Legal Notice

Service provider pursuant to § 5 of the German Telemedia Act (Telemediengesetz, TMG)

Name, address, and contact data of the provider:

MKH Greenergy Cert GmbH

Authorised representative:

Herr Dipl.-Ing. Hafid M’Khayer

Herr Issam Bernis, B.Eng.

Address and contact data

Süderfelderstr. 35
22529 Hamburg

Telephone: +49 40 880 991 820
Fax: +49 40 880 991 829
Mail: buero@ge-cert.de

Commercial register

Hamburg – HBR128934

VAT Identification Number

DE 2914 50 869

The services we render are subject to our General Terms of Business. You can find our GTB under (https://www.ge-cert.de/anlagenzertifizierung-und-eza-konformitaetserklaerung-downloads/). Those terms also stipulate that German law applies and, to the extent possible, Hamburg is the agreed forum.

Privacy Notice

As revised on 30 January 2023

 1. Preamble

Data protection is of a particularly high priority of MKH Greenenery Cert GmbH (“MKH”, “we” or “us). With the following Privacy Notice, we inform you in detail about the handling of your personal data and data protection at MKH.

2. What does this Privacy Notive applies to?

This Privacy Notice applies to the use of your personal data when you visit the MKH-websites at https://www.ge-cert.de/ or our social media profiles on Facebook, LinkedIn or XING. In addition, this Privacy Notice applies when you contact us by e-mail, telephone or mail.

3 Who is responsible and to whom can I reach out?

3.1. Person responsible within the meaning of the GDPR

The controller of the data processing operations described in this Privacy Notice is:

MKH Greenergy Cert GmbH

Süderfelderstraße 35

22529 Hamburg

Deutschland

Phone: +49 40 880 991 821

E-Mail: buero@ge-cert.de

You can contact the data controller at any time in relation to all data protection inquiries, in particular the exercise of your rights as a data subject (Section 9). In particular, the following e-mail address is available for such requests: buero@ge-cert.de.

3.2. Contact details of the data protection officer

Data Protection Officer

For all questions and as a contact person on the subject of data protection at our company, our data protection officer is available to you at any time. The contact details are:

FK-Data protection UG

(Limited liability)

Frank Kowalski

E-Mail: info@fk-datenschutz.de

Phone: +49 40 943 63 764

Fax: +49 40 943 63 765

Address: Tangstedter Weg 38E

4. Which data do we process from you, for what purposes and on what legal basis do we process your data?

MKH collects and processes various personal data from you depending on the specific processing situation.

We process your personal data exclusively in accordance with the provisions of the General Data Protection Regulation (“GDPR“) and the Federal Data Protection Act (Bundesdatenschutzgesetz) (“BDSG“).

Below you will find a list of which personal data we process depending on the processing situation, the purposes of this data processing and the legal basis on which we process the data.

4.1 Visiting our website

In this section 4.1 we describe how your personal data is processed in connection with your visit to our website at: https://www.ge-cert.de/

(a)  Categories of personal data
Visiting our website is generally possible without disclosing your identity. However, if you use the services provided by us on the website without registering, we will process, inter alia, the following personal data from you:

·       Data about the usage of the provided websites (e.g., used browser, used operating system, internet service provider of the accessing system, referrer URL, sub-websites, date and time of server request, requested contents, duration of usage);

·       IP address of the requesting computer; and

  • other technical data comparable to the previous ones.
(b)  Purposes and legal basis of the data processing operations
The processing of the data enables you to visit our website and to display our website properly. In addition, the processing serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection.

The legal basis is Art. 6 (1) lit. f GDPR. The legitimate interest results from the purposes mentioned above

(c)  Storage period
The data is only stored temporarily for the duration of the session in so-called log files and deleted after the visit to the website, unless a longer legal period for further storage intervenes.
(d)  Recipients
Our website is hosted by an external service provider (Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany), which may need to access the aforementioned data as part of (sub-) contract processing for the provision of hosting and support services.

