privacy policy

DATA PROTECTION STATEMENT

The data protection notices meet the information obligations in accordance with the requirements of article 12 ff. of the EU general data protection regulation (subsequently called “GDPR”) and provide you with an overview of the processing of your personal data (subsequently called “data”) on the Majorel website (subsequently called the “website”).

 

1. Who is responsible for processing my data?

Majorel Group Luxembourg S.A. 43, boulevard Pierre Frieden L-1543 Luxembourg
43, boulevard Pierre Frieden
L-1543 Luxembourg

Telephone: +49 5241 5 27 50 10
Email contact@majorel.com

is responsible for processing your data on the website. The data protection officer of Majorel can be reached under the above-mentioned postal address with the addition “FAO: data protection officer” or via email at contact@majorel.com.

Majorel Group Luxembourg S.A.l. (subsequently called “we” or “us”) processes personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (subsequently called “BDSG”).

 

2. What personal data do we process?

The purposes of data processing may arise from technical, contractual or statutory requirements or, where applicable, from a consent.

We process your personal data e.g. for the following reasons:

  • Provisioning of the website and guarantee of its technical security, in particular removal of technical faults and to ensure that unauthorised persons do not gain access to the website systems;
  • Reach measurements and web analyses to make the website more efficient and interesting for you and to conduct market research;
  • Communications, advertising, contract preparation and customer service; and
  • Establishment of an employment relationship.

 

Generally, you can utilise the offering of the website without providing your data, for example, to inform yourself about us. However, your data must be stated when using specific offers, e.g. to make contact. Mandatory information is regularly marked with an *.

You will find additional information on these purposes of data processing in the following sections of this data protection statement.

 

2.1. Technical provision of the website

2.1.1        Description and scope of data processing

When you visit the website, the host computer automatically records information (subsequently called “access data”).

We shall process the following data:

  • Details of the content requested by you on the website and your usage pattern
  • Information about the browser type, browser version, operating system and internet service provider
  • Date and time of the use of the website
  • The previously visited websites
  • New websites opened via the website
  • The IP address of the computer (also called “Server Log Files”)

 

Using web tracking, pseudonymous use profiles are created from the access data and analysed. We are generally unable to trace these back to your person.

For the functionality of the website, the performance of security analyses and the defence against attacks the server log files are automatically recorded and briefly saved by the computer system of the host computer as part of the overall access data when entering and using the website. The server log files are not stored together with other data. We use the server log files for statistical analysis, to analyse and remedy faults, to defend against attacks and fraud and to optimise the functionality of the website.

2.1.2 Purposes and legal basis of data processing

The legal basis for recording the server log files is article 6 (1) letter f GDPR. Our justified interest lies in the functionality of the website, the performance of security analyses and defence against dangers.

2.1.3. Storage duration or criteria for defining this duration

After opening the website the server log files are stored on the web server and the IP address included is deleted no later than after 7 days in accordance with the requirements of the Telecommunications Act. This does not apply if there is a concrete suspicion and extended storage is required by law for analysis and investigation.

2.1.4. Right to objection and removal

The recording of the data for provisioning the website and storage of the data in the log files is essential for the operation of the website. The user does, therefore, not have a right to objection.

 

2.2 Contact form, email and telephone contact

2.2.1.     Description and scope of data processing

The website has an option to contact us via a contact form, an email address or a telephone number. If you use this option, you provide us with data, such as email address, telephone number, first and last name and your concern (subsequently called “contact data”). The contact data are only stored and used to process the concern of your contact request (e.g. questions about products and services of Majorel).

2.2.2.     Purposes and legal basis of data processing

The legal basis for processing your contact data is article 6 (1) letter f GDPR. Our justified interest lies in the processing of your specific concern and further communication. If your contact request is aimed at concluding a contract for using our services, the legal basis is further article 6 (1) letter b GDPR.

2.2.3.    Storage duration or criteria for defining this duration

After processing your concern and termination of further communication your contact data will be deleted. This does not apply if your contact request is aimed at concluding a contract. To this end the data are stored until the contractual and/or statutory retention periods (currently 6 to 10 years) have been met.

