MES Privacy Policy

Data Protection

General Advice and Mandatory Information Designation of the Office Responsible

The responsible party for data processing on this website is:

Model Engineering Solutions GmbH
Waldenserstraße 2-4
10551 Berlin
Germany

The responsible party makes decisions, either alone or jointly with others, regarding the purposes and means of processing personal information and data (e.g. names, contact details, etc.).

Recipient of the Data

The transfer of data will only take place within the framework of a written contractual agreement, which clearly defines the responsibilities for compliance with rights and obligations, or in accordance with the rules set out below.

The Right to Object to the Processing of Personal Data

according to Art. 21 GDPR

The processing of your data is only possible with your express consent. You may revoke your consent to receive our newsletter at any time. An informal notification via email (datenschutz@model-engineers.com) is sufficient to revoke your consent. The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation.

Right to Appeal to the Competent Supervisory Authority

As the person concerned i.e. data subject, you have the right to complain to the relevant supervisory authority in the event of a breach of data protection law. The competent supervisory authority with regard to data protection issues is the State Data Protection Commissioner of the federal state in which our company is based namely Berlin, Germany. The following link takes you to the Berlin Commissioner for Data Protection and Freedom of Information and her contact details:
https://www.datenschutz-berlin.de/ueber-uns/kontakt

Right to Data Portability

(according to Art. 20 GDPR)

You have the right to have data, which we process automatically on the basis of your consent or for the fulfilment of a contract, handed over to you or to third parties. The data will be made available to you in a machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place to the extent that it is technically feasible.

Right of Access, Rectification, Restriction, and Erasure

Right to access (according to Art. 15 GDPR), rectification (according to Art. 16 GDPR), restriction (according to Art. 18 GDPR), and erasure (according to Art. 17 GDPR)

You have the right to information about your stored personal data, origin of the data, its recipient and the purpose of the data processing and, if necessary, the right to correct, block or delete this data at any time within the scope of the applicable legal provisions. You can contact us at any time regarding what data we collect and other questions about your personal data via datenschutz@model-engineers.com.

Insofar as we believe that a data subject's rights that you have asserted cannot be granted, we will explain this in writing at your request. Please note that proof of identity may be required to prevent data misuse (Art. 12 (6) GDPR).

SSL and/or TLS Encryption

Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content that you send to us as the operator of this website. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" in your browser’s address line and the padlock icon displayed in your browser’s address bar.

Data Protection Officer

We have appointed an internal data protection officer. The data protection officer responsible for the processing is:

Dr. Hartmut Pohlheim
Waldenserstraße 2-4
10551 Berlin,
Germany

Tel.: +49 30 209164630
Email: datenschutz@model-engineers.com

Server Log Files

(according to the fulfillment of contractual or pre-contractual measures within the scope and context of Art. 6 (1) b) GDPR)

The website provider automatically collects and stores information in server log files that your browser automatically transmits to us. These are:

  • Visited page on our domain
  • Date and time of the server request
  • Browser type and browser version
  • Operating system used
  • URL type (referrer)
  • Device type
  • IP address is anonymized to 2 bytes

This data is not merged with other data sources.

jQuery

(based on our legitimate interests within the meaning and context of Art. 6 (1) f) GDPR)

jQuery is a JavaScript library that, among other things, simplifies the process of going through HTML documents and offers further advantages for the technical implementation of our website. For more information please visit their website: https://jquery.com/

jQuery is provided by the OpenJS Foundation. Consequently, the third-party vendor's privacy policy applies.
For more information about their privacy policy, please visit: https://privacy-policy.openjsf.org

Contact Forms

(in accordance with the consent you granted to us according to Art. 6 (1) a) GDPR and on the basis of our legitimate interests Art. 6 (1) f) GDPR)

If you send us support requests, or a request for an evaluation license, or to subscribe to our mailing list, etc. using the request form, the information that you provide in the request form, including your contact data and, if necessary, host identification, version number of the MES Quality Tools, system environment, and customer status, will be stored in our customer database for the purpose of processing the request and in case of follow-up questions. You can read or find more details in the query in each inquiry form. Based on your consent, the data you provide will be forwarded to us via the website using the double opt-in procedure and processed by us accordingly. We will not share this data without your consent.

