Handling and protecting of personal data
Personal data is information that can be used to identify a person directly or to make them identifiable, i.e. generally information that can be traced back to a person. This includes, for example, the name, e-mail address or telephone number. But personal data may also include data about preferences, hobbies, memberships or which websites someone viewed.
In the following, we will inform you about the type, scope and purpose of the collection, processing and use of personal data. You can access this information at any time on our website.
A. General information on data protection and rights of data subjects.
I. Who is responsible for data processing and who can you contact if you have any questions?
The responsibility within the meaning of the GDPR and other national data protection laws of the member states, as well as other provisions of data protection laws lies with:
82205 Gilching | Deutschland
Sitz der Gesellschaft ist Gilching.
Geschäftsführer: Feliks Golenko
HRB 95 351
Hereinafter also: “we” or “MultiBase”
Your trust is important to us. Therefore we would like to answer your questions regarding the processing of your personal data at any time. If you have any questions that are not answered by this data protection declaration or if you would like more detailed information on data protection with us or on a specific point, please do not hesitate to contact us at any time:
You can reach our data protection officer at:
Dipl.-Inform.(FH) Andreas Niekerke
Holder of the certified university degree in corporate data protection
Andreas Niekerke <email@example.com>
II. What rights do you have with regard to your data?
If personal data is processed by you, you are a “data subject” as defined in the GDPR, which means that you may be entitled to the rights described below.
Upon request, we will inform you as soon as possible and in writing whether and which of your personal data we have stored (Art. 15 GDPR). If, despite our efforts to ensure that the data is correct and up to date, incorrect data is stored, it will be corrected by us upon request (Art. 16 GDPR). In addition to this right to correction, you may also have the right to block and delete the personal data collected by us (Art. 17 GDPR). However, it is possible that we may not be able to comply immediately with every request for deletion for legal reasons, above all due to tax or commercial law regulations, or for reasons of smooth contract processing. In addition, you have the right to request that we transfer the data to you as a structured, common and machine-readable format or, upon your request, forward it to a third party (Art. 20 GDPR).
You may object to the use of your data for the future, i.e. for purposes other than the execution of the contract or processing in our legitimate interest (Art. 21 GDPR). If you have given us your consent for processing of your data, this may be revoked with effect for the future. You also have the right to demand only a restriction on the use of data for certain purposes (Art. 18 GDPR).
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, workplace or place of presumed infringement, if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR in connection with § 19 BDSG). A list of data protection officers oft he supervisory authorities of the federal states of Germany and their contact details can be found at the following link:
If you are of the opinion that we violate German or European data protection law when processing your data, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for our registered office:
Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision “BayLDA”)
III. Which data is processed and from which sources does this data originate?
1. Origin of personal data
We basically process data that we receive directly from the persons affected as part of a business initiation or in the course of the business relationship. In addition, we process – to the extent necessary for the provision of our services or the fulfilment of a contract with you – data that we have received from other companies in our group of companies or partner companies or from locally responsible companies integrated into our sales system with which we have a long-term business relationship.
In individual cases, we also process data that we have received or acquired from other third parties such as credit agencies, creditor protection associations or authorities, or that we have taken, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media).
2. Categories of personal data
Among the personal data that we regularly process are personal master data and contact data such as: First name and surname, address, e-mail address, telephone number, fax, date of birth, position in the company, etc.
In addition, we also process the following other personal data, depending on the order/service:
- Information about the type and content of our business relationship, such as contract data, order data, sales and document data, customer and supplier history, consulting documents
- Advertising and sales data
- Documentation data (e.g. consultation protocols, data from service meetings or support cases)
- Information from your electronic interaction with us (e.g. IP address, log-in data),
- other data that we have received from you in the context of our business relationship (e.g. in discussions with customers),
- the documentation of declarations of consent
IV. For what purposes and on what legal basis will the data be processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in their respective valid versions, in particular on the following legal bases:
- Fulfilment of (pre-)contractual obligations (Art. 6 sect. 1lit.b GDPR)
Personal data is processed on the basis of Art. 6 sect. 1 lit. b GDPR in order to fulfil MultiBase’s contractual obligations, in particular in connection with the sale and distribution of our goods and services, as well as all activities customary in the industry for the operation or administration of MultiBase (e.g. customer administration). The data may also be processed on a pre-contractual level as part of a business relationship with MultiBase or in the course of other contractual relationships with MultiBase.
For example, Art. 6 sect. 1 lit. b GDPR, is the legal basis in the following cases:
- Creating and maintaining a customer account or a vendor account
- Recording of customer/prospect files and maintaining our customer/prospect database
- Sending of information
- Offering and selling MultiBase products
- Offering and implementing our services (e.g. training, consulting and support services)
Details on the purpose of these data processing operations can be found in the respective contract documents and terms and conditions.
