Privacy Notice Website
Introduction
With the following information we want to give you an overview of the processing of your personal data on our website https://m2trust.de (hereinafter referred to as “website“). We also want to inform you about your rights under data protection laws. The processing of your personal data by us is always in accordance with the Basic Data Protection Regulation (hereinafter referred to as “GDPR“) and all applicable country-specific data protection regulations.
- Controller
The controller according to Art.4 Nr. 1 GDPR is
eCom Service AG
Marienstraße 27
70178 Stuttgart – Germany
Phone: +49 711 96 000 100
Email: info@ecom.ag
- Data Protection Officer
You can reach our data protection officer as follows:
Niklas Hanitsch
c/o secjur GmbH
Steinhöft 9
20459 Hamburg
Telephone number: +49 40 228 599 520
E-Mail address: dsb@secjur.com
You can contact our data protection officer any time to ask questions and make suggestions regarding data protection and the exercise of your rights.
- Use of Third-Party Tools
We use third-party services to provide certain functions and services on our website. The specific services can be found in the corresponding chapters.
In some cases, we use service providers that are based in a third country, i.e., outside the European Union. We only transfer data to a third country with an adequate level of data protection or where appropriate safeguards pursuant to Art. 44-49 GDPR have been concluded. You have the right to request a copy of the appropriate safeguards we have put in place. For this purpose, please send us an e-mail to the e-mail address mentioned in this privacy policy.
- Provision of the Website
- General Information
When you visit our website, data that your browser transmits to our serve, is automatically processed. This data is stored in the log files of the server (in so-called “server log files”). The following personal data is processed:
- Browser type and browser version
- Operating system used
- Referrer URL (previously visited website)
- Host name of the accessing computer
- Date and time of server request
- IP address
- Purpose of Processing
We do not use the data stored in server log files to draw any conclusion about your person. The purposes pursued by us include:
- the guarantee of a smooth connection set-up of the website,
- the clarification of acts of abuse or fraud,
- problem analysis in the network, and
- the evaluation of system security and stability.
- Legal Basis
The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. We have an overriding interest in being able to offer our a technically functioning service.
- Retention Period
The log files are stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes will be retained until the matter has been finally clarified.
- Recipients of Personal Data
The following categories of recipients can receive your personal data: Hosting service provider
- Cookies
- General Information
We use cookies on our website. These are text files that your browser automatically creates and that are stored on your end device when you visit our website. Information that is connected to the specific end device is stored in the cookie.
- Technically Necessary Cookies
We use technically necessary cookies. These are cookies that are technically necessary to provide all the functions of our website.
- Purpose of Processing
We use technically necessary cookies for the following purposes:
- to provide services,
- to enable the use of our website functions, as well as
- to offer different languages.
- Legal Basis
The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. We have an overriding interest in being able to offer our a technically functioning service.
- Retention Periods
We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. Technically necessary cookies are only stored for the respective session. When you leave our website and close your browser, the cookies are deleted.,
- Recipients of Personal Data
We do not employ any other service providers for technically necessary cookies. The only category of data recipients is our hosting service provider (see above).
- Business Contacts
- General Information
We collect your general contact information when we are in business contact with your company. Through our website, you can also contact us by email or via our contact form. Furthermore, you have the ability to make an appointment with us online.
To contact you and to answer your request, we process the following personal data from you:
- First and last name
- Email address
- Emails
- Position within the company
- Sector / industry of the company
- Date and time of the inquiry
- IP address
- Other personal data that you provide to us.
- Purpose of Processing
The purpose of processing this data is to contact you if this is necessary for business reasons. We process your data to respond to your inquiry and other matters arising from it.
- Legal Basis
If your request is connected to pre-contractual measures or in relation to an existing contract with us, the legal basis is the performance of the contract and implementation of pre-contractual measures pursuant to Art. 6 (1) (b) GDPR.
If your request is made independently of contractual or pre-contractual measures, our overriding legitimate interests pursuant to Art. 6 (1) (f) GDPR constitute the legal basis. The overriding legitimate interest corresponds to the above-mentioned purposes.
- Retention Periods
We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the context of contact inquiries, this is usually the case when it is clear from the circumstances that the specific matter has been conclusively processed.
- Recipients of Personal Data
The following categories of recipients can receive your personal data: Provider of our Groupware and our customer relationship management software.
- Application
- General Information
You can apply for job vacancies through our application form or via email. As part of the application process, we process the following personal data:
- First and last name
- Address
- Contact data (e.g., e-mail address, telephone number), and
- Application data (e.g., cover letter, resume, certificates, and other supporting documents).
- Purpose of Processing
The purpose of the processing is to carry out the application procedure.
- Legal Basis
The legal basis for the processing of personal data is the fulfillment of the contract and the implementation of pre-contractual measures pursuant to Art. 88 (1) GDPR in conjunction with § 26 (1) Federal Data Protection Act.
If we obtain your consent (e.g., for you to be included in our applicant pool), this constitutes the legal basis for the data processing.
- Retention Period
If an employment relationship is established after completion of the application process, the personal data provided will be processed further for the employment relationship. Otherwise, we generally retain the data for six months after the end of the application process. We then delete all personal data. Longer storage periods are possible if we include the personal data in our application pool after obtaining your consent.
- Recipients of Personal Data
The following categories of recipients can receive your personal data: If you apply to us by email, our groupware provider will receive your data. If you apply to us via the JOIN portal, JOIN Solutions GmbH will also receive your application documents. You can obtain further information about data protection on their end at: https://join.com/privacy-policy/
- Social Networks
- General Information
We maintain presences in social networks to communicate with you and inform you about our services.
- Purpose of Processing
The purpose of the processing is the maintenance of presences in social media.
- Legal Basis
The legal basis for the processing of personal data is our overriding legitimate interest pursuant to Art. 6 (1) (f) GDPR. The overriding interest corresponds to the above-mentioned purposes.
- Recipients of Personal Data
We have company presences in the following social networks:
| Social Network | Address | Third Country | Appropriate Safeguard | Further Information |
| LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland | USA | Standard Data Protection Clauses | Privacy Policy Opt out and advertising configurationJoint Controller Agreement | |
| New Work SE, Am Strandkai 1, 20457 Hamburg | – | – | Privacy Notice |
- Your Rights
- Right to Confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
- Right to Access (Art. 15 GDPR)
You have the right to obtain from us – at any time and free of charge – information about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.
- Right to Rectification (Art. 16 GDPR)
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, considering the purposes of the processing.
- Right to Erasure (Art. 17 GDPR)
You have the right to demand that personal data concerning you be deleted immediately if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
- Right to Restriction of Processing (Art. 18 GDPR)
You have the right to demand that we restrict the processing if one of the legal requirements is met.
- Right to Data Portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
In addition, when exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.
- Right to Object (Art. 21 GDPR)
You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, which is carried out on the basis of data processing on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
- Withdrawing Consent
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
- Right to Lodge a Complaint
You have the right to lodge a complaint about our processing of personal data with a supervisory authority.
- Status of Privacy Policy
This privacy policy is currently valid and has the following status: December 2021.
If we continue to develop our website and our offers or if legal or regulatory requirements change, it may be necessary to amend this privacy policy. You can access the current privacy policy at any time here.
