In this policy, the term “personal data” refers to data that relates to an individual and identifies this person either directly or indirectly (in conjunction with other information that may be likely to come into the possession of Mainlevel), such as your name, email address or telephone number.
Collection of personal data
In general, you can access Mainlevel’s website without providing any personal information. Your browser transmits information to our server which are technically necessary for display our website and to ensure stability and security. These are IP address, date and time of the request, time zone difference to GMT, content of requests, access status / http status code, amount of data transferred, webpage that the request comes from, browser, operating system and its interface and language and version of the browser software.
To access some areas of our website, for example to apply for a position or get in touch with us, we may need to obtain personal data from you. The entering of personal data in such cases is voluntary, and you are explicitly requested to provide such personal data and informed about the intended use of such personal data. If you do not provide us with the required personal data, you may won’t be able to use some functions offered by our website. The typical reasons for us collecting personal data are listed below, along with a brief description of how your personal data is treated in each case.
- Communication with you. We will respond to any comments and requests that you submit to us through our website, such as online enquiries, comments, or registration to attend an event. This may involve calling you on the telephone or sending an email to you.
- Creating aggregated statistics regarding the use of our website.
- Your personal data will be stored accordingly on our systems.
Particularly sensitive personal data
As a rule, Mainlevel does not obtain any “particularly sensitive personal data” via its website. “Particularly sensitive personal data” includes personal data concerning race, political opinion, religious or philosophical beliefs, trade union membership, health or sex life. By voluntarily providing us with particularly sensitive personal data (such as by submitting your CV or applying for a job online), you expressly consent to the use of your personal data as described in this policy.
Disclosure of your personal data
Mainlevel is a global organisation. Our internal processes and infrastructures are therefore international in their nature and scope.
Accordingly, you should be aware that we may share your personal data with third parties, for the purpose of processing it on our behalf. We require that third parties treat the personal data they receive in accordance with Mainlevel’s Data Privacy and Security Policies.
Your personal data may therefore also be subject to cross-border disclosure. Cross-border disclosure of your personal data will be conducted only (i) to countries with equivalent data protection standards, or (ii) on the basis of officially recognized data protection agreements, or (iii) on the basis of officially recogniz ed standard data protection clauses.
Below you find more detailed information on your rights regarding the processing of your personal data under the General Data Protection Right (GDPR):
I. Right of access
As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the GDPR. This means that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (points (a), (b) and (c) of Article 15 paragraph 1 of the GDPR). You can find the full extent of your right to access and information in Article 15 of the GDPR, which can be accessed using the following link.
II. Right to rectification
As a data subject, you have the right to rectification under the conditions provided in Article 16 of the GDPR. This means that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data. You can find the full extent of your right to rectification in Article 16 of the GDPR, which can be accessed using the following link.
III. Right to erasure (“right to be forgotten”)
As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the GDPR. This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (point (a) of Article 17 paragraph 1 of the GDPR). If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the GDPR). The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (points (a) and (4) of Article 17 paragraph 3 of the GDPR). You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the GDPR, which can be accessed using the following link.
IV. Right to restriction of processing
As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the GDPR. This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (point (a) of Article 18 paragraph 1 of the GDPR). Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the GDPR). You can find the full extent of your right to restriction of processing in Article 18 of the GDPR, which can be accessed using the following link.
V. Right to data portability
As a data subject, you have a right to data portability under the conditions provided in Article 20 of the GDPR. This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the GDPR or on a contract pursuant to point (b) of Article 6 paragraph 1 of the GDPR and the processing is carried out by automated means (Article 20 paragraph 1 of the GDPR). You can find information as to whether an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the GDPR or on a contract pursuant to point (b) of Article 6 paragraph 1 of the GDPR in the information regarding the legal basis of processing in Section C of this Data Protection Information. In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the GDPR).
You can find the full extent of your right to data portability in Article 20 of the GDPR, which can be accessed using the following link.
VI. Right to object
As a data subject, you have a right to object under the conditions provided in Article 21 of the GDPR. At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object. As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6 paragraph 1, including profiling based on those provisions. In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You can find the full extent of your right to objection in Article 21 of the GDPR, which can be accessed using the following link.
VII. Right to withdraw consent
Where an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the General Data Protection Regulation, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.
VIII. Right to lodge a complaint with a supervisory authority
As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in point (f) of Article 57 paragraph 1 of the General Data Protection Regulation.
Duration of retention
Your personal data will only be retained, as long as is necessary, for the intended processing. In addition, legally required retention periods remain reserved.
Reorganization of the company
As is the case with many other organizations, Mainlevel may reorganize its business units either as a result of the acquisition of new entities or the disposal or merger of existing entities. If this is done, personal data may be disclosed to potential or actual purchasers of parts of our business or personal data may be obtained from potential sellers. In doing so, we strive to ensure that confidentiality is suitably maintained for personal data that is disclosed in the course of such transactions.
Data security and integrity
Mainlevel takes various technological and procedural security measures to protect the personal data we collect, use or transfer against loss, misuse, alteration or destruction. However, please note that, due to the openness and insecure nature of the internet, Mainlevel cannot take responsibility for the security of the transmission of personal data over the Internet.
Analysis software and cookies
This policy was last updated on July 10, 2018. Please consult this page regularly to see if this policy has been changed.
This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The use includes the “Universal Analytics” operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user’s activities across devices.
By using our website, you agree to the placement of cookies on your device, as explained in more detail below.
The Mainlevel website uses the following cookies:
|Google Analytics||_utma||2 years||Recognition cookie: identifies unique visitors. The Google Analytics utma cookie allocates a unique ID, which is used to identify the visitor in the case of repeat visits.|
|Google Analytics||_utmb||30 minutes||Session cookie: counts the number of visits rather than the number of unique visitors. The Google Analytics utmb cookie deletes itself automatically after 30 minutes. It is placed on a device together with the utmc cookie.|
|Google Analytics||_utmc||After closing the browser window||Session cookie: deletes itself automatically when the browser window is closed. It is placed on the device together with the Google Analytics utmb cookie.|
|Google Analytics||_utmz||6 months||Campaign Cookie: Measures traffic across all online marketing channels. This means that within this period, the user will carry the data from the last traffic source on the website and, as a result, statistically allocate the conversion or conversion rate to the respective online marketing channel.|
If you do not wish to be assigned cookies by our website, you must make the setting in your browser that does not allow cookies or that notifies you when a cookie is placed on your device. You can then reject this placement when you receive the message. To find out how to do this, please consult the “Help” section of your browser and visit http://www.aboutcookies.org.uk/.
Google Analytics cookies
As explained above, Mainlevel uses Universal Analytics cookies to obtain standard internet login information as well as details about user behaviour. Mainlevel does this to improve the website. This information does not contain any personal data. The data used for analytical purposes may be linked to personal data obtained from this website or otherwise. To obtain more information about Universal Analytics cookies, please click here.
Browser add-on for disabling Google Analytics and opt-out cookie
Please click here to find out more about the Google Analytics deactivation add-on for browsers.
Alternatively, you can set a cookie to prevent the collection of data by Universal Analytics. Click [opt-out-jscript-link] to set the opt-out cookie.
We endeavour to respond promptly to enquiries, but a reasonable handling time must be expected.