Home Data Protection

Data Protection

Privacy policy www.ma-review.com and [subdomains].ma-review.de

M&A Media Services GmbH attaches great importance to the protection of your privacy and your personal data as well as to the necessary data security and therefore collects, processes and uses your personal data exclusively in accordance with the principles described below as well as the requirements of the EU Data Protection Basic Regulation and the Federal Data Protection Act applicable to M&A Media Services GmbH.

I. Name and address of the person responsible
II. Your personal data
III. General information on data processing
IV. Provision of the website and creation of log files / log files
V. Use of cookies
VI. Communication & events
VI.1 E-mail contact and use of the contact form
VI.2 Subscription and login
VI.3 Registration for events
VI.4 Zoom Webinar
VI.5 Deployment of Microsoft Teams
VI.6 Newsletter and newsletter tracking
VII. Website analysis services
VII.1 Google Analytics
VIII. Plugins & Tools
VIII.1 Data Protection Settings with Usercentrics CMP
VIII.2 Use of WordPress extension Wordfence
VIII.3 Parts of contributions on social media websites
VIII.4 Use of Google Web Fonts
VIII.5 Use of Google reCAPTCHA
IX. Rights of the data subject
X. Automated decision making and profiling
XI. Links to other Internet sites
XII. Security
XIII. Availability and changes

I. Name and address of the person responsible

The person responsible within the meaning of the EU Basic Data Protection Regulation (“GDPR “) and other national data protection laws of the EU member states as well as other applicable data protection regulations for the operation of the www.ma-review.de and www.ma-review.com website and its sub-domains (hereinafter “website”) is

M&A Media Services GmbH
Jaiserstrasse 24a
82049 Pullach
Germany

tel.: +49 (0) 89 – 749 751 33
E-mail: info@ma-review.com

represented by the managing director Stefan Schneider

(hereinafter referred to as “Company”, “M&A” or “we”).

If you wish to object to the collection, processing or use of your data by us in accordance with this privacy policy as a whole or for individual measures, you can send your objection by e-mail, fax or letter to the above-mentioned contact data or to our data protection officer. You can also obtain information regarding your personal data at any time and free of charge from the contact details mentioned above.

II. Your personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). It is not necessary for you to provide us with personal data when you visit our website. Only personal data is collected, such as your name, telephone number, postal and e-mail address, date of birth and telephone number, if you provide us with this information voluntarily or have consented to its collection. For the technically required data, we refer to the execution under “IV. Provision of the website and creation of log files” and “V. Use of cookies”.

III. General information on data processing

1. Scope of the processing of personal data

Through this website, we process personal data (hereinafter also referred to as “data”) of affected persons, i.e. of website visitors, to the extent necessary to provide a functioning website and our contents and services. The processing of personal data of our users is regularly only carried out with the user’s consent to the processing. An exception is made in those cases where processing of the data is permitted by legal regulations, necessary for the fulfilment of a contract or technically necessary.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6 paragraph 1 letter b FADP serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d FADP serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data erasure and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Blocking into further data processing or deletion of the data also occurs when a legally prescribed storage period expires, unless there is a need for further storage of the data for the fulfilment of a contract.

IV. Provision of the website and creation of log files / log files

1. Description and scope of data processing

When using the website for informational purposes only, we only collect the personal data that your browser sends to our server or provider and that is technically necessary for the purpose of displaying our website and ensuring its stability and security.

We have commissioned our service provider 1&1 Ionos SE, Elgendorfer Straße 57, 56410 Montabaur, Germany (hereinafter “1&1”) to host and technically provide our website ma-review.de and ma-review.com. We have concluded with 1&1 the agreement on order processing required by data protection law in accordance with Art. 28GDPR. According to this agreement, 1&1 undertakes to ensure the necessary protection of your data and to process them in accordance with the applicable data protection regulations exclusively on our behalf and in accordance with our instructions. Further information on 1&1 can be found on the website: https://www.ionos.com/.

The following data is provided in log files or log files of 1&1:

  1. the browser type and version used (if you have agreed to transmission within your browser settings),
  2. the operating system,
  3. Date and time of the server request,
  4. the length of time spent on the accessed website,
  5. Used search engine including used keywords,
  6. the number of web pages called up,
  7. the last page opened before leaving the website
  8. the IP address (is anonymized by the system before it is saved) and the host name of the visitor.

The data is stored on certified servers of 1&1 hosted in Germany. 1&1 uses this information for the stated purpose on our behalf. An independent use of the data by 1&1 as well as an unauthorized transfer to third parties does not take place. A storage of these data together with other personal data of the user does not take place.

For the hosting and technical provision of our website live.ma-review.de and the streaming infrastructure, however, we have commissioned our service provider ticketareo GmbH, Bahnhofplatz 6, 82110 Germering, Germany (hereinafter “ticketareo”). We have concluded the agreement with ticketareo for order processing in accordance with Art. 28GDPR, which is required by data protection law. According to this agreement, ticketareo commits itself to ensure the necessary protection of your data and to process it according to the applicable data protection regulations exclusively on our behalf and according to our instructions. Further information can be found on the website: https://ticketareo.de/.

The following data in log files or log files are provided by ticketareo:

  1. the browser type and version used (if you have agreed to transmission within your browser settings),
  2. the operating system,
  3. the Internet service provider of the user,
  4. Date and time of the server request,
  5. the number of visits,
  6. the length of time spent on the accessed website,
  7. the previously visited website,
  8. the websites visited,
  9. the IP address (is anonymised by the system before it is saved),
  10. the amount of data sent/transmitted,
  11. the geographical origin of the call.

