Cookie settings

Cookie selection history

ueData privacy statement

We are very glad about your interest in our enterprise. Data protection is of particular importance to the management of Materna Virtual Solution GmbH (hereinafter “Materna Virtual Solution” or “we”).

Personal data are at all times processed in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (GFDPA). In this data privacy statement, we inform you of the collection of personal data from data subjects in accordance with Article 13 GDPR.

1. Definitions

This data privacy statement uses, inter alia, the following terms, as they are defined in the GDPR:

a) Personal data

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

c) Restriction of processing

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

d) Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

e) Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

f) Processor

”Processor” means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

g) Recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

h) Third Party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

i) Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name und contact details of the controller

The controller for the processing of personal data under this data privacy statement is:

Materna Virtual Solution GmbH
Muehldorfstr. 8
81671 Munich
Germany
Phone +49 89 30 90 57 0
Email: kontakt@virtual-solution.com
Website: www.materna-virtual-solution.com

3. Contact details of the data protection officer

The data protection officer of Materna Virtual Solution GmbH is:

intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
Germany
Tel.: +49 40 790 235 – 0
E-Mail: datenschutz@virtual-solution.com

4. Processing of personal data on the website of Materna Virtual Solution – Purposes and legal bases; Recipients

a) Collection of personal data and information when accessing the website of Materna Virtual Solution

Upon each access to the website of Materna Virtual Solution by a user, information without any personal reference and personal data of that user will be collected and stored in the log files of the servers of Materna Virtual Solution. The following is collected and stored: (1) the browser types and versions used, (2) the operating system used by the user, (3) the website from which the user accesses our website (“referrer”), (4) the subsites called up by the user on our website, (5) the date and time of the access to our website, (6)  the user’s IP address, (7) the user’s Internet service provider, and (8) other similar data and information which serve the defence against attacks on our information systems.

That information and those personal data are required to correctly deliver the contents of our website, to optimise the contents of, and advertising for, our website, as well as to warrant the permanent functionality of our information systems and our website and to protect them against attacks and damage.

The personal data and information collected on that basis are evaluated by Materna Virtual Solution statistically and for the purpose of enhancing data protection and data security within our enterprise in order to warrant a level of protection for the personal data processed by us which is adequate given the risk. The personal data and information collected when you access the website will be stored separately from other personal data of the data subject, and any personal data collected upon an access to the website, in particular, the user’s IP address, will be deleted 14 days from their collection, unless an attack or a threat by the user was discovered. Those personal data will not be disclosed to third parties.

To the extent that we collect and use personal data of the user such as, in particular, the user’s IP address, upon an access to the website of Materna Virtual Solution, the legal basis therefor is Article 6(1)(f) GDPR, as that processing is necessary to safeguard the controller’s legitimate interests. The legitimate interests of Materna Virtual Solution pursued thereby are the enhancement of data protection and data security within our enterprise in order to warrant a level of protection for the personal data processed by us which is adequate given the risk, and to protect our information systems and our website against attacks and damage.

b) Registration on, and contact through, the website of Materna Virtual Solution

Data subjects have the option to register on the website of Materna Virtual Solution, while providing personal data, or to contact Materna Virtual Solution. What personal data will be transmitted to Materna Virtual Solution in that respect results from the respective entry mask or contact form for the registration or contacting, respectively. The personal data transmitted by the data subject to Materna Virtual Solution in that respect will only be collected and stored for the purposes pursued by the registration or to process the contact request by the data subject. The transfer of data to a company of the Materna Group is possible depending on the reason for the contact. Those personal data will not be transmitted to third parties outside the Group. The legal basis for the processing of those personal data is Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract between Materna Virtual Solution and the data subject or in order to take steps at the request of the data subject prior to entering into a contract.

c) Direct advertising, product information and newsletters of Materna Virtual Solution

On the website, we offer the transmission of direct advertising, product information and newsletters from Materna Virtual Solution by email. To do this, we require the email address of the data subject.

