Data protection declaration
Any collection, use, storage, deletion or other utilization (hereinafter referred to as ‘processing’) of data serves exclusively to provide our services. Our services have been designed to use as little personal data as possible. In this context, ‘personal data’ (hereinafter also referred to as ‘data’) refers to all individual details about personal or factual circumstances of a specific or identifiable natural person (so-called ‘data subject’).
The following information on data protection describes what types of personal data are processed when you access our website, what happens to this personal data and how you can object to data processing if necessary.
1 General information on data processing on this website
1.1 Controller
The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
Millemedia GmbH
Borselstraße 3
22765 Hamburg
+49 40 414333-0
Homepage: www.millemedia.de
Data protection officer
The data protection officer is Kemal Webersohn from WS Datenschutz GmbH.
If you have any questions about data protection, you can contact WS Datenschutz GmbH at the following email address: millemedia(at)ws-datenschutz.de
WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin
1.3 Protection of your data
We have implemented technical and organizational measures to ensure that the provisions of the GDPR are observed both by us and by external service providers who work for us.
When we work with other companies, such as email and server providers, to provide our services, this is only done after an extensive selection process. In this selection process, each individual service provider is carefully selected for their suitability in connection with technical and organizational skills in data protection. This selection process is documented in writing and a contract in accordance with Art. 28 para. 3 GDPR for the processing of personal data on behalf (AV contract) is only concluded if it meets the requirements of Art. 28 GDPR.
Your information is stored on specially protected servers. Access to it is only possible for a few specially authorized persons.
Our website is SSL/TLS encrypted, which you can recognize by ‘https://’ at the beginning of the URL. If personal data is involved in e-mail communication, the e-mail is sent encrypted from our side. We also use the integrated SSL certificate for this.
Deletion of personal data
We only process personal data for as long as necessary. As soon as the purpose of the data processing has been fulfilled, the data is blocked and deleted in accordance with the standards of the local deletion concept, unless legal requirements prevent deletion.
2 Data processing on this website and creation of log files
2.1 Description and scope of data processing
When you visit our website, our web servers temporarily store each access in a log file. The following personal data is collected and stored until it is automatically deleted:
IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Transferred data volume
Report on whether the retrieval was successful
Identification data of the browser and operating system used
Website from which access is made
We use the services of Hetzner Online GmbH as our web hosting provider. The data processing is carried out by: Hetzner Online GmbH[AT1], Industriestraße 25, 91710 Gunzenhausen, Germany.
For more information about data protection at Hetzner: www.hetzner.de/rechtliches/datenschutz/
Explanations of the scope of possible data processing in the context of web hosting can be found at www.hetzner.de/rechtliches/webhosting/.
2.2 Legal basis for data processing
This data is processed on the basis of Article 6(1)(1)(f) GDPR. Our legitimate interest lies in making our website accessible to you.
2.3 Purpose of data processing
The data processing is carried out for the purpose of enabling the use of the website (establishing a connection). It serves to ensure system security, for the technical administration of the network infrastructure and to optimize the internet service. The IP address is only evaluated in the event of attacks on our network infrastructure or the network infrastructure of our internet provider.
2.4 Duration of data storage
Personal data is deleted as soon as it is no longer required for the purposes stated above. This is the case when you close the website. Our hosting provider may use the data for statistical surveys. However, the data is anonymized for this purpose. Our hosting provider deletes the data after six months.
2.5 Option for the data subject to have the data deleted
The website can only be displayed if the data described is processed. Please contact our data protection officer or the hosting provider to object to the further processing of the data.
3 Use of cookies
3.1 Description and scope of data processing
Our website uses cookies. These are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which certain information flows to us or to the location that sets the cookie. Cookies cannot execute any programmes or transmit any viruses to your computer. We use them to analyze the use of our website in anonymized or pseudonymized form and to present you with interesting offers on this website. Various data can be transmitted in this way:
frequency of website visits
which functions of the website you use
search terms used
your cookie setting
When you access the website, a cookie banner informs you about the use of cookies and refers you to the data protection declaration.
