Using our website is generally possible without providing personal data. However, if special services are to be used via our website, it may be necessary to process personal data. If there is no legal basis for the processing, we usually obtain the consent of the person concerned.
We always process personal data such as names, addresses, email addresses or telephone numbers in accordance with the General Data Protection Regulation (GDPR) and the applicable national data protection laws relevant to mfinovo GmbH. With this data protection declaration we inform the general public about the nature, scope, and purpose of the personal data we collect and process. In addition, the data subjects are informed about their rights with regard to their data.
Our privacy policy is based on the terms defined by European legislators in the course of the General Data Protection Regulation (GDPR). To ensure that our statement is clear and understandable for all users - be it the public, our customers or business partners - we explain below the most important terms used in this document.
The following terms are used in this privacy policy:
Personal data includes all information relating to an identified or identifiable person (hereinafter referred to as the "data subject"). A person is considered identifiable if he or she can be identified, directly or indirectly, by means of specific characteristics, such as names, identification numbers, location data, online IDs or special characteristics that reflect his or her physical, physiological, genetic, mental, economic, cultural or social identity.
According to the General Data Protection Regulation (GDPR) as well as the applicable data protection laws of the Member States of the European Union and other data protection regulations, the following body is responsible for the processing of personal data:
mfinovo GmbH
Kaistrasse 20a
40221 Dusseldorf
Email: info@mfinovo.com
Phone: +49 21115850925
Website: www.mfinovo.com
The mfinovo GmbH website uses cookies. These small text files are stored on your computer by the web browser.
Many websites and servers use cookies, and many of these cookies contain what is known as a cookie ID. This ID serves as a unique identifier for the cookie and consists of a string of characters that allows websites and servers to identify the specific web browser in which the cookie is stored. This allows the websites and servers visited to distinguish the user's browser from other browsers that contain other cookies. This allows the web browser to be recognized by its unique cookie ID.
By using cookies, mfinovo GmbH can improve the user-friendliness of its website, as certain functions would not be available without cookies.
Cookies help us to better adapt the content and offers on our website to the needs of users. They enable us to recognize visitors to the website, which makes it easier to use our site. For example, a user does not have to log in again every time they visit the website, as this is done by the cookie on the user's computer. In an online shop, a cookie also remembers the items that a customer has placed in the virtual shopping cart.
When you visit the mfinovo GmbH website, a series of general data and information is automatically collected. This information is stored in the server's log files. The data collected includes:
This general data and information is not used by mfinovo GmbH to identify individual persons. Instead, it is used to:
The data subject has the option of preventing the use of cookies by our website at any time via the corresponding settings in their browser and thus permanently denying the setting of cookies. Cookies that have already been set can also be removed via the web browser or other software. This is possible in all common browsers. Please note that by deactivating cookies, you may not be able to fully use all functions of our website.
In accordance with legal requirements, our website offers the option of quick electronic contact. This also includes a general email address for direct communication with us. If a data subject contacts us by email or via a contact form, the personal data transmitted is automatically recorded and stored.
The voluntarily submitted data will be used exclusively to process the request or to contact the person concerned. This personal data will not be passed on to third parties.
The controller shall process and store personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is provided for by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the purpose of storage no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.
Every data subject has the right to obtain confirmation from the controller as to whether or not his or her personal data is being processed. If a data subject wishes to exercise this right to confirmation, he or she may contact an employee of the controller at any time.
Persons whose data is processed have the right to receive information about the personal data stored free of charge. This information includes in particular the following information:
The data subject also has the right to know whether his or her personal data have been transferred to a third country or to an international organisation and, where that is the case, to receive information about the appropriate safeguards relating to that transfer.
To exercise this right to information, the data subject may contact an employee of the controller at any time.
Persons whose data is processed have the right to request the immediate correction of inaccurate personal data. In addition, depending on the purposes of the processing, they may also request the completion of incomplete personal data, for example by means of a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she may contact any employee of the controller at any time.
Persons whose data is processed have the right to request the immediate deletion of their personal data from the responsible body if one of the following reasons applies and the data processing is no longer necessary:
If one of these reasons applies and a data subject wishes to request the erasure of personal data stored by mfinovo GmbH, he or she may contact an employee of the responsible body at any time. The employee will ensure that the erasure request is complied with immediately.
If mfinovo GmbH has made personal data public and is obliged to delete it in accordance with Art. 17 Para. 1 GDPR, our company will take appropriate measures. These measures take into account the available technology and the costs of implementation and may also include technical measures to inform other controllers who process the published data that the data subject has requested the deletion of all links to these data or of copies or replicas of the data, unless processing is required. The employee of mfinovo GmbH will arrange the necessary steps in individual cases.
