msg Plaut Data Privacy Statement
We are pleased to welcome you to our website and with your interest in msg Plaut. Not only is offering our customers end-to-end support very important to us, but so is ensuring that your personal information is protected. The following explains the actions we take when you visit our website – naturally in compliance with applicable data security regulations, which information we collect and how we process it. Should our data privacy statement change, it will be updated on this page in order to keep you informed as to which data msg Plaut stores and uses. The most important data privacy information can be found below. We have organized the information by topic.
Name and address of the responsible party
Responsible for the collection, processing and use of your personal data pursuant to the EU General Data Protection Regulation is:
msg Plaut AG
Modecenterstrasse 17/4/6, 1110 Wien
E-Mail: office.at@msg-plaut.com
Should you wish to object to the collection, processing or use of your data by msg Plaut as set forth in these data privacy policies as a whole or in regard to specific measures, please e-mail, fax or mail your objection to the aforementioned address.
Name and address of the data protection officer
The data protection officer of the responsible person is:
Claus Bauer
msg systems ag
Robert-Bürkle-Strasse 1
85737 Ismaning
Germany
Fax: +49 89 96101- 1113
E-Mail: Datenschutz@msg.group
General information on data processing
Why we use data
We wish to constantly improve our offers and make them more attractive. The only way for us to optimize the contents of the msg Internet sites to better meet your demands is to identify which sections of our Internet sites are most commonly visited and on which the most time is spent. Should you entrust us with your personal information, msg Plaut shall use such for the technical administration of the websites, customer management , product surveys and marketing; however, we shall only do so to the extent that is necessary. The more we understand what you want, the faster you will be able to find the information you are looking for on our Internet sites.
Information on the collection of personal information
The following provides information on the collection of personal information when using our website. Personal information includes all information that relates to you personally, e.g., name, address, e-mail address, user behavior, etc. Any personal information you are prompted to enter on our website, such as your name, address or telephone number, shall be subject to these specific policies and you shall be notified of such by a text that reads as follows: “I hereby consent to my personal information (including my telephone number and/or e-mail address) being collected, processed and used for the purpose of contract processing and/or potential customer opportunities, surveys and information. Any forwarding to third-parties, with the exception of the companies of the msg group, is excluded. I have the right to revoke this consent from msg Plaut, 1110 Wien, at any time.” Our use of the data shall be limited to the aforementioned purposes. Information shall not be forwarded to third parties outside msg Plaut. The only exception hereto are the companies of the msg group. In addition to the information you share with us, we also analyze how you use our services and offers in order to lead you to the information that might interest you more quickly and in order to constantly optimize our service.
Legal basis for processing personal information
Numeral 6, Para. 1, Item a of the General Data Protection Regulation (GDPR) forms the legal basis for any consent we obtain from relevant persons for the operations involved in processing personal information. Numeral 6, Para. 1, Item b of the General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal information in order to fulfill a contract when the relevant person is one of the contract parties. This includes processing operations necessary to complete measures that precede the contract. Numeral 6, Para. 1, Item c of the General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal information to the extent such is necessary in order to comply with legal obligations to which our company is subject. Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR) forms the legal basis for any processing necessary to ensure a legitimate interest of our company or a third party, as long as such do not outweigh the interests, fundamental rights and fundamental freedoms of the person in question.
Data deletion and retention period
The personal information of the relevant person shall be deleted or locked as soon as the purpose for which such was stored is no longer applicable. Storage beyond such is possible if provided by European or national lawmakers in laws or other regulations to which the responsible party is subject under Union law. Data shall also be locked or deleted once the retention period prescribed in the given norms expires, unless storage of the data is still required in order to conclude or fulfill a contract.
Provision of the website
Collection of personal information when visiting our website
The only personal information we collect when you visit our websites is the information your browser communicates to our servers. When you browse our website, we collect the information required on the technical side to display our website and to ensure stability and security. The following information is collected in such cases:
- User’s IP address
- Date and time of your inquiry
- Content of the request (specific site)
- Respective data volume transmitted
- Website from which the inquiry is received
- Information on the browser type
- User’s operating system
- Language and version of the browser software
- Websites from which the user’s system accesses our Internet site
- Websites the user's system accesses from our website
This information is also stored in our system’s log files. This information is not stored together with other personal information.
Legal basis for the data processing
Legal basis for the temporary storage of data and log files is Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR).
Purpose of the processing
The IP address must be temporarily stored by the system in order to enable the delivery of the website to the user’s computer. To that end, the user’s IP address must be stored for the duration of the session. IP addresses are required for problem diagnosis, website administration and demographic information. The information recorded is solely used for data security reasons, specifically to prevent attack attempts on our web server, and for statistical analysis.
