Privacy Policy

Thank you for showing interest in M365Connect. The protection of user’s personal data is our top priority. Here, you can find all information of how your personal data is used and protected in accordance with the Data Protection Laws. The data used by us depends largely on the user’s behaviours on our website and what they are openly comfortable in sharing, therefore it may differ from case-to-case.   

1. Responsible body and contact details of the data protection officer

M365Connect is responsible for the user’s data processing.

You can contact our data protection officer at

M365Connect
Kennedy Allee 93
60596 Frankfurt

You can email us at info@m365connect.com

 

Contact us by phone at +4962139737723

2. Data processing and usage based on your website interaction

2.1. Data categories, purpose of processing and legal basis

  • The company processes the following personal data for users interacting with company’s website, application, or other online tools (hereinafter collectively referred as “Online offer”): 
  • Personal data that the user voluntarily provide, such as user’s first and last name, email address, and telephone number, when engaging with our online offerings (e.g., during registration or when submitting contact requests). 
  • Information automatically transmitted to company website by user web browser or device, including user IP address, device type, browser type, previously visited websites, visited subpages, and the date and time of user’s inquiries.
  • For technical administration of the website (prevention and detection of fraudulent or similar activities) and for protection from attacks on our IT infrastructure, enabling user authentication. Art.6(1)(f) of General Data Protection Regulation (GDPR) pertains to the lawful basis for processing personal data under the criterion of “legitimate interests”
  • For online services (enabling the use of the services and functions of company’s Online Offers, processing of enquiries, sending of marketing information in the event of a corresponding request, Use of M365Connect) 

Article 6, paragraph 1, lit. (b) and lit. (f) of the General Data Protection Regulation (GDPR) provide two distinct lawful bases for processing personal data: 

  • Article 6(1)(b) – Contractual Necessity: According to this provision the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Essentially, if the company need to process someone’s personal data as part of fulfilling a contract (or pre-contractual obligations), this article gives the company the legal basis to do so.  
  • Article 6(1)(f) – Legitimate Interests: This provision allows the company for data processing if it is necessary for the purposes of legitimate interests pursued by the company, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. The legitimate interest must be real and present, necessitating a balancing test to ensure that the data subject’s rights do not override company’s interests. The company endures that the rights of the data subject are protected. 

The processing of personal data for the stated purposes is grounded on Article 6(1)(b) and (f) of the GDPR. Engaging with our online services establishes a quasi-contractual relationship as defined under Article 6(1)(b) of the GDPR. The provision of our online services in the intended manner necessitates the processing of personal data, including the transmission of data such as IP addresses to enable connectivity. 

Furthermore, there are instances where the company seeks user’s explicit consent for processing their personal data. In such situations, the processing is based on user’s consent, as per Article 6(1)(a) of the GDPR, in alignment with Article 7 of the GDPR, serving as the legal foundation for company’s actions. 

2.2 Cookies

This website uses cookies as part of company’s Online Offering. Cookies are small text files saved on the user’s device by the browser during a visit to company’s website. These files hold information pertinent to the user’s interaction with the site and their device. 

Depending on their type, the use of cookies may or may not require consent. Cookies that do not require consent include those essential for accessing our online services or those utilized for IT security purposes, all in accordance with Article 6(1)(f) of the GDPR. 

Conversely, cookies that require consent are used to personalize user experience by adapting company services to meet individual needs and preferences. Users provide their consent to their use through website’s “cookie banner” when they first visit our online offerings. Users have the option to withdraw their consent at any time by clicking a designated button to disable the use of such cookies on our website.  

For instance, the website utilizes cookies to identify if the user has previously visited company website. Additionally, the website uses temporary cookies aimed at enhancing user-friendliness, which are stored on the user’s device for a predetermined duration. Upon revisiting our site, it automatically recognizes the fact of the user’s return along with the user’s previous inputs and if required, supplements them

Furthermore, the website uses cookies to statistically record and evaluate the usage of company’s online services for optimization purposes. The legal basis for processing data associated with cookies requiring consent is Article 6(1)(a) of the GDPR, in conjunction with Article 7 GDPR. This data encompasses, but is not limited to, page views, duration of visit, source, country, and more. The company analyses this statistical information to enhance and optimize its offerings.