2.2.4.    Right to objection and removal

You have the right to object against the processing of your contact data if the reasons resulting from your specific situation apply. If you want to exercise your right to objection, please contact the contact address specified in item 1. If you object, processing of your concern cannot continue. This does not apply if the storage of your contact data is required for preparing or fulfilling a contract.

 

2.3. Online appointment allocation via Microsoft Bookings

2.3.1.   Description and scope of data processing

For online appointment agreements, we use Microsoft Bookings by Microsoft (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521). A connection to the service is only established if you open the online booking function via a button on our website.

For booking an appointment we process your first and last name, your email address and the time periods booked. For the appointment agreement your entries in the appointment agreement form are transmitted to Microsoft. Additional information on the handling of your data can be found in the Data protection statement of Microsoft.

2.3.2.    Purposes and legal basis of data processing

The legal basis for processing your personal data in relation to the “Microsoft Booking” service is article 6 (1) letter f GDPR (justified interest in data processing). The justified interest results from our entitlement to offer you a user-friendly website with a wide functional scope and offer you the opportunity at any time to agree an appointment with our employees quickly and easily when required. If your contact request is aimed at concluding a contract for using our services, the legal basis is further article 6 (1) letter b GDPR.

We point out that you are not obliged to use Microsoft Bookings to agree an appointment. If you do not want to use the service, please use another of the contact options provided to make an appointment.

2.3.3.   Storage duration or criteria for defining this duration

After processing your concern and termination of further communication your contact data will be deleted. This does not apply if your contact request is aimed at concluding a contract. To this end the data are stored until the contractual and/or statutory retention periods (currently 6 to 10 years) have been met.

2.3.4.   Right to objection and removal

You have the right to object against the processing of your contact data if the reasons resulting from your specific situation apply. If you want to exercise your right to objection, please contact the contact address specified in item 1. If you object, processing of your concern cannot continue. This does not apply if the storage of your contact data is required for preparing or fulfilling a contract.

 

2.4. Assertion of the rights of data subjects

2.4.1.   Description and scope of data processing

Via these data protection notices we inform you about the opportunity to exercise the data protection rights of data subjects, such as obtaining information. To assert your rights as data subject you might need to provide us with details about your person and about the individual data processing events. Without providing those we are unable to comply with your rights as a data subject.

2.4.2.   Purposes and legal basis of data processing

The legal basis for the processing of your data when assertion of the rights of data subjects is article 6 (1) letter c GDPR to meet a statutory obligation.

2.4.3   Storage duration or criteria for defining this duration

We store the correspondence entered into with you in relation to the assertion of the rights of data subjects for a period of 3 years. An exception is a copy of your identity card marked as copy to confirm your identity if you have provided this to us. This will be deleted no later than one week after confirming your identity.

 

3. Cookies

3.1.   What are cookies?

The website uses cookies. Cookies are small text files stored on your computer when visiting the website. The stored cookies are linked to the browser used by you. If the respective website is opened again, the web browser returns the content of the cookies and thereby enable for the user to be recognised. Some cookies are deleted when you log off or terminate the browser session (so-called “transient cookies”). Other cookies are stored for a specified time period or permanently (so-called “temporary cookies” or “persistent cookies”). These cookies are deleted automatically after expiry of the defined time period. You can also delete the cookies in the security settings of your browser at any time and configure the use of cookies in accordance with your preferences. Please note that you may not be able to use all functions of the website.

Generally, cookies are only an online identifier without personal identification. The cookies become personal if the information generated by the cookies is combined with additional data. A differentiation can be made between cookies necessary for providing the website and cookies necessary for other purposes, e.g. analysing the user pattern or advertising.

Dependent on function and purpose the cookies used by us can be divided into the following categories: Technically necessary cookies, statistical cookies and marketing cookies

 

3.2.  Technically necessary cookies

Technically necessary cookies enable the navigation and functionality on our website. These cookies are used to ensure the correction functionality of the website and cannot be disabled in your system. These cookies are neither used for advertising purposes nor to collect data about the user patterns of our visitors.