We may use the email address received by us from the data subject in connection with a contract for the use of products of Materna Virtual Solution for direct advertising regarding our own similar goods or services, unless the data subject has objected to such use. The legal basis for such use is Article 6(1)(f) GDPR, as the processing is necessary for the purposes of the legitimate interests pursued by Materna Virtual Solution. The legitimate interests pursued by Materna Virtual Solution thereby are the advertising of products and services to clients. Data subjects may any time object to that use in accordance with the note at the end of this document regarding the right to object in accordance with Article 21 GDPR, without incurring any transmission costs other than those under the base rates.

In other respects, we will collect and process the email address of the data subject in order to send direct advertising, product information and newsletters from Materna Virtual Solution by email, provided that the data subject has granted their prior consent. That consent will be logged, and the data subject may at any time retrieve the contents of the consent, as well as that note. Data subjects may at any time revoke their consent with effect for the future, as described in the following declaration of consent.

The declaration of consent reads as follows:

”I hereby agree that Materna Virtual Solution GmbH may in future regularly inform me of product news and offers from the area of mobile security by email and may send me email newsletters. To this end, Materna Virtual Solution GmbH may store and use the email address stated by me. I may at any time revoke that consent with effect for the future. The revocation may be sent by mail to Materna Virtual Solution GmbH, Blutenburgstr. 18, D-80636 Munich, or by email to marketing@virtual-solution.com. In addition, the email advertising and the email newsletter may also be unsubscribed by clicking the link at the end of the email.“

The legal basis for the processing of those personal data is the consent of the data subject (Article 6(1)(a) GDPR).

d) Cookies

The website of Materna Virtual Solution uses cookies. “Cookies” are small text files which are set and stored in connection with the visit on our website through an Internet browser on the user’s terminal device and are kept there for a later retrieval. Typically, a cookie will include the name of the domain from where it was set, the “lifetime” of the cookie and a unique identifier. Cookies enable the visited website to differentiate the user’s individual browser from other Internet browsers. A specific Internet browser can be recognised and identified through the cookie. The purpose of that recognition is to facilitate the use of our website by users. Users of a website which uses cookies can still be identified during the visit to the website when the user moves from one website to another and will, for example, not be required to enter their access data once more at each individual visit to the website, as that will be done by the website and the cookie set on the user’s terminal device.

The website of Materna Virtual Solution uses the following cookies:

– Session cookies

”Session cookies” are temporary cookies which remain in the cookie file of the user’s browser until the user leaves the website of Materna Virtual Solution; they are necessary, in particular, to facilitate the use of the website of Materna Virtual Solution. Session cookies will be deleted when a user’s browser session ends.

– Cookie by Polylang to recognise and retain the language used or selected by the user. That cookie will be deleted after one year. Further details regarding the name, value, storage period and deactivation of that cookie are available at https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law.

The legal basis for any processing of personal data using session cookies and the cookie of Polylang is Art. 6 (1) (b) GDPR, as the processing is necessary for the performance of a contract between Materna Virtual Solution and the data subject or for the implementation of pre-contractual measures required by the data subject so that Materna Virtual Solution can enable the use of the website in the chosen language.

– Cookies in connection with Google AdWords and econda Analytics, as described below

Data subjects can themselves determine whether cookies can be set and called up, or whether cookies will be blocked or deleted, by setting the Internet browser used accordingly. Details regarding the management and deletion of cookies, as well as relevant instructions for the most common browsers, are available, for example, at www.meine-cookies.org. If the data subject deactivates the setting of cookies in the Internet browser used, it may be possible that individual functions of our websites cannot be fully used.

e) Use of Google Ads

Materna Virtual Solution has integrated Google Ads on its website. Google Ads is an Internet advertising service which enables advertisers to place ads both in the search engine results of Google and in the Google advertising network, and which is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter ”Google”).

The purpose of Google Ads is the advertising for our website by displaying target group-oriented advertising on the websites of third-party enterprises and the results of the search engine, Google, as well as a target group-oriented display of third-party advertising on our website.

If a user is led to our website via a Google ad, Google will set a conversion cookie in the user’s browser (see section 4 d) above as regards cookies). By the session cookie, it can be traced whether specific subsites on our website were called up. Conversion cookies will be deleted after 30 days.