The data is stored on certified servers of Amazon Web Services (short: AWS) hosted by ticktareo – an offer of Amazon Web Services, Inc. Box 81226, Seattle, WA 98108-1226, USA – in Frankfurt am Main / Germany. In addition, ticketareo uses the Content Delivery Network (short: “CDN”) Google AJAX, an offer of Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, to host the Javascript library jQuery. ticketareo uses this information for the stated purpose on our behalf. An independent use of the data by ticketareo as well as an unauthorized transfer to third parties does not occur. This data is not stored together with other personal data of the user.

2. Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. fGDPR .

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s terminal device. For this purpose, the user’s IP address must remain stored for the duration of the session.
All the above information ((1) – (8)) is stored in log files or log files to ensure the functionality of the website. In addition, the data serves us to ensure the necessary security of our information technology systems. The server-side log files are only used for error analysis. The data is not evaluated for marketing purposes.

4. Duration of storage

The IP addresses of users are alienated as soon as they are no longer necessary for the purpose of their collection. This is the case at the end of the respective user session. An assignment of the calling client is then no longer possible.

The storage period of log files for the above mentioned purposes is 14 days at the most.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is no possibility of objection on the part of the user.

V. Use of cookies

1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. Cookies cannot execute programs or transfer viruses to your computer. If a user calls up a website, a cookie can be stored on the user’s terminal device. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called “session cookies”). Other cookies remain on your end device and enable us to recognise your browser on your next visit, should you have given your consent.

When our website is called up, we inform the users by means of an info banner about the use of cookies (essential cookies, marketing cookies and functional cookies) as well as the corresponding technologies and have technically set up the consent required under data protection law to set the cookies and technologies for which consent is necessary. Except for the technically necessary cookies, consent must always be given in advance for the setting of cookies on your terminal device. The same applies to other technical measures, such as the use of Google Analytics on our website. The user is also referred to this privacy policy via the info banner.

In the following, we will give you an overview of the cookies used, their validity period and the respective opt-out options. Furthermore, we would like to point out that you can adjust your data protection settings at any time and that you can revoke your consent at any time for the future.

Essential cookies:

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. Technically necessary, so-called essential cookies serve to ensure that your visit to our website runs smoothly. This includes, for example, using the website as a registered user or saving your individual data protection settings for our website. These cookies are necessary for a secure visit to the website and cannot be switched off.

The following technically necessary cookies are stored on your end device and transmitted to us with every page view:

  1. PHPSESSID: Technical and absolutely necessary cookie that contains the session ID and prevents you from having to log in again when changing pages (validity: session; until the end of the browser session).
  2. wp-wpml_current-language: Cookie of a WordPress plugin for saving the language selection (validity: approx. 2 days).
  3. ai1ec_calendar_url: Technical cookie for displaying the calendar settings (validity: session; until the end of the browser session).
  4. cart and ttcart: Technical cookies for the display of the shopping cart (validity: approx. 3 months)

In addition, further technically necessary cookies are set in individual cases by integrating WordPress plug-ins (see VIII.2 Use of WordPress extension Wordfence). All technically necessary cookies contain no personal data and therefore do not serve for personal identification.

Marketing – Cookies:
We also use cookies on our website which enable us to analyse the surfing behaviour of our users – so-called marketing cookies.

In this way the following data can be transmitted:

  1. Entered search terms
  2. Frequency of page views
  3. Use of website function
  4. Visit duration

The user data collected in this way is made anonymous by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.

Marketing cookies are used for the purpose of improving the quality of our website and its contents. Through the analysis cookies we learn how the website is used and can thus constantly optimise our offer. For a description of the cookies, their mode of operation, purpose and the possibilities of objection, please refer to the explanations under “VII. Website analysis services”.

2. Legal basis for the data processing

The legal basis for the processing of personal data using essential or technically necessary cookies is Art. 6 para. 1 lit. fGDPR .

The legal basis for the processing of personal data using cookies for statistical or marketing purposes is based on your consent Art. 6 para. 1 lit. aGDPR .

3. Purpose of the data processing

The purpose of using essential or technically necessary cookies is to enable you to use our websites. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. The user data collected by essential cookies is not used to create user profiles.

For information on the purpose and the possibilities of objection of cookies for statistical or marketing purposes, please refer to the explanations under “VII. Website Analysis Services” or to our data protection settings.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and are transmitted by the user to our site. Therefore you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may not be possible to use all the functions of the website to their full extent.

You can change your settings for cookie or technology use made in our privacy settings at any time. By changing the check mark you prevent technical measures from being carried out and cookies from being set.

VI. Communication & Events

VI.1 E-mail contact and use of the contact form

1. Description and scope of data processing

On our website, it is possible to contact us or make enquiries about our events via an e-mail address provided or a contact form. In all cases the transmitted personal data of the user will be stored. The scope of the personal data processed and the personal date processed in each individual case may vary depending on the form or contact. This includes in particular the following data:

  1. Your salutation* and your first* and last name*;
  2. Your company;
  3. Your communication data (e-mail address*, telephone number);
  4. resulting correspondence*.

