1. Data Protection

We are pleased about your visit to our website and your interest in our offers. The protection of your personal data is an important concern for us. In this privacy policy, we explain how we collect your personal data, what we do with it, for what purposes and on what legal basis this is done, and what rights and claims are associated with it for you.

Our privacy policy for the use of our websites does not apply to your activities on the websites of social networks or other providers that you can reach via the links on our websites. Please inform yourself on the websites of these providers about their privacy policies.

Since changes in the law or changes in our internal company processes may make it necessary to adapt this privacy policy, we ask you to read through this notice regularly. 

2. Data Controller and Scope

Responsible in the sense of the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

Magic Connection GmbH
Kalscheurener Str. 91
50354 Hürth

This privacy policy applies to the Internet offering of Magic Connection GmbH, which can be accessed under the domain “www.magic-connection.de” as well as the various subdomains (hereinafter referred to as “our website”).

If you have any questions about this privacy policy, please contact our data protection officer:

Data Protection Officer

Magic Connection GmbH
Kalscheurener Str. 91
50354 Hürth

E-mail: datenschutz@magic-connection.de

3. Principles of data processing

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information for which we cannot establish a reference to your person (or only with a disproportionate effort), e.g. by anonymizing the information, is not personal data.

The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention obligations.

If we process your personal data for the provision of certain offers, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.

4. Duration of storage

Unless otherwise stated in the following notes, we store the data only for as long as is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations.

5. External service providers

Unless otherwise stated in the following information, the data is processed on the servers of technical service providers that have been commissioned by us for this purpose. These service providers process the data only according to explicit instructions and are contractually obligated to guarantee sufficient technical and organizational measures for data protection.

6. Provision and use of our website

During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, requested page, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) lit. f) GDPR. This processing serves the technical administration and security of the website.

7. Contact form

Our website contains a contact form through which you can send us messages. The information you provide, including your contact details, will be stored by us for the purpose of processing your request and in case of follow-up questions. The legal basis for data processing is Art. 6 (1) lit. b GDPR. All data fields marked as mandatory are required to process your request. Failure to provide this data will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact email.

8. Newsletter

On our website we offer you the possibility to subscribe to a press newsletter. When sending our newsletter, we process your e-mail address (mandatory field) and your name if you also provide it. We process your personal data when you subscribe to the newsletter for the purpose of sending you our newsletter.

To subscribe to our newsletter, we use the double opt-in procedure. After you have entered your e-mail address in the field provided, you will receive an e-mail from us. This contains a confirmation link. Only when you click on the link do you subscribe to our newsletter. Through this procedure, we want to ensure that only valid e-mail addresses are used and that you agree to the sending of the newsletter.

If you click on the link in the confirmation email you receive, we process your personal data for the purpose of proving that we have received a declaration of consent.

The legal basis for the processing of your personal data within the scope of the newsletter dispatch is your consent pursuant to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time. Please note that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. To revoke your consent, you can contact us using the contact details above. Alternatively, you can revoke your declaration of consent by pressing the “unsubscribe” button at the end of each newsletter notification.

9. Applications

If you apply to our company, we process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contacts at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data.

Our online career portal is technically operated by an external service provider (d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, hereinafter “Service Provider”), which is obligated to comply with data protection pursuant to the GDPR in conjunction with the German Federal Data Protection Act (BDSG).

For your application with us, we offer you the option of importing certain data directly from your profile on the career networks XING or LinkedIn or documents from your Dropbox profile. For this purpose, you will be redirected to the login screen of the respective profile after clicking on the corresponding button in the job offer. On a regular basis, the provider of the selected career network thereby receives information that you are interested in a job with us. For more details on data processing by the providers of the career networks/Dropbox, please refer to their privacy statements. After you have registered with the respective provider using your personal access data, you can specify the data that should be transmitted to us as part of your application.

If we are unable to offer you employment, we will retain the data you have provided for up to six months after any rejection in order to answer questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage.

The legal basis for data processing is Section 26 (1) S. 1 BDSG. If we retain your applicant data beyond the period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 (3) GDPR with effect for the future. Such revocation shall not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.