By the session cookie, Google will prepare visitor statistics for our website, which statistics we will use to ascertain the total number of the users who were led to us through Ads. In so doing, personal data such as the websites visited by the user will be stored. In addition, upon each visit to our website, personal data of the user, including the user’s IP address, will be transmitted to Google in the USA and will be stored there. Google anonymises those log data by deleting part of the IP address and the cookie information after 9 or 18 months, respectively.

Users can prevent the setting of cookies by our website, as explained in section 4 d) above, by setting the Internet browser used accordingly and can thereby object to the use of cookies. Such setting of the Internet browser used will also result in Google not setting a conversion cookie in the user’s Internet browser, so that Google Ads will not be used with the user. In addition, a cookie already set by Google Ads can be deleted through the Internet browser.

Users may also object to the delivery of target group-oriented advertising by Google. To do this, users must click the link www.google.de/settings/ads from the Internet browser used by them and make the desired settings there.

Data may be transferred to the USA as part of processing by Google Ads. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

The legal basis for the use of Google AdWords is Article 6(1)(f) GDPR, as that use is necessary to safeguard the controller’s legitimate interests. The legitimate interests pursued by Materna Virtual Solution thereby is the analysis of the success of advertising placed and to improve both AdWords ads by Materna Virtual Solution and the display of third-party advertising on our website and to make them more interesting for users.

f) Integration of Google Maps

Materna Virtual Solution has included Google Maps content on its website. Google Maps is a service for displaying addresses in city maps and maps provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

By visiting the website of Materna Virtual Solution, Google is informed that the user has accessed the corresponding sub-page of our website. In addition, the data referred to in 4 a) are transmitted. This takes place regardless of whether Google provides a user account via which the user is logged in or if there is no user account. If the user is logged in to Google, this data will be assigned directly to their account. If the user does not wish to be allocated to their Google profile, they must first log out.

Google stores these data as usage profiles and uses them for advertising, market research and/or customizing its website. Such an evaluation is performed above all (even for users who are not logged in) in order to display needs-based advertising. Users have a right to object to the creation of these user profiles, whereby they must contact Google in order to exercise this right.

The legal basis for the use of Google Maps by Materna Virtual Solution is Art. 6 (1) (f) GDPR, as the use of Google Maps is necessary to safeguard the legitimate interests of the controller. The corresponding legitimate interests of Materna Virtual Solution are to display the Materna Virtual Solution addresses on Google Maps for directions and route planning.

Further information on the purpose and scope of Google’s data collection and processing is available at https://www.google.com/policies/privacy/partners/?hl=en.

Data may be transferred to the USA as part of processing by Google Maps. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

g) Use of YouTube

Materna Virtual Solution has integrated videos of YouTube on its website, which are stored at https://youtube.com/, for the purpose of being able to play those videos directly on our website. Upon each calling-up of a website of Materna Virtual Solution on which a YouTube video was integrated, YouTube and Google will obtain knowledge which specific subsite of our website is used by the user. In addition, the following information and personal data of the user will be transmitted to YouTube: IP address, date and time of the request and the time zone, the website called up, the transferred data volume, the browser, operating system and its surface, the language and version of the browser software.

YouTube and Google will always be notified via the YouTube component that a user visited our website if the user is logged in at YouTube or Google at the same time, regardless of whether or not the user clicks on a YouTube video. That information will be allocated to the user’s account with Google or YouTube, respectively. If the user does not wish such a transmission of that information to YouTube and Google, the user can also prevent the transmission by logging off from the user’s YouTube account before accessing our website.

YouTube will store the data collected about the users as user profiles and use the same for the purposes of advertising, market research and/or the structure of its website as needed. Any such analysis will be made, in particular, (also for users who have not logged in) to display demand-oriented advertising and to inform other users of Google and YouTube of the activities of the user on our website. Users have a right to object to the creation of those user profiles, which right must be exercised as against YouTube.

The legal basis for the use of YouTube by Materna Virtual Solution is Article 6(1)(f) GDPR, as that use is necessary to safeguard the controller’s legitimate interests. The legitimate interests pursued by Materna Virtual Solution thereby are the display of demand-oriented advertising and information in the form of YouTube videos and to inform other users of the social network of the activities of users on our website.

