Data Privacy | Mattfeld

Privacy policy and information on data protection

In the following, we inform you about the collection of personal data when using the website www.mattfeld.de (hereinafter “website”) and when contacting us by email or telephone. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

I. Name and contact details of the controller and the data protection officer

(1) The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is Peter Mattfeld & Sohn GmbH, Lagerstraße 17, 20357 Hamburg, phone 040 - 43 205, fax 040 - 43 205 308, email info@mattfeld.de.

(2) You can reach our data protection officer at the following contact details

Jens Borchardt LL.M.
c/o SCHLUTIUS Data Privacy & Compliance GmbH
Willy-Brandt-Straße 59
20457 Hamburg

E-mail: j.borchardt@schlutius-privacy.de

II. Information on the collection and disclosure of personal data

(1) We only collect your personal data as a customer, prospective customer or supplier if you provide it to us voluntarily by e-mail, post or telephone. In this case, we collect the information that comes about when you contact us. This includes, in particular, names and transmitted contact data, date and reason for contacting us. The personal data collected from you will only be used for the purpose of providing you with the requested products or services (legal basis Art. 6 para. 1 lit. b GDPR), or for other purposes for which you have given your consent (legal basis Art. 6 para. 1 lit. a GDPR) and which are described in this privacy policy. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

(2) You are not obliged to provide the aforementioned personal data. The data provided may be necessary for the conclusion of a contract. Without the provision of the data, it may not be possible to communicate, conclude or execute a contract.

(3) The data relevant in each individual case will be transferred on the basis of the statutory provisions or a contractual agreement to public bodies in the event of overriding legal provisions, to external service providers or other contractors and to other external bodies, provided that you have given your consent (Art. 6 para. 1 lit. a GDPR) or a transfer is permitted in our overriding interest (Art. 6 para. 1 lit. f GDPR). Unless expressly stated otherwise in this privacy policy, there is no intention to transfer your data to a recipient in a third country (not a member state of the EU/EEA) or an international organization.

(4) The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data provided, this is the case when the respective conversation with you has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Insofar as the data provided is subject to retention obligations under tax and commercial law, it will be stored for the duration of the retention obligations of ten years and then deleted, unless you have consented to further storage or the further processing of the data is necessary for the assertion, exercise or defense of legal claims. The legal basis for the processing of personal data for the purpose of fulfilling the statutory archiving and retention obligations is Art. 6 para. 1 lit. c GDPR.

III Collection of personal data on our website

1. visit our website

(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect data that is technically necessary for us to display our website to you and to ensure stability and security. The data is stored in the log files of our system. This data is not stored together with other personal data of the user. This data includes IP address, timestamp of the request with date, time and time zone, URL path accessed, HTTP status code, amount of data transferred, website from which the request originated (referrer) and the user agent. The latter includes information on the browser name and version, operating system and preferred language[Schlutius1] .

(2) The legal basis for the temporary storage of data and log files is Art. Art. 6 para. 1 lit. f GDPR. The temporary storage of the IP address by the system is necessary to enable delivery of the website to your browser. For this purpose, your IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

(3) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Log files are not deleted.

(4) The collection of data when visiting the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on your part.

2. use of cookies

No cookies are stored on your computer system on the website.

IV. Other functions and offers on our website

1. General regulations

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you must generally provide additional personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, contracts or similar services together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer below. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

(4) We would like to point out that you are free to decide whether you wish to provide us with your data in connection with the other functions and offers. However, if and to the extent that you do not provide us with the necessary data for a particular service, you will not be able to use the service in question, or not in full. We use the data exclusively to provide you with the service you have requested. The legal basis for this is Art. 6 para. 1 lit. a or lit. f GDPR.

2. Processing of personal applicant data

2.1 Application in response to a specific job advertisement or unsolicited application

(1) We collect your personal data as an applicant if you provide it to us via contact forms or by post, e-mail, telephone or by handing it over in person for applications for job advertisements as well as for unsolicited applications (hereinafter “application” or “application documents”). In this case, we process the information provided as part of the application. This includes, in particular, name, date of birth, contact details, interests, qualification data and educational and professional background. In this case, we may also collect additional personal data from publicly accessible sources, in particular the social networks XING and LinkedIn. The personal data collected from you will only be used for the purpose of carrying out the application process (legal basis: Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, Section 26 BDSG).

(2) You are not obliged to provide the aforementioned personal data. The data provided may be required for the conclusion of a future contract after completion of the application process. Without the provision of the data, it may not be possible to communicate, carry out the application process or conclude a contract.

(3) In the case of an application for a specific job advertisement, we will retain your personal data for a period of six months after notifying you of the rejection decision in the event of a rejection. In the case of an unsolicited application, we will retain your personal data for a period of 14 days after receipt of the application documents, during which we will check whether there are suitable vacancies for your professional profile. If this is the case, the deadlines specified for an application for a specific job advertisement apply.

