Data Privacy Policy of Minimax Viking GmbH

1. General information on the collection of personal data

Minimax Viking GmbH (in the following referred to as "Minimax Viking") attaches great importance to the protection of your personal data. This data privacy policy describes how Minimax Viking (also referred to in the following by the words "we", "us" and "our") uses and protects personal data collected at http://www.minimax-viking.com/ ("Minimax Viking website").

Personal data are all data which refer to you personally, including for example your form of address, name, address, e-mail address, IP address, etc. We only collect and process your personal data in compliance with the provisions of the EU General Data Protection Regulation ("GDPR") and other provisions of European and applicable national data protection law.

Personal data are only collected and used on a regular basis with your consent or if the processing of such data is permitted by law. The following provisions provide information about the type, scope and purpose of the collection and processing of your personal data.

In the event that we make use of the services of commissioned service providers (third parties) for the purpose of providing specific functions for our website or of our services or if we use your data for advertising or analysis purposes, we will also inform you in detail in the following about the data processing taken. We also provide information about the stipulated criteria for and the period of storage. We also inform you about your rights with regard to each data processing activity.

This Data Privacy Policy refers exclusively to our Minimax Viking website. If links on our Minimax Viking website take you to thirdparty websites, please take the time to find out how your data are used at such websites.

2. Contact data

a) Name and address of person responsible for data processing (“controller”)
Minimax Viking ("controller") is responsible for data protection within the meaning of the GDPR and under all other applicable EU data protection law. If you have any questions, suggestions or criticisms relating to data protection and our Minimax Viking website, please contact:

Minimax Viking GmbH
Industriestr. 10/12
23843 Bad Oldesloe
e-mail: webmaster@minimax.de

b) Name and address of the data protection officer
Any data subject (anyone affected of data processing activities) can contact our data protection officer with questions and suggestions directly at any time. Our data protection officer can be contacted as follows:

Minimax Viking GmbH Data Protection Officer Industriestr. 10/12 23843 Bad Oldesloe e-mail: Dataprivacy@mx-vk.com

3. Notes on lawfulness and period of storage

a) Lawfulness of the processing of personal data
The processing of your personal data is lawful if you have given your consent as stipulated in Article 6 (1) sentence 1 a) GDPR.

Under Article 6 (1) sentence 1 b) GDPR, the processing of your personal data is lawful if such processing is necessary for the performance of a contract with you or your company. This also applies to all processing operations which are relevant prior to entering into a contract.

Under Article 6 (1) sentence 1 c) GDPR, the processing of your personal data is lawful if such processing is necessary for compliance with one of our legal obligations.

Under Article 6 (1) sentence 1 d) GDPR, the processing of your personal data is lawful if such processing is necessary in order to protect your vital interests or those of another natural person.

Under Article 6 (1) sentence 1 f) GDPR, the processing of your personal data is lawful if such processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such legitimate interests are overridden by your interests or fundamental rights and freedoms.

b) Period of storage and erasure of data
Any personal data which we collect, process and store will only ever be kept by us for as long as there is a specific purpose for such storage. Your data will be erased or their processing restricted as soon as the specific purpose for which they were stored no longer applies.

It is possible, however, that European regulations, applicable national laws or other rules, may require us to store data which we have processed for a longer period of time. We will erase or restrict the processing of your data when these periods of storage have expired.

4. Your rights

For the purposes of the GDPR you are the data subject of any of your personal data which we process. As a data subject you have the following rights with regard to Minimax Viking:

a) Right of access by the data subject
You have the legal right to request information at any time about whether we are processing your personal data. If this is the case, you have the right to be informed about the extent to which your personal data is being processed.

b) Right to rectification
You have the right to obtain from Minimax Viking the rectification of inaccurate personal data concerning you and/or to have incomplete personal data completed.

c) Right to restriction of the processing
In certain circumstances you have the right to have the processing of your personal data restricted.

d) Right to erasure (‘right to be forgotten’)
You have the right in certain circumstances to obtain from Minimax Viking the erasure of personal data concerning you without undue delay. The right to erasure does not apply if processing is necessary.

e) Right to be informed
If you have asserted your right to rectification, erasure or restriction to Minimax Viking, Minimax Viking must communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

f) Right to data portability
You have the right to receive any personal data concerning you which you have provided to Minimax Viking in a structured, commonly used and machinereadable format. You also have the right in certain circumstances to transmit those data to another company without hindrance from Minimax Viking to which the personal data have been provided.

g) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6 (1) sentence 1 f) GDPR. Minimax Viking may then no longer process the personal data relating to you unless Minimax Viking demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

We will obtain your agreement in advance before undertaking any marketing measures relating to you. If the personal data relating to you is processed for the purposes of engaging in direct advertising, you have the right to object at any time to the processing of your personal data for such advertising purposes. You can inform us of such objection by contacting us as follows:

Minimax Viking GmbH
Industriestr. 10/12
23843 Bad Oldesloe
e-mail: dataprivacy@mx-vk.com

h) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

5. Visits to our Minimax Viking website and creation of log files

Our system automatically collects data and information from your computer system every time you visit our Minimax Viking website. The following data may be then collected:

The data which we collect on you is stored in our system's log files. As a rule, these data are not stored with other personal data. One exception to this rule is the information collected by us about your browser settings. We make use of any geoinformation collected in connection with the analysis tools we use to display an appropriate country website (if available).