Your data or the resulting correspondence will be processed exclusively by us. The data will not be passed on to third parties. The data will be usedexclusively for the conversation started by the user to contact you by phone, mail or e-mail regarding your request. Mandatory information (*) and voluntary information are indicated in the contact forms.

2. Legal basis for the data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail or via the contact form is Art. 6 Par. 1 letter aGDPR . If the purpose of the user’s contact is to conclude a contract, the legal basis for processing is Art. 6 para. 1 letter bGDPR .

3. Purpose of the data processing

The processing of the personal data you voluntarily provide us with by e-mail or contact form is solely for the purpose of contacting you or answering your questions about our events.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For personal data sent by e-mail or via our contact form, this is the case when the respective conversation with the user has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has been finally clarified.
5. Possibility of objection and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail or via the form, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued. The revocation can be made at any time via the contact details under I. and II. as well as under the following e-mail address info@ma-review.com. See also X. All personal data stored in the course of the contact will be deleted in this case.

VI. 2 Subscription and login

1. Description and scope of data processing

On our website you have the possibility to take out one of the subscriptions offered there. When concluding a subscription contract, we process the personal data you have provided us with in the course of concluding the contract.

a) Subscription – Registration for M&A Review Online Area

For the conclusion of the subscription as well as the obligations resulting from this contract, the processing of the following data, which you send us in the context of your subscription request, is necessary:

  1. Selected subscription*,
  2. Salutation*, title, first name* and surname*,
  3. Contact details (e-mail address*, telephone number, mobile number, voucher),
  4. Indicate private person, company or student*,
  5. Invoice address (first name*, surname*, street and house number*, postcode*, city* and country*) as well as a delivery address if different.

Mandatory (*) and optional information is indicated in the registration document.

We store and process the data provided solely for the purpose of processing your booked subscription.

If you have taken out a subscription, M&A collects, processes and uses the data you have provided exclusively for the processing and sending of your booked subscription. For the technical implementation of the booking area, your personal data provided to us will be transmitted to 1&1. 1&1 processes this data in accordance with the order processing agreement concluded with M&A, in compliance with the necessary measures for data security and the requirements for contractors according to Art. 28GDPR .

As part of your subscription, you will receive access to the internal area (hereinafter referred to as “M&A Review Online Area”) with access to the M&A Review Online Archive, the e-magazine archive and all paid contributions. The internal area is separately protected, whereby protected means that only subscribers of M&A can access this area, i.e. the latter has technical measures in place to protect this area from access by unauthorized third parties, i.e. non-registered users of the website.

For the provision of services within the M&A Review Online area, we process the data you provide in the context of the subscription request or order in order to create a customer account for you in this area and to enable the prerequisites for logging into the M&A Review Online area. The purpose of the customer account is to enable you to register and thus use the online area in order to offer you the services included in the M&A Review Online Area.

After your order you will receive a notification in your used browser as well as an e-mail to your given e-mail address. In addition, we will send you your access data for our M&A Review Online area after the e-mail address you have provided.

b) Login

If you subsequently authenticate yourself to the M&A Review online area using your access data, it is necessary for us to process the data you have provided for verification purposes. This data is not stored.

The following data is processed within the scope of this authentication:

  1. E-mail address
  2. Password for access

Afterwards you can view our M&A Review online archive and the e-magazine archive. As a logged-in user you can also read all paid articles on our website.

2. Legal basis and purpose of the data processing

We process the data collected when you order one of our subscriptions in order to process your order or subscription, to set up and provide the customer account for the M&A Review online area, for invoicing and, if applicable, to send you our print media. The processing of your data is necessary for the fulfilment of the contractually owed services of the existing contract (Art. 6 para. 1 lit. bGDPR ). Insofar as data is marked as mandatory data, it is required for the processing of the subscription or for invoicing.

3. Duration of storage

Your data necessary for the registration to our protected area are stored on servers of 1&1 in Germany. 1&1 uses this information to provide the protected area on our behalf. Independent use of the data by 1&1, for example to contact you, as well as passing it on to third parties is prohibited.

The data stored on 1&1’s servers will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data that you have given us for the purpose of registration, this is the case when the subscription period has expired. After expiry, all deposited data will be deleted in compliance with any existing legal retention periods.

We process your data relevant for the subscription and the associated documents and invoices in accordance with the legal requirements after the conclusion of the contract in accordance with the legal or commercial regulations.

VI.3 Registration for events

1. Description and scope of data processing
We collect and process personal data when you register for an event or participate in one of our events or live stream events (hereinafter collectively referred to as “event”). The scope of the personal data processed varies depending on the event. Further information on the scope of data processing within the scope of an event can be found in the respective registration forms. In any case, the following data is collected:

  1. Your first* and last* name;
  2. your company, if applicable;
  3. Your address data (street*, house number*, additional address information, postcode*, city*, country*);
  4. Your contact details (e-mail address*, telephone number);
  5. if necessary, an optional e-mail address for the additional dispatch of the tickets;
  6. if applicable, correspondence about the event and the fact and result of the participation and
  7. if necessary, depending on the conference system used, video and audio recordings are made.

You will also find further details in the corresponding conditions of participation in our events.

We will contact you in the run-up to the event via the e-mail address you provided during registration to send you further information about the event, our topics and the venue. After receipt of your registration you will receive a short confirmation by e-mail that your registration has been received and will be checked by us. After successful verification we will send you the access links to the live stream event in a separate e-mail.
In addition, we can contact you after the event to provide you with further information, summaries and presentation documents. We also use your contact details to offer you interesting offers and further events.

