Welcome to our website! We appreciate your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the relevant national implementing laws. This privacy policy provides you with comprehensive information about how meplan GmbH processes your personal data and your rights in this regard.
Personal data is information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, email address, but also your IP address.
Anonymous data exists when no personal connection to the user can be established.
Responsible body and data protection officer
meplan GmbH
Am Messesee 2
81829 Munich
Contact information
E-Mail: info@meplan.de
Telephone: 49 89 540267980
www.meplan.com
Contact Privacy Policy
datenschutzbeauftragter@meplan.de
Your rights as a data subject
First, we would like to inform you about your rights as a data subject. These rights are defined in Articles 15–22 of the GDPR. This includes:
To exercise these rights, please contact datenschutzbeauftragter@meplan.de. The same applies if you have questions about data processing in our company or wish to withdraw your consent. You also have the right to lodge a complaint with a data protection supervisory authority.
rights of objection
Please note the following regarding your right to object:
If we process your personal data for direct marketing purposes, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct marketing.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally, preferably to: datenschutzbeauftragter@meplan.de.
In the event that we process your data to protect legitimate interests, you may object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishing, exercising or defending legal claims.
Purposes and legal bases of data processing
Your personal data is processed in accordance with the provisions of the GDPR and all other applicable data protection regulations. The legal basis for data processing arises in particular from Article 6 of the GDPR.
We use your data for initiating business, fulfilling contractual and legal obligations, executing the contractual relationship, offering products and services, and strengthening customer relationships, which may also include analyses for marketing purposes and direct advertising.
Your consent to data processing can also constitute a legal basis for data processing under data protection law. Before you grant your consent, we will inform you about the purpose of the data processing and your right to withdraw it.
Should your consent also extend to the processing of special categories of personal data, we will explicitly inform you of this in the consent form. Otherwise, processing of special categories of personal data pursuant to Article 9 of the GDPR will only take place if required by law.
Disclosure to third parties
We will only disclose your data to third parties within the framework of legal regulations or with your explicit consent. Otherwise, your data will not be disclosed to third parties unless we are legally obligated to do so (disclosure to external bodies such as regulatory authorities or law enforcement agencies).
Recipients of the data / Categories of recipients
Within our company, we ensure that your data is only accessible to those individuals who need it to fulfill contractual and legal obligations. Where legally permissible (as described above), we share personal data with our group companies for contract execution and reporting purposes.
In certain cases, service providers support our specialist departments in fulfilling their tasks and may receive data. The necessary data protection agreements have been concluded with all service providers.
The following entities may receive your data:
Data may be transmitted to certain public authorities, e.g., tax authorities, and possibly also law enforcement or customs authorities, in cases provided for by law.
Transfer to a third country / Intention to transfer to a third country
Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the performance of the contract, is required by law, or if you have given us your consent.
We transfer your personal data to service providers outside the European Economic Area. Compliance with data protection standards is ensured through: EU Standard Contractual Clauses.
Data retention period
We store your data for as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data be stored for longer periods. This applies in particular to commercial or tax law retention obligations (e.g., German Commercial Code, German Fiscal Code, etc.). Unless further retention obligations exist, the data will be routinely deleted once the purpose has been fulfilled.
In addition, we may retain data if you have given us your permission to do so, or if legal disputes arise and we need to use evidence within the statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.
Secure transfer of your data
To protect the data stored with us as effectively as possible against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons, we implement appropriate technical and organizational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.
Data exchange to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, using the latest encryption protocols.
Furthermore, it is possible to use alternative communication channels (e.g., postal mail).
Obligation to provide data
Various personal data are necessary for the establishment, execution, and termination of the contract and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
We have summarized the details for you in the section above. In certain cases, data must also be collected or provided due to legal requirements. Please note that processing your request or fulfilling the underlying contractual obligation is not possible without providing this data.
Categories, sources and origin of the data
The data we process depends on the specific context: This depends, for example, on whether you place an order online, enter a request in our contact form, send us an application, or submit a complaint.
Please note that we may also provide information for specific processing situations separately in a suitable location.
When you visit our website, we collect and process the following data:
To continuously improve our services and for reasons of technical security (in particular to defend against attacks on our web server), this data is stored as a log file on our server in accordance with Article 6 Paragraph 1 Letter f GDPR. Log file analysis is performed to improve our services. The server log files may only be stored for longer periods, disclosed, or subsequently accessed and reviewed if this is permitted within the legal framework (e.g., in cases of suspected illegal activity).
Anonymization by shortening the IP address takes place after a maximum of 7 days, so that no connection to the user can be established.
Contact form / Contact via email (Art. 6 para. 1 lit. a, b GDPR)
Our website contains forms that can be used for electronic registration. If you contact us via the registration form, we will process the data you provide in the form to contact you and answer your questions and requests.