In addition, the website is maintained and technically operated by an external service provider (Rosebud Media – media, applications & good thinking, Fleethörn 7, 24103 Kiel, Germany), which may also be required to access the aforementioned data as part of (sub-) contract processing for the provision of support services.

4.2.1. Download area of the website, especially request for quotation

You can use a download area on our website where we provide you with various forms and information. In particular, you have the possibility to request an individual offer for the MKH certification procedure as well as our other services via the form “Request form for offer preparation”. The use of the download area is voluntary.

(a)  Categories of personal data
If you decide to request an individual offer, you have to fill out the corresponding form and send it to us. In doing so, we primarily process company-related information. However, if a consultant commissioned by a company or another natural person fills out the form for the customer, in particular, the following personal data will be processed:

  • Company,
  • company address,
  • First and last name of the individual contact person of the customer,
  • Professional phone number, fax, and e-mail address.
(b)  Purposes and legal basis of the data processing operations
The processing of the data serves exclusively to provide you with an individual offer for the MKH certification procedure or other desired services.

The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

(c)  Storage period
The data will initially be stored until the creation of an individual offer. If you do not accept the offer and no contract is concluded between us, your data will be deleted, unless a longer statutory retention period applies.

4.1.3. Contacting via the contact form, e-mail, telephone or mail

Depending on your request, you can contact us through our website, by e-mail, by phone or in writing.

(a)  Categories of personal data
When contacting us, we process the following personal data in particular:

  • First name and last name,
  • e-mail address,
  • Time of the inquiry,
  • If applicable, telephone number (when contacting us by telephone)
  • Information that you provide in the course of contacting us.
(b)  Purposes and legal basis of the data processing operations
The processing of the data serves exclusively to process your request.

The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

(c)  Storage period
The data will be deleted after a satisfactory response to your inquiry, unless a longer statutory retention period applies.

4.2. Career and application procedure

4.2.1 Data processing in connection with your application

Our website also offers the possibility to inform yourself about current job offers at MKH under the heading “Career” and to submit applications online. When you click on the “Career” button, you will be redirected to the site of the external service provider Recruitee. Recruitee is a software tool that we embed on our website. In addition, you can of course also send us your application documents by other means, such as e-mail.

If you apply to us in response to an (online) job advertisement or on your own initiative and provide us with personal data by sending us your application documents, in the course of personal discussions and correspondence or via a recruitment agency, we will collect and process this data insofar as this is necessary for the decision on your application and on the establishment of an employment relationship.

(a)  Categories of personal data  
As a rule, we require the following data as part of the application process:

  • First and last name,
  • address,
  • e-mail address,
  • telephone number,
  • photo (optional),
  • Information about your school and vocational or university education including certificates,
  • your professional career including references from previous employers, other professional qualifications and activities,
  • language skills and, if applicable, relevant knowledge and skills acquired privately or private commitment, insofar as this is relevant to the position for which you are applying.

If you voluntarily provide us with additional personal data, we will also store this data.

(b)  Purposes and legal basis for data processing
We use your contact data solely for the purpose of contacting you and informing you about the status of the application process and our selection decision. We use other personal data contained in the application documents to check your qualifications and professional performance and to assess your suitability for the position to be filled. In addition, your data may also be processed for the purposes of legal prosecution, in particular insofar as this is necessary for the assertion, exercise or defense of mutual legal claims arising from the application process.

In the event that an employment relationship is established with you following the application process, the data will be transferred to the personnel file and used for the purposes of establishing and implementing the employment relationship. You will be informed separately about this when you are hired.

The legal basis for processing your personal data to the extent described is Section 26 (1) sentence 1 BDSG. If you provided us with special categories of personal data during the application process, e.g. information about health, religious beliefs or ethnic origin, the legal basis is Article 9 (2) (b) and (h) GDPR, as the processing of such data may be necessary due to our legal obligations as an employer and for the associated protection of your fundamental rights, as well as to enable us to assess the employability of potential employees and, if necessary, to take necessary occupational health and preventive health measures.