> Cookies Settings

Overview of the cookies used on this website:  

2.3. Google Analytics

This website utilizes the web analytics service “Google Analytics”, provided by Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics enables the company to analyse usage patterns of its online offerings. The data collected (hereafter referred to as “Usage Data”) are utilized to enhance company’s website and advertising efforts

During a user’s visit to the website, among others the following usage data are recorded

  • Accessed pages
  • User behaviour on the website
  • Approximate location (country and city)
  • IP address (in anonymized form, as detailed below)
  • Technical information such as browser type, internet service provider, device type, and screen resolution
  • Source of the visit (i.e., through which website or advertising medium the user arrived at our site) 

Google Analytics uses cookies stored in the user’s web browser for its services. These cookies contain a randomly generated user ID that enables recognition on future website visits. The recorded data is stored alongside the randomly generated user ID, which pseudonymously creates user profiles for evaluation purposes.  

Google Analytics cookies are stored based on Article 6(1)(a) of the GDPR, in conjunction with Article 7 of the GDPR. We obtain the necessary consent from our users immediately after they access our website through our cookie banner.  

IP Anonymization

This website utilizes a feature called “IP anonymization”, which anonymizes user’s IP address before it is transmitted to Google when user’s data is transferred from the EU or EEA to the US. User’s complete IP address is only transmitted to Google’s servers in exceptional cases; afterward, Google truncates the IP addresses. Google uses this information on the company’s behalf to enhance user website experience, compile reports on website activities, and provide additional services related to website usage. The IP address transmitted by user’s browser as part of Google Analytics data collection will not be merged with any other data collected by Google.  

Browser plug-in

User can prevent the storage of cookies by adjusting the settings in their browser software accordingly. However, it is to note that the user may not be able to utilize all the functions of this website to full extent. Additionally, the user may opt out of the collection and processing of data generated by the cookies, including your IP address, by downloading and installing the browser plug-in available at the following link.  

Objection to data collection

The user can prevent the collection of their data by Google Analytics by clicking on the following link. An opt-out cookie will then be set, which will prevent the collection of their data on future visits to this website. Click here to manage the cookie settings.  
You can find more information about how Google Analytics handles user data in Google’s privacy policy, which can be found here. 

3. Newsletter

If the user opts to receive the newsletters offered by the company, the website will ask for an e-mail address from the user initiating a process verifying that the user is the owner of the e-mail address provided, and consents to the receiving of the newsletters (double opt-in procedure). To personalize the newsletters, the website stores personal data such as first name, last name, and company. This data is used solely for the purpose of sending the requested information and documenting user consent. User can revoke their consent to store the data, including the email address, and its use for sending the newsletter at any time by using the “Unsubscribe” link in the newsletter.

The website works with a specialized external service provider for the management and delivery of our company newsletter. This provider is bound to adhere to the highest data protection standards, in accordance with Article 28 of the GDPR.

4. Contact Us

The website features contact forms to facilitate electronic communication with users. When a user utilizes these forms, the information provided in the input fields is transmitted to the website, and certain data may be retained for processing. 

The company assure users that this data is not shared with any third parties outside of the company. The sole purpose of retaining this data is to manage company correspondence with users effectively. 

The legal basis for processing data obtained from email communications is established by Article 6(1)(f) of the GDPR. Additionally, if the communication aims to conclude a contract, Article 6(1)(b) of the GDPR provides a further legal foundation for the processing. 

The personal data collected through the input fields is primarily used to facilitate contact with users and to prevent the misuse of the contact form. The website will retain user data only as long as necessary to fulfil the purpose for which it was collected. Once the respective correspondence is concluded, the data collected from the contact form and any data received via email will be deleted.

Should a user wish to object to the processing of their personal data, they have the right to do so. However, it is to note that this will mean the company cannot continue with the correspondence. To request the deletion of personal data, users are asked to email the company at info@m365connect.com Upon such a request, all personal data associated with the contact will be erased. 

The user has the right to object to the processing of his or her personal data at any time. In such a case, the correspondence cannot be continued. Please send us your deletion request via e-mail to info@m365connect.com. All personal data stored in the course of contacting us will be deleted in this case.