YouTube is offered by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Further information regarding the purpose and scope of the collection of the data and their processing by YouTube can be called at https://www.google.de/intl/de/policies/privacy/ and https://www.youtube.com/yt/about/de/.

Data may be transferred to the USA as part of processing by YouTube. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

h) Use of Black Cat Networks Hosting Services for the free 30-day-trail of SecurePIM

For the 30-day-free-trail of SecurePIM Materna Virtual Solution uses hosting services by Black Cat Networks (BCN), 78224 Beuren an der Aach. BCN runs a Microsoft Exchange infrastructure for Materna Virtual Solution. BCN registers domains, runs name server infrastructures and does email hosting for Materna Virtual Solution.

Materna Virtual Solution uses the following pernsonal data for the 30-day-free-trail: first name, last name, company, email address, street, number, city, zip code, country, phone number, mail server type. Only test email addresses that are system generated are transmitted to BCN, there is no further processing of personal data of the testers/inbox users.

The following processes of personal data will be performed by BCN:

Materna Virtual Solution transmits email addresses to BCN. BCN creates email inboxes for these email addresses.

The emails sent to and from the inbox created for the 30-day-trail-user are stored in BCN’s systems as a whole.

Besides sending and receiving, as well as saving and deleting of emails, there will be no further processing of personal data of the inbox users.

Storage, processing and use of data is only taking place in Germany, a member state of the European Union or in other states that are part of the agreement in the European economic area.

The email accounts created by Black Cat with all corresponding email data are automatically physically deleted from the system after 30 days.

No backups are created of the data.

i) Use of LinkeIn Ads, Analytics and Marketing Solutions

We are using “LinkedIn Ads, Analytics und Marketing Solutions”, a service of LinkedIn Ireland (in the following called: “LinkedIn”). LinkedIn saves and processes information about user behavior on our website. LinkedIn uses amongst other things cookies for this, so small text data that are stored in the storage of your web browser on the device and provide analytics on your use of our website.

We are using LinkedIn for marketing and optimization purposes, especially in order to analyze the use of our website and in order to improve functionality and offers, as well as the overall user experience on our website. With the statistical analysis of user behavior we can improve our offerings and make them more interesting for you as a user. Therein lies our legitimate interest to process these data by a third party. Legal grounds are Art. 6 Abs. 1 S. 1 lit. f) GDPR.

The installation of cookies can be prevented by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. Please note that, this will mean that maybe not all of our website’s functionality will be available to you. You can also prevent the collection of data through LinkedIn by setting an opt out cookie on one of the following websites:

https://www.linkedin.com/psettings/guest-controls

https://optout.aboutads.info/?c=2 – !/

https://www.youronlinechoices.com/de/praferenzmanagement/

Please note that this setting will be deleted when you delete your cookies. You can prevent or object to the collection and forwarding of personal data by deactivating Java script in your browser. You can prevent Java script entirely by installing a java script blocker (e.g. https://noscript.net/ or https://www.ghostery.com). Please note that, this will mean that maybe not all of our website’s functionality will be available to you.

Data may be transferred to the USA and Singapore as part of processing by LinkedIn. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

Information of the third party: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland. For furhter information on data protection by the third party please see the following website: https://www.linkedin.com/legal/privacy-policy

j) Use of Hubspot

Materna Virtual Solution is using Hubspot, a service provided by Hubspot Inc.

For this, so called „Web-Beacons” are used and “Cookies” are set and stored on your computer. These help us analyse your behavior on our website. This information (e.g. IP adress, geographical location, type of browser, length of your visit and visited pages) is analysed by Hubspot on the behalf of Materna Virtual Solution, to create reports about your visit and the visited pages.

If email newseltters are subscribed and documents are provided, we can also connect visits of a user with their personal information provided (especially name/email address), if they have given us their consent to do so. With this we can inform users in a personalized and targeted manner about preferred topics.

If you do not wish that Hubspot collects this data, you can prevent this by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser.