We use your contact data solely for the purpose of contacting you and informing you about the status of the application process and our selection decision. We use other personal data contained in the application documents to check your qualifications and professional performance and to assess your suitability for the position to be filled. In addition, your data may also be processed for the purposes of legal prosecution, in particular insofar as this is necessary for the assertion, exercise or defense of mutual legal claims arising from the application process.

(c)  Storage period
In the event that an employment relationship, training relationship or internship is established following the application process, the data will initially continue to be stored and transferred to the personnel file.

In the event of rejection, we will store your application documents and the personal data contained therein for a period of six months after the rejection is issued. After this period, we will destroy your application documents and data submitted in paper form. Unless you have expressly informed us that you would like the original to be returned. Electronic data will be deleted after six months. Data will only be stored for longer periods if it is required for the defense of legal claims, if legal provisions exceptionally prevent deletion, or if you have expressly consented to longer storage.

As part of the application process, we work with the following service providers, who may have access to your applicant data in order to fulfill your services:

  • Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands (application software). We use Recruitee’s application tool on our website. Information about Recruitee’s privacy notice can be found in Recruitee’s privacy notice: https://recruitee.com/de/privacy-policy.
  • one eight scada gmbh, Gutenbergring 63, 22848 Norderstedt (recruitment, headhunting). One eight scada is a recruitment service provider that assists us in filling suitable vacancies.

The service providers act solely within the scope of our instructions as data processors.

4.2.2 Cookies

In the course of visiting our career site of the service provider Recruitee B.V., we use so-called cookies. Cookies remain on your terminal device until you delete them. For further details, please refer to section 4.4 of this privacy notice.

4.3 Social media presences

4.3.1 Integration of social media on our website

On our website, we deliberately do not use the plugins offered by social media services, but rather mere links. Therefore, no user data is transmitted to the servers of the social media providers simply by visiting our website. Only when you click on a social media button on our website is a connection established between your browser and the server of the respective social media service, and you are redirected to the web presences of these services. We do not collect any personal data on our website via these buttons and therefore do not transmit any data to the social media providers.

4.3.2   Social Media Profile

4.3.2.1 General and shared responsibility with LinkedIn and Facebook

We maintain publicly accessible profiles on various social networks. Your visit to these profiles initiates a variety of data processing operations. In the following, we provide an overview of which personal data is collected, used and stored by us when you visit our profiles.

When you visit our profiles, your personal data is collected, used and stored not only by us, but also by the operators of the respective social network (“providers”). This happens even if you yourself do not have a profile in the respective social network. The individual data processing operations and their scope differ depending on the provider and they are not necessarily traceable for us. For details about the collection and storage of your personal data as well as the type, scope and purpose of their use by the provider, please refer to the privacy notices of the respective provider:

  • the privacy notice for XING, which is operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany, can be viewed at: https://privacy.xing.com/de/datenschutzerklaerung.
  • the privacy notice for LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, can be viewed at: http://www.linkedin.com/legal/privacy-policy.
  • the privacy notice for Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin, can be viewed at: https://de-de.facebook.com/policy.php.

As the operator of a social media presentation, we can only view the information stored in your public profile, and only if you have such a profile and are logged into it while you visit our site. In addition, the providers provide us with partly anonymous usage statistics, which we use to improve the user experience when visiting our pages. We do not have access to the usage data that the providers collect to create these statistics.

Nevertheless, there is a joint controllership pursuant to Art. 26 GDPR between us and the providers, LinkedIn and Facebook, who create such usage statistics with regard to the data processing operations that take place. As “joint controllers”, we are jointly responsible for the processing and must ensure compliance with the applicable data protection law.