The organisational handling of the event is taken over by us. When organising events, it may be necessary for us to pass on individual participant data to companies/third parties commissioned to process the event.

Our events are partly recorded. For this purpose, the video and audio recordings are made by M&A or by commissioned third parties. On the recordings individual participants can be seen and/or heard depending on the system used for the respective event. Subsequently, these recordings will be used for advertising and internal documentation purposes or if a recording of the event is made available to the participants. By participating in an event, the participant agrees to both the production and the publication of the image and / or sound recordings for the purposes described.

2. Legal basis and purpose of the data processing

We process your data in connection with a specific event, in order to be able to carry it out successfully and to inform you about the event in advance and afterwards (Art. 6 para. 1 sentence 1 lit. bGDPR ). Participation in such events is voluntary, but not possible without the processing of personal data.

The production of image and/or sound recordings for the purpose of advertising our events, for internal documentation, for recording as well as for quality assurance is carried out within the framework of our events on the basis of the consent of the event participant and/or employer given through voluntary participation in the event in accordance with
Art. 6 para. 1 sentence 1 lit. aGDPR . By participating in an event, the participant agrees to both the production and the publication of the image and / or video recordings made.

3. Duration of storage

The data will be deleted by the system and the registration forms used will be destroyed as soon as they are no longer required for the purpose for which they were collected or as soon as legal retention periods conflict with this.

The image and/or sound recordings made during the event will be processed until your consent is revoked or if the purpose of further use is no longer given.

4. Possibility of objection and removal

In the event that the user prohibits further use of his data for admission and participation in the event, this may lead to termination of the service relationship entered into. In this case, all personal data stored during the event will be deleted.

The consent for the recording of image and / or sound recordings can be revoked by the participant at any time with effect for the future by declaring the revocation to M&A via the contact data given in section 1 or by sending an e-mail to info@ma-review.com. Through the revocation, the image and/or sound recordings will no longer be used in the future. These data will be deleted as far as this is possible when using the media used. However, image and/or sound recordings already published in the past can usually no longer be deleted. By agreeing to the recording of image and/or sound recordings, the participant simultaneously assigns his right to use his own image and word to M&A. The assignment of the rights of use is unlimited in time and cannot be revoked. However, as soon as the purpose has ceased to exist or M&A will no longer use the statement, it will be immediately deleted in all media to which M&A has access.

VI.4 Zoom Webinar

1. Description and scope of data processing

To conduct webinars as well as online meetings (hereinafter referred to as “webinars”), we use the “Zoom” webinar technology, a service offered by Zoom Video Communications, Inc., 55 Almaden Blvd. Suite 600, San Jose, CA 95113, USA (hereinafter referred to as “Zoom”).

The following data may be collected in the course of webinars. The scope of the data also depends on the data you provide before or during participation in a webinar:

  1. User information: First name, last name, phone (optional), e-mail address, password (if Single-Sign-On is not used), profile picture (optional), department (optional)
  2. Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
  3. For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
  4. When dialling in by telephone: information on incoming and outgoing telephone number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, can be saved.
  5. Text, audio and video data: You may be able to use the chat, question or survey functions in a webinar. In this respect, the text entries you make will be processed in order to display and, if necessary, log them in the webinar. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera on the end device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the zoom applications.

To participate in a webinar, you must at least provide information about your name to enter the webinar.

Zoom processes the provided data under observance of the necessary measures for data security as a contractor in the sense of art. 28 GDPR for us. The contractual relationship has been agreed in accordance with data protection law. The data are used by Zoom exclusively for the provision of the service (execution of the webinar). This contract (Data Processing Addendum based on the EU standard contract clauses) can be viewed at any time under the following link: https://zoom.us/docs/doc/Zoom_Data_Processing_Addendum_Processor_Form_Final-SIGNED.pdf.

Please note that when you are redirected to Zoom, you leave our website and Zoom’s website uses cookies and tracking technologies. We therefore recommend that you read Zoom’s privacy policy and terms of use before visiting. After leaving our website, we have no possibility of influencing Zoom and the technologies it uses. However, Zoom undertakes to M&A on the basis of the concluded order processing agreement to comply with the provisions of the GDPR in its relationship with us and the data we provide.

For more information about Zoom and the data processing by Zoom, please refer to the Privacy Policy and Terms of Use at https://zoom.us/de-de/privacy.html and https://zoom.us/de-de/terms.html

We use Zoom to conduct webinars. If we want to record individual webinars, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed in the zoom app. If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case. In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and follow-up of webinars.

If you are registered as a user at Zoom, webinar reports (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at Zoom. In Zoom there is the possibility of software-based “attention monitoring” (“attention tracking”), but this is deactivated.

Personal data processed in connection with participation in webinars are generally not passed on to third parties unless they are specifically intended to be passed on. Please note that the content of webinars and personal meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.

Other recipients: Zoom necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in the context of our contract processing agreement with Zoom.

2. Legal basis for the data processing

The legal basis for the processing of data collected in the course of participation in a meeting or webinar organised by us is Art. 6 Par. 1 letter bGDPR . If Zoom is not used for participation in a webinar, we will obtain your consent in advance for the processing of data for the purpose of holding a meeting with Zoom (Art. 6 para. 1 lit. aGDPR ).

