Privacy policy

We strictly adhere to the processing and use of personal data of our users insofar as necessary for operating a functional website and delivering our content and services. Processing personal data on a regular basis only takes place after the user has given his permission to do so. An exception is applicable in case a permission cannot be obtained for actual reasons and the processing of data is protected by legal rules.

We include links to Kununu, LinkedIn and our partners on our website. If you click on them, we are no longer responsible for the website content and processing.

Whenever we obtain the consent from a data subject to process personal data, Art. 6 (1 a) GDPR serves as the legal basis for processing this personal data.

Whenever processing such data is necessary for compliance with a contract, where a person is one of the contract's party, Art. 6 (1 lit.b) of GDPR serves as the legal basis. This also applies to the processing act which is necessary for pre-contract activities.

Whenever processing such data is necessary for compliance with a legal regulation to which our company is subject to Art. 6 (1 lit. c) GDPR serves as the legal basis.

If processing is necessary for safeguarding the legitimate interests of Müller-BBM Active Sound Technology or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1 lit. f) GDPR serves as the legal basis for processing this data. 

Personal data are erased or blocked as soon as the purpose of the storage is no longer applicable, except in cases where a storage is governed by the legal basis of a European Union or national jurisdiction, European Union legal rules, laws or other regulations to which the party responsible is subject. Data are also blocked or erased when a statutory period, set by the standards mentioned above, ends, unless deemed necessary to extend the data storage in order to conclude or fulfill a contract.

We use Matomo on our website for statistical analysis in order to improve our services. Matomo is an open source tool for web analysis that records your usage behavior anonymously. Matomo works with cookies, which are text files that are stored on your computer and enable us to analyze the use of our website.

Matomo collects the following data for us:

• Location of access
• Length of visit
• Which subpages you visit on our website
• Which device you use to visit our website (a distinction is only made between desktop and mobile)
• Which operating system you use to visit our website (mobile: e.g. Android, iOS; desktop: e.g. Windows 11)
• At what time you visit our website
• Which browser you use to visit our website
• IP address (is anonymized by Matomo)
• Translated with DeepL.com (free version)

The legal basis for temporary data and log file storage is in accordance with Art. 6 (1 lit. f) GDPR.

A temporary storage of the IP address is necessary for enabling our system to deliver our website to the user's computer. For this reason, the user's IP address must be stored until the end of the session. 

Data storage in log files is required to ensure the functionality of the website. Furthermore, the data enables us to optimize the website and to guarantee the security of our IT systems. Data analysis for marketing-related purposes is not performed in this context.

These purposes correspond to our legitimate interests of data processing as indicated in Art. 6 (1 f) GDPR.

Data are erased as soon as they become no longer required for the purposes of collection. This applies to the data collection for operating the website whenever the respective session on the website is terminated.

In case of data storage in logfiles, this is, as well as the applied process of anonymization, described above.

Data collection and data storage in logfiles for the provision of the website to the user is mandatory. Consequently, the user cannot claim a right on withdrawal.

On our website we provide e-mail addresses for contacting us. In that case the user's personal data communicated in the e-mail are stored.

In this context we do not deliver data to a third party. These data are only used for the processing of the conversation.

We work with Microsoft 365 as a subcontractor. Microsoft are based in the USA, but your data is processed at server locations within the European Union.

Legal basis for the processing of data which are communicated via e-mail is provided in accordance with Art. 6 (1 lit f) GDPR. In case the e-mail contact aims at the conclusion of a contract, Art. 6 (1 lit b) GDPR serves as another legal basis for data processing.

When processing personal data originating from a contact via e-mail, we have a necessary legitimate interest in the processing of those data.

Data are erased as soon as they are no longer deemed necessary for collection. 

This applies to personal data transmitted via e-mail at the point the conversation with the user has been terminated. The conversation is deemed terminated when the circumstances show that the respective issue is finally clarified. 

In case an e-mail conversation results in a contractual relationship these data are handled as precontractual data of the contractual relationship and erased respectively. 

In case the e-mail conversation results in trade and legal tax related storage obligations, the data will only be erased after termination of these obligations.

The user has the right to withdraw from his consent given for processing his personal data at any time. In the case the user gets into contact with us via e-mail, he has the right to withdraw from the storage of his personal data at any time. In this case the conversation cannot be continued.

A withdrawal notice can be sent via e-mail or by other written means of contact.

All personal data stored in relation to the establishment of the contact then will be eliminated unless they do not object against trade and legal tax related storage obligations.

The responsible entity in terms of data protection is:

Müller-BBM Active Sound Technology GmbH
Helmut-A.-Müller-Straße 1 - 5
82152 Planegg 

You can find more information about our company, details of the authorized representatives and other contact options in the legal notice on our website:

https://www.mbbm-ast.com/imprint/

We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our companies) and to carry out the application process. We obtain information from publicly accessible sources.

