Commitment to data protection
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
However, we reserve the right to put this data to additional uses to the extent permitted or required by law or necessary to support legal or criminal investigations. In this case, we will inform you again about this further data processing to the extent required by law and obtain your consent.
In the next sections we explain when and how we process personal data about you when you visit our website.
Purposes of use of personal data and legal basis
- a) Log Files
We only collect and process access data that your internet browser automatically transmits to us for technical reasons in order to provide the website. Depending on the access protocol used, the protocol data record contains general information with the following contents: Your session data (usage behavior, length of stay, which links were clicked on, etc.), your abbreviated and unabbreviated IP address, your browser version, your operating system, your website-specific settings, your cookie IDs, your pixel IDs. This data does not allow any direct inference to your person and is processed to improve our website offer and to defend against attempted attacks on our web server. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting you with a website optimized for your browser and in enabling communication between our server and your device.
- b) Contact requests and Consultation Booking
Enquiries via our contact or enquiry forms may include your name, job title, phone number, e-mail address, the subject of your contact and your message. We process and store the personal data provided in the contact enquiry solely for the purpose of processing and responding to your enquiry and contacting you. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.
- c) Contacting us by e-mail or telephone
If you write to us or call us, we process the data you provide to contact you and answer your questions and requests, (Art. 6 para. 1 lit. a), b) GDPR). If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your request. If you call us, we will collect your name and telephone number in order to process your request.
When using our communication channels, the principle of data economy and data avoidance is observed in that you only have to provide the data that we absolutely need from you to contact you and to process your respective enquiry.
In addition, your IP address will be processed for reasons of technical security and to defend against any attempted attacks.
- d) Booking our services
When booking our services, it is necessary, among other things, to provide your name, e-mail address and postal address and, if applicable, your payment data. We process and store the personal data provided when you use our services solely for the purpose of providing you with the requested services. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.
- e) Careers and Applications
If you apply for a role or job, we process the information we receive from you as part of the application process, e.g., through your letter of application, CV, references, correspondence, telephone, or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.
Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.
The legal basis for processing data during the application process is Art. 6 para. 1 lit. b) GDPR and, if you have given your consent, for example by sending us information that is not necessary for the application process, it is Art. 6 para. 1 lit. a) GDPR. The legal basis for data processing after a rejection is Art. 6 para. 1 lit. f) GDPR.
As a rule, we do not require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data. Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties. Your data will be processed by us or on our behalf.
You are not obliged to provide us with personal data. However, we can only assess your suitability for the respective position under consideration if we receive information in particular about your education, work experience and skills, and we cannot include you in the application process without providing your contact details.
- f) Service Reviews
Within the website, we may display certain personal information, share certain details and insights, post relevant reviews about our services. Reviews are publicly viewable. Prior to submitting your review to us we would like to make you aware that you have choices about the information on your review. It is thus your choice whether to include sensitive information in your review and to make that sensitive information public. Please do not include personal data in your review that you would not want to be available.
- g) Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c) GDPR, Art. 6 para. 1 lit. f) GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.
In this context, we may disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information on suppliers and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.
- h) Cookies and similar technologies
Transfer of personal data
Moch.IT will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. a) GDPR) or the disclosure of data is permitted by relevant legal provisions.
Moch.IT is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for Moch.IT pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by Moch.IT process your data exclusively in accordance with our instructions. Moch.IT remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organizational measures and additional controls by us.
Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 para. 1 lit. c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil Moch.IT’s legitimate interests (legal basis for processing: Art. 6 para. 1 lit. f) GDPR).
It goes without saying that Moch.IT ensures that the respective service provider guarantees data security before passing on personal data. Moch.IT will therefore only commission companies that can guarantee secure and proper data processing based on their qualifications and their technical and organizational capabilities.
Storage and retention
Your personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or – if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period (typically 10 years). We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defense against legal claims against us.
Moch.IT is entitled to process your personal data insofar as this is necessary to fulfil legal obligations. For this purpose, Moch.IT may transfer this data in particular to authorities, law enforcement agencies and courts. In this case, the transfer of your data is required by Art. 6 para. 1 lit. c) GDPR for compliance with a legal obligation to which we are subject. Moch.IT is further entitled to process personal data if and to the extent necessary to detect or prevent misuse of this website or to enforce claims of Moch.IT, its employees or users, whereby the data processing in these cases is necessary to protect these aforementioned legitimate interests of Moch.IT pursuant to Art. 6 para. 1 lit. f) GDPR. Insofar as the disclosure of health data is necessary for the assertion of claims or the defence against claims, the related data processing is based on Art. 9 (2) f) GDPR.
Our main operations are based in Germany and your personal information is generally processed, stored and used within in Germany and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within Germany and the EEA.
Where we need to transfer your data outside Germany or the EEA, we will use one of the following safeguards:
- The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
- Transfers to a non-EEA country with privacy laws that give the same protection as Germany and the EEA.
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Moch.IT.
Direct marketing in the context of a customer relationship
We use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 para. 1 lit. b) GDPR or on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Insofar as you have also given us separate consent to process your data for consulting, quotation and advertising purposes, Moch.IT is entitled to contact you for these purposes via the communication channels you have ticked in this consent.
Hosting and Content Delivery Networks (CDN)
This website is hosted by our external service provider AWS. The personal data collected on this website is stored on AWS’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.
AWS is used for the purpose of fulfilling the contract with our potential and existing visitors and users and in the interest of a secure, fast and efficient provision of our online offer by a professional provider.
AWS will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data
We use the Google Maps service on our website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. The legal basis for the use of Google Maps is Art. 6 para. 1 lit. f) GDPR.
By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the State Commissioner for Data Protection of Lower Saxony (LFD) website (www.lfd.niedersachsen.de).
- information about the processing of your personal data.
- obtain access to the personal data held about you.
- ask for incorrect, inaccurate or incomplete personal data to be corrected.
- request that personal data be erased when it’s no longer needed or if processing it is unlawful.
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
- request the restriction of the processing of your personal data in specific cases.
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
- You also have the right in this case to express your point of view and to contest the decision
- Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.
We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the LFD, their contact details can be found on their website (www.lfd.niedersachsen.de).
Security and confidentiality
To ensure the security and confidentiality of the personal data we collect on the Website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal information, we take appropriate technical and organizational measures to protect your information from loss, misuse, unauthorized access, disclosure, alteration or destruction and to ensure its availability.
Online presences in social media
We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.
Personal information and children
Most of the services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal information being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.
Links to other website
The website may contain links to another website. We have no control over the privacy practices or the content of those other website. Therefore, we recommend that you carefully read the respective privacy policies of these other website that you visit.
This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us using the following contact details.
If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the LFD.