3. Purpose of the data processing

The processing of personal data by us and our service provider Zoom serves us solely to conduct the webinars.

4. Duration of storage

Your data is stored on servers of Zoom in the USA. Zoom uses this information to provide the webinar on our behalf, as well as for service optimization. Zoom does not use the data independently, e.g. to contact you, nor does it pass it on to third parties.

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

5. Possibility of objection and removal
You have the option to cancel your participation in the webinar at any time. Alternatively, you can cancel or delete your registration at any time using our contact details (see section I).

VI. 5 Deployment of Microsoft Teams

1. Description and scope of data processing

To conduct webinars as well as online meetings (hereinafter referred to as “webinars”), we use “Microsoft Teams”, an offering from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as “Teams” or “Microsoft”).

The following data may be collected in the course of webinars. The scope of the data also depends on the data you provide before or during participation in a webinar:

  1. User data (first name, last name, display name, e-mail address, profile picture, language settings, IP address, device/hardware information)
  2. Meeting data (date, time, meeting ID)
  3. Text, audio or video data (depending on the configuration of the online meeting and the individual settings of the person concerned, text entries in the chat window and data collected via the microphone and video camera of the terminal used can be processed)
  4. Recordings (MP4 file of video, audio and presentation recordings, M4A file of audio recordings, text file of online meeting chat)

To participate in a webinar, you must at least provide information about your name to enter the webinar.

Microsoft processes the provided data on our behalf as a contractor within the meaning of Art. 28 GDPR and in compliance with the necessary data security measures. The contractual relationship has been agreed in accordance with data protection law. The data will be used by Microsoft exclusively for the provision of the service (conducting the webinar). This contract (Data Processing Addendum based on the EU standard contract clauses) can be viewed at any time at the following link: https://zoom.us/docs/doc/Zoom_Data_Processing_Addendum_Processor_Form_Final-SIGNED.pdf.

Personal data is processed in Germany, as M&A uses a German data centre for recruitment to Microsoft teams, and thus within the European Union (EU). If a data subject dials into a webinar from a third country, M&A cannot exclude the possibility that the routing of data takes place via internet servers outside the EU.

For more information about Zoom and Microsoft’s data processing practices, please see the privacy statement at https://privacy.microsoft.com/de-de/privacystatement

We use teams to conduct webinars. If we want to record individual webinars, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed in Microsoft Teams. If necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case. In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and follow-up of webinars.

Personal data processed in connection with participation in webinars are generally not passed on to third parties unless they are specifically intended to be passed on. Please note that the content of webinars and personal meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.

M&A does not pass on personal data processed in webinars to third parties. Something else is only valid if they are intended to be passed on to third parties. As a provider of Microsoft teams, Microsoft is informed of the above-mentioned personal data within the framework of the provisions of the contract processing agreement concluded between M&A and Microsoft.

2. Legal basis for the data processing

The legal basis for the processing of data collected in the course of participation in a meeting or webinar organised by us is Art. 6 Par. 1 letter bGDPR . If Microsoft Teams are not used for participation in a webinar, we will obtain your consent for the processing of data in advance for the purpose of holding a meeting with teams (Art. 6 para. 1 lit. aGDPR ).

3. Purpose of the data processing

The processing of personal data by us and our service provider Microsoft is solely for the purpose of conducting the webinars.

4. Duration of storage

Your data is stored on Microsoft servers in the European Economic Area. Microsoft uses this information to deliver the webinar on our behalf. Microsoft will not use the data independently, for example to contact you, nor will it be passed on to third parties.

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

5. Possibility of objection and removal

You have the option to cancel your participation in the webinar at any time. Alternatively, you can cancel or delete your registration at any time using our contact details (see section I).

VI. 6 Newsletter and newsletter tracking

1. Description and scope of data processing
On our website it is possible to apply for an e-mail newsletter. If you register for our newsletter, we will use the necessary data provided by you to send you our e-mail newsletter in accordance with your consent. We send out newsletters at regular intervals in order to distribute news, offers and information from the field of M&A.

If you register for an electronic newsletter, we process the following data in particular:

  1. Your e-mail address,
  2. whether you have consented to or objected to receiving such communications, including the date and time.

If you have registered for the newsletter, we will collect, process and use the data you have provided us with exclusively for sending the newsletter. For the technical implementation of the dispatch, your personal data will be transferred to the service of CleverReach GmbH & Co KG, Mühlenstraße 43, 26180 Rastede, Germany (hereinafter “CleverReach”), which will process the data provided for us as a contractor in accordance with Art. 28GDPR , while observing the necessary data security measures. The contractual relationship has been agreed. CleverReach will use the data exclusively for sending the newsletter and for evaluating the success of the newsletter.

Further information about CleverReach can be found on the website: https://www.cleverreach.com.
You can find more information about the handling of personal data by CleverReach at
https://www.cleverreach.com/en/privacy-policy/.

The registration for the e-mail newsletter is done via a double-opt-in procedure set up by the system. This means that after entering your data you will receive an e-mail with a confirmation link. This confirmation e-mail is used to authorize the owner of the specified e-mail address to receive the newsletter. The e-mail address will only be added to the distribution list after confirmation. To be saved: Registration data, time of registration, confirmation, logout, IP address and changes to the stored data. The collection of this data is necessary to be able to trace any misuse of the e-mail address of the persons concerned and to protect the data controller.