2. Legitimate interests (Art. 6 sect. 1 lit. f GDPR)
On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of a contract, in order to safeguard the legitimate interests of MultiBase or third parties. This is permissible, unless your interests or fundamental rights and freedoms that require the protection of personal data prevail. For example, data processing to safeguard legitimate interests is carried out in the following cases:
- Transmission of data to affiliated companies and partner companies
- Lawyers to collect claims and/or enforce them in court
- enforcement of other legal claims and defence in legal disputes
- Advertising or marketing
- Market and opinion surveys
- Measures taken to manage business and to develop our services further
- Maintaining databases on customers/prospects or service providers to improve our offering
- Carrying out a risk assessment (due diligence) in the contect of any company restructuring or a company acquisition or sale
- Ensuring the IT security and IT operations of our company
3. Fulfilment of legal obligations (Art. 6 sect. 1 lit.c GDPR)
The processing of your data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. those of the German Commercial Code (Handelsgesetzbuch) or of the German Tax Code (Abgabenordnung).
4. Consent (Art. 6 sect. 1 lit.a GDPR)
If, in individual cases, you have given us your consent to process your data, it will be processed in accordance with the purposes specified in the declaration of consent and to the extent agreed therein. Any declaration of consent, e.g. for the sending of a newsletter, can be revoked at any time with effect for the future. For this purpose, please contact the contact data listed under A. Point I. Please note that processing which took place before the revocation is not affected by the revocation and under certain circumstances data processing may continue to be possible at least partially based on another legal provision
V. Who receives my data?
At MultiBase, those employees or organizational units will receive your data who need the information to fulfill our contractual and legal obligations or to process or pursue our legitimate interests .
Your data will be forwarded to companies for the purpose of initiating or processing a contractual relationship (e.g. provision of a service or sale of goods) pursuant to Art. 6 sect. 1 S. 1 lit. b GDPR or – depending on the nature of the specific contractual relationship – as well as on the basis of our legitimate interests pursuant to Art. 6 sect. 1 S.1 lit. f GDPR, in particular to companies which we regularly use in connection with the provision of our service or for contract processing. This applies to the following recipients or categories of recipients:
- Affiliated companies and partner companies
- Advertising partner
- IT service provider (e.g. e-mail service provider, web hosting company)
- Communication provider (telephone provider, fax provider)
- Shipping and logistics service providers
- Tax and legal advisors
If we use a service provider for order processing activities in accordance with Art. 28 GDPR, we will nevertheless remain responsible for the protection of your data. Insofar as required by law, processors are contractually obliged by means of an Data Processing Agreement to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data to the extent that they need the data to fulfil their respective services.
Your data will only be transferred to government institutions and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you instruct us to do so.
VI. How long will my data be stored?
Your personal data will only be used for the purpose for which you have provided them to us or for the processing of which you have given your consent and will be stored until this specific purpose has been fulfilled. After completion of the respective purpose, or as soon as you request us to delete your data, your data will only be stored as long as it is necessary due to statutory limitation periods or retention periods (in accordance with tax and commercial law in particular). However, the data will be deleted at the latest after expiry of all periods, unless you have expressly consented to a further or different use. You may also assert rights during the retention periods, such as blocking your data. See A. Point II.
Your data will be deleted or blocked by us as soon as the purpose of storage no longer applies or you request us to delete it.
In general, we process – in particular store – your data only until the end of the business relationship or until the expiry of the applicable warranty, guarantee and limitation periods. For example, the limitation period according to §§ 195 ff. of the German Civil Code (BGB) is usually three years, but in certain cases also up to thirty years. In addition, it may be necessary for data to be retained until the legally binding termination of any legal disputes for which the data is required as evidence.
We are also subject to statutory documentation and storage periods (e.g. from the German Commercial Code (e.g. § 257 HGB), the German Money Laundering Act or the German Tax Code (e.g. § 147 AO)). The time limits specified there for storage or documentation are between two and ten years. For example, even after termination of a contract with you, we would have to store your data for a further period of time until completion of a tax audit of the last calendar year in which you were our customer.
VII. Is personal data transferred to a third country?
As part of our processing activities, in certain business transactions or areas of activity, personal data may also take place at locations in so-called third countries outside the EU or the EEA, which the EU Commission has not yet certified to have an adequate level of data protection, for example in the USA. If such data transfer should become necessary in individual cases, this will, after your information, only take place on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection or your express consent.
B. Use of our services
The use of our website is basically possible without providing personal data. Basically, we process personal data of our users, as far as this is necessary for the provision of a functional website or of our contents and services. If personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis and with your express consent for the stated purpose. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.
MultiBase takes adequate technical and organizational security measures to protect your personal data from loss and misuse. The data you enter is automatically encrypted using SSL (Sockets Layer Protocol), just as our entire website is encrypted using SSL. SSL is the industry standard for the transfer of confidential data via the Internet.
