Data privacy

Introduction
To inform you about our policies and activities relating to the collection, use and disclosure of personal data on the Internet, Mainlevel Consulting AG (or “Mainlevel”) provides this policy in electronic form. This policy applies to all websites owned or run by Mainlevel, their subsidiaries, branches and/or companies directly or indirectly controlled by Mainlevel. It does not apply to websites that have their own data privacy policy. The website you are currently using is referred to below as the “website”.

In this policy, the term “personal data” refers to data that relates to an individual and identifies this person either directly or indirectly (in conjunction with other information that may be likely to come into the possession of Mainlevel), such as your name, email address or telephone number.

Collection of personal data
In general, you can access Mainlevel’s website without providing any personal information. Your browser transmits information to our server which are technically necessary for display our website and to ensure stability and security. These are IP address, date and time of the request, time zone difference to GMT, content of requests, access status / http status code, amount of data transferred, webpage that the request comes from, browser, operating system and its interface and language and version of the browser software.

To access some areas of our website, for example to apply for a position or get in touch with us, we may need to obtain personal data from you. The entering of personal data in such cases is voluntary, and you are explicitly requested to provide such personal data and informed about the intended use of such personal data. If you do not provide us with the required personal data, you may won’t be able to use some functions offered by our website. The typical reasons for us collecting personal data are listed below, along with a brief description of how your personal data is treated in each case.

• Communication with you. We will respond to any comments and requests that you submit to us through our website, such as online enquiries, comments, or registration to attend an event. This may involve calling you on the telephone or sending an email to you.
• Creating aggregated statistics regarding the use of our website.
• Your personal data will be stored accordingly on our systems.

Particularly sensitive personal data
As a rule, Mainlevel does not obtain any “particularly sensitive personal data” via its website. “Particularly sensitive personal data” includes personal data concerning race, political opinion, religious or philosophical beliefs, trade union membership, health or sex life. By voluntarily providing us with particularly sensitive personal data (such as by submitting your CV or applying for a job online), you expressly consent to the use of your personal data as described in this policy.

Disclosure of your personal data
Mainlevel is a global organisation. Our internal processes and infrastructures are therefore international in their nature and scope.

Accordingly, you should be aware that we may share your personal data with third parties, for the purpose of processing it on our behalf. We require that third parties treat the personal data they receive in accordance with Mainlevel’s Data Privacy and Security Policies.

Your personal data may therefore also be subject to cross-border disclosure. Cross-border disclosure of your personal data will be conducted only (i) to countries with equivalent data protection standards, or (ii) on the basis of officially recognized data protection agreements, or (iii) on the basis of officially recogniz ed standard data protection clauses.

Your rights
Below you find more detailed information on your rights regarding the processing of your personal data under the General Data Protection Right (GDPR):

I. Right of access
As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the GDPR. This means that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (points (a), (b) and (c) of Article 15 paragraph 1 of the GDPR). You can find the full extent of your right to access and information in Article 15 of the GDPR, which can be accessed using the following link.

II. Right to rectification
As a data subject, you have the right to rectification under the conditions provided in Article 16 of the GDPR. This means that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data. You can find the full extent of your right to rectification in Article 16 of the GDPR, which can be accessed using the following link.

III. Right to erasure (“right to be forgotten”)
As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the GDPR. This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (point (a) of Article 17 paragraph 1 of the GDPR). If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the GDPR). The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (points (a) and (4) of Article 17 paragraph 3 of the GDPR). You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the GDPR, which can be accessed using the following link.

IV. Right to restriction of processing
As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the GDPR. This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (point (a) of Article 18 paragraph 1 of the GDPR). Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the GDPR). You can find the full extent of your right to restriction of processing in Article 18 of the GDPR, which can be accessed using the following link.

V. Right to data portability
As a data subject, you have a right to data portability under the conditions provided in Article 20 of the GDPR. This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the GDPR or on a contract pursuant to point (b) of Article 6 paragraph 1 of the GDPR and the processing is carried out by automated means (Article 20 paragraph 1 of the GDPR). You can find information as to whether an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the GDPR or on a contract pursuant to point (b) of Article 6 paragraph 1 of the GDPR in the information regarding the legal basis of processing in Section C of this Data Protection Information. In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the GDPR).
You can find the full extent of your right to data portability in Article 20 of the GDPR, which can be accessed using the following link.