10. Own presences in social media

10.1 LinkedIn

As the operator of a LinkedIn profile, we, Magic Connection GmbH, together with the operator of the social network LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 Ireland), are the controller within the meaning of Art. 4 No. 7 GDPR. When visiting our LinkedIn profile, personal data is processed by the responsible parties. In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.

LinkedIn’s privacy policy can be found at https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

For more information on which individual privacy settings you can select, please click here (https://www.linkedin.com/psettings/data-privacy and https://www.linkedin.com/help/linkedin/answer/89876).

As the responsible party for this site, we have entered into agreements with LinkedIn, which regulate, among other things, the conditions for use of the LinkedIn site. The terms of use of LinkedIn are authoritative.

1. Nature of personal data, scope and purpose

Data about you may be collected via our LinkedIn site through cookies, whether or not you have an account with LinkedIn. Cookies are data packets that mark the user’s computers, smartphones and other end devices with a specific identifier. They are regularly stored on the user’s terminal device when visiting a LinkedIn page, including this profile. The information stored in the cookies is received, recorded and processed by LinkedIn, in particular when the user visits LinkedIn services, services provided by other members of the group of companies and services provided by other companies that use LinkedIn services. In addition, other entities such as LinkedIn partners or even third parties may use cookies on the LinkedIn services to provide services to companies advertising on LinkedIn. For more information on LinkedIn’s use of cookies, please see their privacy policy. 

Cookies are primarily set in order to be able to display personalized advertising to visitors to LinkedIn websites, for example. This is done by showing the user on our LinkedIn profile ads from LinkedIn’s advertising partners whose websites the user has previously visited. In addition, cookies make it possible to create statistics about the use of a social media profile, so that we and LinkedIn can track the use of a social media profile.

2. Legal basis of the data processing

The collection of your data through cookies in the context of the use of the social media channel is neither legally nor contractually required. This is also not required for the conclusion of a contract. There is therefore no obligation to transmit your data to LinkedIn. However, the non-transmission of your data (e.g. by blocking cookies) has the consequence that we cannot offer you our social media channel or only to a limited extent.

We operate this LinkedIn page in order to present ourselves to and communicate with LinkedIn users and other interested persons who visit this LinkedIn page. Employees of our HR department also initially contact profiles that fit our respective current requirement profile via the channels set up by the platform. The processing of users’ personal data is based on our legitimate interest in an optimized presentation of the company (Art. 6 (1) lit. f) GDPR).

10.2 Instagram

As the operator of an Instagram profile, we, Magic Connection GmbH, together with the operator of the social network Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland), are the controller within the meaning of Art. 4 No. 7 GDPR. When visiting our Instagram profile, personal data is processed by the responsible parties. In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.

You can find Instagram’s privacy policy at https://www.instagram.com/legal/privacy/

For more information on which individual privacy settings you can select, please visit https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/.

As the responsible party for this site, we have entered into agreements with Instagram (or Meta Platforms Ireland Limited), which regulate, among other things, the conditions for use of the Instagram page. The terms of use of Instagram are authoritative.

1. Nature of personal data, scope and purpose

Meta Platforms Ireland Limited processes personal data when using Meta products, including when visiting our Instagram page, even from persons who are not registered with any of the Meta services. Meta describes in detail what personal data this is, how, for what purposes and on what legal basis it is processed in its data policy (https://help.instagram.com/519522125107875?helpref=page_content), which applies to all Meta products. There you will also find information on how to contact Meta and on the settings options for advertisements, cookies etc.

Together with other information that Meta receives through cookies, Meta provides us, as the operator of the Instagram page, with statistical information about the use of this Instagram page (so-called page insights). These are aggregated data that reveal how users interact with the page. These page insights may be based on personal data collected by Meta in connection with a user’s visit to or interaction with our Instagram page and its content. Meta provides more information about this here: https://www.facebook.com/about/privacy.