We use e.g. the following technically necessary cookies:

3.2.1.   Consent Management Platform

We use a Consent Management Platform as consent management tool. This collects log file and consent data and permits informing the user about his consent to specific tags on our website and to obtain, manage and document them.

The purpose of data processing is the management and documentation of the consent granted in order to meet our obligation for GDPR-compliant consent management. It is used to verify and manage consent granted and not granted.

The legal basis for the management of your consent to the processing of your personal data is article 6 (1) letter f GDPR. Our justified interest lies in the legally sound documentation and verifiability of consent and the exclusion of marketing actions based on consent granted.

The data shall be deleted as soon as they are no longer required.

3.2.2.   Google reCAPTCHA V3

We use the service Google reCAPTCHA on our website. This is a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (subsequently called “Google”).

Google reCAPTCHA processes information about your user patterns on our internet presence. The purpose of processing is the verification whether input is made by a human or through abuse by an automated machine processing. The method therefore serves to defend against spam, DDos attacks and other automated harmful interventions. The use of Google reCAPTCHA therefore serves directly to guarantee the integrity and functionality of our systems. This also constitutes our justified interest according to article 6 (1) letter f GDPR.

The IP address transmitted as part of Google reCAPTCHA is not combined with other data by Google unless you are logged in with your Google account at the time of using Google reCAPTCHA. If you want to prevent the transmission and storage of data about yourself and your pattern on our website by Google, you must log out of Google before visiting our website.

You can object to the collection and forwarding of your personal data or prevent the processing of these data by disabling the execution of JavaScript in your browser. You can also prevent the execution of JavaScript code by installing a JavaScript blocker (e.g. https://noscript.net/ or https://www.ghostery.com). We must point out that in this case you might not be able to fully use all functions of our internet presence.

The legal basis for processing personal data using cookies is article 6 (1) letter f GDPR. Our justified interest lies in the simplification of the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognised also after reloading the site.

 

3.3  Statistical cookies

These cookies are used to understand the use of our website by our visitors, detect errors and continuously improve our website. They are used on the basis of the legal basis of article 6 (1) clause 1 letter a) GDPR (your consent). The data processing only commences after a corresponding opt-in has been provided.

3.3.1    Google Analytics

The website uses the service Google Analytics.

The provider of Google Analytics is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Google Analytics uses cookies to permit an analysis of your use of the website. The information about your use of this website generated by the cookie is normally transmitted to and stored on a Google server in the USA.

In case of IP anonymisation having been activated on this website, your IP address will, however, be first truncated by Google within member states of the European Union or in other signatories to the treaty on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website Google uses this information to analyse your use of the website, to compile reports about the website activity and to provide additional services related to the website use and internet use for the website operator.

The IP address transmitted by your browser as part of Google Analytics is not combined with other data by Google. You can prevent the storage of the cookies via appropriate settings in your browser software; however, we must point out that in this case you might not be able to make full use of all functions of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by clicking on the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en and installing it.

Please note that the data may be transmitted to a country outside the European Union and the European Economic Area which does not offer an adequate data protection level. If the data are transmitted to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes possibly without you having a legal remedy.

The legal basis for processing your data is currently your consent according to article 6 (1) clause 1 letter a GDPR. With regard to transmission to third countries the processing is in accordance with article 49 (1) letter a GDPR.

The data are deleted as soon as they are no longer required for the processing purposes, but after 1 year at the latest.

More information on data processing by Google Analytics is available in the data protection statement of Google: https://policies.google.com/privacy?hl=en.

 

3.4.  Marketing cookies

With these we collect anonymised data for statistics, e.g. we can analyse how successful our advertising is. We can also design your website visit to be more relevant and provide it with content tailored to you.

3.4.1.   Google Ads

We use the function “Goole Ads” by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Using Google Ads we promote the website in Google search results and on the websites of other providers who also participate in the Google advertising network. To this end a cookie is set by Google when you visit our website which automatically permits interest-based advertising as part of the Google advertising network using a pseudonymous cookie ID and based on your access data. If you arrive at our website from another website via a Google ad, Google also sets a cookie.

