Online searches for “data protection” average over 45 million hits, while “information security” yields a still respectable three million. Clearly, the fields of endeavour represented by these two terms are immensely large and complex.

Nevertheless, at media.works we take data protection and information security extremely seriously. We are committed to compliance with the more stringent requirements introduced by the EU General Data Protection Regulation (GDPR) and we are committed to fighting the rising tide of cybercrime. As part of this commitment, we will in the following provide more information about the various data protection and information security measures we have in place for you as our customers and service providers, and for our employees.

We will be using this page to keep you up to date on the latest developments on this front, including our Information Security Policy. The full wording is currently available in German only. The policy defines the scope and objectives of the information security management system at media.works.

Effective 1 January 2018, we have also appointed an in-house Information Security Officer and a Data Protection Coordinator.

Below you will find information on

1. Privacy statement for our website
2. Privacy statement for media.works GmbH & Co. KG
3. Privacy statement for applications

Please do not hesitate to get in touch if you have any questions or would like to ‘compare notes’ with us. We’re always happy to share ideas.

Data Protection and Privacy Statement

Dear user of our website,

Thank you for visiting us here online and thank you for your interest in media.works. We value your trust and confidence and therefore attach great importance to protecting the personal data that we collect from you, process and use in relation to your visit on our website. You can rest assured that your data is protected to the full extent of the law.

Please take a moment to read through the information below. It tells you how we manage your personal data, how we process it and for what purpose, who we disclose it to, and what measures we take to protect it.

We take your privacy and personality rights extremely seriously and will always do our utmost to respect and safeguard them.

Scope of application

The controller responsible for determining the means and purpose of processing of your personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:

media.works GmbH & Co. KG
Personally liable partner: Freya GmbH, 30855 Langenhagen
Court of registry: AG Hannover HRB 203617
Management: Hannes Boekhoff
Ahornstraße 21a
D-30855 Langenhagen
Phone: +49 511 41 04 48-0
E-mail: info@media-hannover.de

Management of personal data

Personal data means personally identifiable information – details that can be traced back to an actual person. Examples include personal names, e-mail addresses and telephone numbers.

We will only ever collect, use and/or disclose your personal data if you have given your consent or if the collection, use and/or disclosure is already permitted by law.

Server log files

Certain data are logged every time you access our website and every time you request a file that is stored on our website. The logged data are stored for internal system-related and statistical purposes.

The following types of data are logged:

• browser type and browser version
• operating system used
• referrer URL
• hostname of the remote host which made the request to our server
• time at which the request was made to our server
• IP address (partially)

We will not use these data to personally identify you. We collect these data solely to ensure that the content of our website can be displayed correctly on your computer, to continually optimize our content for you, and to assist with criminal prosecutions in the event of cyberattacks.

Insofar as this website collects personal data from you (such as your name, address, e-mail address, etc.), this is done only with your freely given consent and with your knowledge. Personal data is collected and processed by us in accordance with the German Tele-Media Act (TMG), the EU General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG). You are free to withdraw your consent at any time.

IP addresses

As a rule, this website does not store complete user IP addresses. In those exceptional cases where it does, the addresses are deleted immediately after the user leaves the website. This is achieved by configuring the web server so that, by default, the log file (access log and error log) stores the IP address of the server instead of the actual IP address of the user. It is therefore not possible to use the IP addresses as personally identifying information. 

Use and disclosure of personal data to others

Insofar as you make personal data available to us, then, in compliance with European and German data protection legislation, we will use them 1) only for the purposes of responding to your enquiries, forming, performing and ending contracts with you, undertaking technical administration, and, potentially, marketing our products and services to you, and 2) only if these uses have been consented to by you or are already permitted by law.

Your personal data will be disclosed to or otherwise transmitted to third parties only if this is necessary for the purpose of performing a contract with you (e.g. disclosure of your order data in cases where we engage service providers and/or suppliers) or is necessary for billing purposes, or if you have given your prior consent. You have the right to withdraw your consent at any time, in which case the withdrawal will apply from the time of withdrawal forward.

Registration form for online seminars

Please note the following information if you wish to register for one of our online seminars.

We collect inventory data and contract data for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6(1)(1)b) GDPR. If we intend to process your personal data for purposes other than those mentioned here, this will only take place if you have given your consent or if this is permitted by law.

A transfer of the personal data provided by you to a third country or an international organization does not take place and is not planned. Your personal data will not be passed on to external third parties. Your personal data that you provide to us via the registration form will be stored by us for the duration of processing and will be deleted or blocked after processing in accordance with legal requirements.

