Privacy Policy
This Privacy Policy will inform you how we handle your data. In order to make the processing of your data transparent for you, we would like to give you an overview of this processing in the following information. In order to guarantee fair processing, this Privacy Policy contains general disclosures about how we handle your data, as well as information about your rights in accordance with the European General Data Protection Regulation (GDPR) and the German Data Protection Act (Bundesdatenschutzgesetz, or BDSG).
We will also inform you in detail about
I. General disclosures
II. Data processing on our website
III. Presence in social networks
IV. Other data processing
The controller that is responsible for data processing is MUTABOR Management GmbH (subsequently referred to as “we” or “us”).
I. General disclosures
1. Contact
If you have any questions or suggestions about this information, or would like to contact us to assert your rights, please send your inquiry to
MUTABOR Management GmbH
Königstrasse 28
22767 Hamburg
Deutschland
Tel.: +4940 80 80 23 – 0
E-Mail: info@mutabor.de
2. Legal basis
The data protection law term “personal data” describes all information that relates to a certain or identifiable person.
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. We will only process data on the basis of legal permission. We only process personal data with your consent (Art. 6 (1) a) GDPR), to fulfill a contract of which you are a contracting party, or at your request to carry out pre-contractual measures (Art. 6 (1) b) GDPR), to meet a legal obligation (Art. 6 (1) c) GDPR) or if this processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, if your interests or fundamental rights and freedoms which require protection of personal data do not override these (Art. 6 (1) f) GDPR).
3. Duration of storage
If nothing to the contrary is stated in the following notes, we will only store your data for as long as we need to in order to achieve the purpose of the processing or to meet our contractual or legal obligations. Such legal retention obligations can result from regulations under commercial or taxation law in particular.
4. Recipients of data and the processing outside the EU or in what are known as “third countries” that may be associated therewith
We commission service providers to carry out some processing.
This processing includes hosting, maintaining and supporting IT systems, marketing actions and destroying files or data storage media. These service providers only process data in accordance with our explicit instructions and they are contractually obliged to guarantee the use of suitable technical and organizational measures to protect data. Otherwise, we may transmit our customers’ personal data to organizations such as postal and delivery services, payment services, credit agencies, banks, tax consultants, auditors and the tax authorities.
In the process, personal data may be transferred to third countries or to international organizations that have a subsidiary based in Germany, but due to their global organization involving, for example, headquarters in the United States, it is not impossible that your data will be accessed.
In principle, the processing of personal data outside the EEA is possible if an adequate level of protection for the processing of personal data is ensured. These appropriate safeguards may be based, for example, on an adequacy decision by the European Commission or on further options such as internal data protection rules, approved rules of conduct, standard data protection clauses or an approved certification mechanism pursuant to Art. 46 (2) a) through f) GDPR.
Despite possible measures to establish legally compliant processing of personal data in a third country, there are risks in some third countries pertaining to the effective protection of EU fundamental rights through the use of surveillance laws (the United States, for example).
To the extent that a transfer to a third country is necessary, we weigh the risks internally in cooperation with our data protection officer and take all reasonable measures to ensure that the protection of your personal data in the case of such data transfers is congruent with the statutory prerequisites and the appropriate safeguards that have been put in place.
Where these transfers do not take place on a statutory basis or take place to a country for which there is no adequacy decision issued by the European Commission, we use the EU standard contractual clauses.
Information on EU standard contractual clauses is available from the website of the European Union:
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF
In our case, this pertains, for example, to the following service providers, in whose case it is not possible to rule out third parties accessing the data despite contractual provisions:
- MailChimp newsletter tool of The Rocket Science Group LLC d/b/a MailChimp (USA), whose privacy policy is listed here: https://mailchimp.com/legal/privacy/
- For video streaming, we also use Vimeo, Vimeo, Inc. (USA): https://vimeo.com/privacy
- Social media services, such as Facebook, Facebook Ireland Ltd.: https://www.facebook.com/about/privacy
5. Processing when exercising your rights as per Art. 15 to 22 GDPR
If you exercise your rights as per Art. 12 to 22 GDPR, we will process the personal data transmitted to us for the purpose of implementing our rights and in order to provide evidence of this. For the purpose of providing information and its preparation we will only process stored data for this purpose, as well as for the purposes of checking data protection, and will otherwise restrict the processing in accordance with Art. 18 GDPR.