Retention period
Data is deleted as soon as it is no longer required for the purpose it was collected. Any information collected in order to provide the website is deleted as soon as the respective session is terminated. Information stored in log files is deleted no later than after seven (7) days. Storage beyond that period is also possible. In that case, the user’s IP addresses are deleted or rendered anonymous so that it can no longer be collated to the client that used it to access the site.
Objection and removal options
Information must be collected in order to provide the website and information must be stored in log files in order to operate the Internet site. As a result, the user does not have the option to object in this case.
Use of cookies
Description and scope of the data collection
Our website uses cookies. Cookies are text files that are stored in or by an Internet browser on the user’s computer system. A cookie can be stored to the user’s operating system anytime they access a website. Cookies contain a distinctive character string that enables the unique identification of the browser when the same website is accessed again. Cookies cannot execute programs or transfer viruses to your computer. We use cookies to make our website more user-friendly. A few elements on our Internet site also require that our system be able to identify the browser that accessed our site to be identifiable again even after a user has switched to a different site.
Legal basis for the data processing
Legal basis for the processing of personal information when using cookies is Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR).
Purpose of the data processing
Cookies that are necessary for technical reasons are used to make the website easier for users to use. A few functions on our Internet site cannot be offered without using cookies. In those cases, our system must be able to recognize the browser again even after a user has switched to a different site. The user data collected by cookies required for technical reasons is not used to create user profiles. These purposes form our legitimate interest in processing personal information as set forth in Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR).
Retention period
Cookies are stored on the user’s computer and communicated from said computer to our site. Thus, the user has full control over the use of cookies. You can disable or limit the transmission of cookies by changing the settings in your Internet browser.
Objection and removal options
Cookies that have already been stored can be deleted at any time. This can be done automatically as well. However, disabling the cookies used by our website may mean you will not have full access to all of the functions of our website.
E-mail/contact form
Description and scope of the data collection
Our Internet site offers a contact form that can be used to contact us electronically. When a user takes advantage of this option, the information they enter on the input screen is transferred to us and stored. That data is:
- First name (required field)
- Last name (required field)
- Function
- Company
- Your e-mail address (required field)
- Telephone
- Your message (required field)
The following information is also stored when you submit your message:
- The user’s IP address
- Date and time of registration
In order to process the information, we obtain your consent when you submit the information and reference this data privacy statement. Alternatively, we can also be contacted using the e-mail address provided. In that case, the personal information the user includes in the e-mail is stored. The information obtained in this context is not transferred to third parties outside the msg group. The information is only used to process the conversation.
Legal basis for the data processing
Legal basis for processing information once the user’s consent has been obtained is Numeral 6, Para. 1, Item a of the General Data Protection Regulation (GDPR).
Purpose of the data processing
The personal information provided on the input screen is used for the sole purpose of handling the contact request. In case of contact by e-mail, the information is processed as a necessary legitimate interest. Any other personal information processed during the transmission is processed to prevent misuse of the contact form and to ensure the safety of our IT systems.
Retention period
Data is deleted as soon as it is no longer required for the purpose it was collected. In regard to personal information from the input screen of the contact form and personal information sent by e-mail, such information is deleted when the respective conversation with the user is terminated. A conversation is considered terminated when the circumstances indicate that the subject under discussion has been fully clarified.
Any further personal information collected during the transmission is deleted no later than within a period of seven days.
Objection and removal options
The user can revoke their consent to having their personal information processed at any time. Should a user contact us by e-mail, they can revoke their consent to having their personal information stored at any time. It will not be possible to continue a conversation in such cases. Please contact msg systems’ marketing team by e-mail if you would like to revoke your consent/the storage of your information at office.at@msg-plaut.com. Any personal information stored as part of the contact request will be deleted.
Applications
If you apply via our online application form or if you apply to msg Plaut by e-mail or post, all the data you provide will be stored by us in a recruiting software and an applicant profile will be set up. msg Plaut will not pass this data on to third parties outside the group of companies.
Description and scope of data collection
We process your data as part of our recruiting process (personnel search and selection) to fill vacancies at msg Plaut. You can apply for a specific position or send us an unsolicited application. A recruiter from msg Plaut will then contact you by e-mail or telephone and inform you about the next steps in the recruiting process. The recruiting process is supported by our recruiting software.
If you accept the separate voluntary declaration of consent in addition to this data protection declaration, we will keep a record of your data beyond the recruiting process. This enables us to inform you about future vacancies by e-mail or telephone, if necessary, and offers you the opportunity to apply to us again at a later date using your applicant profile.
