Data privacy

Data protection
In accordance with the statutory provisions of data protection law (in particular the BDSG nF and the
European General Data Protection Regulation ‘DS-GVO’), we will inform you below about the type, scope
and purpose of the processing of personal data by our company. This data protection declaration also
applies to our websites and social media profiles. For the definition of terms such as “personal data” or
“processing”, please refer to Art. 4 GDPR.

Name and contact details of the person responsible
Our responsible person (hereinafter “responsible person”) within the meaning of Art. 4 No. 7 GDPR is:

MIB GmbH
Bahnhofstr. 35
D-79206 Breisach
Managing Directors: Martin Deutscher; Thomas Will
Email address: info@mib-gmbh.com

Types of data, purposes of processing and categories of data subjects

Below we inform you about the type, scope and purpose of the collection, processing and use of
personal data.
1. Types of data we process
Usage data (access times, websites visited, etc.), contact details (telephone number, email, fax, etc.),

2. Purposes of processing pursuant to Art. 13 para. 1 c) GDPR

Evidence purposes / securing evidence, optimizing the website technically and economically, enabling
easy access to the website, contacting us in the event of legal complaints by third parties, fulfilling
statutory retention periods, optimizing and statistically evaluating our services, making the website userfriendly,
operating the advertising and website economically, marketing / sales / advertising, compiling
statistics, avoiding SPAM and abuse, customer service and customer care, handling contact requests,
providing websites with functions and content, uninterrupted, secure operation of our website,

3. Categories of data subjects pursuant to Art. 13 para. 1 e) GDPR
Visitors/
users of the website, customers, interested parties,
The persons concerned are collectively referred to as “users”.

Legal basis for the processing of personal data
Below we inform you about the legal basis for the processing of personal data:

1. If we have obtained your consent to process personal data, Art. 6 Paragraph 1 Clause 1 Letter a) of
GDPR is the legal basis.
2. If processing is necessary to fulfill a contract or to carry out pre-contractual measures at your
request, Art. 6 (1) sentence 1 lit. b) GDPR is the legal basis.
3. If processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory retention
periods), Art. 6 (1) sentence 1 lit. c) GDPR is the legal basis.
4. If processing is necessary to protect the vital interests of the data subject or of another natural
person, Art. 6 (1) sentence 1 lit. d) GDPR is the legal basis.
5. Is processing necessary to protect our legitimate interests or those of a third party

and your interests or fundamental rights and freedoms do not prevail in this regard, Art. 6 Paragraph 1
Clause 1 Letter f) of GDPR is the legal basis.

Transfer of personal data to third parties and processors

As a matter of principle, we do not pass on any data to third parties without your consent. If this is the
case, the data will be passed on based on the legal bases mentioned above, e.g. when data is passed on
to online payment providers to fulfil a contract or due to a court order or due to a legal obligation to
release the data for the purposes of criminal prosecution, to avert danger or to enforce intellectual
property rights.
We also use contract processors (external service providers, e.g. for web hosting of our websites and
databases) to process your data. If data is passed on to the contract processors as part of a contract
processing agreement, this is always done in accordance with Art. 28 GDPR. We select our contract
processors carefully, monitor them regularly and have been granted the right to give instructions with
regard to the data. In addition, the contract processors must have taken suitable technical and
organizational measures and comply with the data protection regulations in accordance with the BDSG nF
and GDPR.

Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data
protection in Europe. Your data will therefore be processed primarily by companies to which the GDPR
applies. If processing is carried out by third-party services outside the European Union or the European
Economic Area, these must meet the special requirements of Art. 44 ff. GDPR. This means that processing
is carried out on the basis of special guarantees, such as the officially recognized determination by the EU
Commission of a level of data protection equivalent to that of the EU or compliance with officially
recognized special contractual obligations, the so-called “standard contractual clauses”.
Insofar as we obtain your express consent to the transfer of data to the USA due to the ineffectiveness of
the so-called “Privacy Shield”, in accordance with Art. 49 Paragraph 1 Clause 1 Letter a) of GDPR, we
would like to point out the risk of secret access by US authorities and the use of the data for surveillance
purposes, possibly without legal remedies for EU citizens.