In this context, providers have committed to us to assume primary responsibility under the GDPR for the processing of such data, to comply with all obligations under the GDPR with respect to such data, and to provide data subjects with the essence of this commitment

4.3.2.2 Data processing in connection with our LinkedIn page

(a)  Categories of personal data
We receive anonymous statistics from LinkedIn on the use and usage of our LinkedIn page (so-called page insights). For this purpose, LinkedIn processes:

  • Profile data (e.g., function, country, industry, length of service, company size and employment status) as well as.
  • Information about how a visitor has interacted with our LinkedIn page (e.g. whether a member is a follower of our page).
(b)  Purposes and legal basis of the data processing operations
LinkedIn uses this data for the purpose of creating visitor statistics and reports on the reach of our site and ad performance as well as demographic and geographic evaluations. We receive these statistics, reports and evaluations from LinkedIn exclusively in anonymized form and have no access to the underlying data.

The anonymous statistics enable us to continuously optimize our LinkedIn page and to offer visitors an improved online offering that is geared to their interests. For example, the statistics provide information about which offers and applications of our site visitors have used and been interested in to a particular extent. We may use this information to provide more relevant content to visitors to our site and to develop features that may be of greater interest to them. Demographic and geographic evaluations also make it possible to serve interest-based advertising without our having direct knowledge of the visitor’s identity.

The legal basis is Art. 6 para. 1 p. 1 lit. f. GDPR. We have a legitimate interest in an optimized presentation of our company and our online offers.

(c)  Storage period
As a rule, we do not store any personal data ourselves on communications and interactions with users that take place via social media platforms. For the duration for which the data is stored by LinkedIn, please refer to LinkedIn’s data protection declaration
(d)  Recipients and data transfers to third countries
We ourselves do not intend to pass on personal data of users that we receive via our LinkedIn page to third parties. For what purposes and to what extent LinkedIn passes on the collected information to third parties – possibly outside the European Union and the European Economic Area (e.g. to LinkedIn Inc. based in the USA) – is described by LinkedIn in its privacy notice. In the case of data transfers to the USA and other third countries, compliance with data protection standards and your rights is ensured, according to LinkedIn’s own information, by appropriate guarantees (e.g. standard contractual clauses).

 

Communication

(a)  Categories of personal data  
Furthermore, we use our LinkedIn page to communicate with LinkedIn users and to inform them about our range of services. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content.
(b)  Purposes and legal basis of the data processing operations
The processing takes place exclusively for the purpose of communication and interaction with you. Insofar as you provide us with personal data via a message, we process this data exclusively in order to answer your inquiry and to communicate with you.

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest to answer your messages via the channel you have chosen, to communicate and interact with you.

(c)  Storage period
As a rule, we do not store any personal data ourselves on communications and interactions with users that take place via social media platforms. For the duration for which the data is stored by LinkedIn, please refer to LinkedIn’s privacy notice.
(d)  Recipients and data transfers to third countries
We ourselves do not intend to pass on personal data of users that we receive via our LinkedIn page to third parties. For what purposes and to what extent LinkedIn passes on the collected information to third parties – possibly outside the European Union and the European Economic Area (e.g. to LinkedIn Inc. based in the USA) – is described by LinkedIn in its privacy notice. In the case of data transfers to the USA and other third countries, compliance with data protection standards and your rights is ensured, according to LinkedIn’s own information, by appropriate guarantees (e.g. standard contractual clauses).

4.3.2.3 Data processing in connection with our Xing page

User statistics

We receive anonymized usage statistics from Xing, which provide us with information about which offers and content of our pages visitors have accessed and used and are particularly interested in, as well as demographic evaluations (e.g., statistics on the age composition and work relationships of visitors, origin of calls, industry statistics). This enables us to continuously optimize our company profiles and to offer visitors an improved online offering that is geared to their interests. These statistics are based on profile data provided to Xing by users, as well as on interest and usage profiles that Xing creates using information about usage activities (through so-called “tracking”). We receive statistics from Xing only in anonymized form and have no access to the underlying data.

Xing is the sole controller within the meaning of Art. 4 No. 7 GDPR for the processing of user and profile data, in particular information about usage activities. We ourselves do not process any personal data in this respect. Xing provides information on the data processed by Xing, including the processing purposes and legal bases, via its privacy notice.

