Privacy Policy

    PRIVACY POLICY

     

    PRIVACY INFORMATION

    This privacy policy informs you about our handling of your data. To ensure fair processing, this privacy policy includes general information about our handling of your data as well as information about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

    We also provide detailed information on:

    • General information
    • Data processing on our website
    • Further data protection processes

    I. General Information

    1. Contact information of the data controller

    The data controller responsible for data processing is METRO CLOUD Provider GmbH (hereinafter referred to as “we” or “us”).

    If you have any questions or suggestions regarding this information or would like to assert your rights, please contact us at:

    METRO CLOUD Provider GmbH
    Hammerbrookstraße 94
    20097 Hamburg
    Tel. +49 (0) 40 2261639 79
    Email: [email protected]

    2. General information about data processing

    The data protection term “personal data” refers to all information relating to a specific or identifiable individual.

    We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (Art. 6 para. 1 letter a) GDPR), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 para. 1 letter b) GDPR), to fulfill a legal obligation (Art. 6 para. 1 letter c) GDPR), or if the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail (Art. 6 para. 1 letter f) GDPR).

    3. Duration of Storage

    Unless otherwise indicated in the following notes, we only store the data for as long as is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax regulations.

    4. Recipients of the Data

    We use commissioned service providers for individual processing activities. These include, for example, hosting, maintenance and support of IT systems, marketing measures, or document and data carrier destruction. These service providers process the data only upon explicit instruction and are contractually obliged to ensure suitable technical and organizational measures for data protection. Furthermore, we may transmit personal data of our customers to entities such as postal and delivery services, payment and information services, the house bank, tax advisors/auditors, or the tax authorities.

    5. Processing when exercising your rights pursuant to Art. 15 to 22 GDPR

    If you exercise your rights in accordance with Articles 12 to 22 of the GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof thereof. For the purpose of providing information and preparing for it, data stored will only be processed for this purpose as well as for purposes of data protection control, and otherwise, the processing will be restricted in accordance with Article 18 of the GDPR.

    These processing activities are based on the legal basis of Article 6 (1) (c) of the GDPR in conjunction with Articles 15 to 22 of the GDPR and § 34 (2) of the BDSG.

    6. Your rights

    As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

    • You have the right, in accordance with Article 15 of the GDPR and § 34 of the BDSG, to request information as to whether and to what extent we process personal data concerning you.You have the right, in accordance with Article 16 of the GDPR, to request us to correct your data.
    • You have the right, in accordance with Article 17 of the GDPR and § 35 of the BDSG, to request us to delete your personal data.
    • You have the right, in accordance with Article 18 of the GDPR, to request us to restrict the processing of your personal data.
    • You have the right, in accordance with Article 20 of the GDPR, to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit this data to another controller.
    • If you have given us separate consent for data processing, you can revoke this consent at any time in accordance with Article 7 (3) of the GDPR. Such a revocation does not affect the lawfulness of processing based on consent before its withdrawal.

    If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.

    7. Right to object

    You have the right, pursuant to Article 21 (1) of the GDPR, to object to any processing based on Article 6 (1) (e) or (f) of the GDPR. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to Article 21 (2) and (3) of the GDPR.

    8. Data Protection Officer

    You can reach our data protection officer at the following contact details:

    [email protected]

    II. Data processing on our website

    1. General information

    When using the website, we collect information that you provide voluntarily. Additionally, certain information about your usage of the website is automatically collected during your visit. In data protection law, the IP address is generally considered as personal data. An IP address is assigned to each device connected to the internet by the internet service provider so that it can send and receive data.

    Visiting our website may involve the transmission of certain personal data to the USA. For data transfers to the USA as a third country, i.e., a country where the GDPR is not applicable law, the European Commission has decided, in accordance with Article 45 of the GDPR, that an adequate level of data protection is provided for companies certified under the EU-US Privacy Shield. The transmission to the USA is then carried out in a permissible manner.