We can use Page Insights to anonymously evaluate reach, page views, time spent on video posts, actions (likes, comments, sharing posts), as well as by age, gender, and location (as indicated by users in their respective Instagram profiles). In this context, settings can be made for the evaluation of the reach or corresponding filters can be set with regard to the selection of a time period, the consideration of a specific post as well as demographic groupings (e.g. female, 20-30 years old). This data is anonymized, aggregated and abstracted. These settings thus do not allow us to draw conclusions about individuals. The evaluation serves to optimally design the offer on our Instagram page for the purpose of public relations.

The processing of the information is intended, among other things, to allow Meta to improve its system of advertising that it distributes through its network. On the other hand, it is intended to allow us, as operators of the Instagram page, to obtain statistics that Meta generates based on the visits to our Instagram page. The purpose of this is to control the marketing of our activity. For example, it allows us to gain knowledge of the profiles of visitors who appreciate our Instagram page or use applications of the page, in order to provide them with more relevant content and develop features that may be of greater interest to them.

In addition, to help us better understand how our Instagram page can better achieve our goals, demographic and geographic analyses are also created and provided to us based on the information collected. We may use this information to target interest-based ads without directly knowing the identity of the visitor. If visitors use Instagram on multiple devices, the collection and analysis can also take place across devices if they are registered visitors who are logged into their own profiles.

The visitor statistics created are transmitted to us exclusively in anonymized form. We have no access to the underlying data in each case.

2. Legal basis of the data processing

The collection of your data through cookies in the context of the use of the social media channel is neither legally nor contractually required. This is also not required for the conclusion of a contract. There is therefore no obligation to transmit your data to Instagram (Meta). However, the non-transmission of your data (e.g. by blocking cookies) has the consequence that we cannot offer you our social media channel or only to a limited extent.

We operate this Instagram page in order to present ourselves to and communicate with Instagram users and other interested persons who visit this Instagram page. The processing of the users’ personal data is based on our legitimate interest in an optimized company presentation (Art. 6 (1) lit. f) GDPR).

11. Cookies

Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by our web server.

We only use technically necessary cookies on our website.

On the one hand, this is a so-called session cookie. This cookie serves the purpose of assigning requests of a user to his session, so that the contents of the website can be displayed correctly. This cookie is generally deleted when the session is ended, e.g. by closing the browser.

In addition, we use a technically required cookie to display the website in the correct language for you.

The legal basis for the use of technically necessary cookies for the linked storage of information on your terminal device and its subsequent readout is Section 25 (2) No. 2 TTDSG. The following processing of your personal data is based on our legitimate interest according to Art. 6 (1) lit. f) GDPR.

You can delete the cookies in the security settings of your browser at any time. You can also generally object to the use of cookies through your browser settings.

12. Automated decisions

No automated decision-making based solely on automated processing, including profiling, that produces legal effects or similarly affects you will be carried out.

13. Your rights

The GDPR gives you the following rights as a data subject of a processing of personal data:

• In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, about a transfer to third countries or international organizations and about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.

• In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or the completion of your personal data stored by us.

• Pursuant to Art. 17 GDPR, you may request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.

• According to Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defense of legal claims. You also have the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.

• Pursuant to Art. 20 GDPR, you may request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or you may request that it be transferred to another controller.

• In accordance with Art. 7 (3) GDPR, you may revoke your consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.

• In accordance with Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

14. Right of objection

In accordance with Art. 21 GDPR, you have the right to object to any processing based on the legal basis of Art. 6 (1) lit. e) or f) GDPR. If we process personal data about you for the purpose of direct marketing, you may object to this processing in accordance with Art. 21 (2) and (3) GDPR.

15. Data security and backup measures

We are committed to protecting your privacy and treating your personal data confidentially. To prevent manipulation, loss or misuse of your data stored with us, we take extensive technical and organizational security precautions that are regularly reviewed and adapted to technological progress. These include, among other things, the use of recognized encryption methods (SSL or TLS). However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions not within our sphere of responsibility. In particular, data disclosed unencrypted – e.g. if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the user’s responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.

Status: June 2023