Deletion of data and storage period

Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as you
revoke the consent you have given for processing or the purpose for storing it no longer applies or the data
is no longer required for the purpose, unless further storage is necessary for evidentiary purposes or this is
contrary to statutory retention periods. This includes, for example, commercial retention periods for
business letters according to Section 257 Para. 1 HGB (6 years) and tax retention periods for receipts
according to Section 147 Para. 1 AO (10 years). When the prescribed retention period expires, your data will
be blocked or deleted unless storage is still required for the conclusion or fulfillment of a contract.

Existence of automated decision-making
We do not use automated decision-making or profiling.

Provision of our website and creation of log files

1. If you use our website for information purposes only (i.e. no registration or other transmission of
information), we only collect the personal data that your browser transmits to our server. If you
wish to view our website, we collect the following data:
• IP address;
• User’s Internet service provider;
• Date and time of retrieval;
• Browser type;
• Language and browser version;
• Content of the retrieval;
• Time zone;
• Access status/HTTP status code;
• Amount of data;
• Websites from which the request comes;
• Operating system.
This data will not be stored together with your other personal data

2. This data serves the purpose of delivering our website to you in a user-friendly, functional and
secure manner with functions and content as well as their optimization and statistical evaluation.

3. The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 (1) sentence
1 lit. f) GDPR, which also lies in the above purposes.

4. For security reasons, we store this data in server log files for a storage period of 30 days. After this
period, it is automatically deleted unless we need to keep it for evidential purposes in the event of
attacks on the server infrastructure or other violations of law.

Cookies

1. We use so-called cookies when you visit our website. Cookies are small text files that your Internet
browser saves on your computer. When you visit our website again, these cookies provide
information to automatically recognize you. Cookies also include so-called “user IDs,” where user
information is saved using pseudonymized profiles. When you visit our website, we will inform you
about the use of cookies for the purposes mentioned above and how you can object to this or
prevent their storage (“opt-out”) by means of a reference to our privacy policy.

The following types of cookies are distinguished:

Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for
the operation of the website in order to store certain functions of the website such as logins,
shopping cart or user input, e.g. regarding the language of the website.
Session cookies: Session cookies are required to recognize repeated use of an offer by the same
user (e.g. when you have logged in to determine your login status). When you visit our site again,
these cookies provide information to automatically recognize you. The information obtained in this
way is used to optimize our offers and to give you easier access to our site. When you close the
browser or log out, the session cookies are deleted.
Persistent cookies: These cookies remain stored even after the browser is closed. They are used to
store the login, to measure reach and for marketing purposes. They are automatically deleted after
a specified period of time, which can vary depending on the cookie. You can delete the cookies at
any time in the security settings of your browser.
Third-party cookies (especially from advertisers):You can configure your browser settings
according to your wishes and, for example, refuse to accept third-party cookies or all cookies.
However, we would like to point out that in this case you may not be able to use all the functions of
this website. Read more about these cookies in the respective data protection statements of the
third-party providers.

2.Data categories: User data, cookies, user ID (including pages visited, device information, access
times and IP addresses).

3.Purposes of processing:The information obtained in this way serves the purpose of optimizing
our web offerings technically and economically and to enable you to access our website more
easily and securely.

4.Legal basis:If we process your personal data using cookies based on your consent (“opt-in”), then
Art. 6 Para. 1 Clause 1 Letter a) GDPR is the legal basis. Otherwise, we have a legitimate interest in
the effective functionality, improvement and economic operation of the website, so that in this case
Art. 6 Para. 1 Clause 1 Letter f) GDPR is the legal basis. The legal basis is also Art. 6 Para. 1 Clause 1
Letter b) GDPR if the cookies are set to initiate a contract, e.g. when placing orders.

5.Storage period/deletion: The data is deleted as soon as it is no longer required to achieve the
purpose for which it was collected. If the data is collected to provide the website, this is the case
when the respective session has ended.

Cookies are otherwise stored on your computer and transmitted from there to our website.
Therefore, as a user, you have full control over the use of cookies. You can deactivate or restrict
the transmission of cookies by changing the settings in your Internet browser. Cookies that have
already been stored can be deleted at any time. This can also be done automatically. If cookies are
deactivated for our website, it may no longer be possible to fully use all of the website’s functions.