Further information on the functionality of Hubspot can be found in the privacy policy of Hubspot Inc.: https://legal.hubspot.com/de/privacy-policy

Data may be transferred to the USA as part of processing by Hubspot. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

k) Use of econda Analytics

For the purpose of demand-oriented design and optimization of this website, pseudonymized data is collected and saved by solutions and technologies of econda GmbH (Zimmerstraße 6, 76137 Karlsruhe, www.econda.de) and usage profiles are created from this data using pseudonyms. econda works on our behalf. A transfer of the data to third parties or a transfer to third countries is excluded.

Data processing purposes:

  • Analytics
  • Optimization

Without your opt-in, econda solutions work in anonymous mode based on the current session. No data with personal reference, such as the IP address, customer or order numbers, is saved. No cookies are set. You will not be recognized in later visits and profiling is not possible.

With your opt-in, cookies are used for the purpose described above, which enable the recognition of an Internet browser. However, usage profiles are not merged with data about the bearer of the pseudonym without the express consent of the visitor. In particular, IP addresses are made unrecognizable immediately after receipt, making it impossible to assign usage profiles to IP addresses. You can, of course, revoke your consent at any time.

Used technology:

  • Cookie
  • Local storage

 

The use of anonymized tracking is carried out in accordance with Article 6 (1) f GDPR. The company has a legitimate interest in carrying out a range measurement in order to continuously optimize the online presence. Personalized tracking only takes place if you have given your consent to this (Article 6 (1) (a) GDPR).

The following data is collected:

  • Information about the device used
  • Information about viewed pages within the website visit
  • Information about access data (e.g. Date and time of retrieval, amount of data transferred,  browser type and version, the user’s operating system, IP address and the requesting provider)

       

      Visitors to this website can object to this data collection and storage at any time for the future.

       

      The objection only applies to the device and browser on which it was set, please repeat the process on all devices if necessary. If you delete the opt-out information from the cookie and local storage, requests will be passed to econda again.

      The processing and storage of data takes place only for the period necessary to achieve the respective processing purpose or as long as a legal retention period (in particular commercial and tax law) exists. After the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

      Data processing partner:

      econda GmbH
      Zimmerstr. 6
      76137 Karlsruhe, Deutschland
      www.econda.de

      5. Processing of personal data when using the products of Materna Virtual Solution – Purpose and legal basis; Recipients

      When clients use the products, ”SecurePIM”, “SecureCOM”, ”SecurePIM Management Portal“, and ”SecurePIM Gateway“, of Materna Virtual Solution, the following personal data about the client will be collected and processed for the following purposes:

      a) SecurePIM

      The software, ”SecurePIM“, serves the encrypted storage of emails, contacts, appointments and other data on the mobile device of the client, or the client’s employees. As a supplement thereto, the software, ”SecurePIM Management Portal“, serves the central configuration settings of the software, ”SecurePIM“, on the client’s mobile devices. The software, ”SecurePIM Gateway“, serves the secure access of the SecurePIM App to the client’s internal company network. To settle the business relationships with its clients, and for the internal processing of the business transactions, Materna Virtual Solution uses electronic data processing. When installing the software, ”SecurePIM“, and when using the software, ”SecurePIM Management Portal“ and ”SecurePIM Gateway“, only the email addresses of the users will be transmitted by the client to Materna Virtual Solution and be stored there centrally. In addition, the data which are relevant for the operation of the software, for example the validity of the licence, and what modules have been activated, will be stored.

      b) SecureCOM

      The software, “SecureCOM”, provides a chat for encrypted exchange of information, documents and voice over calls. The software, ”SecurePIM Gateway“, serves the secure access of the SecureCOM App to the client’s internal company network. When installing the software, ”SecureCOM“, and when using the software, ”SecurePIM Management Portal“ and ”SecurePIM Gateway“, only the email addresses of the users will be transmitted by the client to Materna Virtual Solution and be stored there centrally. In addition, the data which are relevant for the operation of the software, for example the validity of the licence, will be stored. In order to use SecureCOM, the use of the SecureCOM server (messenger server) is required.