The following categories of data are collected and subsequently processed when creating the applicant profile:
- Registration data (e.g. creation/update date, applicant source, login, password).
- Personal data (e.g. first and last name)
- Address and contact data (e.g. address, telephone number, e-mail address)
- Application documents (e.g. CV, cover letter or references)
- Data on your professional experience (e.g. details of previous employment)
- Data on your education (e.g. information on school or university degrees)
- Job requirements (e.g. job profile, job description, desired scope of employment, notice period, salary expectations)
- Other skills and qualifications (e.g. additional training, certificates, languages or hobbies)
In the course of the further recruiting process, your data will be completed by a recruiter from msg Plaut:
- Interview dates, interview notes and comments on your profile.
- Correspondence between applicants and msg Plaut employees
- Keywording and additional job profiles to make your profile easier to find in the applicant database
- Additional jobs that we suggest to you (provided you accept the separate voluntary declaration of consent for this)
We would like to draw your attention to the fact that health data, information on racial or ethnic origin, political, religious, trade union or sexual orientation are among the data that require special protection. Therefore, we ask you not to transmit such data to us.
Does so-called profiling take place?
There are no automated mechanisms in our recruiting process that result in applicants being automatically eliminated from the application process. Decisions regarding recruitment and selection are always made by the msg Plaut employees responsible.
In order to be able to find your applicant profile more easily in our applicant database using the integrated search function, it is keyworded and linked to suitable job profiles.
Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit.a DSGVO if the user has given his or her consent.
Furthermore, processing is carried out for the fulfilment of legal obligations as well as for legitimate interest in connection with the assertion, exercise or defence of legal claims (e.g. claims under the Equal Treatment Act).
You are under no legal or contractual obligation to disclose your personal data. However, we cannot process your application or inform you about future vacancies without your personal data.
Purpose of data processing
We process your data as part of our recruiting process (personnel search and selection) to fill vacancies at msg Plaut. You can apply for a specific position or send us an unsolicited application.
Duration of storage
In principle, your data will be stored for 6 months after completion of the recruiting process from the time you become aware of this data protection information. If, in addition to the data protection information, you also accept the separate voluntary declaration of consent for the processing and record keeping of your personal data beyond the recruiting process, your data will be stored for 2 years from the date of consent.
In good time before the expiry of these periods, you will receive an e-mail from us in which you can (re)confirm the declaration of consent in order to continue using your profile. If you give us your consent again, your applicant:inside profile will remain at msg Plaut. Without your consent, your profile will be deleted.
For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process is deleted after a period of seven days at the latest.
Possibility of objection and removal
As described above, you can revoke your consent at any time and request the deletion of your personal data. Please note that under certain circumstances, deletion may not take place immediately, but only after a time delay, due to legal obligations or for the assertion, exercise or defence of legal claims.
We reserve the right to delete the profiles of applicants whom we have not been able to inform about suitable positions for a longer period of time. If there is a vacancy of interest to you at a later date, you can create a new applicant profile at any time.
User registration
Description and scope of the data collection
Our Internet site offers users the option to register by providing personal information (e.g., in order to register for events or career events). During that process, information is entered on an input screen and transmitted to us in encrypted form and stored. The information is not shared with third parties outside the group of companies. The following information is collected during the registration process:
- Form of address (required field)
- First name (required field)
- Last name (required field)
- E-mail (required field)
Further personal information may be requested depending on the event.
The user’s consent to having this information processed is obtained during the registration process.
Legal basis for the data processing
Legal basis for processing information once the user’s consent has been obtained is Numeral 6, Para. 1, Item a of the General Data Protection Regulation (GDPR).
Purpose of the data processing
User registration is required for the provision of certain content and services on our website, such as:
- Registering for events or career events (e.g., university fairs)
- Publication requests (e.g., customer magazines, studies or whitepapers)
Retention period
Data is deleted as soon as it is no longer required for the purpose it was collected. In the case of information collected during the registration process, this would be when the registration is removed from or modified on our Internet site.
Objection and removal options
User can cancel their registration at any time. You can have the information we have stored for you modified at any time. Please contact msg Plaut's marketing team by e-mail at office.at@msg-plaut.com. We will forward your request to the appropriate party.
Social plugins (Facebook, Twitter, LinkedIn, XING, YouTube)
So-called “social plugins” are used on our website. These currently include plugins for Facebook, Twitter, LinkedIn, XING and YouTube services. Information, including personal information, may be sent to service providers when using these plugins, including providers in the USA, and may be used by them.