Note on data processing in the USA by Google:
By clicking on ‘Agree to all’, you consent in accordance with Art. 6 para. 1 sentence 1 lit. a) DSGVO that your data will be processed in the USA. According to the ECJ, the data protection standard in the USA is insufficient and there is a risk that your data will be processed by the US authorities for control and monitoring purposes, possibly without any possibility of legal recourse. If you only consent to the setting of essential cookies, the transmission will not take place. Consent that has been granted can be withdrawn at any time.
3.2 Legal basis for data processing
The legal basis for the processing of data by cookies that do not solely serve the functionality of our website is Art. 6 para. 1 sentence 1 lit. a) GDPR.
The legal basis for the data processing for cookies that solely serve the functionality of this website is Art. 6 para. 1 sentence 1 lit. f) GDPR.
3.3 Purpose of the data processing
Our legitimate interest arises from ensuring a smooth connection and convenient use of our website, as well as for reasons of evaluating system security and stability. The data processing also takes place to enable a statistical evaluation of website usage.
3.4 Duration of data storage
There are two types of cookies. Both are used on this website:
Transient cookies (see a)
Persistent cookies (see b)
a) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which is used to assign various requests from your browser to the common session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
b) Persistent cookies, these are automatically deleted after a specified period, which may differ depending on the cookie.
3.5 Option for the data subject to eliminate them
You have the option at any time to revoke your consent to data processing by cookies that do not solely serve the functionality of the website. In addition, we only set cookies after you have agreed to the setting of cookies when you access the page. This way, you can prevent data processing via cookies on our website.
You can also delete cookies at any time using your browser's security settings. Please note that if you do this, you may not be able to use all the features of this website. You can also prevent cookies from being set at any time by adjusting the settings on your internet browser.
This website uses cookies. We use cookies to personalize content and ads, to provide social media features and to analyze traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other information that you have provided to them or that they have collected as part of your use of the services.
Cookies are small text files used by websites to make a user's experience more efficient.
By law, we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.
You can change or withdraw your consent at any time from the cookie declaration on our website.
Find out more about who we are, how you can contact us and how we process personal data in our privacy policy.
Please provide your consent ID and the date when contacting us regarding your consent.
Your consent applies to the following domains: www.millemedia.de
Your current state: Allow all.
Your consent ID: 9d6TcUjp1lV8Jg5R2NNBovkNYr8BeTwORE8Ehoifq8bz8Ml2DHyR3g== Consent date: Tuesday, 18 June 2024 at 10:46:49 CEST
Change consent | Revoke consent
4 Contact
4.1 Description and scope of data processing
You can contact us via email through our website. To do this, various data is required to answer the request, which is automatically stored for processing, in particular your email address, your message, your first name and surname.
The data will not be passed on to third parties.
4.2 Legal basis for data processing
The legal basis used here is Art. 6 (1) sentence 1 lit. b) GDPR.
4.3 Purpose of data processing
We process your data exclusively to process your contact request.
4.4 Duration of data storage
We will delete your data as soon as the purpose of the data processing has been fulfilled, usually immediately after we have answered your enquiry. However, it may be necessary to store your data for a longer period of time. This may be due to legal, regulatory or contractual obligations.
4.5 Option for the data subject to have the data erased
You can contact us at any time to object to any further processing of your data. Unfortunately, in this case we will be unable to continue our communication with you. All personal data processed by us for the purpose of establishing contact will be erased in this case, unless legal obligations to store your data prevent the erasure.
5 Data processing in the context of job applications
5.1 Description and scope of data processing
If you apply to us, personal data will be processed and stored for further processing for the respective application procedure. This includes in particular:
First and last name
Address data
Application documents
You can voluntarily provide further information.
This information will not be passed on to third parties.
5.2 Legal basis for data processing
The legal basis for the data processing is Art. 88 GDPR and § 26 BDSG.
5.3 Purpose of the data processing
We process your data exclusively for the purpose of carrying out the application process.