Contact form

Please take note of the following information, which is relevant to you if you use our contact form in order to get in touch with us.

The personal data or other information which you disclose to us using the contact form on our website will be collected and processed only for the purpose of processing and answering your enquiries. The legal basis for this is Art. 6(1)(1)a) and b) GDPR.

The personal data collected via our contact form are your first and last names and your e-mail address. We collect this data in order to be able to process and respond to your enquiry. We cannot respond to your enquiry without this data. If we wish to process your personal data for purposes other than these, we will do so only if you have given your consent or if the other purposes are already permitted by law.

It is entirely up to you whether this data is collected, stored and processed. In other words, you are under no legal or contractual obligation to disclose personal data. However, if you wish us to be able to respond to your enquiry, you will need to voluntarily provide your name and, as mandatory data, your e-mail address. If you do not provide these details, you will be unable to use the contact form and, consequently, we will be unable to contact you.

If you do not provide these details, then, unfortunately, we will not be able to contact you and process your enquiry. We do not undertake any automated decision-making.

If you would like to contact us without transmitting personal data to us via the contact form, you can get in touch with us via telephone as described here.

The personal data provided by you will not be transmitted to any third country or international organisation, nor are there plans for any such transmission. Your personal data will not be disclosed to external third parties. When you provide personal data to us via the contact form, we will store it only for so long as we are processing your enquiry and will immediately delete or block it once we have finished processing your enquiry.

Live Chat Software

We use Userlike, a live chat software provided by Userlike UG (haftungsbeschränkt). Userlike uses “cookies” (see below), which are stored on your computer and enable a personal conversation in the form of a real-time chat on the website with you. The data collected is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. For more information, please refer to Userlike’s privacy policy at https://www.userlike.com/de/terms#privacy-policy.

Protection of stored data

We have in place technical and organizational IT security measures to safeguard the data you provide to us against manipulation, loss, destruction and access by unauthorised persons. Our IT security measures are continually improved and updated to ensure they meet the current state of the art. However, if you transmit data to us in unencrypted form, it is not possible to completely rule out the risk that they may be intercepted and viewed by third parties during transmission. Security can never be 100% guaranteed when transmitting data via the Internet (e.g. sending via e-mail). Therefore, sensitive data should either not be transmitted via the Internet at all, or, if it is, the transmission should be via a secure connection (SSL).

This website uses SSL encryption in the interests of security and to protect transmissions of confidential information, such as enquires that you send us via the contact form. When a site is encrypted, the address line in your browser will read “https://” rather than “http://” and there will be a padlock symbol to the left of the address. If SSL encryption is activated, authorised parties will not be able to intercept your data transmissions without considerable difficulty.

Protection of minors

Only persons of full legal age can give consent for the processing of personal data. However, under Art. 8 GDPR, it is lawful for children aged sixteen years or older to give consent for information society services.

Storage of anonymised data/cookies

On this website, your usage data is collected and stored in anonymised form using cookies. Cookies are text files that are stored on your computer and which enable us to analyse your use of our website. Cookies collect and store data exclusively in pseudonymised form. These pseudonymised data will not be used to identify you personally and will not be associated or aggregated with identifying data about you. They are used to enhance your experience of our website and to collect website usage information (see below). If you do not give your consent, no cookies will be set.

You can set your browser so that you receive notifications whenever a site attempts to set cookies. You will then be prompted to accept or reject cookies on a case-by-case basis. Alternatively, you can set it so that only certain types of cookies are accepted or so that all cookies are rejected by default. You can also set your browser so that cookies are deleted every time it is closed. Some browsers also allow you to activate a “Do Not Track” function, which will prevent web analytics tools from tracking your visit on our website.

Analytics

Our website uses the web analytics service Matomo. Matomo is an open-source software that uses cookies (see above) to analyse your use of our website.

The data for analysis are stored on a server in Germany. With Matomo, your IP address is anonymised (see above) prior to processing so that it cannot be used to identify you personally. Your anonymised IP address is then used to identify the country from which your visit originated and the access provider (ISP) used. The data collected and stored in this process are not disclosed to third parties. The IP address data provided to us by Matomo will not be associated or aggregated with other data.

To enable its analytics, Matomo uses “persistent cookies” – cookies that remain stored (persist) on your device after you close your browser. The cookies are set via the domain “media-hannover.de” and have the following name:

• 12345 (the numeric component is dynamic)

Each such cookie has an expiration period of 1 year. It enables our server to “remember” you (i.e. your anonymised IP address) and thus recognise you the next time you use our website. It also enables our server to conduct non personally identifying analysis of your behaviour on our website. For example, with this cookie, media.works is able to recognise the web page from which you clicked to our website (the referring web page) as well as the pages on our website that you view and for how long you view them.

