Privacy Policy


A.    Privacy statement

Thank you for your interest in our Internet presence. The protection of your personal data (hereinafter also “data”) is a very important concern for us. Please also have a look at our separate [privacy policy about registration data].

Controller, contact, data protection officer

Controller pursuant to Art. 4 (7) EU General Data Protection Regulation (“GDPR”) is  

Bayern Connect GmbH
Prannerstraße 10
80333 München

It is represented by the Managing Directors Caspar von Veltheim and Toby Hall.

You can also contact us through the email address info@domains.bayern.

In case of questions or comments concerning this privacy statement, please contact our data protection officer by email at privacy@mmx.co or by post at the following address: 

Data Protection Officer
c/o Bayern Connect GmbH
Prannerstraße 10
80333 München 

For the rest, reference is made to our information at Imprint

Legal bases for processing of your data 

If the legal basis is not listed in the privacy statement, the following applies: 

  • Insofar as we obtain the data subject’s consent for processing, Art. 6 (1) Clause 1 lit. a) GDPR is the legal basis.
  • In case of processing of personal data necessary for the fulfillment of a contract, the legal basis is Art. 6 (1) Clause 1 lit. b) GDPR.
  • Insofar as processing of personal data is necessary for the fulfillment of a legal obligation, the legal basis is Art. 6 (1) Clause 1 lit. c) GDPR.
  • In the event that vital interests of the data subject or of another natural person require a processing of personal data, the legal basis is Art. 6 (1) Clause 1 lit. d) GDPR.
  • If processing is necessary to safeguard legitimate interests of our company or of a third party and if the interests, basic rights, and basic freedoms of the data subject do not outweigh these legitimate interests, the legal basis for processing is Art. 6 (1) Clause 1 lit. f) GDPR. 

Retention periods

The data processed by us is erased or its processing is restricted in compliance with statutory requirements, in particular Art. 17 and 18 GDPR. Unless expressly stated otherwise within the scope of this privacy statement, we erase data stored by us as soon as such is no longer required for the intended purpose. Data will be retained beyond the time at which the purpose ends only if such data is necessary for other, legally permissible purposes or if the data must continue to be retained due to statutory retention periods. In these cases, processing is restricted, i.e. it is blocked, and will not be processed for other purposes.

Server log data

For the informational use of our Internet presence it is generally not required that you actively disclose your personal data. In this case we instead collect and use only the data automatically transmitted to us by your Internet browser. This includes:

  • date and time of your retrieval of one of our websites;
  • your browser type; 
  • your browser settings; 
  • utilized operating system; 
  • your most recently visited site;
  • the transferred data volume and access status (file transferred, file not found, etc.); 
  • your IP address.

The data is stored on our servers. This data is not stored together with other personal data except those stated above. The temporary storage of the IP address by the system is necessary to allow delivery of the website to the user’s computer. For this purpose, the IP address of the user must be stored for the duration of the session. We create so-called log files from this data. The created log files are stored to safeguard the security of our IT systems. A personal evaluation of the data, in particular for marketing purposes, does not take place.

Processing of the above data is required for technical reasons to offer a website pursuant to Art. 6 (1) Clause 1 lit. b), lit. c), lit. f) GDPR in order to correctly display our website to you and to safeguard stability and security. In particular, log files are created to verify attacks on our systems. We erase server log data from our systems at the latest after 7 days.

Contacting

In case of contacting by contact form, email or telephone, your data is processed, depending on the content of the request, for purely informational inquiries based on your (assumed) consent pursuant to Art. 6 (1) Clause 1 lit. a) GDPR or pursuant to Art. 6 (1) Clause 1 lit. b) GDPR, insofar as contacting is connected to contractual performance obligations. In case of contacting through our form, we require only your name and email address in order to reply to you as soon as possible. We delete your contact requests immediately after they are processed, unless statutory retention periods require additional retention.

Processors and data recipients 

In some cases, we use external service providers to process your data, which are bound to our instructions. They were selected and commissioned by us with care and they are monitored regularly. The orders are based on data processing agreements pursuant to Art. 28 GDPR. The processor does not independently process data for its own purposes.