Communication

(a)  Categories of personal data
Furthermore, we use our XING page to communicate with users and to inform them about our range of services. In this context, we may receive additional information, e.g. due to user comments, private messages or because you follow us or share our content
(b)  Purposes and legal basis of the data processing operations
The processing takes place exclusively for the purpose of communication and interaction with you. Insofar as you provide us with personal data via a message, we process this data exclusively in order to answer your inquiry and to communicate with you.

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest to answer your messages via the channel you have chosen, to communicate and interact with you.

(c)  Storage period
As a rule, we do not store any personal data ourselves on communications and interactions with users that take place via social media platforms. For the duration for which the data is stored by XING, please refer to XING’s privacy notice.
(d)   Recipients
We ourselves do not intend to pass on personal data of users that we receive via our Xing page to third parties. Xing may transmit your data to third-party providers. For more information, please refer to Xing’s privacy notice.

4.3.2.4. Data processing in connection with our Facebook page

User statistics

 

(a)  Categories of personal data
We receive anonymous statistics from Facebook on the use and usage of our Facebook page (so-called page insights). These contain information about the reach and interactions of our posts, about the actions of users on our page, demographic data (age, gender, location), information about the call and interaction with our page and the long-term performance of our individual posts. These statistics are compiled by Facebook based on certain events that are logged by Facebook servers when people interact with pages and the content associated with them. This logging is done solely by Facebook. We have neither access to nor influence over this data.
(b)  Purposes and legal basis of the data processing operations
We can use the anonymous statistics to continuously optimize our Facebook page and to offer users an improved user experience that is geared to their interests. It is not possible to draw conclusions about individual users or link them to the users’ profile data.

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest in an optimized presentation of our company and our online offers

(c)  Storage period
As a rule, we do not store any personal data ourselves on communications and interactions with users that take place via social media platforms. For the duration for which the data is stored by Facebook, please refer to Facebook’s privacy notice
(d)  Recipients and data transfers to third countries
For what purposes and to what extent Facebook processes the collected data and passes it on to third parties – if necessary outside the European Union and the European Economic Area – is described by Facebook in its “Data Policy”. Insofar as personal data should be transferred to Facebook servers in the USA and stored there, the recipient is generally the American company Facebook Inc. In the case of data transfers to the USA and other third countries, compliance with data protection standards and your rights is ensured, according to Facebook’s own information, by appropriate guarantees (e.g. standard data protection clauses)

 

Communication

(a)  Categories of personal data
If you are registered on Facebook, you can send us a message using the “Message” function. Such messages are not visible to other Facebook users.
(b)  Purposes and legal basis of the data processing operations
Insofar as you provide personal data via such a message, we process this data exclusively in order to answer your inquiry and to communicate with you.

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest in answering your messages via the channel you have chosen, to communicate with you.

(c)  Storage period
As a rule, we do not store any personal data ourselves on communications and interactions with users that take place via social media platforms. For the duration for which the data is stored by Facebook, please refer to Facebook´s privacy notice
(d)  Recipients and data transfers to third countries
For what purposes and to what extent Facebook processes the collected data and passes it on to third parties – if necessary outside the European Union and the European Economic Area – is described by Facebook in its “Data Policy”. Insofar as personal data should be transferred to Facebook servers in the USA and stored there, the recipient is generally the American company Facebook Inc. In the case of data transfers to the USA and other third countries, compliance with data protection standards and your rights is ensured, according to Facebook’s own information, by appropriate guarantees (e.g. standard contractual clauses).

4.3.2.5. Cookies

In addition, the social media providers use so-called cookies, which are stored on your end device when you visit our social media pages, even if you do not have your own profile or are not logged into it during your visit to our site. These cookies allow providers to create user profiles based on your preferences and interests and to show you advertising tailored to these. Cookies remain on your terminal device until you delete them. Details on this can be found in the privacy statements of the providers and in section 4.4 of this privacy notice.

4.4. Cookies and Tracking technologies

4.4.1. General information about Cookies

We use cookies on our website and on the careers page. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic character string and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.

Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user. A cookie is primarily used to store information about a user during or after his visit within an online offer. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or where a video was watched.

A distinction is made between session cookies, which are deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. In addition, a distinction is made between first-party cookies (these are set by ourselves) and third-party cookies (these are mainly used by advertisers, i.e. third parties) to process user information.

In terms of their function, cookies are again distinguished between:

  • Mandatory cookies: These cookies are essential for the functioning of our websites and allow you to navigate our websites and use their features. Without these cookies, certain services that are necessary for the full functioning of our websites cannot be provided.
  • Analytics/Performance Cookies: we use these cookies to collect information about how our users use our websites, such as which pages are viewed and read most frequently or how users move from one link to the next. All information collected through these types of cookies does not relate to an individual user, but is aggregated and processed with information from other users. Cookies provide us with analytical data about how our websites work and how we can improve them.
  • Functionality-related cookies: These cookies allow us to remember a specific selection you have made and to customize our website to provide you with advanced features and content. For example, these cookies can be used to store your language selection or country selection.
  • Marketing cookies: these cookies store your visit to our website, the pages you have visited and the links you have followed. We use this information to better tailor our website and the advertising displayed on it, as well as the marketing messages we send to you, to your interests. We may also share this information with third parties who provide a service to us for this purpose.
  • Social network cookies: to facilitate the exchange of content on the Internet, some of our web pages may contain small software applications from third-party providers, e.g. Instagram, to exchange data. In this case, the cookies are not stored by us, but by the third-party provider on your device. We cannot control these cookies. For more information, you should therefore visit the third-party provider’s website.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Section 25 (1) TTDSG, Art. 6 (1) p. 1 lit. a GDPR. Consent is always voluntary. The refusal of consent or a revocation of the same has no negative impact on you. Furthermore, we will only disclose your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a GDPR.

The granting of consent is not required if the use of cookies is necessary for the website offer. The legal basis for this is then Section 25 (2) no. 2 TTDSG. Such a necessity is given, for example, with regard to ensuring certain functionalities, such as:

  • Enabling and maintaining log-in
  • Ensuring system security

How long are cookies stored on my devices?

The storage period depends largely on whether the cookie is “persistent” or “session-related”. Session-related cookies are deleted after you leave the website. Persistent cookies remain on your device until they are deleted or they expire.

General information on revocation and objection

Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection by means of your browser settings, e.g. by deactivating the use of cookies (whereby this may also restrict the functionality of our online offer).

An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com. In addition, you can obtain further instructions on how to object in the context of the information on the service providers and cookies used.

4.4.2. Third-party cookies

For the provision, maintenance and analysis of our website and its use, we use various third-party software tools that are regularly based on the use of cookies. You can restrict the use of cookies by changing the settings of your browser. You can determine which access you grant us and whether and how long cookies may be stored on your device. You can also delete cookies that have already been stored at any time. Please note that the functionality of our websites may be impaired after deactivating all cookies

The following cookies are used on our website:

Name Category Puropse Storage duration
privacy_embeds Function Storage cookie consent 1 Month

4.4.3. Google Maps

For easier directions to our company locations, we provide a map section with a link to the route planner of under “Contact”. This allows you to conveniently use the map and route planner function of Google Maps.

  • Google Maps is operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Further information on data protection at Google and the use of Google Maps can be found at: https://policies.google.com/privacy?hl=de.

However, no user data is transmitted to Google’s servers simply by visiting our website. Only by clicking the button “Agree” a connection between your browser and the Google server is established. In the process, personal data, in particular your IP address, is collected and transmitted to Google. This may also result in a transmission of your data to Google’s servers in the USA. This occurs regardless of whether you are logged in with your Google account or whether a user account exists. If you are logged in, your data will be directly assigned to your account.