I. Operation of the website / access data / server log files
1. Description and scope of data processing
We (or our webspace provider) automatically collect and store in so-called server log files information that your Internet browser (via a PC or mobile device) to us. These are among other things:
- Browser type/version
- Operating system used
- External IP address of the accessing computer or network
- Refferer URL if applicable (the address from which the call originated)
- Date and time of the server request
- Message as to whether the call was successful
- Name of the retrieved file
- Quantity of data sent
An allocation of this data to a specific person is not possible for us. This data will not be merged with other data sources.
2. Legal basis of data processing
Multibase uses the log data only for statistical evaluations for the purpose of operation, security and optimisation of the website. However, Multibase reserves the right to check the log data if there are concrete indications of justified suspicion of illegal use.
3. Purpose of data processing
The temporary storage of the IP address is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The storage in log files takes place in order to ensure the functionality of the website. In addition, the data will be used to optimize the offer and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes will not take place in this context.
These purposes also include our legitimate interest in data processing pursuant to Art. 6 sect. 1 lit. f GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to accomplish the purpose for which it was collected. In case of a collection of data for the operation of the website, this will happen when the respective session has ended.
If the data is stored in log files, it will be deleted after seven days at the latest. Nevertheless, a longer storage of log files is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the user accessing the website is no longer possible.
5. Right to object and possibility of removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
1. Description and scope of data processing
Some cookies are deleted after the end of the browser session when your browser is closed (so-called “Session Cookies“). These cookies are technically necessary, e.g. to log-in to the website and also remain logged in across pages while visiting our website.
Other cookies remain on your device for a specified period and enable us to recognize your browser on your next visit (so-called „Persistent Cookies“ or „Protocol Cookies“). The purpose of using these cookies is to provide you with optimal user guidance, to “recognize” you and to provide you varied website and new content when you repeatedly use it.
Cookies from partner companies or third parties may be used, for example, to collect information for advertising, customized content or statistics (“Third Party Cookies“). Unless we identify cookies as originating from third parties, the cookies originate from our website (“First Party Cookies“).
Flash Cookies are stored on your computer as data elements of web pages if they are operated with Adobe Flash. Flash cookies have no time limit.
The following cookies are used on our website and the following data is transmitted and stored:
|Name des Cookies||Verwendungszweck||Speicherdauer||Art des Cookies||Domain|
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 sect. 1 lit. f GDPR, unless we obtain your consent for specific cookies within the meaning of Art. 6 sect. 1 lit. a GDPR.
3. Purpose of data processing
4. Duration of Storage, Right to object and possibility of removal
Please refer to the table above for details on the duration of storage of our cookies.
III. Further information on techniques, plug-ins or tools used to operate the website
1. Google Maps
a.) Description of data processing
We embed Google Maps on our Website for the display of maps and for the creation of route maps. Google Maps is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, a subsidiary of Alphabet Inc, in Europe provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).
Google sets a cookie each time you visit Google Maps in order to process user settings and data when the webpage on which the Google Maps component is integrated is displayed. The data processed may also include IP addresses and location data if you visit our site using a mobile device or if you are logged in to a Google user account, which, according to Google Maps, are not collected without your consent (by creation and login to your Google user account or settings of your mobile device). This data may also be processed in the USA. Google is certified under the Privacy Shield Agreement.
b.) Legal basis and purpose of data processing
The use of Google Maps is based on our legitimate interests according to Art. 6 sect. 1 lit. f GDPR to make map content available on our website in order to make it easier for our visitors to find our company location.
c.) Duration of Storage, Right to object and possibility of removal
If you do not agree with this processing of your data, it is possible to deactivate the Google Maps service and thus prevent the transmission of data to Google. To do this, you must deactivate the Java Script function in your browser. Please also check the settings if you have a Google Account. However, we would like to point out that in this case you will not be able to use Google Maps or only to a limited extent
IV. Links to websites of other providers
For your information, our offer may contain links that refer to the pages of third parties. For example, we refer you to the providers iTunes and Android for the possibility of subscribing to our podcasts.
If you are forwarded via links from our website to other websites, please inform yourself about the respective handling of your data on the respective third party websites.
The data controller (Multibase) has no influence on the content and design of the website of third-party providers. The statements in this data protection declaration therefore do not apply to third-party providers to whose services or content we provide links.
V. Active use of our website
1. Information request, contact form and e-mail contact
a.) Description and scope of data processing
On our website, contact forms are made available which can be used for electronic contact. Furthermore, on the subpages related to specific services, there might be the possibility to request additional informations on this subject, to leave specific messages on this subject, together with an optional callback request. If a user makes use of this option, the data entered in the respective input mask will be transmitted to us and stored. At the time the message is sent, the data specified directly in the form will be stored.