    2. Processing of server log files

    During purely informative use of our website, general information that your browser automatically transmits to our server is initially stored, without registration. This typically includes: browser type/version, operating system used, page visited, previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code. The processing is carried out to safeguard our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f) GDPR. This processing serves the technical administration and security of the website. The stored data is deleted after seven days, unless there is a legitimate suspicion of unlawful use based on specific indications, and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject based on the stored information. Therefore, Articles 15 to 22 GDPR do not apply in accordance with Art. 11 para. 2 GDPR, unless you provide additional information enabling your identification to exercise your rights laid down in these articles.

    3. Inquiries via our contact form

    Our website contains contact forms through which you can send us messages. The transfer of your data is encrypted (recognizable by the “https” in the browser’s address bar). All data fields marked as mandatory are required for processing your request. Failure to provide this information will result in us being unable to process your request. Providing additional data is voluntary. Alternatively, you can also send us a message via the contact email. We process the data for the purpose of responding to your inquiry. The legal basis for data processing is Art. 6 para. 1 letter b) GDPR.

    4. Cookies

    We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This allows the browser used to be identified and recognized by our web server. If this use of cookies results in the processing of personal data, it is based on the legal basis of Art. 6 para. 1 letter f) GDPR. This processing serves our legitimate interest in making our website more user-friendly, effective, and secure. We use so-called “session cookies,” which are deleted when the browser session ends, and “persistent cookies,” which are automatically deleted after a predetermined period, which may vary depending on the cookie.

    You can delete cookies at any time in your browser’s security settings. You can generally object to the use of cookies through your browser settings or for specific cases. The Federal Office for Information Security provides further information on this matter here.

    Adjust Cookie Settings

    5. Analysis of our website

    a. Google Analytics

    We use Google Analytics, a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to analyze visits to our website. Google Analytics uses cookies that allow an analysis of your use of our website. Personal data such as online identifiers (including cookie identifiers), IP addresses, device identifiers, and information about interactions with our website are processed. It is possible that the information generated by the cookie about the use of our website by users will be transmitted to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within our website, and to provide us with further services related to the use of our website and internet usage. Pseudonymous user profiles may be created from the processed data.

    We only use Google Analytics with activated IP anonymization. This means that the IP address of users is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other data from Google.

    You can prevent the storage of cookies by adjusting your browser software accordingly. You can also prevent the collection of data generated by the cookie and related to your use of the website by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout. If you visit our website using a mobile device, you can deactivate Google Analytics by clicking on this link.

    The legal basis for data processing related to the Google Analytics service is Art. 6 para. 1 letter f) GDPR, and the processing serves our legitimate interest in analyzing user behavior on our website and designing it accordingly to meet users’ needs. Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

    b. Leedfeeder

    This website uses the Leadfeeder tool, which collects the following information provided by your browser or mobile device:

    Visited pages
    Time of visit
    Time of the last visit
    Name of the owner of the IP address
    Reverse domain of the IP address
    Referral to website, application, or service, including relevant search queries that led you to the Leadfeeder website
    Browser information
    Operating system and device information
    IP address (from users who sign in to the service for security reasons)

    https://www.leadfeeder.com/privacy/

    6. Tracking & Retargeting

    a. Microsoft Bing Ads

    We use the conversion and tracking tool Bing Ads by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, “Microsoft”) on our website. Microsoft stores a cookie on the user’s computer to enable an analysis of the usage of our online offering. This requires that the user has reached our website via an advertisement from Microsoft Bing Ads. Microsoft and we can thus recognize that someone clicked on an ad, was redirected to our online offering, and reached a previously defined target page. We only learn the total number of users who clicked on a Bing ad and were then redirected to the target page (conversions). No IP addresses are stored. Furthermore, no other personal information regarding the user’s identity is shared. For further information on data protection and the cookies used by Microsoft Bing Ads, users can refer to Microsoft’s privacy statement: https://privacy.microsoft.com/de-de/privacystatement.