5.4 Duration of data storage
If the application should lead to the commencement of an employment relationship, the personal data will be stored in accordance with the statutory provisions. If the application is not considered when selecting a potential candidate, it will be deleted in accordance with the rules of the local deletion concept, taking into account the provisions of the AGG, in particular the existing burden of proof according to § 22 AGG.
This does not apply if legal provisions prevent deletion or if you have given your consent to longer storage. In this case, the further storage of your personal data is based on Art. 6 (1) sentence 1 lit. c) or lit. a) GDPR.
5.5 Option for the data subject to object to the processing
You can contact us at any time to object to further processing of your data. All personal data processed by us in the course of the application process will be deleted in this case, unless deletion is contrary to mandatory legal requirements.
6 Trackers and analysis tools
We use the following analysis tools to continuously improve our website offering. The following information explains which data is processed in each case and how you can contact the respective service providers:
6.1 Google Analytics
6.1.1 Description and scope of data processing
Our website uses Google Analytics. This is a service for analyzing access to websites provided by Google LLC. (‘Google’) and enables us to improve our website. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Cookies enable us to analyze your use of our website. The information collected by cookies includes:
IP address,
time of access,
duration of access
and is transmitted to a Google server in the USA and stored there. The evaluation of your activities on our website is transmitted to us in the form of reports. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. The Google tracking codes of our website use the ‘_anonymizeIp()’ function, which means that IP addresses are only processed further in abbreviated form in order to exclude the possibility of direct personal reference to you. You can find more information about the terms of use and data protection of Google Analytics at www.google.de/intl/de/policies/ and www.google.com/analytics/terms/de.html.
6.1.2 Legal basis for data processing
The legal basis for the processing of personal data is your consent in accordance with Art. 6 (1) (1) (a) GDPR.
6.1.3 Purpose of data processing
The processing of your personal data enables us to analyse your surfing behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.
6.1.4 Duration of data storage
The data will be deleted 26 months after your [last] visit to our website.
6.1.5 Option for the data subject to have the data erased
You have the option at any time to revoke your consent to data processing with effect for the future. To do so, please contact our data protection officer. You can also prevent the installation of cookies from Google Analytics by making the appropriate setting in your browser software. In this case, however, you may not be able to use all the functions of our website to their full extent. Google Analytics can also be deactivated and controlled by browser extensions, e.g. tools.google.com/dlpage/gaoptout.
7 Other third-party tools
Furthermore, we use third-party providers to help us with the page display and functionality of the website. These are listed below:
7.1 Cookiebot
7.1.1 Description and scope of data processing
Cookiebot serves to implement the GDPR and other data protection-related legislation in a practical way with regard to the use of cookies on our website and the integration of analysis tools by means of consent. When you give your consent via the cookie banner, the following data is processed:
Your anonymized IP address
Browser type
URL of the consent website
Date and time of consent
Unique encrypted key
These are stored, logged and documented in the data centre of the Cybot cloud vendor, Microsoft Ireland Operations Ltd. in Dublin, Ireland. The data processing is carried out by Cybot, Havnegade 39, 1058 Copenhagen, Denmark.
Further information about the data processing can be found at: www.cookiebot.com/de/privacy-policy/
7.1.2 Legal basis for the data processing
The data processing is based on Art. 6 (1) (1) (c) GDPR.
7.1.3 Purpose of data processing
The purpose coincides with our legitimate interest in data processing and the legally secure guarantee of the full functionality of our website.
7.1.4 Duration of data storage
The data will only be stored for as long as is necessary for the review, unless legal requirements demand longer storage of the data. Cookiebot will delete your consent after 12 months.
7.1.5 Options for the data subject to object
You can revoke the consent given via Cookiebot by deleting the corresponding cookie called ‘CookieConsent’ or ‘CookieConsentBulkTicket’.
7.2 Self-hosted Google Web Fonts
7.2.1 Description and scope of data processing
We use so-called web fonts on the website for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. We have integrated the web fonts locally on our own website so that Google does not know that our website has been accessed via your IP address. If your browser does not support web fonts, a default font will be used by your computer.
7.2.2 Legal basis for data processing
The legal basis is based on our legitimate interest in accordance with Article 6 (1) (1) (f) GDPR.