      SecureCOM server’s job is to connect and send messages between devices. It enforces privacy rules and it helps with establishing secure channels between devices. It acts as a conduit for communication, but it is unable to decrypt any of it. For every user SecureCOM server stores:

      • Address book of connected contacts (SecureCOM ID’s).
      • Hashed and salted password with a unique salt for every user.
      • SecureCOM ID.
      • Privacy mode setting.
      • All connected phone numbers and e-mail addresses.
      • Queue of messages that have to be delivered.
      • Per device session identifier.
      • Per device signature public key.
      • Per device server side public and private keys for signatures.
      • Per device signaling data (stun/turn).
      • Per device name.
      • Per device last seen time.
      • Per device type.
      • Per device token for push messaging.

           

          c) SecurePIM Management Portal

          The licence management and the SecurePIM Management Portal serve the purpose of registering the licences and issuing the licence certificates. Furthermore, analyses of the licences and their use may be made in the License Manager (CLM).

          Through the Secure PIM Management Portal, the following types of personal data of the client and all persons registered by the client in the SecurePIM Management Portal will be collected and processed:

          • person master data (e.g., first and last name)
          • communications data (e.g., phone, email)
          • other:
            • user name for the log-in at the admin console
            • public certificates
            • transport-PIN-protected p12 container
            • push-notification token
            • device information (version number of the SecurePIM software release, device type, device number, operating system of the device, version of the operating system, language set in the operating system)
          • other personal data collected by the client on its own in the portal in addition

           

          In the SecurePIM Management Portal, depending on the managed application, all devices, as well as the configuration of the SecurePIM App/SecureCOM , for all users of the client will be managed. When using SecurePIM/SecureCOM, the settings made in the SecurePIM Management Portal will be exchanged between that portal and the application.

          In connection with the user administration, email notifications will be sent from the SecurePIM Management Portal automatically or by an administrator to the SecurePIM App/SecureCOM App or the user of the SecurePIM Management Portals, respectively.

          Use of the Auto PKI (Public Key Infrastructure) module: When using the AutoPKI module, a p12 Container (with a public key and private key) will be created for the respective user of the SecurePIM App and a CSR (Certificate Signing Request) to a CA (certificate authority) will be triggered. The created p12 container and the encrypted transport PIN (password for the p12 container) will be stored in the SecurePIM Management Portal and transmitted to the user separately from one another.

          Use of the SecurePIM LDAP module: When using the SecurePIM LDAP module, the email address and the SMIME certificate of the respective user of the SecurePIM App will be stored on the SecureLDAP (public LDAP, available via the Internet).

          Use of the email verification module: When using the email verification module, for the purpose of verifying the access to the user’s email account, emails will automatically be sent from Licence Management (CLM) to the email address stored in the SecurePIM Management Portal for the SecurePIM user.

          d) Place of data processing

          Those personal data will be transmitted stored, processed and used exclusively in the territory of the Federal Republic of Germany, a Member State of the European Union, another contracting state of the Agreement on the European Economic Area, or a third-party state, which has been granted an adequate level of data protection (Article 45 GDPR) by the European Commission.

          e) Legal basis

          Materna Virtual Solution collects, processes and uses those personal data exclusively for the performance of the contract with the client and stores those personal data in a safe place. That processing of personal data of the client by Materna Virtual Solution is necessary for the performance of the contract with the client on the basis of Article 6(1)(b) GDPR.

          f) Commissioned processing

          If the client has the software, “SecurePIM Management Portal“, hosted by Materna Virtual Solution, the parties shall enter into a separate agreement regarding commissioned data processing in accordance with Article 28 GDPR, under which Materna Virtual Solution acts as a processor of the client.

          g) Recipient of personal data

          If the software, ”SecurePIM Management Portal“, is hosted by Materna Virtual Solution as a processor, Materna Virtual Solution will, in turn, use subcontractors in accordance with the agreement on commissioned data processing in accordance with Article 28 GDPR. Materna Virtual Solution has commissioned M-net Telekommunikations GmbH, Emmy-Noether-Str. 2, D-80992 Munich, as the operator of the computer centre and hosting provider. In other respects, those personal data will not be disclosed to third parties.