In order to further improve the newsletter offer, data on the use and the associated interests of the recipients are collected and statistically processed. For this function the sent newsletters contain web-beacons. This is done by collecting IP address, time of request, content of the request, access status, amount of data transferred in each case, browser, operating system and its interface, as well as web beacons that are assigned to your e-mail address and linked to your own ID. The ID is not linked to the data you provide, so that a direct personal reference can be excluded.
With the help of so-called conversion tracking, it is also possible to analyse whether a previously defined action (e.g. linking to an event) has taken place after clicking on the link in the newsletter.

For further information on data analysis by CleverReach newsletter, please visit
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

2. Legal basis for the data processing

The legal basis for the processing of the data transmitted in the course of giving consent for the sending of the newsletter and for the temporary storage of the data for the evaluation of success is Art. 6 para. 1 letter aGDPR . We have an interest in direct advertising and the success evaluation of your reaction to the contents of the newsletter in order to be able to assert ourselves successfully in the market.

3. Purpose of the data processing

The processing of personal data by us and our service provider CleverReach serves us solely to process and send a newsletter and to evaluate the success of a respective newsletter. Anonymized statistics about your use and reaction to our newsletter help us to better align our offers to the interests of our subscribers. This is also the reason for the necessary legitimate interest in processing the data.

4. Duration of storage

Your data is stored on certified servers of CleverReach exclusively in the European Economic Area. CleverReach uses this information for sending and evaluating the newsletter usage on our behalf. CleverReach does not independently use the data, e.g. to contact you, or pass it on to third parties.

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. This is the case for the personal data that you have provided us with for the purpose of applying for and sending the newsletter, if your consent for processing has been revoked. After cancellation of the newsletter all deposited data will be deleted.

5. Possibility of objection and removal

You have the possibility to revoke your consent to the processing of personal data for the subscription of the newsletter at any time. You can unsubscribe from the newsletter at any time. It can be done by sending a message via the contact form, or by sending an e-mail (info@ma-review.com) to us or via a cancellation link provided for this purpose in the newsletter.

VII. Website analysis services
VII.1 Google Analytics

1. Description and scope of data processing
We have integrated our website using Google Tag Manager functions of the web analysis service Google Analytics of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies” or “third-party cookies”. These are text files that are stored on your computer or the terminal device you use (tablet, smartphone, etc.) and which enable an analysis of your use of our website (see VI. Use of Cookies).

The following cookies are set by Google Analytics:

  1. _ga       (validity: 24 months)
  2. _gat      (validity: 1 minute)
  3. _gid      (validity: 1 day)

Using the functions provided in the website analysis services, Google is able to assign data, sessions and interactions across multiple devices to an anonymised user ID and thus analyse the activities of an anonymised user across devices.

The information generated by the cookie about your use of the website (including your IP address) will also be transmitted to and stored by Google on servers in the USA. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Due to the activation of IP anonymisation on our website, your IP address will be shortened by Google within member states of the European Union or in other treaty states of the Agreement on the European Economic Area before transmission in order to exclude the possibility of direct personal reference. Outside the European Union or the European Economic Area, Google has not set up IP anonymisation in the system.

You can object to the collection, storage and use of information by Google at any time with effect for the future by installing the deactivation add-on provided by Google.

We have concluded the Data Processing Addendum (as defined in Article 28GDPR ) with Google, which is required by data protection law, in which Google undertakes to protect the data of our users and to process them exclusively on our behalf in accordance with the applicable data protection regulations.

You can find more information on how Google Analytics handles user data, for example, in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

2. Purpose and legal basis for the data processing

The legal basis for the processing of personal data using cookies for statistical purposes is based on your consent in this regard via the cookie settings or our cookie banner Art. 6 para. 1 lit. aGDPR .

The information obtained through the use of Google Analytics is used in particular to better understand the use of our website and to improve its content, functionality and findability. We as website operators have an interest in analysing your user behaviour in order to improve both our website and our advertising. The aforementioned processing purposes are in our legitimate interest (Art. 6 para. 1 lit. fGDPR ), should it be possible to forward anonymised information to Google with your consent.

3. Duration of storage

Sessions are ended after 30 minutes without activity and campaigns after six months. The maximum time limit for campaigns is two years.

4. Possibility of objection and removal

You can object to the collection, storage and use of information by Google at any time with effect for the future by using the following methods:

a) You can object by installing the deactivation add-on provided by Google. For more information, please visit https://tools.google.com/dlpage/gaoptout?hl=de
b) Alternatively, you can prevent the storage of the cookies set by Google by making the appropriate setting in your browser software.
c) You can prevent the collection of your data by Google Analytics by unchecking the appropriate box in our privacy settings.
However, we would like to point out that in the event of deactivation or opt-out, you may not be able to use all the functions of the website to their full extent.