Here you can find information on deleting cookies by browser:

Chrome:https://support.google.com/chrome/answer/95647
Safari:https://support.apple.com/de-at/guide/safari/sfri11471/mac
Firefox:https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen
Internet Explorer:https://support.microsoft.com/de-at/help/17442/windows-internet-explorerdeletemanage-cookies
Microsoft Edge:https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies

6.Objection and “opt-out”
:You can generally prevent cookies from being saved on your hard disk,
regardless of consent or legal permission, by selecting “do not accept cookies” in your browser
settings. However, this may result in a restriction of the functionality of our offers. You can
prevent the use of cookies by third parties for advertising purposes via a so-called “opt-out” via
this American
Website (https://optout.aboutads.info) or this European
Website (http://www.youronlinechoices.com/de/praferenzmanagement/).

Google AdWords with conversion tracking

1. We use the service “Google Ads with Conversion Tracking” (Service provider:Google Ireland Limited,
registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to draw attention to our
website by displaying advertisements on third-party websites.

2.Data categories and description of data processing:Usage data/communication data. When you
click on one of our Google ads, a cookie is stored in your browser that is valid for about 30 days.
When you then visit our website, we and Google can use the cookie to evaluate whether you have
visited our website and which page you have visited. Google creates statistics about this. The data is
also transferred to the USA and analyzed there. If you are logged in with a Google account,
AdWords can assign the data to your account. If you do not want this, you must log out before
visiting our website.

3.Purpose of data processing:This conversion tracking serves the purpose of analysis/success
measurement, optimization and the economic operation of our advertising and website.

4.Legal basis:If you have given your consent for the processing of your personal data using “Google
Ads with Conversion Tracking” (“opt-in”), then Art. 6 Para. 1 Clause 1 Letter a) GDPR is the legal
basis. Otherwise, the legal basis for the processing of your data is our legitimate interest in the
analysis, optimization and efficient economic operation of our advertising and website in
accordance with Art. 6 Para. 1 Clause 1 Letter f) GDPR.

5.Data transfer/recipient category:Google Ireland.

6.Storage period:up to 540 days.

7.Opt-out and removal options:You can object to or prevent the installation of cookies by
Google in various ways:
• You can block cookies in your browser bySetting “do not accept cookies” block, which also
includes third-party cookies;
• You can search directly at Google via the linkhttps://adssettings.google.com deactivate
conversion tracking, although this setting will only remain in effect until you delete your
cookies.
• You can customize theThird-party adswho participate in the advertising self-regulation initiative
“About Ads” via the linkhttps://optout.aboutads.info for US sites or for EU sites athttp://
www.youronlinechoices.com/de/praferenzmanagement/ deactivate, but this setting will only last
until you delete all your cookies;
• You can use aBrowser plug-infor Chrome, Firefox or Internet Explorer under the link https://
support.google.com/ads/answer/7395996 permanently deactivate cookies. This deactivation may
mean that you can no longer fully use all functions of our website.
8. For more information, see Google’s privacy policy at https://policies.google.com/privacy?
hl=de&gl=de andhttps://services.google.com/sitestats/de.html .