          h) Use of “Sentry” in the SecurePIM App

          Materna Virtual Solution has integrated Sentry in its SecurePIM Android App. Sentry is a programme with the purpose of analysing and fixing errors of the SecurePIM App and improving the SecurePIM App. When the SecurePIM App crashes, the user will be asked to consent to the transmission of certain data regarding the incident to Materna Virtual Solution; those data include the device type, the version of the operating system, data regarding the hardware of the mobile device, as well as the current position in the source code and the time of the crash, and the condition of the application at the time of the crash. Those data will only be transmitted if the user has given consent to the transmission. This consent can be removed at any time in the settings. Materna Virtual Solution will neither collect nor transmit the user’s IP address or any other data by which the user or the affected mobile device can be identified.

          Since Materna Virtual Solution is using Sentry as a self-hosted service those data will be stored, processed and used exclusively in the territory of the Federal Republic of Germany, a Member State of the European Union or another contracting state of the Agreement on the European Economic Area.

          6. Processing of personal data in relation to the support for the products of Materna Virtual Solution – Purpose and legal basis; Recipients

          Materna Virtual Solution collects and processes personal data for the purpose of providing support for its products. Clients, or prospective clients, may submit support requests regarding the following topics over the phone, by email or via the website of Materna Virtual Solution:

          • questions regarding the configuration
          • questions regarding the general functionality
          • reporting of technical problems
          • questions regarding change requests
          • other technical inquiries

          The support requests received, and the personal data transmitted by clients, or prospective clients, will be stored in an internal ticket system of Materna Virtual Solution and will be used for the purpose of documenting and processing the support request, as well as for the purpose of contacting the respective client/prospective client in order to provide relevant feedback.

          Upon the creation of a ticket in the ticket system of Materna Virtual Solution, the system will send an automatic email to the email address from which the notification was sent. That response includes, inter alia, a link through which the client, or prospective client, can look at the created ticket.

          Employees of Materna Virtual Solution, the distribution partner of Materna Virtual Solution in charge of the client, as well as the email addresses stated upon the creation of a ticket (data subject who created the ticket, as well as “cc” addressees (if any) entered by the data subject), can access a support ticket. The administration of the tickets is logically separated and sorted by organisation, so that a distribution partner of Materna Virtual Solution may only access tickets of the clients supported by the distribution partner.

          That processing of personal data of the client, or prospective client, by Materna Virtual Solution is necessary for the performance of a contract between Materna Virtual Solution and the data subject or in order to take steps at the request of the data subject prior to entering into a contract and is based on Article 6(1)(b) GDPR.

          7. Processing of personal data for distribution purposes – Purpose and legal basis; Recipients

          Materna Virtual Solution collects and processes the personal data of prospective clients for the purpose of submitting offers and for distribution purposes, if a prospective client contacts Materna Virtual Solution and expresses his or her interest in the products of Materna Virtual Solution. The contact data submitted by the prospective client to Materna Virtual Solution will be stored and processed in the CRM system of Materna Virtual Solution. Materna Virtual Solution will transmit the personal data of prospective clients collected by Materna Virtual Solution for the purpose of submitting an offer and for distribution purposes to internal departments as well as distribution partners or companies of the Materna Group for further operational processing and contacting the prospective client.

          That processing of personal data of prospective clients by Materna Virtual Solution is either based on a consent by the prospective client (legal basis: Article 6(1)(a) GDPR) or is necessary to take steps prior to entering into a contract (legal basis: Article 6(1)(b) GDPR).