We adhere to the principles of data minimization and data avoidance by requiring you to provide only the data absolutely necessary for us to contact you. This includes your email address and the message itself. Additionally, for technical reasons and legal protection, your IP address will be processed. All other data fields are optional and can be filled in if desired (e.g., to allow us to answer your questions more personally).
To best protect the security and confidentiality of your data, we implement appropriate security measures. Your request will be transmitted to us in encrypted form.
If you contact us by email, we will process the personal data you provide in the email solely for the purpose of processing your request.
Newsletter (Art. 6 Abs. 1 lit. a DS-GVO)
You can subscribe to our free newsletter on our website. The email address and name you provide when subscribing will be used to send you the personalized newsletter.
For the technical delivery of our newsletters, we use the service provider Brevo, a service of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, which provides a SaaS solution for email marketing. Brevo allows us to plan, organize, and analyze newsletter distribution. Your data is stored and processed on servers in Germany. We have concluded the necessary contractual agreements with Brevo, obligating them to protect our customers' data.
The principles of data minimization and data avoidance are observed, as only the email address is marked as a mandatory field. For technical reasons and for legal protection, your IP address is also processed when you subscribe to the newsletter.
We use the so-called double opt-in procedure for sending newsletters via email. This means that you will only receive advertising by email if you have previously explicitly confirmed that you wish to activate the newsletter service. This is done by sending you a confirmation email and asking you to click on a link contained in that email to confirm that you wish to receive our newsletter at this email address.
You can, of course, unsubscribe at any time using the unsubscribe link provided in the newsletter and thus revoke your consent. Furthermore, you can also unsubscribe directly from the newsletter at any time via our website.
Advertising purposes for existing customers (Art. 6 para. 1 lit. f GDPR)
meplan GmbH is interested in maintaining our customer relationship with you and sending you information and offers about our products/services for advertising purposes. Therefore, we process your data to send you relevant information and offers by email.
If you do not wish to receive direct marketing, you can object to the use of your personal data for this purpose at any time; this also applies to profiling insofar as it is related to direct marketing. If you object, we will no longer process your data for this purpose.
The objection can be made free of charge and without giving reasons, and should preferably be sent to 49 89 540267980, by email to datenschutzbeauftragter@meplan.com or by post to meplan GmbH
Address: Am Messesee 2, 81829 Munich.
Automated case-by-case decisions
We do not use purely automated processing methods to reach a decision.
Cookies (Art. 6 Para. 1 lit. a, f DS-GVO, § 25 Para. 1, 2 TTDSG)
Our website uses cookies. These help make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your device and saved locally by your browser. Cookies contain only pseudonymous, and often anonymous, data. Some cookies remain for the duration of a browser session (session cookies), while others are stored for a longer period (persistent cookies, e.g., for consent settings). In addition to our own cookies, we also use cookies controlled by third-party providers. These providers use the information contained in the cookies to, for example, display content to you or track the pages you visit.
Based on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), we use technically necessary cookies that are essential for the operation of the website and ensuring its functionality. Furthermore, we use cookies without your consent if their sole purpose is to store or access information stored on your device for the transmission of messages, or if they are absolutely necessary to provide the service you have expressly requested, § 25 para. 2 TTDSG.
Subject to your consent, further cookies will be used, which allow us and/or third parties to, for example, analyze how our services are used. This enables us to tailor the content to user needs. The legal basis for this is your explicit consent (Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TTDSG).
You can withdraw your consent at any time with effect for the future via our consent banner and change your cookie settings. Please note that changes must be made separately for each device.
If you have accounts with the third-party providers we use and are logged in, your data may be linked to that account. You can prevent this merging by not giving or withdrawing your consent to the relevant cookies, or by logging out of the respective third-party providers beforehand.
Most browsers accept cookies automatically. You can also manually disable, restrict, or delete cookies on your device via your browser settings or using software. If you disable cookies, full use of our website may be impossible or severely limited.
Please also refer to our information in the section for each service that uses cookies.
Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR, as well as § 25 para. 1 TTDSG). Google Analytics uses so-called "cookies." These are text files that are stored on your device and enable an analysis of your use of the website. The information stored in this way is generally transmitted to a Google server in the USA and stored there. With IP anonymization activated, your IP address is shortened before data transmission and within the European Union or contracting states of the European Economic Area. Only in exceptional cases does the full IP address take place to be transmitted to Google.
On behalf of the operator of this website, Google will process this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Sessions and campaigns end after a certain period of time. By default, sessions end after 30 minutes of inactivity and campaigns after six months. Users' personal data is deleted or anonymized after 14 months.
Google processes and stores your data in the USA. Appropriate contractual agreements and guarantees ensure compliance with European data protection standards for data transfers and processing in third countries.
Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.
You can withdraw your consent at any time with effect for the future. To do so, simply access our consent banner and deselect the relevant consent option. Please note that the change in the consent banner settings must be made individually for each device.
This website uses the IP anonymization function of Google Analytics. Furthermore, a data processing agreement has been concluded with Google. You also have the option to deactivate Google Analytics using a browser add-on.
Further information can be found at https://support.google.com/analytics/answer/6004245 (general information about Google Analytics and data protection).
Cookiebot
For the display of the cookies and tools used via a consent banner directly on our website, through which you access our online services, as well as the advanced settings options accessible through this banner, we use the services of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. The processing of data in connection with Cookiebot is based on our legitimate interest for the purpose of user-friendly consent management. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, § 25 para. 2 no. 2 TTDSG. The necessary contractual agreement for data processing by Usercentrics A/S has been concluded, and we have contractually engaged Cookiebot as a data processor in compliance with data protection regulations.
Cookiebot is used after a balancing of interests. The focus is on the interest in the simplest and most centralized consent management possible, which records all data connections from third parties as well as tools requiring consent and offers you, among other things, an easy way to withdraw your consent. The settings are stored on your device using cookies. You can also delete these manually at any time, so that our interest in using Cookiebot ultimately outweighs any potentially conflicting interests of users.
When you activate or deactivate the use of certain offers via our consent banner, we store this information on your device using a consent cookie. This storage is necessary for the technical implementation of consent management and serves as proof for our purposes.
You can change your settings and the settings you made via Cookiebot in our consent banner at any time with effect for the future. To do this, simply access our consent banner.
You can object to data processing at any time. Please note that you will then no longer be able to use our website. To exercise your right to object, delete the cookies stored in your browser.
Further information on data processing can be found in the privacy policy of Usercentrics A/S at: https://www.cookiebot.com/de/privacy-policy/.
Unbounce
We use the web design tool Unbounce on our website. This is provided by the Canadian company Unbounce Marketing Solutions Inc., 500-401 West Georgia St. Vancouver, BC, V6B 5A1, Canada.
The processed data may also be transferred to servers in Canada (a third country outside the EU/EEA). The European Commission has issued an adequacy decision for Canada pursuant to Article 45(2) GDPR (https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32002D0002), meaning that data transfers to this country are generally permissible.
Unbounce is a cloud-based marketing platform for creating customized landing pages and analyzing user behavior through A/B testing. This allows us to display slightly varied content on our website based on your user profile. This enables us to analyze and regularly improve our offerings and make them more relevant to you. Cookies are stored on your computer for this analysis. Some subpages of our website are hosted by Unbounce. When you access these pages, your IP address is transmitted to Unbounce, and cookies may be set. All information you enter on these pages is also stored by Unbounce. We then receive an anonymous analysis of this activity. Further information can be found at https://unbounce.com/privacy.
You can prevent this analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, please note that you may not be able to fully use our website. Preventing the storage of cookies is possible through your browser settings. Before analysis, IP addresses are shortened and processed further, thus preventing direct identification of individuals. The IP address transmitted by your browser will not be combined with other data we collect. The legal basis for this processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR, as well as Section 25 para. 1, 2 TTDSG.
Applicant portal (Art. 6 para. 1 lit. a, b GDPR)
We appreciate your interest in working at meplan GmbH. We are aware of the importance of your data and process the personal data you provide in the application form only for the purpose of effectively and correctly handling the application process and for contacting you during the application process. Your data will not be shared with third parties without your consent.
As part of the application form, you will be asked to provide personal data. We adhere to the principles of data minimization and data avoidance, meaning you only need to provide the data we require to fully review your application documents, such as your CV, or data we are legally obligated to collect. These mandatory fields are marked with an asterisk (*). For technical reasons and for legal protection, your IP address will also be processed.
Without this information, we unfortunately cannot review your application documents; therefore, our application system does not allow you to upload them in this case. Of course, you have the option to provide additional information voluntarily in the application form.
To best protect the security and confidentiality of your data, we implement appropriate security measures. Your application documents are transmitted to us in encrypted form via our application system.
We store your data for the purposes mentioned above until the application process is completed and all relevant deadlines have expired – at the latest six months after you receive a decision. However, you have the option of allowing us to store your application documents for a longer period and compare them with other vacant positions that match your profile.
You can of course revoke your consent at any time without giving reasons with effect for the future by telephone on 49 89 540267980, by e-mail to datenschutzbeauftragter@meplan.com or by post to meplan GmbH, Am Messesee 2, 81829 Munich.
Links to other providers
Our website contains – clearly marked – links to the websites of other companies. Where links to third-party websites exist, we have no influence over their content. Therefore, we cannot assume any responsibility or liability for this content. The respective provider or operator of the linked websites is always responsible for their content.