7.2.3 Purpose of data processing
The purpose of data processing is to ensure that fonts on this website are displayed consistently, in order to provide a visually interesting and user-friendly website.
7.2.4 Duration of data storage
No data is stored.
7.2.5 Option for the data subject to eliminate the data
You can set your browser to not support web fonts. In this case, a standard font will be used by your computer.
8 Data protection notice for our social media presence
We operate the following social media sites:
Facebook:
We use the services
Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’)
.
Due to the judgment of the European Court of Justice of 5 June 2018 (available at curia.europa.eu/juris/document/document.jsf ), operators of social media sites and the social media operators themselves are considered jointly responsible for data processing.
Please note that you use our social media sites and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information that we provide on social media on our own website.
You can contact the data protection officers of the respective social media providers via the respective social media.
You can contact Facebook's data protection officer using the following linked contact form: www.facebook.com/help/contact/540977946302970
8.1 Data processed by social media
When you visit our social media sites, the social media operators collect, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the site operator, with statistical information about the use of the site. The data collected about you in this context is processed by the social media operators and may be transferred to countries outside the European Union. The information provided by the operators of the respective social networks and how they are used is described in the data protection declarations of the respective social networks. You will also find information on how to contact them there.
You can find more information on this under the following links:
Facebook:
de-de.facebook.com/help/pages/insights.
de-de.facebook.com/about/privacy
de-de.facebook.com/full_data_use_policy
The way in which the social media operators use data from visits to our social media sites for their own purposes, the extent to which activities on the social media sites are assigned to individual users, how long the operators store this data and whether data from visits to the social media sites is passed on to third parties is not conclusively and clearly stated by the social media operators and is not known to us.
When you access our social media sites, the IP address assigned to your device is transmitted to the operator of the respective social network. The social networks also store information about the users' end devices (e.g. as part of the “login notification” function); this may enable the social media operators to assign IP addresses to individual users.
If you are currently logged in to the respective social network as a user, there is a cookie on your device with your individual identifier in that social network. This enables the social network operator to track the fact that you have visited a particular page and how you have used it. Based on this data, content or advertising can be tailored to your previous website visits.
If you wish to avoid this, you should log out of the respective social network or deactivate the ‘stay logged in’ function, delete the cookies stored on your device, close and then restart your browser. This will delete the login information that can be used to identify you directly. This allows you to use our social media sites without disclosing your user ID. If you access interactive functions on the site (like, comment, share, messages, etc.), a login screen will appear. After logging in, you will again be recognisable to the social network used as a specific user.
For information on how to manage or delete existing information within the social network, please refer to the above-mentioned support pages of the respective social network.
8.2 Data processed by us
8.2.1 Type and scope of data processing
We process the data you enter on social networks, in particular your username and the content published under your account, insofar as we respond to your messages if necessary. In addition, your published posts, ratings and comments refer to your account on the respective social network. If you mention us using @ or # or similar, this mention may be published on our site under your username. The data that you have freely published and distributed on the respective social network may thus be included by us in our offer and made accessible to other users of the respective social network. If you mark our appearance in the social media with ‘Like’ or ‘Follow’ or a similar interaction, the respective social network will inform us of this with your user name and link to your account.
8.2.2 Legal basis for the processing
The data processing on our part is based on Article 6(1)(1)(f) GDPR. Our legitimate interest arises from the promotional function of social media. We use it to increase awareness of our company.
8.2.3 Purpose of the processing
The data provided by you in this context and possibly accessible to us (e.g. user name, images, interests, contact data) will be processed by us exclusively for the purpose of communicating with customers and interested parties. Our legitimate interest lies in offering you a platform on which we can display current information and with the help of which you can address your concerns to us and we can respond to your concerns as quickly as possible.
8.2.4 Duration of storage
Your data will be deleted as far as possible when we stop our social media presence.