VIII. Plugins & Tools

We use extensions, plug-ins and offers from third parties on our website for the uniform presentation of the website and for the play of our Consent Management Platform. In doing so, personal data is often passed on to the third party providers or transferred automatically. In the following, the type, scope and purpose of this processing of personal data are listed and explained:

VIII. 1 Data Protection Setting with Usercentrics CMP

1. Description and scope of data processing

The Website uses the services of Usercentrics GmbH, Rosental 4, 80331 Munich, Germany (hereinafter referred to as “Usercentrics”) for the provision of a content management platform (hereinafter referred to as “CMP”), i.e. a system which manages the use of third party providers, technical measures and cookies by means of a granted or refused consent.
Usercentrics processes the following data to provide and manage the CMP:

  1. Your IP address, which is anonymised by Usercentrics during collection, and other information on the terminal device used,
  2. Date and time of your visit to our website,
  3. Information about the browser used and the browser version,
  4. Your given consents or individual data protection settings

and uses both the local storage (also called local storage) on your end device and the setting of cookies to store this information locally in your browser. The data is also stored on cloud servers hosted by Usercentrics in the European Economic Area (Frankfurt am Main and Brussels).
The retention period is the period during which the data processed by CMP is stored for the purpose of consent management. Consent data (granted consent and revocation of consent) is stored for three years. Within this period, no new consent is required, unless new systems are introduced or unless a new consent is required due to legal or regulatory requirements.

Further information on data processing by Usercentrics can be found in the Usercentrics Privacy Policy at https://usercentrics.com/privacy-policy/.

2. Legal basis and purpose of the data processing

The purpose of data processing by Usercentrics is to provide and manage the consent given by our website visitors in order to comply with a consent management system that complies with data protection regulations. The use of Usercentrics serves the purpose of proving that consents have been granted and not granted, and of managing the individual data protection settings of our website visitors. The processing is carried out for the purpose of obtaining the consent of the website visitor, providing revocation and objection options, providing evidence of the consent received (time of consent, end device used) and identifying the user in order to manage his individual data protection settings.

The use of a content management platform and the management and storage of your consent to the processing of your personal data is based on our legal obligation to provide a website that conforms to data protection regulations (Art. 6 Para. 1 lit. cGDPR ). The legal basis for the use of the service provider Usercentrics is also Art. 6 para. 1 lit. fGDPR . Our legitimate interest lies in the legally compliant documentation and verifiability of consent as well as in the control of our analysis campaigns on the basis of your consent by using specialised processors and the technical implementation associated with this.

3. Possibility of objection and removal

The processing of data to provide a CMP solution is mandatory for the operation of the website. There is no possibility of objection on the part of the user as long as M&A is legally obliged to obtain the user’s consent to certain data processing procedures.

VIII.2 Use of WordPress extension Wordfence

1. Description and scope of data processing
On our website we use a WordPress extension (in the following “WP Plugin”). The WP Plugin “Wordfence Security”, an offer from Defiant Inc. 800 5th Avenue, Suite 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”) is used to secure our website, i.e. to protect against viruses, malware, spam and to defend against cyber attacks (e.g. brute force or DDoS attacks). Wordfence determines whether the visitor to our website is a human being or a bot / robot. In individual cases, technically necessary cookies will be set on your end device and IP address, browser and device information, date and time of the website visit and information on the operating system will be collected by Wordfence and stored on the servers hosted by Wordfence. Harmless IP addresses, including other collected data, are marked and released with each visit – questionable IP addresses are blocked by Wordfence. Wordfence uses the CDN Cloudflare, an offer from Cloudflare, Inc. 101 Townsend St., San Francisco, CA 94107, USA.

For more information on data processing by Wordfence Security, please refer to the privacy policy at https://www.wordfence.com/terms-of-use-and-privacy-policy/

2. Legal basis and purpose of the data processing

The legal basis for the use of Wordfence is Art. 6 para. 1 lit. fGDPR . Our legitimate interest lies in the security of our Internet presence and in the prevention of unwanted, automated access in the form of spam, viruses and malware, as well as the direct security of visitors to our website.

3. Possibility of objection and removal

The processing of data for the purpose of securing our website and providing the functions is absolutely necessary for the operation of the website. There is no possibility of objection on the part of the user.

VIII. 3 Sharing of contributions on social media websites

1. Description and scope of data processing
On our website, we also offer you the possibility of individual blog posts on the social networks facebook.com, which is operated by Facebook Inc, 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter “Facebook”), LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”) and twitter.com, which is operated by Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103 (hereinafter “Twitter”) and Xing, which is operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter “Xing”). In addition, sharing is also possible by e-mail.

The social media providers can be identified by their initial letters or logo. Only if you click on the marked field and then click on “SHARE” will we redirect you to the selected social network and the social network will receive the information that you have visited the corresponding website of our online offer. We would like to point out that by simply visiting our website, no data will be transmitted to the operators of the social networks. However, we have no influence on the amount of data that Facebook, LinkedIn and Twitter collects during the sharing process and therefore recommend that you view the terms of use and privacy policy of the social media providers before sharing the blog post.

Further information on data processing in the social media channels can be found in the respective privacy notices of Facebook at https://www.facebook.com/policy.php, LinkedIn at https://www.linkedin.com/legal/privacy-policy?_l=de_DE, Xing at https://privacy.xing.com/de/datenschutzerklaerung and Twitter at https://twitter.com/privacy

2. Legal basis and purpose of the data processing

The aforementioned processing purposes, i.e. offering a social media plugin, are in our legitimate interest (Art. 6 para. 1 lit. fGDPR ). Your redirection to the respective linked platform is based on your voluntary click on the button (Art. 6 para. 1 lit. aGDPR ). It is important for us to make our website attractive and to increase the interaction with our visitors with the help of the plugins.

3. Possibility of objection and removal

You have a right of objection to the creation of these user profiles, whereby you must contact the respective social plugin provider to exercise this right. It is also possible to block social plugins with add-ons for your browser, for example with the “Facebook Blocker”. We would like to point out that you can prevent the assignment described above by logging out of your respective social media profile before visiting the website and deleting the cookies used by social media channel.