    The legal basis for the use of this service is Art. 6 para. 1 letter f) GDPR. Microsoft is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).

    If you do not wish to participate in the Bing Ads tracking process, you can opt-out here at Microsoft: http://choice.microsoft.com/de-DE/opt-out.

    b. Google Marketing Services

    We use marketing and remarketing services from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website. These services allow us to display targeted advertisements to users, presenting them with ads tailored to their interests. Remarketing displays ads and products to users that have shown interest on other websites within the Google network. To achieve this, Google executes a code and embeds so-called (re)marketing tags in our website upon its visit. These tags help store an individual cookie, i.e., a small file, on the user’s device (instead of cookies, comparable technologies can also be used). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users have visited, what content they are interested in, and which offers they have used. Additionally, technical information about the browser and operating system, referring websites, visit times, as well as other details about the usage of the online offering, are stored. The IP address of the users is also captured, and within the context of Google Analytics, we inform that the IP address is shortened within member states of the European Union or other contracting states of the Agreement on the European Economic Area.

    All user data is processed only as pseudonymous data. Google does not store names or email addresses. Therefore, all displayed ads are not specifically targeted to an individual but to the owner of the cookie. This information is collected by Google, transmitted to Google servers, and stored there.

    Among the Google marketing services we utilize is the online advertising program Google Ads. In the case of Google Ads, each Ads customer receives a different conversion cookie. These cookies cannot be tracked across the websites of different Ads customers. The information obtained through the use of the cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. However, Ads customers are informed of the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that could personally identify users.

    Based on the Google marketing service DoubleClick, we can integrate third-party ads. DoubleClick uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the Internet.

    For more information about data usage for marketing purposes by Google, please visit the overview page: https://www.google.com/policies/technologies/ads. Google’s privacy policy is available at https://www.google.com/policies/privacy.

    The legal basis for the use of this service is Art. 6 para. 1 letter f) GDPR. Transmission of your data to the USA cannot be ruled out. Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

    If you wish to opt-out of interest-based advertising through Google marketing services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/.

    7. Hubspot

    This website uses Hubspot for sending newsletters and for form submissions. The provider is HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany (hereinafter “Hubspot”). Hubspot is a service that enables the organization and evaluation of newsletter dispatch and form submissions. The data you enter (e.g., email address) is stored on Hubspot’s servers in Germany with backup in Ireland.

    The newsletters sent via Hubspot allow us to analyze the behavior of newsletter recipients. This includes, among other things, analyzing how many recipients opened the newsletter message and how often specific links in the newsletter were clicked. Additionally, with the help of conversion tracking, it can be analyzed whether a predefined action (e.g., purchasing a product on this website) took place after clicking a link in the newsletter. Further information on data analysis of Hubspot newsletters can be found under “Analyze the performance of your marketing email campaigns (hubspot.com) ” and in Hubspot’s privacy policy under “HubSpot Privacy Policy”.

    The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time with effect for the future by unsubscribing from the newsletter using the link provided in each newsletter message. The legality of the data processing already carried out remains unaffected by the revocation of your consent.

    The data you provide for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing. After you have unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for the sending of newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). Storage in the blacklist is not limited in time.

    The data you provide for the purpose of form submission will be stored until the final processing of the business case and then deleted.

    8. Social Plugins

    We use social media buttons and similar third-party offerings (hereinafter referred to as “plugins”) on our website. These plugins allow you to share the content of our website on the respective social network. To integrate the plugin into our website, its program code is directly transmitted from the servers of the respective provider when you access our website. For this purpose, the transmission of the IP address used is technically necessary. This transmission occurs regardless of whether you click on the plugin or not. If you are logged into your user account with the social network or interact with the plugin while visiting our website, further data may be transmitted. For more information, please refer to the respective plugin provider.