As well as the persistent cookie, Matomo also sets “session cookies” with the following name:

• 12345 (the numeric component is dynamic)

A session cookie is a cookie that is automatically deleted each time you close your browser.

If you prefer not to have your data stored and used for analytics purposes, you can opt out, in which case storage and use of your data for analytics will be deactivated from the time of opt-out forward. If you opt out, an opt-out cookie will be stored in your browser, thereby preventing Matomo from storing your usage data. If you delete your cookies, this will also delete your Matomo opt-out cookie, meaning you will then have to reactivate the opt-out the next time you visit our website.

Rights of data subjects

Under Art. 15 GDPR, you have a right of access to information regarding the processing of your personal data.

Under Articles 16-18 and 20 GDPR, you also have a right to rectification, a right to erasure or, if erasure is no longer possible, the right to restriction of processing of your data, and the right to data portability. You can enforce these rights at any time. Please contact our data protection officer if you wish to enforce any of these rights.

Under Art. 13(2)b) GDPR you also have the right to object at any time to the processing of your personal data.

In addition, you have the right to lodge a complaint with a supervisory authority. media.works comes under the jurisdiction of the following supervisory authority:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Phone: +49 511 120 4500
E-mail: poststelle@lfd.niedersachsen.de

If at any stage you feel that our processing of your personal data does not comply with the applicable data protection legislation, please contact us at datenschutz@media-hannover.de.

In addition, you are welcome to discuss these or any other matters relating to personal data with us. You will find our contact details in the “Imprint” section of our webpage.

Data Protection and Privacy Statement
MEDIA.WORKS GMBH & CO. KG

media.works adheres to the legal principles of data protection of the Data Protection Regulation of the European Union (DSGVO), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). In the following, you will receive all relevant information on the management of your data.

Do you have any questions or suggestions regarding our privacy statement? You can contact us at datenschutz@media-hannover.de.

Name and contact details of the controller

Person responsible for data processing:

media.works GmbH & Co. KG
Personally liable partner: Freya GmbH, 30855 Langenhagen
Court of registry: AG Hannover HRB 203617
Management: Hannes Boekhoff
Ahornstraße 21a
D-30855 Langenhagen
Phone: +49 511 41 04 48-0
E-mail: info@media-hannover.de

Management of personal data

Personal data means personally identifiable information – details that can be traced back to an actual person. Examples include personal names, e-mail addresses and telephone numbers.

We will only ever collect, use and/or disclose your personal data if you have given your consent or if the collection, use and/or disclosure is already permitted by law.

Collection and storage of personal data and the nature and purpose of their processing

In the context of a (nascent) business relationship with our customers, service providers and partners, we collect the following information:

• First name, last name, valid e-mail address, address, telephone number (landline/mobile) as well as
• all information necessary for the fulfillment of the customer order or for the commissioning of service providers or cooperation with partner companies.

This data is collected in order to identify you as our customer, service provider or partner, to carry out the order as well as to be able to conduct correspondence with you and to carry out invoicing properly.

The data processing is carried out in response to your request and is necessary for the appropriate processing of the order and for the mutual fulfillment of obligations arising from the customer, service provider or partner contract in accordance with Art. 6 para. 1 sentence 1 lit. b) DSGVO or Art. 6 para. 1 sentence 1 lit. f) DSGVO in the case of initiation of a business relationship for the aforementioned purposes.

The personal data collected by us will be deleted after the following periods:

• Personal data collected for the initiation of a business relationship or for advertising purposes will generally be reviewed at the end of a calendar year with regard to any further need for the further processing of the data.
• Depending on the result, data will be further stored or deleted.
• Contact data (e-mail, telephone numbers) collected for the purpose of initiating a business relationship or for advertising purposes are deleted when the relationship of interest ends.
• In the case of personal data of the contact management of customers, it will be checked after 4 years at the end of the respective calendar year whether further storage is necessary. If there is no necessity, the data will be deleted.
• In the case of personal data in the CRM system, it will be checked after two years at the end of the respective calendar year whether further storage is necessary. If this is not necessary, the data will be deleted.
• In the case of personal data in project management, appointment management (calendar entries) and general management, a check is made after four years at the end of the respective calendar year to determine whether further storage is necessary. If there is no need, the data will be deleted.

Exceptions to this only apply if we are obliged to store data for a longer period of time in accordance with Art. 6 Para. 1 Sentence 1 lit. c) DSGVO due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO) or if you have consented to storage beyond this in accordance with Art. 6 Para. 1 Sentence 1 lit. a) DSGVO.