The legal basis for this processing is Art. 6 (1) c) GDPR in conjunction with Art. 15 to 22 GDPR and section 34 (2) BDSG.
6. Right to information, rectification, restriction, erasure and to object
You have the right to receive information about the personal data we store at any time. You also have the right to rectification, restriction and, apart from data storage for carrying out transactions as detailed above, to erase your personal data. To exercise these rights, please contact our Data Protection Officer. In order that a restriction of data can be taken into account at any time, this data must be retained in a restricted file for control purposes.
You can also demand that your data is erased, as long as there are no legal archiving obligations. If there is such an obligation, we will restrict the processing of your data on request.
You can make changes or withdraw any consent you have given with effect in the future by notifying the Data Protection Officer.
7. Data Protection Officer
If you have any questions about data protection, please send us an email or contact our Data Protection Officer directly:
nextwork GmbH, Marco Peters, datenschutz@nextwork.de
II. Data processing on our website
When using the website we record information that your provide yourself. In addition, during your visit to the website we will automatically record certain items of information about your use of the website. Under data protection law, the IP address is generally also deemed to be personal data. The Internet provider allocates an IP address to every device connected to the Internet so that it can send and receive data.
1. Processing server log files
If you use our website for purely information purposes, general information will initially be stored automatically (meaning without any registration), which your browser transmits to our server. This includes as standard: Browser type/version, operating system used, page accessed, the page previously visited (referrer URL), IP address, date and time of the server request and the HTTP status code. This processing is done to safeguard our legitimate interest and the legal basis is Art. 6 (1) f) GDPR. This processing is used for technical administration and for the security of the website. The data stored will be anonymized directly after it has been collected so that no personal data is stored. We will not be in a position to identify you as a data subject on the basis of the information stored. Art. 15 to 22 GDPR therefore do not apply as per Art. 11 (2) GDPR, unless you provide additional information to exercise your rights set in these articles that makes it possible to identify you.
2. Contact possibilities and inquiries
If you send us a message via the contact email address we have given, we will process the data transmitted for the purpose of answering your inquiry.
If the purpose of your inquiry is concluding or implementing a contract, Art. 6 (1) b) GDPR is the legal basis for the data processing. Otherwise, we will process the data on the basis of our legitimate interest of making contact with the person who sent the inquiry. The legal basis for the data processing will then be Art. 6 (1) f) GDPR.
3. Newsletter
a. Type and purpose of processing:
Your data will be used exclusively to send you the newsletter you have subscribed to by email. If you register to receive our newsletter, the data you give will be used exclusively for this purpose. Subscribers can also be informed by email about matters relevant to the service or the registration (for example, changes to the newsletter offer or technical circumstances). We need a valid email address for registration to be effective. In order to check whether a registration actually has been made by the holder of an email address, we use what is known as the double opt-in procedure. For this purpose, we log the order for the newsletter, the sending of a confirmation email and the receipt of the answer requested in the email. No additional data will be collected.
b. Legal basis:
We will regularly send you our newsletter or comparable information by email to your address that you have given on the basis of your explicitly issued consent (Art. 6 (1) a) GDPR). You can withdraw your consent to store your personal data and to use it to send the newsletter at any time with effect in the future. There is a link for this purpose in every newsletter. You can also notify us that you have withdrawn your consent by using the contact details given at the end of this Privacy Policy.
c. Recipients:
Other processors may also receive the data.
d. Duration of storage:
The data will only be processed in this connection as long as the required consent has been given. It will be erased afterwards.
e. Provision stipulated or necessary:
The provision of your personal data is voluntary and is done solely on the basis of your consent. Without your consent, we will unfortunately not be able to send you our newsletter.