VI. Right to object
As a data subject, you have a right to object under the conditions provided in Article 21 of the GDPR. At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object. As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6 paragraph 1, including profiling based on those provisions. In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You can find the full extent of your right to objection in Article 21 of the GDPR, which can be accessed using the following link.

VII. Right to withdraw consent
Where an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the General Data Protection Regulation, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

VIII. Right to lodge a complaint with a supervisory authority
As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in point (f) of Article 57 paragraph 1 of the General Data Protection Regulation.

Duration of retention
Your personal data will only be retained, as long as is necessary, for the intended processing. In addition, legally required retention periods remain reserved.

Third-party websites
Mainlevel’s websites may contain links to third-party websites. Mainlevel makes no guarantees with regard to such third-party websites and assumes no responsibility with respect to such third-party websites. You should be aware that the owners and operators of such third-party websites may possibly collect, use or disclose personal data in a manner other than that applied by Mainlevel. When accessing internet links to third-party websites, you should review the data privacy policies of these third-party websites. You should also be aware of the fact that third-party websites may use cookies.

Reorganization of the company
As is the case with many other organizations, Mainlevel may reorganize its business units either as a result of the acquisition of new entities or the disposal or merger of existing entities. If this is done, personal data may be disclosed to potential or actual purchasers of parts of our business or personal data may be obtained from potential sellers. In doing so, we strive to ensure that confidentiality is suitably maintained for personal data that is disclosed in the course of such transactions.

Legal notice
Mainlevel may disclose personal data in order to enforce the terms of use of our website or to protect personal safety or the Mainlevel website in urgent cases. It is also possible that we may be required to disclose your personal data for legal reasons, as a result of judicial or other official summons, orders or decrees, in any jurisdiction in which we conduct business.

Data security and integrity
Mainlevel takes various technological and procedural security measures to protect the personal data we collect, use or transfer against loss, misuse, alteration or destruction. However, please note that, due to the openness and insecure nature of the internet, Mainlevel cannot take responsibility for the security of the transmission of personal data over the Internet.

Analysis software and cookies
The website uses cookies and social media plug-ins. More information about these is available in the Cookie Policy.

This policy was last updated on July 10, 2018. Please consult this page regularly to see if this policy has been changed.

Cookie Policy

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The use includes the “Universal Analytics” operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user’s activities across devices.

Google Analytics uses “cookies”, which are text files placed on your computer, to allow the website operator to analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and internet use. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is § 15 para. 3 TMG and Art. 6 para. 1 lit. f GDPR. The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.

Cookies
General
We use cookies on this website. Cookies are small pieces of information that a website sends to your computer’s web browser when you visit a website. Cookies are stored on your computer for a certain period of time, depending on the expiry date of the cookie. More information about cookies is available at http://www.aboutcookies.org.uk/

By using our website, you agree to the placement of cookies on your device, as explained in more detail below.

The Mainlevel website uses the following cookies:

If you do not wish to be assigned cookies by our website, you must make the setting in your browser that does not allow cookies or that notifies you when a cookie is placed on your device. You can then reject this placement when you receive the message. To find out how to do this, please consult the “Help” section of your browser and visit http://www.aboutcookies.org.uk/.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on. Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across several devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set. To disable Google Analytics, use the add-on for browsers.

Google Analytics cookies

As explained above, Mainlevel uses Universal Analytics cookies to obtain standard internet login information as well as details about user behaviour. Mainlevel does this to improve the website. This information does not contain any personal data. The data used for analytical purposes may be linked to personal data obtained from this website or otherwise. To obtain more information about Universal Analytics cookies, please click here.

Browser add-on for disabling Google Analytics and opt-out cookie

To give website visitors more control over how their data is collected via Universal Analytics, Google has developed a Universal Analytics deactivation add-on for browsers. The add-on communicates with the Google Analytics JavaScript (analytics.js) to indicate that information about your visit to the website should not be sent to Google Analytics. The deactivation add-on for browsers does not prevent information from being sent to the website itself.

Please click here to find out more about the Google Analytics deactivation add-on for browsers.

Alternatively, you can set a cookie to prevent the collection of data by Universal Analytics. Click [opt-out-jscript-link] to set the opt-out cookie.

Contact details
If you have any questions about this Data Privacy Policy or requests relating to the use of your personal data by Mainlevel, you are welcome to contact our data privacy officer via the email address dataprivacy@mainlevel.de.

We endeavour to respond promptly to enquiries, but a reasonable handling time must be expected.