          8. Processing of personal data in relation to job applications and in application procedures – Purpose and legal basis; Recipients

          Materna Virtual Solution collects and processes personal data of applicants for the purpose of carrying out the application procedure. Processing may also be made electronically, for example, if an applicant submits relevant application documents by email or uses the applicant portal, the HR software Personio, which is offered on the website, to submit an application online. Materna Virtual Solution has instructed Personio SE & Co.KG, Seidlstraße 3, 80335 München, with the processing of the personal data of an online application as processor, and we transmit to Personio SE & Co.KG the data collected from the data subject in connection with an online application to this end. Information from job-related social networks such as LinkedIn, Xing may also be used to assess an application. If Materna Virtual Solution enters into an employment contract with the applicant, the transmitted data will be stored for the purpose of performing the employment relationship in compliance with the statutory provisions. If Materna Virtual Solution does not enter into an employment contract with the applicant, the application documents will be deleted two months from the rejection, unless a longer storage is necessary owing to legitimate interests of the controller. Such legitimate interest might exist, for example, in the event of proceedings under the German General Equal Treatment Act.

          We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the scope of the stated purpose and legal basis. Furthermore, we forward your application documents to companies of the Materna Group within the scope of application management. If you do not want us to forward your application documents to Materna companies, you have the right to object.

          Those personal data will not be disclosed to third parties outside the Group. Your personal data will not be transferred to countries outside the European Union.

          That processing of personal data of applicants by Materna Virtual Solution is necessary to carry out an application procedure and is based on Article 6(1)(b) GDPR, as well as § 26 GFDPA.

          9. Duty of data subjects to provide personal data and potential consequences of a failure to provide personal data

          Data subjects are obliged to provide us with personal data if we enter into a contract with them. A consequence of a failure to provide the personal data would be that the contract with the data subject cannot be entered into. In addition, the provision of personal data is necessary for the use of the products and the website of Materna Virtual Solution. A consequence of a failure to provide the personal data would be that the products or the website of Materna Virtual Solution cannot be used at all, or that the scope of functions will be limited.

          10. No automated decision-making; No profiling

          We do not use automated decision-making or profiling.

          11. Storage period and deletion of personal data

          Materna Virtual Solution stores personal data of data subjects only as long as this is necessary for the purposes for which they were processed, unless statutory provisions required a longer retention period. If the purpose for which the personal data were collected or stored no longer exists, the data will be routinely deleted.

          12. Rights of data subjects

          Data subjects have the following rights:

          • Right of access to the relevant personal data (Article 15 GDPR)
          • Right to rectification (Article 16 GDPR)
          • Right to erasure (Article 17 GDPR)
          • Right to restriction of processing (Article 18 GDPR)
          • Right to object to the processing if the processing is made on the basis of Article 6(1)(e) or Article 6(1)(f) GDPR (Article 21 GDPR); see also the note regarding the right to object pursuant to Article 21 GDPR at the end of this document
          • Right to data portability (Article 20 GDPR)
          • Right of the data subject to revoke a granted consent at any time, without this affecting the lawfulness of the processing made before the revocation, if the processing is based on a consent in accordance with Article 6(1)(a) or Article 9(2)(a) GDPR
          • Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

             

            13. Modifications of this Data Privacy Statement

            On a case-by-case basis, it will be necessary to adapt and modify the contents of this Data Privacy Statement. Therefore, Materna Virtual Solution reserves the right to change or adapt this data protection declaration at any time in compliance with the applicable data protection regulations.

            Current status is: 01.2024

             

            Note regarding the right to object pursuant to Article 21 GDPR

            1. Right to object on grounds relating to a particular situation

            You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is made on the basis of Article 6(1)(e) (public interest) or Article 6(1)(f) (data processing on the basis of the weighing of interests) of the GDPR; this applies also to any profiling based on those provisions. Materna Virtual Solution will no longer process the personal data, unless Materna Virtual Solution is able to demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or the processing serves the establishment, exercise of defence of legal claims.

            2. Right to object in relation to direct marketing

            If Materna Virtual Solution processes personal data for direct marketing purposes, data subjects have the right to object at any time to the processing of personal data concerning them for the purpose of such marketing; this applies also to any profiling related to such direct marketing. If data subjects object to the processing for direct marketing purposes, the personal data will no longer be processed for such purpose.

            3. Exercise of the right to object

            The right to object may be exercised without a specific form, for example, by a letter to Materna Virtual Solution GmbH, Blutenburgstr. 18, D-80636 Munich, or by email to marketing@virtual-solution.com.

            Download the data privacy statement as PDF here.