VIII. 4 Use of Google Web Fonts

1. Description and scope of data processing
The website uses so-called web fonts, which are provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”), for the uniform display of fonts. When you access the site, your browser will load the necessary web fonts into your browser cache to display text and fonts correctly. For this purpose, the browser you use must connect to Google’s servers. This enables Google to know that our website has been accessed via your IP address. In addition, Google collects usage data collected through the use of the service, the CSS request and the refferer URL.
If your browser does not support web fonts, a default font is used by your computer. For more information about Google Web Fonts, visit https://developers.google.com/fonts/faq and Google’s privacy policy (https://www.google.com/policies/privacy/).

2. Legal basis and purpose of the data processing

The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers as well as the provision of uniform fonts. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. fGDPR .

3. Possibility of objection and removal

You have the option to object to the processing of data or the use of Google Web Fonts at any time via our privacy settings. By changing the check mark (under Functional – Google Fonts) you prevent the technical measure from being carried out.

VIII. 5 Use of Google reCAPTCHA

1. Description and scope of data processing
On our website as well as when entering data into our contact form, we use Google reCAPTCHA to check and avoid interactions on our website through automated access, e.g. through so-called bots. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only “Google”.

This service enables Google to determine from which website a request is sent and from which IP address you are using the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary for the offer and guarantee of this service.

Responsible for data processing is Google. Google offers further information on the general handling of your user data at https://policies.google.com/privacy.

2. Purpose and legal basis for the data processing

The legal basis for the use of Google reCAPTCHA is Art. 6 para. 1 lit. fGDPR . Our legitimate interest lies in the security of our Internet presence and in the prevention of unwanted, automated access in the form of spam or similar, and thus also serves the security of a visitor to our website.

3. Possibility of objection and removal

You can object to the collection, storage and use of information by Google at any time with effect for the future via the opt-out link https://adssettings.google.com/authenticated or you can unsubscribe from the Google service.

IX. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the responsible body or the person responsible:
1. Right of access to information
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.
In the event of such processing, you may request the following information from the data controller:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of the storage of personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage;
  5. the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing
  6. the existence of a right of appeal to a supervisory authority;

You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

To exercise your right to free information, please contact us directly using the contact details in our imprint (see section I).

2. Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.

3. Right to limit processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  1. if you dispute the accuracy of the personal data concerning you for a period of time that allows the person responsible to verify the accuracy of the personal data;
  2. the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of the processing, but you need it in order to exercise or defend your rights; or
  4. if you have lodged an     objection to the processing pursuant to Art. 21 para. 1 DPA and it has not yet been established whether the legitimate reasons of the controller outweigh your reasons.

Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right of cancellation

a) Obligation to delete
You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. you withdraw your consent on which the processing is based       pursuant to Art. 6(1)(a) and there is no other legal basis for the processing.
  3. You object to the processing      pursuant to Art. 21(1) DPA and there are no legitimate grounds for processing that take precedence, or you object to the processing pursuant to Art. 21(2) DPA.
  4. The personal data concerning you have been processed unlawfully.
  5. The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you has been collected in relation to          information society services offered in accordance with Art. 8 para. 1GDPR .

b) Information to third parties

If the controller has made public the personal data concerning you and is obliged to delete them pursuant to Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.

c) Exceptions
The right of cancellation does not exist insofar as the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. in order to comply with a legal obligation imposed on the controller under Union or national law to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. to assert, exercise or defend legal claims.

5. Right to information

If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
They have the right to be informed of these recipients by the person responsible.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been communicated, provided that

  1. the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR and
  2. the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one person responsible to another, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6, paragraph 1, letter e or f FADP.

The controller shall no longer process the personal data concerning you, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection of your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

9. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78GDPR .

The data protection authority responsible for us is the Bayerisches Landesamt für Datenschutzaufsicht, home address, Promenade 18, 91522 Ansbach, Germany, postal address: Postfach 1349, 91504 Ansbach, Germany, further information on the Internet at www.lda.bayern.de.

X. Automated decision making and profiling

As a responsible company, we refrain from profiling or the use of automatic decision making.

XI. Links to other Internet sites

This privacy policy applies exclusively to the Internet presence www.ma-review.de or www.ma-review.com. The internet pages in this presence may contain links to internet pages of products of advertising partners or third parties. Our privacy policy does not extend to these Internet pages. When you leave the website, we recommend that you carefully read the privacy policy of each website that collects personal data.

XII. Security

We take the necessary security measures to protect your personal data from unlawful or unintentional access or deletion, modification or loss, and against unauthorized disclosure. We encrypt your data during transmission via our website and use so-called SSL (Secure Socket Layer) or TLS (Transport Layer Security) connections. We secure our website and our other systems and personal data by appropriate technical and organizational measures, in particular against loss, destruction, unauthorized access, modification or disclosure to third parties.

XIII. Availability and changes

You can view this privacy policy at https://ma-review.de/datenschutz/. You can also save or print out this privacy policy by using the corresponding functions of your browser.

In case of discrepancies between the English translation and the German original text, the German original text shall prevail.

We reserve the right to change this privacy policy from time to time or to adapt it to legal requirements and therefore ask you to check the current privacy policy each time you visit our website.

Version: July 2020