Alternatively, you can contact us via our e-mail address. In this case, the personal data of the user transmitted together with the e-mail will be stored.
In this context, data will not be passed on to third parties unless it is necessary to pursue our claims or legitimate interests (Art. 6 ect. 1 lit. f GDPR) or there is a legal obligation to do so (Art. 6 sect. 1 lit. c GDPR). The data will be used exclusively for the processing of the conversation.
b.) Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an e-mail or our contact form is Art. 6 sect. 1 lit. f GDPR. If the purpose of the e-mail contact is to establish a contract, the additional legal basis for the processing is Art. 6 sect. 1 lit. b GDPR.
c.) Purpose of data processing
The processing of the personal data from our contact forms serves us exclusively for the purpose of handling the request for contact. If you contact us by e-mail, this is also the necessary legitimate interest for the processing of the related data.
The other personal data processed during the sending process help us to prevent misuse of the contact form and to ensure the security of our information technology systems.
d.) Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. With regard to the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is finished when it can be assumed based on the circumstances that the matter in question has been conclusively clarified and that no legal requirements require longer storage.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
e.) Right to object and possibility of removal
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) may have security gaps that are not in our control. A complete protection of the data against access by third parties to the contents of their unencrypted email is not possible.
We therefore expressly recommend that you encrypt your e-mails containing confidential and/or personal data and in particular with tax data, e.g. by using the S/MIME standard.
2. Newsletter and Newsletter-Service-Provider
a.) Description of data processing
We would like to inform you regularly about our services and news via e-mail or other electronic notifications (hereinafter referred to as “Newsletter“) regarding products, services, web products, innovations or news in our company. We need your e-mail address and your name for this purpose. In the respective newsletter registration forms, further information may be requested in order to provide you with personalised content tailored to your interests.
You can subscribe to our newsletters by using the corresponding function of a subscription form to subscribe to our newsletter, or during a registration process by ticking a checkbox (“Opt-in“). We offer the possibility to register for our (where appropriate topic-specific) newsletters on our website or within the context of registration process or order interfaces. The details of the respective contents of the newsletters are specifically described in the respective registration form. These descriptions are decisive for your consent.
Following your (online) subscription, you will receive an e-mail from us asking you to confirm your newsletter subscription (double opt-in procedure). This confirmation is necessary to prevent someone else from misusing your e-mail address to subscribe to our newsletter. Only with activation of the hyperlink sent in the e-mail your e-mail address will be activated for sending the newsletter.
For verification purposes, the registration date will be stored next to your e-mail address and name for the newsletter dispatch (“Timestamp“).
b.) Legal basis and purpose of the data processing / recipient of the data
The legal basis for the dispatch of newsletters is the consent given by you as the recipient pursuant to (Art. 6 sect. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7 sect. 2 no. 3 UWG (German Act against Unfair Competition (Gesetz gegen unlauteren Wettbewerb)), or if consent pursuant to § 7 sect. 3 UWG is not required for established customers, on the basis of our legitimate interest in direct marketing measures pursuant to Art. 6 sect. 1 lit. f GDPR in conjunction with § 7 sect. 3 UWG.
The logging of the registration procedure is based on our legitimate interests pursuant to Art. 6 sect. 1 lit. f GDPR in a secure and well-targeted newsletter system that corresponds both to our business sales interests and to the expectations and needs of the recipients, as well as to the verifiability of the consents given.
The analysis of our newsletters – subject to the consent of the users – is based on our legitimate interests in the organisational and technical improvement of our newsletter campaigns in order to be able to offer our users secure and attractive newsletters.
Infusionsoft is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and data processing agreement closed with Keap pursuant to Art. 28 sect. 3 sentence 1 GDPR.
We have entered into the so-called EU standard contract clauses with Keap as the supplier of Infusionsoft, whereby Keap guarantees to comply with the European data protection level when processing data for Infusionsoft in the USA.
c.) Duration of Storage, Right to object and possibility of removal
You can object to the dispatch of the Newsletter at any time or revoke your consent to receive our Newsletters in whole or in part. You will find a unsubscribe link at the end of each Newsletter. You can also contact us directly (see imprint for contact details).
By unsubscribing the newsletter our business communication is not affected. Your data will be stored by us for the purpose of contract performance, providing support and other services, updating software or registering for events. In addition, we reserve the right to store the necessary data until the statutory limitation periods have expired in order to provide evidence of a legally compliant newsletter mailing.
For technical reasons, a separate objection to the performance measurement and campaign analysis of our newsletter is not possible. If you do not want to be analyzed by Infusionsoft, you must unsubscribe from the newsletter. You may avoid the collection of your data by Infusionsoft by installing a deactivation add-on for your web browser. You may prevent the collection of data by Infusionsoft by installing an appropriate blocker add-on for your browser