The temporary storage of data and log files is lawful under Article 6 (1) sentence 1 f) GDPR. We have a legitimate interest in collecting and temporarily storing the data referred to as the IP address must be stored temporarily by the system in order to provide the website to your computer. Your IP address must be stored for as long as you are surfing on our website.

Data are stored in log files to ensure the functioning of the website. This information is also used to optimize our website and to warrant the security of our information technology systems. Your log files are not assessed for marketing purposes in this connection.

The data will be erased or altered in a way that prevents them being assigned to you as soon as they cease to be necessary for the purposes referred to here. Data which are stored in log files are erased after 7 days.

6. Disclosure of data to third parties

a) Basic principles
As a rule, we will only pass on your personal data in compliance with the applicable data protection laws to service providers, business partners, affiliated undertakings and other third parties.

We may disclose personal data to service providers working on our behalf and require them to perform services in our name (data processing agreement). These service providers may be affiliated undertakings of Minimax Viking or external service providers. In this context we comply with stringent national and European data protection regulations. These service providers are bound by our instructions and are subject to stringent contractual limitations on the processing of personal data. Accordingly, data may only be processed if this is necessary for the performance of services in our name or in order to comply with legal requirements. We stipulate precisely and in advance the rights and obligations of our service providers in relation to personal data.

We may disclose personal data to a third party if we are required to do so by law or in legal proceedings or in order to supply and manage our products and services. We may also be required to provide information to law enforcement agencies or other public authorities. We are also authorized to release data if the disclosure of information is necessary for the purposes of collaboration and thus of providing Minimax Viking services to you or if you declare your consent to such disclosure. Disclosure can also rarely be avoided in the course of tax audits.

b) Disclosure of your data to affiliated undertakings of Minimax Viking
Your data may also be disclosed to Minimax Viking affiliated undertakings for the purpose of processing the contact you have had with the company. A list of relevant Minimax Viking affiliated undertakings can be found at: https://www.minimax.com/DE/en/other/legal-entities/?preview=true

All Minimax Viking affiliated undertakings are required by Minimax Viking to comply with GDPR data protection provisions and other European data protection standards (order processing).

Your data are only disclosed if you have given your consent by marking the relevant checkbox. The use of data is lawful under Article 6 (1) sentence 1 a) GDPR provided that you have given your consent.

You may withdraw your consent from Minimax Viking at any time. Withdrawal of your consent only has effect for the future.

Your data are erased if they are no longer required to achieve the specific purpose.

c) Provider / Webhosting
Our website and thus your data are hosted by LYNET Kommunikation AG (Lübeck / Hamburg) (in the following referred to as "LYNET"). LYNET is based at Niels-Bohr-Ring 15, 23568 Lübeck, Germany. LYNET may only use the data in accordance with our instructions (data processing agreement). LYNET also adopts stringent technical measures to protect your personal data. LYNET does not pass on your personal data to third parties unless this is necessary in order to perform the agreed services or if LYNET is required to do so by law or to comply with a valid and mandatory instruction issued by a government or regulatory authority. The data provided for this purpose is kept to a minimum. LYNET will store the information exclusively in Germany.

The processing of your data is lawful under Article 6 (1) sentence 1 f) GDPR. The purpose of processing data is that LYNET enables us to use LYNET servers. We only store the data for as long as is necessary to achieve this purpose.

More information from LYNET about data protection is available at: https://www.lynet.de/datenschutz

d) Technical support and implementation of the website
Technical support and website implementation is provided in cooperation with the external partner LYNET Kommunikation AG (Lübeck / Hamburg). LYNET is based at Niels-Bohr-Ring 15, 23568 Lübeck, Germany. LYNET may only use the data in accordance with our instructions (data processing agreement). In this context we comply with stringent national and European data protection regulations. LYNET is bound by our instructions and is subject to stringent contractual limitations on the processing of personal data. Accordingly, data may only be processed if this is necessary for the performance of services in our name or in order to comply with legal requirements. We stipulate precisely and in advance the rights and obligations of LYNET in relation to personal data. LYNET also adopts stringent technical measures to protect your personal data. LYNET does not pass on your personal data to third parties unless this is necessary in order to perform the agreed services or if LYNET is required to do so by law or to comply with a valid and mandatory instruction issued by a government or regulatory authority. The data provided for this purpose is kept to a minimum.

The processing of your data is lawful under Article 6 (1) sentence 1 f) GDPR. The purpose of data processing is, that LYNET will have the opportunity to implement and maintain our website on an ongoing basis. We store your data for as long as is necessary to achieve this purpose.

Further information on data protection at LYNET can be found at: https://www.lynet.de/datenschutz

7. Security standards

Minimax Viking has implemented appropriate physical, technical and administrative security standards to protect personal data against loss, misuse, modification or destruction. Our service providers and associated undertakings are contractually committed to safeguarding the confidentiality of personal data. They are also prohibited from using data for purposes not approved by us.

8. Changes to this policy

We may update this Data Privacy Policy from time to time. We therefore recommend that you regularly read this Data Privacy Policy to ensure that you are familiar with our data protection practice.

This Data Privacy Policy was last updated on 27 November 2018.