These Google cookies normally lose their validity after 30 days and are not intended to identify you personally. These cookies only allow Google to recognise your internet web browser. If a user visits specific pages of the website within the Google advertising network and the cookie stored by Google has not expired yet, Google and the website provider can detect that the user has clicked on the ad and has been forwarded to this website. Every website provider participating in the Google advertising network is assigned a different cookie by Google. Therefore, cookies cannot be tracked via the website of other website providers who also participate in the Google advertising network.

We do not directly collect or process personal data as part of Google Ads. We only receive statistical analyses by Google. Based on these analyses we can detect which of our advertisements in the Google advertising network are particularly effective. We do not receive additional data; in particular we cannot identify the user based on this information. Additional information on the Google advertising network and the data protection statement of Google can be viewed at: http://www.google.com/privacy/ads/

 

3.5. Cookies for advertising and targeting purposes

Integrated in the website are services to optimise usability and measure the reach of the website. In the process your access data (see item 2) are collected and the usage pattern analysed using cookies (see item 3). For web tracking personal identification is generally not necessary, so that during the collection of your access data the stored IP address is either not used or only in truncated form (removal of the last octet) and pseudonymous user profiles are created. These are generally not combined with other data and you can object at any time. Personal usage profiles are only created in exceptional cases and after you have given your consent.
The web tracking services are regularly provided by service providers who process the pseudonymous usage profiles only in accordance with our instructions and not for their own purposes. This is ensured through contract processing agreements. If the service providers are based outside of the European Union or the European Economic Area (subsequently called “EU” or “EEA”), a so-called third country transfer takes place. This is permitted if you have given your consent, we have created a guarantee for an adequate data protection level by European standards or the EU Commission has categorised the respective third country as a safe third country.

3.5.1   Use of script libraries (Google Web Fonts)

To display our content across browsers and in an appealing manner, we use script libraries and font libraries on this website, such as Google Web Fonts (https://www.google.com/webfonts/). Google Web Fonts are transferred to the cache of your browser to prevent repeated reloading. If the browser does not support the Google Web Fonts or prevents access, the content is displayed in a standard font.

The opening of script libraries or font libraries automatically triggers a server request to the operator of the library. This normally is with a Google server in the USA. This tells the server which of our web pages you have visited. The IP address of the browser of your end device is also stored by Google. We have no influence over the scope and subsequent use of the data collected and processed by Google through the use of Google Web Fonts.

Please note that this service may transmit data to a country outside the European Union and the European Economic Area which does not offer an adequate data protection level. If the data are transmitted to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes possibly without you having a legal remedy.

The legal basis for processing your data is currently your consent according to article 6 (1) letter a GDPR. With regard to transmission to third countries the processing is in accordance with article 49 (1) letter a GDPR.

Additional information on data protection is available in the data protection statement of Google: https://policies.google.com/privacy?hl=de&gl=en

Additional information on Google Web Fonts is available at https://fonts.google.com/, https://developers.google.com/fonts/faq?csw=1 and https://www.google.com/fonts#AboutPlace:about

 

4. External services and content on our website

We integrate external services or content with our website. If you utilise such a service or content of third parties is displayed to you, communication data between you and the respective provider are exchanged for technical reasons.

The provider of the respective services or content may also process your data for additional purposes of his own. We tried our best to configure services or content of providers who are known to process data for their own purposes in such a way that either a communication for other purposes than the display of the content or services of our website is prevented or a communication only takes place when you actively decide to use the service. Because we have no influence over the data collected by third parties and its processing by those, we cannot provide any binding statements about the purpose and scope of the processing of your data.