After activating Google Maps, Google also uses so-called cookies (see section 4.4.1), which are stored on your terminal device and can be read by us. The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there.

For information on transfers to third countries, please refer to section 7.

Google Maps sets the following cookies if you have activated the services:

Name Category Purpose Storage duration
c Function This cookie stores information about user settings and information for Google Maps 6 Month
__Secure-3PAPISID Function This cookie stores information about user settings and information for Google Maps 6 Month
__Secure-3PSID Function This cookie stores information about user settings and information for Google Maps 6 Month
__Secure-3PSIDCC Function This cookie stores information about user settings and information for Google Maps 6 Month

The legal basis is § 25 para. 1 TTDSG, Art. 6 para. 1 lit. a GDPR (consent). Consent is always voluntary. The refusal of consent or a revocation of the same has no negative impact on you.

4.4.4. Career Page

In the course of visiting our career page of the service provider Recruitee B.V., we also use cookies.

The following cookies are set when you visit the Careers page

Provider Name Category Purpose Storage duration
Recruitee.com Session Cookie Functional Session Cookie Session

The legal basis is § 25 para. 2 TTDSG. The use of these cookies is necessary so that we can provide the telemedia service.

5. From whom do we collect your personal data?

Personal data is only collected directly from you, for example when you visit our website.

6. To whom do we pass on your personal data?

MKH only passes on your personal data if this is permitted under European data protection law, e.g. because the data transfer is necessary for the performance of a contract or because you have given us your consent to pass on the data. We cooperate with some service providers, such as technical service providers (e.g. hosting services, website maintenance).

6.1 Disclosure due to legal obligations or for the protection of legitimate interests

Insofar as we are obliged to do so by law, by court order or due to an enforceable official order, we must disclose your personal data to bodies entitled to receive information (e.g. supervisory or financial authorities). The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. c GDPR.

6.2 Data processors and other recipients

It may happen that external service providers (“processors”) are used for individual servicess. These will only act according to our instructions and have been contractually obligated to comply with the data protection provisions within the meaning of Art. 28 GDPR. This does not apply if these service providers themselves act as data controllers (e.g. payment service providers, legal and tax advisors, and shipping and distribution services for the delivery of goods ordered by you). The processors are also contractually obligated, for example, to either delete or return the personal data after completion of the order.

The following categories of recipients, which are usually processors, may receive access to your personal data:

  • IT and web service providers or companies contracted as part of the support of our website or platform and internal company IT infrastructure (software, hardware).
    • Our main technical service providers are:
      • Rosebud Media – media, applications & good thinking, Fleethörn 7, 24103 Kiel (for the operation of our website)
      • Raidboxes GmbH, Hafenstraße 32, 48153 Münster, for hosting services (with servers in Germany).
  • Service provider in connection with the application process:
    • Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands (application software).
    • one eight scada gmbh, Gutenbergring 63, 22848 Norderstedt (recruitment, headhunting)

For more information about the processing of personal data by our service providers, please refer to their privacy notices.

The legal basis for the transfer to entities that are not order processors is Art. 6 para. 1 p. 1 lit. b or lit. f GDPR. In addition, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

7. Do we transfer your data to third countries?

In the context of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Union (“EU”) or the European Economic Area (“EEA”), in so-called third countries. Such processing will only take place to fulfill contractual and business obligations and to maintain your business relationship with us.

The European Commission certifies that some third countries have a level of data protection comparable to the EU standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

However, in other third countries to which personal data may be transferred, there may not be a level of data protection comparable to the EU due to a lack of legal provisions. This may mean that your personal data is processed in a jurisdiction that provides a level of protection that, in certain cases, provides less protection for your personal data than the jurisdiction in which you normally reside.  Where this is the case, we ensure that data protection is adequately guaranteed and that appropriate safeguards are in place. This means, for example, that we conclude the European Commission’s standard contractual clauses for the protection of personal data.

Please contact us (see contact details in section 3) if you would like more information on this.