    The data processing is carried out in each case to safeguard our legitimate interests in increasing the awareness and reach of our website and is based on the legal basis of Art. 6 para. 1 lit. f) GDPR.

    We have integrated plugins from the following third-party providers into our website:

    9. Embedded third-party services and content

    We use services, tools, and content provided by third-party providers (hereinafter collectively referred to as “content”) on our website. For such integration, processing of your IP address is technically necessary to send the content to your browser. Therefore, your IP address is transmitted to the respective third-party providers.

    These data processing activities are carried out to safeguard our legitimate interests in optimizing and operating our website economically and are based on the legal basis of Art. 6 para. 1 lit. f) GDPR.

    You can object to this data processing at any time through the settings of the browser you are using or certain browser extensions. One such extension is the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may lead to functional limitations on the website.

    We have integrated content from the following services provided by third-party providers into our website:

    • Services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”):
      • “Google Maps” for displaying maps;
      • “Google Web Fonts” for displaying fonts;
      • “reCAPTCHA” for bot detection when entering information into our contact forms.

    Transmission of your data to the USA cannot be excluded. Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

    • “YouTube” by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; “YouTube”) for displaying videos. YouTube is a subsidiary of Google and is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    • “ProvenExpert” by Expert Systems AG (Quendlinburger Straße 1, 10589 Berlin, Germany; “ProvenExpert”) for displaying certifications and reviews.

    10. Data processing on our LinkedIn channel

    When visiting our LinkedIn page, where we showcase our company or individual products or services from our offerings, certain information about you is processed. For this purpose, we use the services of the technical platform provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn).

    We therefore advise you that you use the service offered here and its functionalities at your own risk. This applies in particular to the use of interactive functions, such as sharing.

    LinkedIn is generally responsible for processing personal data when visiting our LinkedIn page. Further information about the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy‐policy?trk=homepage‐basic_footer‐privacy‐policy.

    III. Further data processing

    1. Applications

    If you apply to our company offline or online via email or directly through our career portal, we process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and reviewed by the relevant contacts within our organization. All employees involved in data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you provided for up to six months after any rejection for the purpose of answering questions related to your application and rejection. This does not apply if legal provisions oppose deletion, further storage is necessary for evidential purposes, or you have expressly consented to longer storage.

    The legal basis for data processing is § 26 (1) sentence 1 BDSG. If we retain your applicant data beyond the period of six months, this will only be done with your consent on the basis of Art. 6 (1) letter a) GDPR.

    1. Processing of Customer and Contract Data:

    When you, as a customer or interested party, contact our company, we process your data to establish or perform the contractual relationship to the extent necessary. The legal basis for this processing is Art. 6 (1) letter b) GDPR. Additionally, we process customer and prospective customer data for evaluation and marketing purposes. These processing activities are based on Art. 6 (1) letter f) GDPR and serve our interest in further developing our offerings and informing you specifically about our offers. Further data processing may occur if you have consented (Art. 6 (1) letter a) GDPR) or if it serves to fulfill a legal obligation (Art. 6 (1) letter c) GDPR).

    2. Conducting quality analyses

    If you, as our customer or an employee of one of our customers, use the IT help desk services in response to a customer inquiry, we will subsequently ask you via email to provide a rating of your satisfaction with the handling of your request. In this process, we process the following data: company name, email address, date, ticket ID, provided rating.

    This processing aims to evaluate the satisfaction of our customers with our service provision and to improve our offerings based on the results. This processing is based on the legal basis of Art. 6 (1) letter f) GDPR and serves our legitimate interest in analyzing the quality of our services offered.

    The data is processed by service providers contracted by us. These service providers process the data only according to explicit instructions and are contractually obligated to ensure suitable technical and organizational measures for data protection. You are not obliged to provide a rating, and there are no consequences for you if you do not provide this information

    We are here for you!

    Are you interested in a consultation with our experts? Would you like to receive detailed information about our cloud services? Our METRO CLOUD team will be happy to answer your questions!