Please, therefore, refer for additional information about the purpose and scope of the collection and processing of your data to the data protection notices of the respective provider responsible under data protection law of the services or content integrated by us:

  • YouTube: https://support.google.com/youtube/answer/7671399 
    Our website includes videos of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, which are not stored on our servers.
    Opening our pages with integrated videos causes the content of the third party provider providing the videos to be subsequently loaded. This provides YouTube in particular the in this context technically necessary usage data. We have no influence on the further data processing by the third party provider. However, when embedding the videos we made sure to enable the extended data protection mode offered by YouTube. The extended data protection mode means that the third party provider does not set cookies until the video is clicked on.
    Embedding of YouTube videos is on the basis of article 6 (1) clause 1 letter f GDPR (justified interest in an appealing design of the site, in public relations and communication).
    If you want to make sure that no cookies are set by YouTube, do not click on the embedded videos.
    Additional information on the data protections provisions applicable at YouTube/Google is available here:
    https://policies.google.com/privacy?hl=de&gl=en.

 

5. Who receives my data?

Those of our departments have access to your data who require them to meet the purposes described in item 2 and 3. Services providers engaged by us may also be granted access to your data (so-called “contract processors”, such as computer centres, dispatch of newsletters, processing of prize draws, customer service or debtor management). Contract processing agreements ensure compliance with instructions, data protection and the confidential handling of your data by these services providers.

Data are only forwarded to additional recipients, such as advertising partners, providers of social media services or credit institutes (so-called “third parties”) if mandated by statutory provisions or you have given your consent.

 

6. Are my data processed outside the EU or EEA (third country transfer)?

If the service providers and/or third parties mentioned in item 3 are based outside the EU or EEA, this may result in your data being transmitted to a country where no adequate data protection level by EU or EEA standards can be guaranteed. However, such a data protection level can be established using a suitable guarantee. A suitable guarantee means, for example, standard contract clauses provided by the EU Commission. If you want, you can request a copy of these guarantees from the contact data mentioned in item 1. Any guarantees may be waived if, for example, you give your consent or the third country transfer is necessary for us to fulfil the contractual relationship. The EU Commission has also recognised certain third countries as safe third countries, so that suitable guarantees by the company may also be waived in this case.

 

7. What are my data protection rights?

You have at any time the right to information about the personal data stored by us about you. If data about you are incorrect or no longer up-to-date, you have the right to demand their correction. You also have the right to demand the deletion or restriction of the processing of your data in accordance with article 17 or article 18 GDPR. You may also have a right to the surrender of the data provided by you in a common and machine-readable format (right to data transferability).

If you have given your consent to the processing of personal data for specific purposes, you may cancel the consent at any time with effect for the future. The cancellation shall be addressed to the company at the contact address mentioned in item 1.

According to article 21 GDPR you have the right to object to the processing of your data based on the legal basis of article 6 (1) letter f GDPR at any time for reasons resulting from your specific situation. You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing. The same applies to the automated process when using individual cookies, unless these are essential for providing the website.

In addition, you have the option to contact a data protection authority and submit a complaint.

 

8. To what extent is a decision taken automatically?

We do not use fully automated decision making processes for the purposes mentioned in section 2.

 

9. Are profiles being created?

No profiles are being created for any of the purposes mentioned in section 2.

 

10. How we protect your personal data

We take technical and organisational measures to protect your personal data and treat them as confidential. We take comprehensive technical and organisational security measures, which are being regularly reviewed and adapted to the technological progress, to prevent a manipulation or loss or misuse of your personal data. This includes e.g. the use of recognised encryption methods (SSL or TLS). However, we must point out that due to the structure of the internet it is possible that data protection rules and the above-mentioned security measures will not be observed by other persons or institutions outside our scope of responsibility. In particular data disclosed without encryption – e.g. by email – can be read by third parties. We have not technical influence upon this. It is the responsibility of the user to protect the data provided by him against misuse through encryption of by some other means.

 

11. What happens if the data protection statement is changed?

In case of amendments of the laws or changes to our corporate processes we can adapt this data protection statement accordingly. We therefore ask you to read this data protection policy regularly. You can open this data protection statement at any time by visiting our website and selecting the data protection statement link at the bottom of the page.

PROTECTED BY GOOGLE RECAPTCHA V3

Further information about Google reCAPTCHA V3 as well as Google’s privacy policy can be found here: