Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, especially the European Data Protection Regulation (EU-GDPR) and any further privacy legislation to which we may be subject. This privacy statement provides comprehensive information on how the MB Holding GmbH & Co. KG is processing your personal data as well as on the rights to which you are entitled as a data subject.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data is available if no personal reference to the individual/user can be made.
Controller and data protection officer
MB-Holding GmbH & Co. KG
Dutendorfer Straße 5-7
Tel.: +49 9163 88-0
Fax: +49 9163 88-312
Contact information of the data protection officer
Your rights as a data subject
Your rights as a data subject are set out in Articles 15 - 22 EU-GDPR, and include:
- the right of access (Art. 15 EU-GDPR)
- the right to deletion (Art. 17 EU-GDPR)
- the right to rectification (Art. 16 EU-GDPR)
- the right to data portability (Art. 20 EU-GDPR)
- the right to restriction of data processing (Art. 18 EU-GDPR)
- the right to contradict a data processing (art. 21 EU-GDPR)
To exercise these rights, please contact email@example.com. The same applies if you have any questions regarding data processing in our company or when you intend to withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.
Right to Contradiction
Concerning the right to contradiction, please consider the following:
If we should process your data for direct marketing purposes, you are entitled to contradiction against such processing anytime and without having to name any reason. That is also valid in case of a profiling if such is related to direct marketing.
If you declare to contradict a processing, we will terminate processing your data for such purposes. Notes of contradiction shall preferably be sent to firstname.lastname@example.org.
Should we process your data for reasons of prevailing interest, you are entitled to contradict such processing any time for reasons emerging from your specific situation. That is also valid for a profiling, if such is based on the underlying provisions.
We will then terminate processing your personal data, if not we can prove compelling reasons worth protection which we can base the processing on and which are outweighing your rights and freedoms or in case the processing is required to assert, implement or defend a legal claim.
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the EU-GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 EU-GDPR.
We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include analyses for marketing purposes and direct marketing. (Answering contact requests).
Your consent also may constitute a legal basis for data processing. Whenever we should ask for your consent, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.
Processing of special categories of personal data within the meaning of Art. 9 I EU-GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.
Data transfers / Disclosure to third parties
We will only transfer your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the competent supervisory authorities or law enforcement authorities).
Data recipients / categories of recipients
Within our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.
In certain cases, service providers assist our specialist departments to fulfil their tasks (please see also the section on data transfers to third parties above). The required data protection contracts have been concluded with all service providers.
Transfers of personal data to third countries
A transfer of data to other countries (outside the EU/ European Economic Area) shall only take place if required for a contractual relationship, by law or if you have provided your consent for such a transfer.
We will not transfer your personal data to service providers or group companies outside the EU/ EEA, if not you have provided your consent for such transfer and without having informed you hereon. Also in these cases, we have entered into the required data protection contracts.
Period of data storage
We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.
We may also retain data if you have consented hereto or in the event of any legal disputes and we use the evidence within the statutory limitation period which may last for up to thirty years. The regular statutory limitation period lasts for three years.
Secure transfer of data
We implement the appropriate technical and organisational security measures to ensure the optimum protection of your data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. The measures are continuously reviewed in cooperation with security experts and adapted to current security standards.
The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website and always use current encryption. Concerning contact forms and job applications, our users are offered additional content encryption. It is solely us who can decrypt that data. You may use alternative communication channels (e.g. surface mail).
Obligation to provide data
A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of contractual and legal obligations. The same applies to the use of our website and the various functions it provides. In some cases, legal regulations require data to be collected or made available.
Please note that it will not be possible to process your request or execute the underlying contractual obligation without the respectively required information.
Data categories, sources and origin of data
The data we process is defined by the relevant context: it depends on whether, for example, you are just surfing our website or enter a request into our contact form, send us a job application or address a complaint.
Please note that from time to time we may also provide information for specific processing situations separately where appropriate, e.g. when you upload a job application or in case of a contact request.
We collect and process the following data when you visit our website:
- Name of the Internet service provider
- Information on the website from which you visited us
- Web browser and operating system used
- The IP address allocated by your Internet service provider
- Files requested, volume of data transferred, downloads/file export
- Information on websites accessed on our site, including date and time
- Host name requested and status code
- For reasons of technical security (in particular concerning the prevention of attacks of our web server), this data is stored in accordance with Article 6 I 1 f EU-GDPR basing on our legitimate interest in operating our website technically safe and secure. Anonymization takes place no later than after seven days by abbreviating the IP address so that no reference is made to the user. The data which has been anonymized in the mentioned way, is then stored for another 60 days. Error-logs, which are used to log faulty access-attempts are deleted after seven days. The latter are containing the IP-address and depending on the fault also the website in addition to the error-notification itself.