The linked pages were checked for potential legal violations and recognizable infringements at the time the links were created. No illegal content was apparent at that time. However, continuous monitoring of the content of linked pages is not feasible without specific indications of a legal violation. Upon notification of legal violations, such links will be removed immediately.
Social Media links
On our website you will find links to our social media profiles on LinkedIn, Meta/Facebook, Instagram, and YouTube. You can recognize these links by their respective company logos. Following these links will take you to meplan GmbH's profile on the respective social media platform. Clicking a link to a social media platform establishes a connection to that platform's servers. This transmits information to the social media platform's servers that you have visited our website. Furthermore, additional data is transferred to the social media platform provider. This includes, for example:
If you are already logged into the relevant social media service when you activate the link, the provider of the social media service may be able to determine your username and possibly even your real name from the transmitted data and associate this information with your personal user account on the social media service. You can prevent this association with your personal user account by logging out of your user account beforehand.
The servers of social media services are located in countries outside the European Union. Therefore, the data may also be processed by the social media service provider in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as in the member states of the European Union.
Please note that we have no control over the scope, nature, and purpose of data processing by the social media service provider. For more information on how your data is used by the social media services integrated into our website, please refer to the privacy policy of the respective social media service.
Information on data protection in social media
We maintain a presence on social media platforms, specifically Facebook, Instagram, LinkedIn, Xing, and YouTube. To the extent that we have control over the processing of your data, we ensure compliance with applicable data protection regulations.
Below you will find the most important information regarding data protection law in relation to our online presence.
Name and address of the person responsible for the operation
In addition to us, the following are responsible for the company's online presence in accordance with the General Data Protection Regulation (GDPR) and other data protection regulations:
(LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland)
(New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)
(Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
Youtube
(Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland)
doo GmbH
(doo GmbH, Hultschiner Str. 8, Munich, Germany)
However, you use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating).
We would also like to point out that your data may be processed outside the European Union. Regarding US providers, we would like to point out that these providers are contractually obligated to comply with EU data protection standards.
Purpose and legal basis
We ourselves maintain the fan pages in order to communicate with the visitors of these pages and to inform them about our offers in this way.
Furthermore, your personal data is processed by social media providers for market research and advertising purposes. For example, user profiles may be created based on your usage patterns and the resulting interests. This allows, among other things, the display of advertisements both on and off the platforms that match your interests. Cookies are typically stored on your computer for this purpose. Regardless, your user profiles may also contain data that is not directly collected on your devices. This storage and analysis also occurs across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms. Beyond this, we do not collect or process any personal data.
We process your personal data on the basis of our legitimate interests in effective information and communication pursuant to Art. 6 para. 1 sentence 1 lit. f. GDPR.
If you are asked for your consent to data processing, i.e., if you declare your consent by confirming a button or similar (opt-in), the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 GDPR.
Your rights / Right to object
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored member data at the respective network, you must
After logging in again, you will once again be identifiable to the network as a specific user.
For a detailed description of the respective processing activities, please refer to the information linked below:
Privacy policy: www.linkedin.com/legal/privacy-policy
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
Privacy Policy: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
Privacy Policy: https://instagram.com/about/legal/privacy
YouTube
Privacy Policy: https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/
doo GmbH
Privacy Policy: https://www.doo.net/datenschutz
Overall, you have the following rights regarding the processing of your personal data:
Right to information; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint with the competent data protection authority regarding unlawful processing of your personal data.
However, since we do not have full access to your personal data, you should contact the social media providers directly when making a claim, as they each have access to the personal data of their users and can take appropriate measures and provide information.
Should you still require assistance, we will of course try to support you. Please contact datenschutzbeauftragter@meplan.de.
HootSuite
On our website we use the HootSuite platform, which is provided by HootSuite Media Inc., 5 East 8th Avenue, Vancouver, V5T 1R6, Canada.
HootSuite allows us to generate and post content for our social media platforms. It enables us to centrally manage our social media accounts, manage our marketing and advertising campaigns, interact with our customers, and analyze these activities.
The processed data may also be transferred to servers in Canada (a third country outside the EU/EEA). The European Commission has issued an adequacy decision for Canada pursuant to Article 45(2) GDPR (https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32002D0002), meaning that data transfers to this country are generally permissible. The legal basis for this processing is Article 6(1)(a) GDPR. Personal data is processed using HootSuite when you contact us via our social media platforms. Here, the IP address, as well as log and usage data, are collected for statistical purposes. Additional personal data is collected if you provide or upload it to us via our social media platforms. More detailed information on data processing by HootSuite can be found at https://www.hootsuite.com/legal/privacy.
meplan GmbH – As of February 2024