal obligation requiring processing of personal data, such as the fulfilment of tax liability, the processing is based on Article 6, (I) point c of the GDPR. In rare cases, processing of personal data may be necessary to protect the vital interests of the registered person or other natural persons. This would be the case if a visitor in our premises was injured and his name, age, health insurance or other important information was forwarded to a doctor, hospital or third party. The treatment would then be based on species. 6 I (d) of the GDPR. Finally, processing operations can be based on Article 6 I (f) of the GDPR. For this legal basis, treatments not covered by any of the above legal grounds are based on the processing necessary to protect the legitimate interests of our company or third party, unless the interests , fundamental rights and the fundamental freedoms of the data subject take precedence. Such treatments are especially allowed for us because they have been specifically mentioned by the European legislator. In this regard, it was considered that a legitimate interest could be assumed if the registered was the customer of the controller (recital 47, second sentence, GDPR).
12. Legitimate interests for processing conducted by the controller or by a third party
If the processing of personal data is based on Article 6, point f of the GDPR, our legitimate interest is to carry out our business.
13. Storage time of your personal data
The criterion for the duration of the storage of personal data is the respective statutory period. After the deadline expires, the corresponding data will be erased automatically if they are no longer necessary to complete an agreement or draw up an agreement.
14. There is no transfer of personal data to third parties.
MIGAL.CO does not transfer its users' personal data to third parties unless you have previously given your explicit consent or there is a legal obligation to share data. In addition, a transfer of personal data to third parties may occur if a legal basis permits it and disclosure is necessary in order to fulfil our contractual obligations.
15. The existence of automated decision making
As a responsible company, we refrain from automatic decision making or profiling.