Concerning a contact request, we may process the following data:
- Name, surname,
- Contact data
- Information on your wishes and interests
Concerning online job-applications we may process the following data:
- Name, surname
- Cellular No.
- Postal address (Rd, ZIP-code, municipality)
- Any further data you may additionally provide
Concerning virtual conferences/ video conferencing systems, we may process the following data:
- Telephone number
- Information on your browser and operating system
- Any further data you may eventually provide through chat functions, conference rooms or further functions.
Contact form / Contact via email (Article 6 I 1 a, b EU-GDPR)
Our website offers a contact form which may be used for contacting us electronically. If you contact us via the contact form. We process the data you provide in this course to contacting you and to respond to your wishes and requests.
Here, we comply with the principle of data minimization, as you only have to provide the information we objectively require to contact you, which is your email address and the message itself. Your IP-address will also be processed for technical and legal reasons. All possible further data may be provided on a voluntary basis (e.g. for responding to your requests more personally).
If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request. If you should not provide the data marked as mandatory, we unfortunately may not be able to answer your request.
Virtual conferences/ Online-conferencing systems (Article 6 I 1 a, b, f EU-GDPR)
The processing of personal data in the course of virtual conferences/ online conferencing systems may be executed concerning a contractual relationship (in initiation), Art. 6 I 1 b EU-GDPR, respectively basing on our legitimate interest in effectively communicating, Art. 6 I 1 f EU-GDPR. A recording will not take place without your previous consent having been declared, Art. 6 I 1 a EU-GDPR. Your data is stored in this regard until the purpose of processing does no longer apply, you are requesting your data to be deleted or if you revoke your consent, if not we are legally obliged to further processing your data. To the extent we are using MS Teams, a service of Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA, your data may be transferred to a server of Microsoft in the USA – if you should this not wish to happen, we are prepared to offering you alternative means of communication (e.g. a telephone call).
Application portal (Art. 6, para. 1, lit. a, b EU-GDPR)
We are appreciating your interest being employed with our group of companies. We are aware of the importance of your personal data and will process the data you offer when filling our application form for purposes of effectively and correctly handling your application and for contacting you in this regard, only. Your data will not be transferred/ disclosed t third parties beyond the group company/ies (MB-Holding GmbH & Co. KG, Martin Bauer GmbH & Co. KG, PhytoLab GmbH & Co. KG, as well as Greuther Teeladen GmbH & Co. KG) you are applying at, if not you have granted your respective consent.
Filling our application form requires you to enter personal data. The principle of data minimization is complied with, here, as you are required to only enter the data we require to fully checking your application (CV), or which we are legally obliged to collect. Such mandatory information is clearly visible marked with an * (aterisk). As a technical requirement, as well as for legal reasons, we are processing your IP-address in addition.
Without this data, we unfortunately cannot check your application, which is why our application management system does not allow for an upload of application of incomplete forms. However, you may provide further information through our application form or your candidates´ profile in addition to the mandatory data. Should you decide to just submitting the information marked as mandatory, this will not have any negative effect on your application process.
For the best possible protection of your data and data confidentiality as well, we have implemented according security measures. Our application management system provides for the encrypted transfer of your application.
Your data is processed only for the purposes mentioned. Your candidates´ profile is subject to anonymization in the very moment you have not been logged in for a period of six consecutive months. Your application will be deleted as soon as the application process ends and the corresponding retention period has terminated – which is six months after you have received our decision at the latest.
You may revoke your consent anytime, without having to mention any reasons and with effect for the future by e-mail to email@example.com or by surface-mail to MB-Holding GmbH & Co. KG, Personalabteilung, Dutendorfer STr. 5-7, 91487 Vestenbergsgreuth, Germany.
Automated decisions in individual cases
We do not use fully automated processing to take decisions.
Cookies (Art. 6 I 1 f EU-GDPR / Art. 6 I 1 a EU-GDPR in case of consent)
Our websites are using “cookies” for purposes of making it more user-friendly, effective and secure. Cookies are small text files that are placed on your device and stored by your browser (locally on your hard disk).
Most of the cookies we use are "session cookies", which will be automatically deleted after your visit. “Persistent cookies”, which are representing another category of cookies, are automatically deleted from your computer as soon as their individual period of validity has expired or upon deletion, which you may execute even beforehand of expiry.