YouTube videos
1. We have embedded YouTube videos from youtube.com on our website using the embedded
function so that they can be accessed directly on our website. YouTube belongs to the Google Ireland Limited, Registered No: 368047, Gordon House, Barrow Street, Dublin 4, Ireland.
2.Data category and description of data processing: Usage data (e.g. website accessed, content and
access times). We have embedded the videos in the so-called “extended data protection mode”
without using cookies to record usage behavior in order to personalize video playback. Instead, the
video recommendations are based on the video currently being played. Videos that are played in an
embedded player in the extended data protection mode do not affect which videos are
recommended to you on YouTube. When you start a video (click on the video), you agree that
YouTube tracks the information that you have accessed the corresponding subpage or video on our
website and uses this data for advertising purposes.
3.Purpose of processing: Providing a user-friendly offering, optimizing and improving our
content.
4.Legal basis:If you have given your consent to the third-party provider processing your personal data
using “etracker” (“opt-in”), then Art. 6 Paragraph 1 Clause 1 Letter a) of GDPR is the legal basis. The legal
basis is also our legitimate interest in data processing in accordance with Art. 6 Paragraph 1 Clause 1
Letter f) of GDPR for the purposes above. For services provided in connection with a contract, tracking
and analysis of user behavior is carried out in accordance with Art. 6 Paragraph 1 Clause 1 Letter b) of
GDPR in order to be able to offer optimized services to fulfill the purpose of the contract using the
information obtained in this way.
5.Data transfer/recipient category:Third-party providers in the USA. The data obtained is transferred
to the USA and stored there. This also happens without a Google user account. If you are logged into
your Google account, Google can assign the above data to your account. If you do not want this, you
must log out of your Google account. Google creates user profiles from such data and uses this data
for the purposes of advertising, market research or optimizing its websites.
6.Storage period: Cookies for up to 2 years or until the cookies are deleted by you as a user.
7.Contradiction:You have the right to object to Google creating user profiles. Please contact Google
directly using the privacy policy below. You can opt out of advertising cookies in your Google
account here:
https://adssettings.google.com/authenticated .
8. In the YouTube Terms of Use under https://www.youtube.com/t/terms and in the Google
Advertising Privacy Policy under https://policies.google.com/technologies/ads  you will find further information about
9. Use of Google cookies and their advertising technologies, storage period, anonymization, location
data, functionality and your rights. General privacy policy of
Google:https://policies.google.com/privacy .

Rights of the data subject

1.Objection or revocation against the processing of your data

If the processing is based on your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a),
Art. 7 GDPR, you have the right to revoke your consent at any time. This does not affect the legality
of the processing carried out on the basis of the consent until the revocation.

If we base the processing of your personal data on the balance of interests in accordance with
Art. 6 Paragraph 1 Clause 1 Letter f) of GDPR, you can object to the processing. This is the case
if the processing is not necessary in particular to fulfill a contract with you, which we will
explain in the description of the functions below. If you exercise such an objection, we ask you
to explain the reasons why we should not process your personal data as we do. If your
objection is justified, we will examine the situation and will either stop or adapt the data
processing or show you our compelling legitimate reasons on the basis of which we continue
the processing.

You can object to the processing of your personal data for advertising and data analysis
purposes at any time. You can exercise your right of objection free of charge. You can
inform us of your objection to advertising using the following contact details:

MIB GmbH
Bahnhofstr. 35
Breisach
Managing Director Martin Deutscher; Thomas Will
Email address: info@mib-gmbh.com

2.Right to information
You have the right to request confirmation from us as to whether personal data concerning you is
being processed. If this is the case, you have a right to information about your personal data stored
by us in accordance with Art. 15 GDPR. This includes in particular information about the purposes
of processing, the category of personal data, the categories of recipients to whom your data has
been or will be disclosed, the planned storage period, the origin of your data if it was not collected
directly from you.

3.Right to rectification
You have the right to have inaccurate data corrected or correct data completed in accordance with Art. 16
GDPR.

4.Right to erasure
You have the right to have your data stored by us deleted in accordance with Art. 17 GDPR, unless
statutory or contractual retention periods or other legal obligations or rights to further storage
conflict with this.

5.Right to restriction
You have the right to request a restriction on the processing of your personal data if one of the
conditions in Art. 18 paragraph 1 letters a) to d) GDPR is met:
• If you contest the accuracy of the personal data concerning you for a period enabling the
controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the
restriction of the use of the personal data instead;
• the controller no longer needs the personal data for the purposes of processing, but you require
them to assert, exercise or defend legal claims need, or
• if you have objected to processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been
determined whether the legitimate reasons of the controller outweigh your reasons.

6.Right to data portability
You have a right to data portability according to Art. 20 GDPR, which means that you can receive the
personal data we have stored about you in a structured, common and machine-readable format or
you can request that it be transmitted to another controller.

7.Right to complain
You have the right to lodge a complaint with a supervisory authority. As a rule, you can
contact the supervisory authority in particular in the Member State of your residence, place of
work or place of the alleged infringement.

Data security

We have taken appropriate technical and organizational security measures to protect all personal data that
is sent to us and to ensure that we and our external service providers adhere to data protection
regulations. This is why, among other things, all data between your browser and our server is transmitted
using an encrypted SSL connection.

Status: 19.08.2024