f. Newsletter analysis
We also analyze the reading behavior and opening rates our newsletter. For this purpose, we collect and process usage data which we bring together with your email address or IP address. The legal basis for analyzing our newsletter is your consent as per Art. 6 (1) a) GDPR. As a recipient you can withdraw your consent at any time by contacting the channels detailed above and unsubscribing from the newsletter. There is a link to unsubscribe at the end of every newsletter.
g. Service providers
We use the service MailChimp from The Rocket Science Group LLC d/b/a MailChimp (USA) to administer subscribers, send the newsletter and for the analysis. Therefore, we will transmit your email address to MailChimp. Processing will be done on your behalf and the legal basis is Art. 6 f) GDPR and meets our legitimate interest to optimize and commercially send our newsletter. If you do not want MailChimp to process your data, you should not subscribe to the newsletter or should unsubscribe from it.
The newsletter service offers statistical evaluation possibilities for usage data. These possibilities include information whether an email reached the recipient or whether it was rejected by the server.
There is a processor agreement between MUTABOR Management GmbH and The Rocket Science Group LLC d/b/a MailChimp.
4. Cookies
We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used so it can be recognized again by our web server. If these cookies process personal data, the legal basis is Art. 6 (1) f) GDPR. The purpose of this processing is our legitimate interest to make our website more user-friendly, effective and secure. We use what are known as “persistent cookies” that are automatically erased after a certain period of time, which can differ depending on the cookie.
You can erase the cookies using the security settings in your browser at any time. You can generally prevent the use of cookies by setting your browser accordingly or for certain cases. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) provides further information on this (in German) at https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.
1. Category “Necessary”
These cookies are necessary to operate the website and to use the web content because they make it possible to use basic functions, such as website navigation and access to secure areas. The website cannot work properly without these cookies.
The category “Necessary” includes:
a. Matomo
We use the web analysis tool “Matomo” to customise the design of our websites. Matomo creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognise and count returning visitors. We also use the Heatmap & Session Recording modules. Matomo’s heatmap service shows us the areas of our website where the mouse is moved most frequently or which are clicked on most often. The session recording service records individual user sessions. We can play back recorded sessions and thus analyse the use of our website. Data entered in forms is not recorded and is not visible at any time.
Data processing is based on your consent in accordance with Section 25 (1) TTDSG, Art. 6 (1) (a) GDPR, provided you have given your consent via our banner. You can revoke your consent at any time. Please make the appropriate settings via our banner.
Further information on Matomo’s terms of use and data protection regulations can be found at: https://matomo.org/privacy/
b. Cookie Consent
Cookie Consent is a consent manager, which stores users’ consent status for cookies on the current domain.
2. Category “Statistics”
Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
The category “Statistics” includes:
a. Collect
Collect is used to send data to Google Analytics about the device and the user’s behavior.
b. Pll_Lanuage
This cookie is used to set the visitor’s preferred language and to adjust the language accordingly.
c. Vuid
This cookie collects data about the user’s visits to the website, for example, about which pages they read.
3. Category “Marketing”
Marketing cookies are used to track visitors to websites. This is intended to show advertisements that are relevant and appealing to the individual user and which are thus valuable to the publisher and the advertising third parties.
a. Test_Cookie
This cookie is used to check whether the user’s browser supports cookies.
b. IDE
This is used by Google Double Click to recognize the user’s actions on the website after the advertisement, across domains, and to play personalized advertising.
c. Yt-remote Cookies
Mutabor Management GmbH uses yt-reomote-device-id, yt-remote-connected-devices, yt-remote-session-app, yt-remote-cast-insalled, yt-remote-session-name, yt-remite-fast-check-period, VISITOR_INFO1_LIVE and YSC. These cookies simplify the playback, operation and storage of user settings when calling up a YouTube video integrated on other websites.
d. GPS
This cookie registers a clear ID on mobile devices in order to enable tracking based on geographical locations.
You can prevent cookies being stored by setting your browser software accordingly. You can also prevent information generated by the cookie from being recorded by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout.