9 Data transfer to a third country
In order to provide our services, we use the support of service providers from the European area as well as from third countries. To ensure the protection of your personal data even in the case of data transfer to a third country, we conclude special order processing contracts with each of the carefully selected service providers. All of our service providers have sufficient evidence that they ensure data security by means of appropriate technical and organizational measures. Our service providers from third countries are either located in countries that have an adequate level of data protection recognized by the EU Commission (Art. 45 GDPR) or have provided appropriate safeguards (Art. 46 GDPR).
Adequate level of protection: The provider is based in a country whose adequate level of data protection has been recognized by the EU Commission. For more information, please visit: ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
EU standard contractual clauses: Our provider has submitted to the EU standard contractual clauses to ensure secure data transfer. You can find more information at: eur-lex.europa.eu/eli/dec_impl/2021/914/oj
Binding Corporate Rules: The GDPR provides for the possibility of ensuring data protection when transferring data to a third country by means of binding internal data protection rules. These are reviewed and approved by the competent supervisory authorities as part of the consistency procedure under Article 63 of the GDPR.
Consent: In addition, a data transfer to a third country without an adequate level of protection will only take place if you have given us your consent in accordance with Art. 49 (1) a) GDPR or if another exception under Art. 49 GDPR applies to the data transfer.
10 Your rights
You have the following rights with respect to us regarding your personal data:
10.1 Right to revoke consent (see Art. 7 GDPR)
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data for the future, after you have given it to us. It can be made orally or in writing by post or e-mail to us.
10.2 Right of access (see Art. 15 GDPR)
In the event of a request for access, you must provide sufficient information to establish your identity and provide proof that the information relates to you. The right of access concerns the following information:
the purposes for which the personal data are processed;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
10.3 Right to rectification or erasure (see Art. 16, 17 GDPR)
You have the right to obtain from us, as the controller, the rectification and/or completion of inaccurate or incomplete personal data concerning you. The controller must carry out the rectification without undue delay.
You also have the right to request the erasure of personal data concerning you where one of the following grounds applies:
The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
You object to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21(2) of the GDPR.
Your personal data has been unlawfully processed.
Your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
If we have made the personal data concerning you public and we are obliged to erase it pursuant to Art. 17 (1) GDPR, we shall take all reasonable steps, including informing other controllers processing the personal data, that you have requested the erasure of any links to, or copy or replication of, this personal data.
The right to erasure shall not apply to the extent that processing is necessary
to exercise the right to freedom of expression and information;
to fulfil a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
10.4 Right to restriction of processing (see Art. 18 GDPR)
You have the right to obtain from us restriction of processing of your personal data where one of the following applies:
you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds override yours.
Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the above conditions, you will be informed by us before the restriction of processing is lifted.
10.5 Right to information (cf. Art. 19 GDPR)
If you have asserted your right to correction, deletion or restriction of data processing against us, we are obliged to notify all recipients of your personal data of the correction, deletion or restriction of data processing. This only applies to the extent that this notification does not prove impossible or would not involve a disproportionate effort.
You have the right to know which recipients have received your data.
10.6 Right to data portability (see Art. 20 GDPR)
You have the right to receive your personal data from us in a commonly used, machine-readable format in order to have it forwarded to another controller if necessary, provided that
the processing is based on consent pursuant to Art. 6 (1) 1st sentence a) GDPR or Art. 9 (2) a) GDPR or on a contract pursuant to Art. 6 (1) 1st sentence b) GDPR and
the processing is carried out by automated means.
When exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
10.7 Right to object to the processing (see Art. 21 GDPR)
If we base the processing of your personal data on a legitimate interest (pursuant to Art. 6 (1) sentence 1 f) GDPR), you have the right to object to the processing. The same applies if we base the data processing on Art. 6 (1) sentence 1 e) GDPR.
When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. If your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you our compelling legitimate reasons for continuing the processing.
10.8 Right to lodge a complaint with the competent supervisory authority (see Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform you of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
11 How to exercise these rights
To exercise these rights, please contact our data protection officer:
Kemal Webersohn from WS Datenschutz GmbH
millemedia(at)ws-datenschutz.de
or by post:
WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin
12 Reservation of the right to amend
We reserve the right to amend this data protection declaration in compliance with the statutory provisions.
As of June 2024