Persons whose data is processed have the right to request the controller to restrict processing if one of the following conditions is met:
If one of these conditions applies and a data subject wishes to request the restriction of the personal data stored by mfinovo GmbH, he or she may at any time contact any employee of the controller. The employee will arrange the necessary measures to restrict the processing.
In accordance with the provisions of the General Data Protection Regulation, data subjects have the right to receive the personal data concerning them that they have made available to a controller in a generally accepted, structured and machine-readable format. They can then transmit this data to another controller without hindrance from the original controller to whom the data was made available. This applies if the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means, unless it is necessary to perform a task in the public interest or to exercise official authority vested in the controller.
Furthermore, the data subject has the right to have the personal data transmitted directly from one controller to another upon request, provided that this is technically feasible and does not adversely affect the rights or freedoms of third parties.
In order to assert the right to data portability, the data subject may contact any employee of mfinovo GmbH at any time.
Persons whose data is processed have the right to object at any time to the processing of their personal data for reasons related to their specific situation if this processing is based on Art. 6 (1) e or f GDPR. This also applies to profiling based on these legal bases.
In the event of such an objection, mfinovo GmbH will no longer process the personal data in question unless compelling legitimate grounds can be demonstrated which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If mfinovo GmbH uses personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of his or her data for these advertising purposes. This also includes profiling associated with direct marketing. In the event of such an objection, mfinovo GmbH will no longer use the personal data for advertising purposes.
In addition, the data subject may, for reasons related to his or her particular situation, object to the processing of his or her data for scientific, historical or statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right of objection, the data subject may contact an employee of mfinovo GmbH directly. In addition, he or she has the option of exercising his or her right of objection in connection with the use of information society services, in accordance with Directive 2002/58/EC, also by automated means using technical specifications.
Persons whose data are processed have the right not to be subjected to a decision based solely on automated processing, including profiling, which significantly affects them or produces legal consequences for them. This applies unless the decision is necessary for:
If an automated decision is necessary for entering into or fulfilling a contract or is made with the data subject's explicit consent, mfinovo GmbH will implement suitable measures to protect the data subject's rights and freedoms. This includes at least the right to have the decision reviewed by a natural person, to express his or her point of view and to contest the decision.
If a data subject wishes to exercise his or her rights in connection with automated decisions, he or she may contact any employee of mfinovo GmbH at any time.
Every person whose data is processed has the legal right to withdraw their consent to the processing of their personal data at any time.
To exercise this right, the data subject may at any time contact an employee of the company responsible for data processing.
The processing of personal data takes place in accordance with the following legal bases:
According to Article 6 paragraph 1 letter a GDPR, the processing is based on the consent of the data subject for a specific processing purpose.
If processing is necessary to fulfill a contract to which the data subject is a party - for example when supplying goods or providing a service - the processing is based on Article 6(1)(b) GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures, such as inquiries about our products or services.
If our company has to process personal data due to legal obligations, such as to fulfill tax obligations, the processing is carried out on the basis of Article 6 paragraph 1 letter c GDPR.
In exceptional cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another person. This could be the case if a visitor to our company is injured and personal data such as name, age or health insurance data must be passed on to medical institutions. In such cases, the processing is based on Article 6 paragraph 1 letter d GDPR.
Finally, processing operations may be based on Article 6(1)(f) GDPR. This basis applies to processing operations which do not meet any of the abovementioned legal grounds, but are necessary to safeguard the legitimate interests of our company or a third party, as long as the interests, rights and freedoms of the data subject do not prevail. It should be particularly emphasized that the European legislator has recognized that a legitimate interest may exist if the data subject is a customer of the controller (see Recital 47, Sentence 2 GDPR).
If the processing of personal data is based on Article 6 paragraph 1 letter f GDPR, we pursue the following legitimate interests:
Our legitimate interest lies in conducting our business for the benefit of our employees and shareholders. This processing serves to ensure that our business activities are carried out efficiently and in the best interests of all parties involved.
The storage period for personal data depends on the statutory retention periods. After these periods have expired, we routinely delete the data unless it is still required to fulfil contractual obligations or to meet legal requirements.
The provision of personal data may be required by law, such as tax or other legal requirements. Contractual provisions may also require that certain data be provided, for example to identify the contractual partner.
In order to conclude a contract with our company, it is sometimes necessary for the data subject to provide us with certain personal data. Failure to provide this data may result in the contract not being concluded.
Before providing personal data, the data subject should contact one of our employees. This employee will clarify whether the provision of data is required by law or contract, what obligations exist and what the consequences are if the data is not provided.
As a responsible company, we do not use automated decision-making or profiling.