logo

Data protection

The purpose of this privacy statement is to inform you about the collection of personal data as a user of the mbeon website and the mbeon app. We are committed to presenting all material information regarding the protection of your data as transparently as possible. If, however, there remains any ambiguity or questions that require clarification, please do not hesitate to contact us.

A. DATA CONTROLLERS

The data controller in terms of data protection law for the mbeon website and mbeon app (hereinafter collectively referred to as "mbeon platform") is:

Deutsches Rotes Kreuz e.V.
DRK-Generalsekretariat
Carstennstraße 58
12205 Berlin
Telephone: 030 / 85404 - 0
Fax: 030 / 85404 - 450
Email: drk(at)drk.de
Complete operator identification: www.mbeon.de/impressum

These contact details are relevant for all questions relating to data protection and for any data protection claims you may have in relation to the mbeon platform.

The respective organisation whose advisor you selected for the advisory service is the data controller in terms of data protection law with respect to the specific advice and communication within the scope of this advisory service. Contact details are provided on the sites of the respective organisation.

B. COLLECTION AND STORAGE OF PERSONAL DATA WHEN USING THE MBEON PLATFORM

In the following, we would like to inform you about the processes relevant to data protection that occur when you access our website and use the mbeon app.

1. Log Files

Every time you access our website and the mbeon app, we automatically collect data and information about the computer system or mobile device used to access the website or mbeon app.

The following data is collected in the process:

(1) Information about the browser type and the version used

(2) Information about the user's operating system

(3) Date and time of access

(4) Websites from which the user's system reached our internet site

(5) Websites that are accessed by the user's system via our website

(6) The user's IP address

The data is saved in so-called log files in our system for 3 months with the exception of your IP address, which is automatically deleted after the data has finished being transmitted. This data is saved separately from other personal data related to the user; the data are not aggregated. The legal basis for storing this data is our legitimate interest in the provision of services and the evaluation of log file data for the purposes of tailoring services to needs as well as identifying errors and misuse (art. 6 para. 1 p. 1 lit. f GDPR).

For order processing, we use service providers to supply services, in particular for the provision, maintenance and servicing of IT systems.

2. Website Analysis / Cookies

We use the service “Matomo” (formerly “Piwik”) on the mbeon platform. This is a web analysis service that is used on the servers we operate.

Matomo enables us to create pseudonymised user profiles and use cookies. Cookies are small files that your browser creates automatically and saves to your computer system when you visit our site. Cookies do not harm your computer system and do not contain any viruses, Trojans or other malware.

We use cookies to improve the mbeon platform, e.g. to make it more user-friendly and adapt it to user interests.

The following data is saved and transmitted in cookies:

(1) Browser type/version

(2) Operating system used

(3) Region in which the user connected to the internet

(4) Time and country of server request

(5) Number of visits to our site

(6) Websites that are accessed by the user's system via our website

Your IP addresses or other data that makes it possible to attribute this data to you are not included in this. This data is not saved together with other personal data related to the user. The data is retained for a period of 2 years.

You can prevent cookies from being installed via the relevant setting in the browser software. Please note, however, that if you do this, you may not be able to use the full functionality of the mbeon platform.

Alternatively, you can prevent data from being collected by Matomo by deactivating the checkbox in the following form field. This will then set an opt-out cookie that will prevent future collection of your data when visiting the mbeon platform. The opt-out cookie is only valid in this browser and/or the end user device on which the app is installed. If you delete cookies in this browser, then you must replace the opt-out cookie.

Our use of Matomo is based on our legitimate interest in continuously improving the mbeon platform (art. 6 para. 1 p. 1 lit. f GDPR).

You can decide here whether a unique web analysis cookie may be placed in your browser and/or app to enable the operator of the website to collect and analyse various statistical data.

If you do not wish to have this cookie, then click on the following link to place the Matomo deactivation cookie in your browser.

For order processing, we use service providers to supply services, in particular for the provision, maintenance and servicing of IT systems.

C. REGISTRATION

Registration is required in order to be able to use the mbeon platform as a client or advisor. The data you provide in this context is only used to facilitate use of the services provided.  The legal basis for collecting data is the performance of the user contract (art. 6 para. 1 lit. b GDPR). The data shall be deleted no later than by the time the statutory limitation periods expire.

For order processing, we use service providers to supply services, in particular for the provision, maintenance and servicing of IT systems.

D. CONTACTING US

You can get in touch with us or the participating organisations electronically via email. The data that you send via e-mail is then transmitted to and saved by us.

When you write us or an organisation an email and have questions about the mbeon platform or the advisory service provided by the organisation, the legal basis for processing data is art. 6 para. 1 lit. b GDPR (initiation or performance of a user or consultancy contract), as well as art. 6 para. 1 lit. f GDPR (legitimate interest in communicating and its documentation).