8. How long do we store your personal data?

Unless an explicit storage period is specified in section 4, we generally store your personal data only for as long as we need the data for the purposes for which we collected it and for the fulfillment of legal requirements and obligations. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place in accordance with the provisions in sections 6 and 7.

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the responsible party (e.g. Section 257 HGB or Section 147 AO). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

9. What rights do you have as a data subject?

If you would like to make use of your data subject rights described below, please contact us informally at buero@ge-cert.de or use the postal address given in section 3.

  • Right of access by the data subject: subject to the conditions of Art. 15 GDPR, you may at any time request information about your personal data processed by us and a copy of your data.
  • Right to rectification: Under the conditions of Art. 16 GDPR, you can immediately request the correction of incorrect or completion of incomplete data about you.
  • Right to erasure: In addition, under the conditions of Art. 17 GDPR, you may request the erasure of your personal data stored by us.
  • Right to restriction of processing: In accordance with Art. 18 GDPR, you may also request the restriction of the processing of your personal data.
  • Notification obligation regarding rectification or erasure of personal data or restriction of processing: According to Art. 19 GDPR, you have the right to request information about the recipients of data who have been notified of a correction, deletion of your personal data or a restriction of processing.
  • Right to data portability: Under the conditions of Art. 20 GDPR, you have the right to receive your personal data in a structured, common and machine-readable format or to request the transfer directly to another controller.
  • Right of withdrawal: If we process personal data on the basis of consent given by you, you are also entitled to withdraw your consent at any time in accordance with Article 7 (3) GDPR. Your revocation has the consequence that we will no longer continue the data processing based on this consent for the future. The lawfulness of the processing carried out on the basis of your consent until the revocation remains unaffected by your revocation.
  • Right of complaint: If you are of the opinion that the processing of personal data concerning you by us violates data protection provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. In Hamburg, the Hamburg Commissioner for Data Protection and Freedom of Information is the competent supervisory authority (Ludwig-Erhard-Straße 22, 20459 Hamburg, mailbox@datenschutz.hamburg.de).

RIGHT OF OBJECTION: UNDER THE CONDITIONS OF ART. 21 GDPR, YOU ALSO HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, PROVIDED THAT THE PROCESSING IS BASED ON A LEGITIMATE INTEREST OF US OR A THIRD PARTY PURSUANT TO ART. 6 ABS. 1 S. 1 LIT. F GDPR OR ON ART. 6 ABS. 1 S. 1 LIT. E GDPR (THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.). WE WILL STOP PROCESSING YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR WHERE THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

PURSUANT TO ART. 21 ABS. 2 GDPR YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE USE OF YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING. THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT TO THE PROCESSING FOR THE PURPOSE OF DIRECT MARKETING, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THIS PURPOSE.

 

FILING THE OBJECTION: THE OBJECTION CAN BE DECLARED INFORMALLY BY MAIL OR E-MAIL AND SHOULD BE ADDRESSED TO:

MKH Greenergy Cert GmbH

Süderfelderstraße 35

22529 Hamburg

Germany

Phone: +49 40 880 991 820

E-mail: buero@ge-cert.de

 10. Is there an obligation to provide personal data?

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a user, you are not under any legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data.

11. Does automated decision making (including profiling) take place?

We do not intend to use any personal data collected from you for any automated decision making process (including profiling).

 12. Do technical security measures exist?

We use appropriate technical and organizational security measures to protect your personal data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

To protect your data transmitted via our online offer, we use, for example, SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

We will be happy to provide you with more information on our security measures upon request.

13. Status and update

Please note that this Privacy notice may be amended by us at any time to the extent necessary to provide you with adequate information about the processing of your personal data. Therefore, please check this data protection declaration at regular intervals, insofar as you use our services on a regular basis.

Insofar as we provide addresses and contact information of companies and organizations in this data protection declaration, please note that the addresses may change over time and please check the information before contacting us.

Status: 30.01.2023