Most web browsers automatically accept cookies. You may generally change your browser's settings to disable the automated accepting of cookie. Such, however, may influence the usability of our website in general or at least in regard of certain functions.
Additionally, we are using cookies which are allowing us to analyse how our users are browning our websites. That enables us to design our content according to our users´ interests. In Addition, cookies are enabling us to measure the effectiveness of a certain ad and to having it placed depending on, e.g., the respective user interests.
Cookies are stored on the users´ device and transferred to our website from this source. That enables you as a to fully control how cookies are used. By changing your browser-settings, you may deactivate or restrict the transfer of cookies. Moreover, you may delete cookies which have already been placed by changing the respective browser settings or by additional software. All current internet browsers are offering respective functions.
Please be aware, that deactivation cookies may lead to the effect that not all functions of our website may be used to the full extent any longer.
User profiles/ web tracking measures
On this website, technology from etracker GmbH (www.etracker.com) is used to collect and save data for marketing and optimization purposes. Usage profiles can be created from this data under a pseudonym. Cookies may be used. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. Cookies enable recognition of the Internet browser.
The data collected with the etracker technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separately given consent of the person concerned. The collection and storage of data can be objected to at any time with future effect.
Google Analytics 4
If you grant us your consent, Art. 6 I 1 a EU-GDPR, Google Analytics 4, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), is used on this website. With this technology, we can analyze your use of our website.
When you visit our website, Google Analytics 4 places cookies on your device. This information also includes your IP address. However, we have implemented the "Anonymize-IP" procedure, so that your IP address is regularly shortened by the last four digits before it is transferred to the Google server. Therefore, the data usually is no longer personal.
However, in exceptional cases, your IP address may be shortened after it has been transferred to the Google server. Such servers can be located outside the EU, particularly in the USA at the parent company Google LLC.
We shall mention that there is currently no equivalent level of data protection in the USA and, in particular, access to data processed there or by US companies or their foreign companies worldwide may potentially be accessed by US authorities or such information may have to be disclosed to them. As a non-US citizen, you may also not be entitled to take action at all or at least my not be entitled take effective action against this. We have minimized this risk as far as possible by using suitable data protection instruments (EU standard contracts), but cannot mitigate the risk to zero, so that your consent to the use of Google Analytics also entails this risk.
Google uses the data collected on our behalf to enable an evaluation of how you use our website and to create reports on your interaction with our content. According to Google, the IP address transferred and shortened by your browser to Google in this context will not be merged with other data from Google or other data relating to you that is available at Google. The data collected as part of the use of Google Analytics 4 is stored for a maximum of 2 months and then deleted or anonymized.
In order to accompany the transfer of data to Google with a suitable instrument in terms of data protection law, we have concluded so-called EU standard contractual clauses on data protection with Google. In this way, we ensure that your data is protected as best as possible, even if it is transferred to the USA. Information on how Google handles your data in its sphere and additional information on Google Analytics 4 can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com /technologies/partner-sites.
You can revoke your consent any time with effect for the future and without having to name reason and without requiring a specific form. In order to exercise your right of withdrawal, you can in particular make use of our cookie settings area.
You can also prevent the storage of cookies on your device by setting your browser software accordingly; however, we shall mention that in this case you may not be able to use all functions of this website in full. You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) being sent to Google and the processing of this data by Google by using the browser add-on available under the following link. The current link is http://tools.google.com/dlpage/gaoptout?hl=de.
As an extension to Google Analytics 4, and also basing on your consent, we may use Google Signals. Google Signals is used to create cross-device reports. This works as follows: If you have activated personalized ads and linked your devices to a Google account, Google can analyze your usage behavior across devices and create data models.
In this way, your user activities can be merged into a uniform image regardless of the device you are using to surf our site (so-called cross-device conversion) - without making you personally identifiable to us, because we only receive anonymous statistics from Google. According to the information available to us from Google, a prerequisite for this is, in addition to your consent to us, a corresponding consent that you have given to Google.
You can terminate the use of Google Signals and thus the cross-device evaluation at any time. To do this, deactivate the "Personalized advertising" function in the settings of your Google account, as described on the Google support pages: https://support.google.com/ads/answer/2662922?hl=de More information about Google Signals can be found at https://support.google.com/analytics/answer/7532985?hl=de.
Google Analytics 4 uses the special function "demographic characteristics". This function is used to create statistics that allow statements about the age, gender and interests of site visitors. For this purpose, advertising and information from third-party providers are evaluated so that suitable target groups for marketing measures can be identified, defined and addressed. According to Google, however, this data cannot be assigned to a specific person and will be deleted in accordance with the information on Google Analytics 4.