5. Integrated services and third-party contents
We use services and contents (subsequently summarized as “Contents”) provided by third-party providers on our website. It is technically necessary to process your IP address for these connections so that the Contents can be sent to your browser. Therefore, your IP address will be sent to the relevant third-party provider. This data processing is carried out to safeguard our legitimate interest in the optimization and commercial operation of our website and the legal basis is Art. 6 (1) f) GDPR. You can prevent this data processing at any time through the settings of the browser you use or certain browser extensions. Examples of these extensions include the Matrix-based Firewall uMatrix for the browsers Firefox and Google Chrome. Please note that this may cause restrictions to the functions of the website.
We have integrated Contents from the following services from third-party providers on our website:
Services from Google Ireland Limited (Ireland/EU):
– “Google Web Fonts” to present fonts.
There are standard contractual clauses between Google / YouTube / Vimeo and MUTABOR Management GmbH in order to ensure that Google / YouTube / Vimeo meet the suitability and security requirements of the Data Protection Directive of the European Parliament and the European Council.
III. Presence in social networks
Based on our legitimate commercial interest in communication, marketing and presence, we maintain an online presence within the social network “Facebook” and in this scope process data of active users there, or “Followers”, in order to communicate with them or offer information about us. We do not carry out any processing for other purposes.
However, we must point out that Facebook processes personal data from users of the social network for its own purposes and interests. For this reason, we have accepted the Page Controller Addendum from Facebook Ireland Limited. With this agreement Facebook has recognized joint responsibility with regard to what is known as Insights data and assumes material obligations under data protection law to safeguard the rights of data subjects.
According to its own disclosures, Facebook processes personal data for market research and advertising purposes, so that Facebook can compile user profiles, for example, on the basis of user behavior and the resulting user interests.
The user profiles can then be used, for example, to place advertisements inside and outside the networks that supposedly match users’ interests. Facebook cookies are usually stored in the user’s terminal for these purposes, in which user behavior and the user’s interests are stored. Furthermore, data can also be stored in usage profiles independently of the devices used (in particular, if the user is a member of the relevant platforms and is logged on to these). Users’ data may be processed outside the territory of the European Union for these purposes. This may present risks to users because, for example, it could be more difficult for users to assert their rights.
More detailed information about the type and scope of the processing of personal data carried out by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland, parent company:
Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA, can be taken from the relevant policies at https://www.facebook.com/about/privacy. You will find possibilities to set and prevent the placement of cookies placed by Facebook here https://www.facebook.com/settings?tab=ads.
IV. Other data processing
1. Contractual relationships
In order to establish or carry out contractual relationships with our customers it is regularly necessary to process the person’s contact details that are transmitted to us. This processing meets our legitimate interest in smooth business processes. The legal basis for this processing is Art. 6 (1) f) GDPR. In addition, we process customer and potential customer data for evaluation and marketing purposes. The legal basis for this processing is Art. 6 (1) f) GDPR and meets our interest in the further development of our range and to inform you in a targeted manner about the ranges of MUTABOR Management GmbH. Further data processing can take place, if you have given your consent (Art. 6 (1) a) GDPR) or if this is necessary to meet a legal obligation (Art. 6 (1) c) GDPR).
2. Job applications
Please apply exclusively online via our applicant management software portal, at https://www.mutabor.de/career/.
Please note: We cannot guarantee that applications received by e-mail will be deleted.
This website uses the services of Personio to process applicant data. The service provider is Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany. Personio is a service for organising and processing personnel and applicant data. When data is entered for the purpose of a job application, it is stored on the servers of Personio GmbH in Germany. Personio GmbH is ISO 27001 certified and operates its servers in Frankfurt, Germany. Further information on the processing of personal data in the application process can be found at https://mutabor.jobs.personio.de/privacy-policy.
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You may revoke this consent at any time by writing to datenschutz@nextwork.de. Such revocation shall not affect the lawfulness of any data processing already carried out.
The data you have provided to us for the purpose of the application will be deleted three months after the end of the application. Data stored by us for other purposes (e.g. e-mail addresses for the sending of newsletters) will remain unaffected.
Current status: June 2021