Shariff protection tools
The website itself does not collect any personal information using social plugins or any information about their use. msg uses the so-called “Shariff” – German for sheriff – solution to prevent data from being sent to service providers without the user’s knowledge, including to providers in the USA. This solution ensures that personal information is not automatically sent to providers of the individual social plugins when you visit our website. Data cannot be sent to the service provider or stored by them until a user actually clicks on one of the social plugins. More information on the Shariff solution can be found on the provider’s website, Heise Medien Gmbh & Co. KG: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
Data privacy statement for use of Facebook plugins
Plugins for the social media network Facebook (provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA) are integrated into our sites. The Facebook plugins on our site can be identified by their Facebook logo or the “Like” button. An overview of the various Facebook plugins can be found at: http://developers.facebook.com/docs/plugins/. When you visit our sites, the plugin is used to establish a direct connection between your browser and the Facebook server. That informs Facebook that you visited our site from your IP address. Clicking the Facebook “Like” button on our sites while still logged onto your Facebook account allows you to link content from our sites to your Facebook profile. This permits Facebook to assign your visit to our sites to your user account. We would like to point out that as a provider of the sites, we do not receive any information on the content of the transmitted data or how it is used by Facebook. More information can be found in Facebook’s data privacy statement at: http://de-de.facebook.com/policy.php. You will need to log out of your Facebook account if you do not want Facebook to assign your visit to our sites to you Facebook account.
Data privacy statement for use of Twitter
The functions of the Twitter service are integrated into our sites. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Using Twitter and the “re-tweet” function links the websites you visit to your Twitter account and shares them with other users. Information is also sent to Twitter when you do so. We would like to point out that as a provider of the sites, we do not receive any information on the content of the transmitted data or how it is used by Twitter. More information can be found in Twitter’s data privacy statement at: http://twitter.com/privacy. You can modify the data protection settings of your Twitter account at: http://twitter.com/account/settings.
Data privacy statement for use of LinkedIn
Our website uses the functions of the LinkedIn network. Provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
A connection to the LinkedIn servers is established anytime our sites that contain LinkedIn functions are accessed. LinkedIn is informed that you visited our Internet sites from your IP address. Clicking the “Recommend” button by LinkedIn while you are stilled logged onto your LinkedIn account allows LinkedIn to assign your visit to our Internet site to you and your user account. We would like to point out that as a provider of the sites, we do not receive any information on the content of the transmitted data or how it is used by LinkedIn. More information can be found in LinkedIn’s data privacy statement at: https://www.linkedin.com/legal/privacy-policy
Data privacy statement for use of XING
Our website uses the functions of the XING network. Provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. A connection to the XING servers is established anytime our sites that contain XING functions are accessed. To the best of our knowledge, personal information is not saved during that process. Nor are any IP addresses saved or use behavior analyzed. YouTube is used in the interest of making the presentation of our online offers more appealing. This is considered a legitimate interest as defined in Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR). More information on data protection and the XING “Share” button can be found in XING’s data privacy statement at: https://www.xing.com/app/share?op=data_protection
Data privacy statement for use of Google Maps
This site uses an API for the Google Maps map service. Provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Your IP address must be stored in order to use the Google Maps functions. That information is generally sent to a Google server in the USA, where it is stored. The provider of this site has no influence over the transmission of that data. Google Maps is used in the interest of making the presentation of our online offers more appealing and to make the locations mentioned on our website easier to find. This is considered a legitimate interest as defined in Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR). More information on the use of user data can be found in Google’s data privacy statement at: https://www.google.de/intl/de/policies/privacy/
Data privacy statement for use of YouTube
YouTube videos are embedded into a few of our websites. Operator of the relevant plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. A connection to the YouTube servers is established anytime our sites that are equipped with a YouTube plugin are visited. In this case, the YouTube servers are informed as to which of our sites you visited. If you are logged onto your YouTube account, you are allowing YouTube to assign your surfing behavior directory to your personal profile. You can prevent this by logging out of your YouTube account. When a video is started, the provider uses cookies to collect information on the user’s behavior. If you have disabled cookies from being saved by the Google ad program, cookies will not be used when you watch the YouTube videos either. However, YouTube does store non-personal information in other cookies as well. If you would like to prevent such, you must block cookies from being stored; you can do so in your browser settings. YouTube is used in the interest of making the presentation of our online offers more appealing. This is considered a legitimate interest as defined in Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR). More information on the use of user data can be found in YouTube’s data privacy statement at: https://www.google.de/intl/de/policies/privacy
Newsletter
On msg-plaut.com you can subscribe to a newsletter and give us your consent to send it to you. By sending the form or clicking on the "Subscribe" button, you give your consent to the processing of the data you entered to receive newsletters (Art. 6 para. 1 lit. a DSGVO). Unsubscribing from the distribution list is possible at any time after notification to us via e-mail to office.at@msg-plaut.com, but specifically via the "unsubscribe link", which is included in each of our newsletters.
msg Plaut uses the services of mailworx for sending the newsletter. The provider is EWORX NETWORK & INTERNET GMBH, Hafenstraße 2a, 4020 Linz, Austria. mailworx is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. If you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on mailworx's servers in Austria. We have concluded a contract with mailworx in which we oblige mailworx to protect our customers' data and not to pass it on to third parties.