Use and disclosure of personal data to others

A transfer of your personal data to third parties does not take place. However, we may pass on your data to service providers, e.g. printing companies and translators, of media.works for the purpose of fulfilling your contract.

Rights of data subjects

You have the right

• in accordance with Art. 7 (3) DSGVO to revoke your consent once given to us at any time. This has the consequence that we may and will no longer continue the data processing based on this consent for the future;
• to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
• in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or completion of your personal data stored by us;
• pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• pursuant to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
• pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; and
  complain to a supervisory authority in accordance with Art. 77 DSGVO. The following supervisory authority is responsible for us:
  Die Landesbeauftragte für den Datenschutz Niedersachsen
  Prinzenstraße 5
  30159 Hannover
  Phone:  +49 511 120 4500
  E-mail: poststelle@lfd.niedersachsen.de

Right of objection

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) DSGVO, you have the right to object to the processing of your personal data pursuant to Article 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation.

If you wish to exercise your right to object, simply send an e-mail to datenschutz@media-hannover.de.

Data Protection and Privacy Statement for applicants
MEDIA.WORKS GMBH & CO. KG

We are happy that you are interested in our company and that you are applying or have applied for a position with us. We would like to provide you with information on the processing of your personal data in connection with the application below.

media.works adheres to the legal principles of data protection of the European Union’s General Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). In the following, you will receive all relevant information on the management of your data.

Do you have any questions or suggestions regarding our privacy statement? You can contact us at datenschutz@media-hannover.de.

Name and contact details of the controller

Person responsible for data processing:

media.works GmbH & Co. KG
Personally liable partner: Freya GmbH, 30855 Langenhagen
Court of registry: AG Hannover HRB 203617
Management: Hannes Boekhoff
Ahornstraße 21a
D-30855 Langenhagen
Phone: +49 511 41 04 48-0
E-mail: info@media-hannover.de

Management of personal data

Personal data means personally identifiable information – details that can be traced back to an actual person. Examples include personal names, e-mail addresses and telephone numbers.

We will only ever collect, use and/or disclose your personal data if you have given your consent or if the collection, use and/or disclosure is already permitted by law.

Necessity of providing personal data

The provision of personal data is neither legally nor contractually required, nor are you obliged to provide personal data. However, the provision of personal data is necessary for the conclusion of a contract for employment with us. This means that if you do not provide us with personal data when applying for a job, we will not be able to enter into an employment relationship with you.

Which of your data do we process? And for what purposes?

We process the data that you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process.

This may be general personal data (such as name, address and contact details), information on your professional qualifications and school education or information on further professional training or other information that you provide to us in connection with your application. Furthermore, we may process job-related information that you have made publicly available, such as a profile on a professional social media network.

Furthermore, we may process personal data about you to the extent necessary to defend asserted legal claims against us arising from the application process.

On what legal grounds is this done?

The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG in the version applicable as of 25.05.2018. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Should the data be required for legal prosecution after the conclusion of the application process, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 para. lit. f) DSGVO. Our interest then consists in the assertion or defense of claims.

How long is the data stored?

Data of applicants will be deleted after 6 months in case of rejection.

In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.

If you have been awarded a position during the application process, we may continue to process the personal data we have already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship.

To which recipients is the data passed on?

Your applicant data will be viewed by the management after receipt of your application. Suitable applications are then forwarded internally to the department responsible for the respective open position. The further procedure is then coordinated. Within the company, only those persons who need to access your data for the proper conduct of our application process will have access to it.

Where is the data processed?

The data is processed exclusively on servers and in data centers in the Federal Republic of Germany.

Transfer of data to third parties

Your personal data will not be transferred to third parties.

Rights of data subjects

You have the right

• in accordance with Art. 7 (3) DSGVO to revoke your consent once given to us at any time. This has the consequence that we may and will no longer continue the data processing based on this consent for the future;
• to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
• in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or completion of your personal data stored by us;
• pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• pursuant to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
• pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; and
  complain to a supervisory authority in accordance with Art. 77 DSGVO. The following supervisory authority is responsible for us:
  Die Landesbeauftragte für den Datenschutz Niedersachsen
  Prinzenstraße 5
  30159 Hannover
  Phone:  +49 511 120 4500
  E-mail: poststelle@lfd.niedersachsen.de

Right of objection

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) DSGVO, you have the right to object to the processing of your personal data pursuant to Article 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation.

If you wish to exercise your right to object, simply send an e-mail to datenschutz@media-hannover.de.

For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.