5. Social Media Policy

The website includes links to various social networks to enhance user access to our services and products and facilitate communication between the company and the user, users of our website and our social media pages. This integration aims to enrich our online offerings

The processing of data through these social media links is grounded on Article 6(1)(f) of the GDPR. Should the use of social media necessitate data transfer to countries outside the European Union or European Economic Area (“third countries”), consent for such transfer is based on Article 6(1)(a) of the GDPR in combination with Article 7 of the GDPR, as indicated in our cookie banner consent process. 

The user can identify these links by the logos of the respective social media networks. When the user clicks on a logo, the browser establishes a direct connection with the servers of the selected social network, redirecting the user to the service provider’s website

It is to note that these links are not social media plugins. Therefore, clicking on these links initiates a connection and data transmission to the respective social media network. We advise you to use these services and their functionalities at your own discretion and risk. It is also important to be aware of the terms and conditions and data processing guidelines of the respective social media network operators when users access their networks and platforms. The following third-party providers are included in our website’s social media references

5.1. Youtube

The company’s website utilizes the video-sharing platform YouTube, which is operated by YouTube, LLC (“YouTube”). YouTube is a service that enables the uploading and playback of video files. 

When a user visits a page on the company’s site that includes an embedded YouTube player, this player establishes a connection with YouTube’s servers. This connection is necessary to stream video and audio content. During this process, data is transmitted to YouTube, which acts as the data controller. Please note that the company does not have control over YouTube’s data processing practices. 

For detailed information regarding the extent, purpose, and further processing and use of data by YouTube, as well as the rights and privacy settings available to users, please refer to YouTube’s Privacy Policy. 

5.2. Facebook

This online service provides links to Facebook, operated by Facebook Ireland Ltd. (“Facebook”). When users visit the Company’s Facebook fan page, Facebook may collect the users’ IP addresses and other information available on their devices through cookies. This data collection assists the Company, the fan page operator, by providing statistical information about the usage of the Facebook page. 

The data collected in this context is processed and potentially stored by Facebook, including in countries outside the European Union. It’s important to understand that Facebook is the data controller responsible for the transmission and processing of this data under data protection law. For specifics on what data Facebook collects and how it is utilized, users are advised to refer to Facebook’s privacy policy for detailed information. 

5.3. X (Formerly Twitter)

The Company’s website includes links to its page on the short message service provided by X Inc., located at 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The entity responsible for data processing outside of the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

By engaging with X, personal data about users is collected, transmitted, stored, disclosed, and utilized by X Inc., irrespective of the users’ locations, including but not limited to the United States, Ireland, and any other country where X Inc. operates. This includes information users voluntarily provide, such as names and usernames, email addresses, telephone numbers, and any contacts uploaded or synchronized. Additionally, X analyses the content users share to gauge their interests, which may involve storing and processing confidential messages. 

For more detailed information, users are encouraged to review X’s privacy policy. 

5.4. Google Maps

This website utilizes Google Maps for displaying interactive maps and generating driving directions. Google Maps is a map service offered by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. Through the use of Google Maps services, information regarding the usage of this website, including the user’s IP address and the (start) address entered for the route planner function, may be transmitted to Google in the USA. When a user visits the Company’s website, their browser establishes a direct connection with Google’s servers, allowing map content to be directly transmitted to the user’s browser and integrated into the website. 

The Company has no control over Google’s further processing and use of data. If users wish to prevent Google Inc. from processing data about them via the Company’s website, they can disable JavaScript in their browser settings. However, doing so will result in the map display being unavailable. 

For additional information on the extent of data processing by Google Inc., users are encouraged to review Google’s privacy policy. 

6. Recipients and Recipient Categories

Within the Company, access to user data is provided only to departments requiring it to fulfil contractual and legal obligations. Service providers and vicarious agents working for the Company may also receive data for these purposes, especially if they adhere to confidentiality and data integrity. These entities typically operate in the sectors of IT services, telecommunications, as well as sales and marketing. 