Social Media Plugins implemented with Shariff
Plug-ins of the social network LinkedIn are used on our website. You can usually recognize the plug-ins by means of the social media logo. In order to guarantee data protection on our website, we only use these plug-ins together with the so-called “Shariff” two-click solution. This application prevents the plug-ins integrated on our website from transferring data to the respective provider when the page is accessed for the first time. Only if you activate the respective plug-in by clicking the respective button will a direct connection to the provider's server be established (consent). As soon as you activate the plug-in, the respective provider receives the information that you have visited our site with your IP address. If you are logged into your LinkedIn account at the same time, the provider can assign your visit to our website to your user account. Activating the plug-in constitutes consent within the meaning of Art. 6 I 1 a EU-GDPR. You can revoke this consent at any time with effect for the future. You can prevent the collection and processing of data by the social networks by setting your browser accordingly. If you do not want the social networks to assign the data collected via our website directly to your user profile, you must log out before visiting our website.
Our website uses functions of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn functions, a connection to the LinkedIn servers is established. LinkedIn is provided the information that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We allow to mention that, as the provider of the website, we have no knowledge of the content of the data transmitted or of how it is used by LinkedIn. The use of the LinkedIn plug-in is based on your consent, Art. 6 I 1 a EU-GDPR. We use the Shariff two-click solution mentioned above to obtain your consent to this processing. Otherwise, the corresponding data processing will not take place (see the explanations on social media plug-ins with Shariff). Further information on data processing at LinkedIn can be found in LinkedIn's data protection declaration at: https://www.linkedin.com/legal/privacy-policy.
YouTube with extended data protection mode
Our website uses plug-ins from the YouTube website. The operator of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. We use YouTube in the extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. In this way, YouTube establishes a connection to the Google DoubleClick network regardless of whether you are watching a video. As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can save various cookies on your device after starting a video. With the help of these cookies, YouTube can receive information about visitors to our website. This information is, among other things. used to collect video statistics, improve usability and prevent fraud attempts. The cookies remain on your device until you delete them. If required, further data processing operations can be triggered after the start of a YouTube video, which we may not influence. YouTube is used on the basis of your consent, Art. 6 I 1 a EU-GDPR. We use the Shariff two-click solution mentioned above to obtain your consent to this processing. Otherwise, the corresponding data processing will not take place (see the explanations on social media plug-ins with Shariff). You can find more information about data protection at YouTube in their data protection declaration at: http://www.youtube.com/t/privacy_at_youtube.
Videos via Vimeo
To display some videos that we embed on our website, we use a service of Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA, "Vimeo". As long as you do not play such a video, no data about you as a user will be transferred to Vimeo. Your data will only be transferred if you have given your consent (Art. 6 I 1 a EU-GDPR).
If you have consented to the data processing by selecting in our consent management, you can start the video immediately on the website. You can revoke your consent at any time with effect for the future via . If you consent to the processing, Vimeo receives the information that you have called up the corresponding content of our website when you visit our website (but after you have opted for the Vimeo cookie in the consent management). If you have a Vimeo account and are logged into it while playing the video, this can be assigned directly to your account. If you do not want this, you have to log out before opening the video sequence. Vimeo can save your data and process it for its own purposes, such as market research or advertising. Such an evaluation can also take place if you have a Vimeo account but are not currently logged in.
You can also prevent these analyzes by setting your browser so that third-party cookies are suppressed. You will then not receive any advertisements from third-party providers, but this setting is regularly deleted when you delete the cookies on your device. Alternatively, you can delete the cookies for conversion tracking by setting your browser to block Google cookies. You can set this at https://www.google.de/settings/ads, but this setting will also be deleted if you delete the cookies on your device. However, you can also delete the cookies from all providers who are part of the “About Ads” self-regulation campaign via http://www.aboutads.info/choices. However, this setting will also be effective if you delete the cookies on your device. In addition, depending on which browser you are using, you can permanently deactivate cookies using a browser add-on. You can find these add-ons at http://www.google.com/settings/ads/plugin for all common internet browsers. "
You can find more information about how your data is processed by Vimeo here: https://vimeo.com/privacy#your_privacy_choices.
Links to other providers
Our website may contain links to the Internet sites of other parties. We may, however, not influence such content and do not accept any liability for such third-party content. The content of these pages is always within the sole responsibility of the third party offering the service or content.
All pages linked have been checked for potential legal violations and identifiable infringements before being linked. We are executing whatsoever legally required checks of content we are linking and will immediately respond to any notification on infringements by taking down the respective link(s).