(4) After expiry of the respective deadlines for an application for a specific job advertisement or a speculative application, we will delete your personal data unless you have consented to continued processing of your data (legal basis: Art. 6 para. 1 sentence 1 lit. a GDPR, § 26 BDSG) or continued processing of your data

- is necessary for the fulfillment of legal obligations to which we or our client are subject - in particular proof of compliance with legal obligations in the context of staffing (e.g. under the General Equal Treatment Act) or tax or commercial law retention obligations (legal basis: Art. 6 para. 1 sentence 1 lit. c GDPR) or

- is necessary to safeguard our legitimate interests (legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR).

In the latter case, your personal data will only be stored for longer unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. If the continued processing of your data is based on a purpose other than that for which the personal data was collected, we will observe Art. 6 para. 4 GDPR and inform you of this change of purpose in accordance with Art. 13 para. 3 GDPR.

2.2 Inclusion in our database (applicant pool)

(1) Subject to your consent, we will include your application documents (including the personal data contained therein) in our database and notify you of job advertisements that may be of interest to you based on your application or professional profile (legal basis: Art. 6 para. 1 sentence 1 lit. a GDPR, Section 26 BDSG).

(2) If you have consented to inclusion in the database, your personal data will be stored for two years. After that, we will either delete your data or obtain your consent again. You have the option of withdrawing your consent to inclusion in our database at any time. In this case, we will delete your personal data within 1 week of notification of the revocation.

3. Google Fonts

Our website uses so-called Google Fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”), for the uniform display of fonts. We have integrated the Google Fonts locally on our web server so that no connection to Google's servers is established when you visit our website and no data is transmitted to Google. Google Fonts are used for the purpose of ensuring an appealing and uniform presentation of our website. The data is processed on the basis of our legitimate interest in such an appealing and uniform presentation of our website in accordance with Art. 6 para. 1 lit. f GDPR. As Google Fonts is integrated locally, no personal data is passed on to third parties. No personal data is stored either.

V. Use of our Instagram page

(1) We maintain a publicly accessible profile on the social network Instagram, which is linked to on our website. We do not process personal data through the link. We do not use social media plugins on our website.

(2) Your visit to our Instagram page triggers a variety of data processing operations. You are not obliged to provide us with your personal data when using the Instagram page. However, this may be necessary for individual functionalities of the page. These functionalities will not be available to you, or only to a limited extent, if you do not provide us with your personal data.

(3) When you visit our Instagram page, your personal data is collected, used and stored not only by us, but also by the operator Meta Platforms Ireland Limited. This happens even if you do not have a profile on the respective social network. The individual data processing operations are not necessarily traceable for us. For details on the collection and storage of your personal data and the nature, scope and purpose of its use by Meta, please refer to the Meta Platforms Ireland Limited privacy policy:

(4) As the operator of our Instagram page, we can only view the information stored in your public profile, and only if you have such a profile. In addition, Meta Platforms Ireland Limited provides us with anonymous usage statistics that we use to improve the user experience when visiting our Instagram page. We do not have access to the usage data that Meta Platforms Ireland Limited collects to compile these statistics. Meta Platforms Ireland Limited has undertaken to us to assume primary responsibility under the GDPR for the processing of this data, to fulfill all obligations under the GDPR with regard to this data and to make the essential provisions of this obligation available to the data subjects. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our Instagram page in a target group-oriented manner. The legal basis for data processing is therefore Art. 6 para. 1 lit. f GDPR.

(5) If you use our Instagram page to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us exclusively for the purpose of contacting you. The legal basis for data collection is Art. 6 para. 1 lit. a and b GDPR. We delete stored data as soon as its storage is no longer required or you request us to delete it; in the case of statutory retention obligations, we restrict the processing of the stored data accordingly.

VI. Data security

(1) We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead [Schlutius2]. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

(2) We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

VII. Objection or revocation against the processing of your data

(1) If you have given your consent to the processing of your data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.

(2) If we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: Mattfeld & Sohn GmbH, Lagerstraße 17, 20357 Hamburg, telephone 040 - 43 205, fax 040 - 43 205 308, e-mail info@mattfeld.de.

VIII. Your rights

(1) In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

(2) In accordance with Art. 16 GDPR, you may request the immediate rectification of incorrect or incomplete personal data stored by us. In accordance with Art. 17 GDPR, you have the right to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

(3) In accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

(4) In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.

(5) In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. As a result, we may no longer continue the data processing based on this consent in the future.

(6) You also have the right under Art. 77 GDPR to complain to a competent supervisory authority about the processing of your personal data by us.

IX. Up-to-dateness and amendment of this privacy policy

(1) This privacy policy is currently valid and is dated April 2025.

(2) Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy. You can call up and print out the current data protection declaration at any time on the website.