We use a hosting provider to operate this web offer, who processes inventory data, contact data, content data, contract data, utilization data, metadata, and communication data from visitors or customers of this web offer within the scope of our legitimate interest in an efficient and secure provision of this online offer pursuant to Art. 6 (1) Clause 1 lit. f), 28 GDPR.

Your rights 

Pursuant to statutory provisions, you can assert the following rights vis-à-vis the data processing controller free of charge:

  • Right to access by the data subject (Art. 15 GDPR);
  • Right to rectification and erasure (Art. 16 and Art. 17 GDPR);
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR);
  • Right to object (Art. 21 GDPR).

You also have the right to complain to a data protection supervisory authority concerning the controller’s processing of your personal data.

Social media presences

We maintain presences in social media in order to communicate with customers and prospective customers there and to keep them informed. When retrieving the relevant networks, the terms and conditions of the operators apply.

 

B.    Cookies and integrated third-party offers 

We use cookies in our Internet presence. Cookies are small text files that within the scope of your visit of our website are transmitted from our web server to your browser and are stored by your browser on your computer for later retrieval. You yourself can determine, through settings in your browser, the extent to which cookies can be placed and retrieved. Persistent cookies may be stored on your computer after your visit and our website can access them every time each time you visit our website (so-called “ID cookies”). Some cookies that are stored during your visit of our website can be stored and retrieved by other companies.

We use so-called session cookies (also called “temporary cookies”) as cookies that are exclusively stored for the duration of your use of one of our websites. It is necessary for technical reasons to permit session cookies to fully use all functions of our Internet presence. It is the purpose of these cookies to identify your computer during your visit of our Internet presence when changing from one of our websites to one of our other websites and to determine the end of your visits. Persistent cookies are deleted automatically after a specified duration, which may differ depending on the cookie. You can at any time delete cookies in the security settings of your browser.

Legal basis for the use of cookies is Art. 6 (1) Clause 1 lit. f) GDPR unless specified otherwise.

I. Third-Party-Cookies

You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note the following with regard to third-party cookies.

Google Analytics

Google Analytics is a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google uses cookies. The information concerning the use of the user’s online offer generated through cookies is generally transmitted to and stored at a Google server in the USA. 

Google is certified under the Privacy Shield Treaty and thus offers a guarantee that it complies with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We inform you that, on this website, Google Analytics was expanded by the code “anonymizeIp” in order to guarantee anonymized capture of IP addresses (so-called “IP masking”). By activating IP anonymization on this website, your IP address within member states of the European Union or other contracting parties to the Agreement on the European Economic Area is first abbreviated by Google. The full IP address is transmitted to a Google server in the USA and abbreviated there only in exceptional cases. Google uses this information on behalf of the operator of this website to evaluate your use of the website, to create reports concerning website activities, and to provide other services in connection with website use and Internet use vis-à-vis the website operator. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data held by Google. Pseudonym profiles of users may be created from the processed data. The IP address transmitted by your browser is not combined with other data held by Google.

You can prevent the collection of the data generated by the cookie and relating to your use of the website to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information concerning data used by Google, settings options, and opportunities to object are available on Google‘s website under https://www.google.com/intl/de/policies/privacy/partners and under http://www.google.com/policies/technologies/ads and http://www.google.de/settings/ads

II. Social Plugins 

We have appearances in social media in order to communicate with customers and interested parties and to inform them. When calling up the respective networks, the conditions of the operators/controllers apply. To protect your data we deliberately refrain from using social plugins. All displayed buttons are only static links to our profiles stored on the platforms. 

If you are logged in as a member of the linked platforms (Facebook and Twitter), these providers can link the opening of our profiles (by clicking on the respective buttons) with your user profiles there. 

You can find Facebook's privacy policy at https://www.facebook.com/privacy/explanation. 

You can find Twitter's privacy policy at https://twitter.com/privacy. 

Both providers are certified under the Privacy Shield Agreement and thus offer a guarantee to comply with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

The legal basis for the use of social media links is Art. 6 para. 1 lit. f GDPR

 

C.   Data security

We also use technical and organizational security measures to protect incurred or collected personal data, in particular against accidental or intentional manipulation, loss, destruction, or against an attack by unauthorized persons. Our security measures are continuously improved pursuant to technological advances.