With mailworx we can also analyze our newsletters. When you open an email sent with mailworx, a file contained in the email, a so-called web beacon, connects to mailworx's servers in Austria. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is collected, e.g. time of retrieval, IP address, browser type and operating system. This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of the newsletter. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. For detailed information on the functions of mailworx, please refer to the following link: https://mailworx.info/de/e-mail-marketing
If you do not want any analysis by mailworx, please unsubscribe from the newsletter - as described above. From the moment you unsubscribe, you will not receive any further newsletters after your message has been processed by us. Furthermore, the data you have provided to us for the purpose of receiving the newsletter will be deleted from our servers as well as from the servers of mailworx after you have unsubscribed from the newsletter.
Further information on the data protection provisions of mailworx at: https://mailworx.info/de/impressum/datenschutz
Where is my information processed?
Your information is processed in Germany. Data is also processed in European and non-European foreign countries within the legally permissible limits. There are no plans for transmission to third countries.
How safe is my information?
msg Plaut has taken extensive technical and operational safety precautions in accordance with applicable European law to protect your information from unauthorized access and misuse.
Will my information be shared with third parties?
No information with be shared with third-parties, with the exception of the companies of the msg group.
Rights held by the affected person
Anytime your personal information is processed you are considered an affected person pursuant to the GDPR and you have the following rights in connection with the responsible party:
Right to disclosure
You have the right to request information on the scope, origin and recipient of stored information, as well as the purpose of the storage, at no charge to you.
Right to correction
You have the right to demand a correction and/or completion from the responsible party should the processed personal information related to you be incorrect or incomplete. The responsible party must make the corrections without delay.
Right to deletion
You have the right to request that the responsible party immediately delete any personal information related to you and the responsible party is required to delete said data without delay should any of the following reasons apply:
- The personal information related to you is no longer required for the purpose it was collected or processed in any other manner.
- You revoke the consent on which the processing was based pursuant to Numeral 6, Para. 1, Item a or Numeral 9, Para. 2, Item a of the General Data Protection Regulation (GDPR) and there is no other legal basis for the processing.
- You submit an objection to the processing pursuant to Numeral 21, Para. 1 of the General Data Protection Regulation (GDPR) and no legitimate reasons for the processing that have precedence over your objection exist, or you submit an objection to the processing pursuant to Numeral 21, Para. 2 of the General Data Protection Regulation (GDPR).
- The personal information related to you was processed unlawfully.
- The deletion of the personal information related to you is necessary in order to meet a legal obligation under Union law or the law of the member states to which the responsible party is subject.
- The personal information related to you was collected in relation to services offered by the information company pursuant to Numeral 8, Para. 1 of the General Data Protection Regulation (GDPR).
Right to data portability
You have the right to obtain the personal information related to you and which you shared with the responsible party in a structured, commonly used and machine-readable format.
Right of objection
You have the right, for reasons arising from your particular situation, to object to the processing of personal information related to you, which was being processed pursuant to Numeral 6, Para. 1, Item e or f of the General Data Protection Regulation (GDPR), at any time; this includes any profiling based on these policies. The responsible party will cease processing any personal information related to you unless they can provide proof urgent, protection-worthy reasons for the processing that outweigh your interests, rights and freedoms or unless the processing serves the enforcement, exercising or defense of legitimate claims. You have the right to revoke your privacy consent statement at any time. Revoking your consent shall not affect the legitimacy of the processing that was performed with your consent up to the time your consent was revoked.
Right to submit complaint to supervisory body
Notwithstanding other administrative or legal remedy, you will generally have the right to submit a complaint to a supervisory body, specifically in the member state of your place of residence, your place of employment or the location of the alleged breach, if you are of the opinion that the processing of the personal information related to you violates the GDPR. The supervisory body to which the complaint is submitted shall inform the complainant of the status and results of the complaint, including the option of legal remedy pursuant to Numeral 78 of the GDPR.
Version: 01.01.2022