The legal basis for the processing of your personal data in this application procedure is primarily Art. 6 para. 1 lit. b) GDPR. This permits the processing of data required in connection with the decision to establish an employment relationship.

Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion of or defense against claims.

Applicant data will be deleted after 6 months in the event of a rejection.

If you have been accepted for a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.

After we have received your application your application data will be reviewed by the HR department. Suitable applications are then forwarded internally to the person responsible for the respective open position. The subsequent process is then coordinated. Within the company, only those persons have access to your data who require it for the proper course of our application process.

In the event of a rejection, you may be given the opportunity to consent to the inclusion of your data in the talent pool on the basis of consent pursuant to Art. 6 para. 1 lit. a) GDPR. The data will be stored in order to contact you in the event of a potential match with a job advertisement published by us. The data will be deleted after 12 months. You have the right to withdraw your consent at any time.

We work with Microsoft 365 as a subcontractor. Microsoft is based in the USA, but your data are processed at server locations within the European Union.

You have the right to information about the personal data we process about you. In the case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so.

You also have the right to object to processing within the scope of the statutory provisions. The same applies to the right to data portability.

We have appointed a data protection officer in our company. You can reach him under the following contact options:

Nextwork GmbH
Brienner Straße 50a
80333 München

E-Mail: datenschutz(at)mbbm-ast.com

There is no automated decision-making or profiling taking place as part of the application process.

The provision of personal data is neither legally nor contractually required. However, if you do not provide it, we cannot consider you in the application process.

You have the right to complain to the Bavarian State Commissioner for Data Protection about the processing of personal data by us.

You have the right to obtain confirmation from the responsible controller whether personal data which are related to you are processed by us. 

If yes, you are entitled to ask for the following information from the responsible controller:

1. the purposes for which the personal data are processed;
2. the categories of personal data which are processed;
3. the recipient or the categories of recipients whom your respective personal data have been disclosed to or will be disclosed;
4. the planned storage duration of your respective personal data or, in the case that concrete information is not possible, criteria for the regulation of storage duration;
5. the existing right for adjustment or elimination of your respective personal data, the right on limitation of data processing by the responsible controller or the right to withdraw from this processing;
6. the existence of a right to file a claim at a regulatory authority;
7. all information available about the origin of the data in the case that personal data are not collected from the person concerned
8. the existence of an automated decision making including profiling according to Art. 22 Abs. 1 and 4 GDPR and - at least in these cases - conclusive information about the logic as well as the consequence and the targeted effects of such processing on the respective person.

You are entitled to claim information whether the respective personal data are transmitted into a third country or to an international organization. In connection with the transmission you have the right to be informed about suiting guarantees according to Art. 46 GDPR.

You have the right to demand from the controller the rectification inaccurate and incomplete personal data. The controller is obliged to carry out the rectification without delay. 

On the following conditions you have the right to demand restriction of processing your respective data from the controller:

1. when you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
4. you have objected to data processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

When you have obtained restriction of processing following the prerequisites above you shall be informed by the controller before the restriction of processing is lifted.

a) Erasure obligations

You shall have the right to obtain from the controller the erasure of your personal data concerned without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: 

1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing is based according to paragraph (a) of Article 6(1), or paragraph (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
4. Your personal data concerned have been unlawfully processed.
5. Your personal data concerned have to be erased for compliance with a legal obligation according to Union or Member State law to which the controller is subject.

6. Your personal data concerned have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

    

b) Information to third parties

Where the controller has made your personal data public and is obliged to erase the personal data pursuant to Article 17 (1) GDPR, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform all controllers processing personal data that the data subject has requested the erasure by such controllers of any links, or copy or replications of those personal data.

c) Exceptions

The right to elimination does not exist in case the processing is necessary for:

1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health in accordance with paragraph (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise or defense of legal claims.

In case you have claimed your right on rectification, erasure or limited processing towards the controller, the controller is obliged to inform every recipient to which personal data concerned have been laid open, about this rectification, data erasure or limitation for processing, unless this is deemed impossible or implies disproportional efforts. 

You have right to be given the information about the recipients by the controller.

You have the right to receive your personal data concerning, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: 

1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) GDPR; and
2. the processing is carried out by automated means.

In exercising your right for data portability you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. 

The exercise of the right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. 

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This shall not apply if the decision is:

1. necessary for entering into, or performance of, a contract between you and a data controller;
2. authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
3. based on your explicit consent.

Nevertheless, these decisions shall not be based on special categories of personal data referred to in Article 9(2)1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particulary in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.