Privacy policy
1 – Introduction
1.1 – Privacy policy
Thank you for visiting our website and for your interest in our company and our products and services. The protection of your personal data is very important to us. M+D Composites Technology GmbH (hereinafter referred to as ‘md-composites.de’, ‘we’ or ‘us’) attaches great importance to the security of user data and compliance with data protection regulations.
md-flugzeugbau.de websites may contain links to websites of other providers that are not covered by this privacy policy. What data the operators of these sites may collect is beyond our knowledge and sphere of influence.
Information can be found in the data protection notice of the respective site.
Below we inform you in detail about the handling of your data.
1.2 – Definitions
The data protection declaration is based on the terms used in the General Data Protection Regulation (GDPR).
- ‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’) (Art. 4 No. 1 GDPR). Your personal data includes information such as your master data (first and last name, address and date of birth), your contact details (telephone number, email address), your billing data (bank details) and much more.
– ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
– ‘Data subject’ means any identified or identifiable natural person whose personal data are processed by the controller.
– ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
– ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
– ‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
– ‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
– ‘Consent’ means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
1.3 – Collection and processing of personal data
It is generally possible to use our website without providing any personal data. However, if you wish to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
2 – Centre part
Purposes of collection - category of data - legal basis for processing.
2.1 – Anonymous data collection
You can visit our website without actively providing any personal information. However, we automatically save access data (server log files) each time the website is accessed, such as the name of your Internet service provider, the operating system used, the website from which you are visiting us, the date and duration of the visit or the name of the requested file, as well as the IP address of the computer used for security reasons, e.g. to recognise attacks on our websites. This data is analysed exclusively to improve our offer and does not allow any conclusions to be drawn about your person. This data is not merged with other data sources. The legal basis for processing the data is Art. 6 para. 1 GDPR. We process and use the data for the following purposes: 1. provision of the stellenanzeigen.de websites, 2. improvement of our websites and 3. prevention and detection of errors/malfunctions and misuse of the websites. Data processing of this kind is carried out either to fulfil the contract for the use of the stellenanzeigen.de websites or we pursue a legitimate interest in ensuring the functionality and error-free operation of the stellenanzeigen.de websites and adapting these websites to the requirements of the users.
2.2 – Registration on the website
You have the option of registering on our website. The purpose of registration is to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. We collect the following data: E-mail address. The information marked as mandatory is required for registration; any additional information is provided voluntarily and can be cancelled at any time.
By registering on our website, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of registration are also stored. This data is stored against the background that this is the only way to prevent misuse of our services and, if necessary, to enable criminal offences to be investigated. In this respect, the storage of this data is necessary for our security. This data will not be passed on to third parties unless there is a legal obligation to pass it on or it serves the purpose of criminal prosecution.
Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from our database, provided that this does not conflict with any statutory retention obligations.
2.3 – Contact form/inquiries
Interested parties/applicants (B2C): You have the option of sending us enquiries via the contact form on our website. Your details from the contact form (content of your enquiry, subject of your enquiry and date) including the contact details you provide there (first name, surname and email) will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent. The legal basis for the collection and processing of data is Art. 6 para. 1 GDPR.
Companies (B2B): You have the option of sending us enquiries via the contact form on our website. Your details from the contact form (content of your enquiry, subject of your enquiry and date) including the contact details you provide there (company, title, first name, surname, position, street, postcode, place of residence, telephone and email) will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent. The legal basis for the collection and processing of data is Art. 6 para. 1 GDPR.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.
2.4 – E-mail contact
If you send us enquiries or information by e-mail, your details (e-mail address, content of your e-mail, subject of your e-mail and date) including the contact details you provide there (name, surname, telephone number if applicable, address) will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent. The legal basis for the collection and processing of the data is Art. 6 para. 1 GDPR.
The user is advised that e-mails can be read or changed without authorisation and unnoticed during transmission. stellenanzeigen.de uses software to filter unwanted e-mails (spam filter). The spam filter can reject e-mails if they have been falsely identified as spam due to certain characteristics.
The data you enter will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
However, participants agree to make their first names (surname only with initial letters) including photos available for editorial texts in the event of winning.
2.5 –Career area/online application
On our website, you have the option of using the careers section and/or submitting applications by e-mail. The personal data (master data, contact details, attachments such as cover letter, CV, certificates, etc.) of applicants are collected and processed for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends the relevant application documents to the controller, for example by email or via a web form on the website. The controller is obliged to store the transmitted data only for the purpose of processing the application procedure/employment relationship and in compliance with the statutory provisions. Further information can be obtained directly from the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). The legal basis for the collection and processing of data is Art. 6 para. 1 GDPR.
3 – Transmission of the data
3.1 – Transmission internally, within md-flugzeugbau.de
We transfer your data internally to the administration, personnel department and payroll department in order to fulfil our contractual or legal obligations. Your data will only be transferred or disclosed to the extent necessary for this purpose in compliance with the relevant data protection regulations.
3.2 – Transmission group-wide/group-wide
The data that you transmit to us is stored in our centralised customer database in Germany. If data is exchanged within the group/group, this is done to fulfil a contract or as a condition of use for the websites. There may also be an interest in passing on this data for internal, administrative purposes. If your data is processed outside Europe, this transfer takes place in compliance with all applicable data protection laws and in particular in accordance with Art. 44 f. GDPR.
3.3 – Transmission to third parties
We transfer your data to certain third parties in order to be able to provide corresponding applications and services (so-called "processors") who provide external services for us. For example, newsletter services, IT providers, tax consultants, etc. Data may be transferred to other third parties in order to fulfil our obligations (authorities, banks, social insurance providers, etc.). Third parties only process the data in accordance with our instructions and are also prohibited from using this data for their own commercial purposes that do not correspond to the agreed purposes.
We must disclose personal data if we are obliged to do so in the context of ongoing legal proceedings, on the basis of an order, by law or on the basis of applicable law (Art. 6 para. 1 lit. f GDPR).
We only pass on your personal data to third parties if:
You have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
If your data is processed outside Europe, this transfer takes place in compliance with all applicable data protection laws and in particular in accordance with Art. 44 f. GDPR.
4 – Final part of the privacy policy
4.1 – Duration of storage (passage)
We generally store your data for as long as this is necessary for the provision of our online offering and the associated services or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject. In all other cases, we delete your personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to fulfil legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).
4.2 – Technical safety
M+D Composites Technology GmbH uses technical and organisational security measures to protect the data we have under our control against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
This site uses SSL encryption (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
4.3 – Legal basis of the processing
Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person.
This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our customers.
4.4 – Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
4.5 – Rights of data subjects
You have the right:
to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller (data portability);
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation;
to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace for this purpose.
4.6 – Revocation of your consent to data processing
Some data processing operations are only possible with your express consent. You have the option to revoke any consent you have already given at any time. All you need to do is send us an informal email to datenschutz@md-gruppe.com. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