Regarding the transfer of data to entities outside the Company, it is important to note that the Company only discloses personal data as necessary, in compliance with applicable data protection laws. Data about users may be disclosed if required by law or if the Company is authorized to provide such information. Under these conditions, recipients of personal data may include: 

  • Public bodies and institutions (e.g., law enforcement agencies) in case of a legal or official obligation,
  • Other affiliated companies, and
  • Service providers engaged in the context of order processing relationships 

7. Transfer to third countries

The transfer of data to entities in countries outside the European Union (EU), also known as third countries, is not generally anticipated by the Company but cannot be entirely excluded. Such transfers may occur if: 

  • They are mandated by law (e.g., statutory reporting obligations), or
  • The user has granted their consent to the Company. 

Additionally, data transfers to third countries may be necessary for the maintenance and assurance of the Company’s IT operations and IT security. 

The use of the Company’s social media and map services may result in the transmission and subsequent processing of usage data of the respective services in the USA. Any processing activities are based on the user’s explicit consent, obtained through the cookie banner. This consent is an exceptional, case-by-case justification in accordance with Article 49(1)(a) of the GDPR. It is important for users to be aware that the United States does not offer a level of data protection comparable to that of the EU and the European Economic Area (EEA). In particular, there is a possibility that public authorities may access personal data based on legal authorizations without the knowledge of either the Company or the user. The absence of comparable legal recourse in the USA means that seeking legal redress may not be feasible. 

Data transfers associated with the use of the Company’s social media and Google Maps services occur automatically through the use of cookies. 

Users have the option to refuse the use of cookies and other technologies entirely or to adjust individual settings. Furthermore, users can revoke their consent at any time. The processing of data carried out prior to the revocation remains unaffected by such revocation. 

8. Storage period

The Company processes and stores personal data as long as necessary for fulfilling contractual obligations and exercising rights. 

The revocation of consent previously given is retained for three years to comply with the Company’s accountability obligations. The management cookie is deleted six months after the last visit. Server log data are anonymized before storage. Data related to newsletters and invitations are deleted immediately upon unsubscribing. 

In certain cases, a longer duration of data storage may be justified for the purposes of evidence. For example, in Germany according to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can extend up to 30 years, with a regular limitation period of 3 years. 

9. Data security

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that users send to the Company as the site operator, the Company employs SSL or TLS encryption. An encrypted connection is indicated by the browser’s address bar changing from “http://” to “https://” and by the appearance of the lock icon in the browser line. 

Furthermore, the Company’s employees, contractors, and the service providers it commissions are obligated to maintain confidentiality and to comply with the provisions of applicable data protection laws. The Company implements suitable technical and organizational security measures to protect users’ personal data against loss, alteration, destruction, and access by unauthorized persons or unauthorized disclosure. These security measures are continually updated in accordance with technological advancements. 

10. Rights of data subjects

Every data subject is entitled to the following rights under the GDPR: the right to access per Article 15, the right to rectification per Article 16, the right to erasure (“right to be forgotten”) per Article 17, the right to restriction of processing per Article 18, and the right to data portability per Article 20. 

Regarding the right to access and the right to erasure, restrictions as outlined in §§ 34 and 35 of the German Federal Data Protection Act (BDSG) are applicable. Moreover, users have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR) in conjunction with § 19 BDSG. 

Users can revoke their consent to the processing of personal data by the Company at any time. This also includes revoking consents granted before the effectiveness of the GDPR, i.e., before 25 May 2018. It is important to note that the revocation applies only to future processing. 

Users also have the right, for reasons arising from their particular situation to object at any time to the processing of personal data concerning them, especially if the processing is based on Article 6(1)(f) GDPR. Should a user object, the Company will no longer process their personal data unless the Company can demonstrate compelling legitimate grounds for the processing that override the user’s interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims. 

Furthermore, in accordance with Article 22 GDPR, users have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. The Company generally does not use fully automated decision-making to establish, conduct, and terminate the business relationship. If the Company decides to use such processes in specific cases (e.g., to enhance products and services), users will be informed separately about such usage and their related rights, as legally required. 

11. Obligation to provide data

Within the scope of the Company’s online offerings, the processing of usage data is essential for the initiation, performance, and termination of the service, as well as for fulfilling the obligations related to it. Without collecting this usage data, the Company and its service providers would be unable to deliver the online offerings to the user. 

12. Profiling

The Company does not process the user’s personal data through automated means in a manner that produces legal effects concerning the user or similarly significantly affects them. 

13. Currency and amendments to this privacy policy

This Privacy Policy is current as of April 2024 and reflects the latest updates.