The data transmitted to us is processed only for the purposes of communication with you.

This data is deleted when it is no longer required for the respective purpose, i.e. when the exchange via email is concluded, your query has been dealt with in full and no further statutory retention requirements apply.

For order processing, we use service providers to supply services, in particular for the provision, maintenance and servicing of IT systems.

E. ADVISORY SERVICES PROCESSING

The advisory services are performed by the respective organisation whose advisor you have selected. The organisation's contact details are provided in the advisor profile.

The privacy notice of the respective organisation applies. If the organisation has not published its own privacy notice, then the following applies:

The organisation retains all information provided by you within the scope of providing the advisory service as well as advisor notes on the advice specifically provided. Data is processed for the purposes of providing advisory services. The legal basis is the performance of the consultancy contract (art. 6 para. 1 lit. b GDPR). After the advisory service is concluded, the organisation may retain the advisory service documentation for verification that proper advice has been given (art. 6 para. 1 lit. f GDPR) for the duration of the statutory limitation period.

If special categories of personal data referred to in art. 9 para. 1 GDPR (e.g. health data, information about ethnic origin or religious belief) are disclosed, you give your consent with this disclosure (art. 9 para. 2 lit a GDPR) that the organisation may process this information for the purposes of providing the advisory service. You can revoke this consent prospectively at any time. Following revocation, the organisation will no longer process the special categories of personal data for the purposes of providing the advisory service, but will continue to retain it for verification that proper advice has been given and for defence against possible claims (art. 9 para. 2 lit. f GDPR) for the duration of the statutory limitation period.

The documentation of the advisory service is deleted on a regular basis three calendar years following the end of the advisory service. The advisory service is considered to have ended no later than when the client deletes his or her account on mbeon.

If there has been a clearly expressed intention of committing suicide, the organisation will inform the responsible authorities and transmit the personal data available. The legal bases for this are art. 6 para. 1 lit. d GDPR and art. 9 para. 2 lit. c GDPR (vital interests of the data subject).

For order processing, the organisations use service providers to supply services, in particular for the provision, maintenance and servicing of IT systems.

F. DATA SUBJECT RIGHTS

If we or the organisation whose advisor you have consulted have processed your personal data according to art. 4 no. 1 GDPR, you are a data subject as defined by the GDPR, and you are entitled to the following rights in relation to the respective data controller:

(1) Art. 15 GDPR - Right of access: You can demand information about the personal data being processed. In particular, you can demand information about the purposes for processing, the categories of recipient to whom your personal data has been or will be disclosed, the planned retention period, the existence of the right to correction, deletion, restriction of processing or objection, the right to lodge a complaint, the origin of your data if it was not directly provided by you as well as information about the existence of automated decision-making, including profiling and, where applicable, meaningful information about the details.

(2) Art. 16 GDPR - Right to correction: You can demand the correction without undue delay of inaccurate, stored personal data or demand the completion of your stored personal data.

(3) Art. 17 GDPR - Right to deletion: You can demand the deletion of your stored personal data so long as its processing is not required for the exercise of freedom of expression and information, the fulfilment of a legal obligation, on grounds of public interest or enforcement, or the exercise or defence of legal claims.

(4) Art. 18 GDPR - Right to restriction of processing: You can demand the restriction of processing of your personal data provided that the accuracy of the data is contested by you, the processing is unlawful and you oppose its deletion and we no longer need the data, but you require it for the establishment, exercise or defence of legal claims or you have objected to the processing pursuant to art. 21 GDPR.

(5) Art. 20 GDPR - Right to data portability: You are entitled to receive the personal data that you have provided us with in a structured, commonly used and machine-readable format, or demand that the data be transmitted to another data controller.

(6) Art. 7 Para. 3 GDPR - Right to withdraw consent: You can withdraw the consent you have given to us at any time. This means that from then on we may no longer continue processing data to the extent this was based on this consent.

(7) Art. 77 GDPR - Right to lodge a complaint: You can lodge a complaint with your supervisory authority. Generally, you can contact the supervisory authority of your usual residence, place of work or our registered office.

(8) Art. 21 GDPR - If your personal data is being processed based on legitimate interests pursuant to art. 6 para. 1 p. 1 lit. f GDPR, you have the right to object to the processing of your personal data if there are grounds justifying this that relate to your particular situation or the objection is against direct marketing. In the latter case, you have a general right to object that will be acted on by us without the need to reference special circumstances. If you would like to exercise your right to withdraw consent or your right to object, you merely need to send an email to info(at)mbeon.de or to the respective organisation whose advisor you have contacted.