So long as there is no other legal basis, your personal data will be kept until you object to the use of the data, revoke your consent, or request its deletion. Furthermore, the continued existence of the legal basis for the respective data storage is regularly checked and, if it ceases to exist, the personal data is deleted with an appropriate processing time frame of up to three (3) months.

Projektron BCS

(in accordance with our legitimate interests and to fulfil our business purposes according to Art. 6 (1) f) GDPR)

MES uses the web-based Projektron BCS project management software as a customer management system (CRM) as well as for internal management (HRM) and project management. Projektron BCS is not a cloud service provider where your data is processed. Instead, data is hosted on our servers and managed internally. The system serves as the basis for securing business practices, processes and implementing subsequent systems, in order to optimize the range of services for our customers.

In Projektron BCS, the data of both external and internal natural and legal persons is stored and processed. Naturally, the various legal requirements relating to functionality and transparency of data are adhered to, meaning that your data is processed and stored in a way that protects your personal security, integrity, and confidentiality. All employees have access to the CRM data in order to fulfil their business obligations. However, not all employees have access to these data, which is secured by means of specific rights and licenses. The modification, deletion or any other processing of these data can only be carried out by the competent and qualified person or people responsible. Similarly, no data that is classified as highly sensitive or that is designated by the sender as confidential is stored in Projektron BCS.

However, personal data will be stored until the person concerned objects to the use of the data, revokes his/her consent or requests its deletion, provided that no other legal basis exists. Furthermore, the continued existence of the legal basis for the respective data storage is regularly checked and, if it ceases to exist, the personal data is deleted with an appropriate processing time frame of up to three (3) months.

Newsletter Data

(in accordance with your consent granted according to Art. 6 (1) a) GDPR)

We need your email address in order to send our newsletter to you. After registration, you will receive an email asking you to confirm your registration and that you agree to receive the newsletter. Additional data is not collected or is optional. This data is used exclusively for sending our newsletters.

The data provided when registering for the newsletter will only be processed on the basis of your consent. You may revoke your consent to receive our newsletter at any time. In order to do so, simply send us an email (marketing@model-engineers.com) or unsubscribe using the "Unsubscribe" link at the end of each newsletter. Your revocation does not affect the legality of the data processing that has already been carried out.

If you revoke your consent to receive our email, all data entered to set up your subscription will be deleted. Should this data have been transferred to us for other purposes and/or used elsewhere, we will retain this data in order to carry out these purposes.

CleverReach

(in accordance with your consent granted according to Art. 6 (1) a) GDPR and on the basis of our legitimate interests according to Art. 6 (1) f) GDPR)

We use CleverReach to send our newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. With this service, we can organize and analyze the distribution of our newsletters. The data you provide in order to receive the newsletter, such as your email address, is stored on the CleverReach servers which are located in Germany and/or Ireland.

Sending our newsletters with CleverReach enables us to analyze the behavior of the recipients of our newsletters. Among other things, we can track how many recipients have opened the email containing our newsletter and how often various links in the newsletters were clicked. CleverReach supports conversion tracking in order to analyze whether a predefined action, such as the purchase of a product or service on our website, took place after clicking on a link in the newsletter. For more information about how data is analyzed by CleverReach, please visit:
https://www.cleverreach.com/en/features/reporting-tracking/

We process your data provided you have given us your consent (Article 6 (1) a) GDPR) and on the basis of our legitimate interests (Article 6 (1) f) GDPR) to improve the content and distribution of our newsletter. Data, such as the read confirmation of a newsletter or similar, is stored and managed in Projektron BCS to optimize our work using Cleverreach in the long term.

You may revoke your consent to receive our newsletter at any time. Simply send us an email (marketing@model-engineers.com) or unsubscribe using the "Unsubscribe" link at the end of each newsletter. Your revocation does not affect the legality of the data processing that has already been carried out.

If you do not want CleverReach to analyze your data or usage of the newsletter, you must unsubscribe from the newsletter. To unsubscribe, simply send us an email (marketing@model-engineers.com) or unsubscribe using the "Unsubscribe" link at the end of each newsletter.

If you choose to unsubscribe, the data entered to set up the subscription will be deleted from our servers and the servers of CleverReach. Should this data have been transferred to us for other purposes and/or for use elsewhere, we will retain this data in order to carry out these purposes. For details on CleverReach's privacy policy, please refer to:
https://www.cleverreach.com/en/privacy-policy/.

Data and Order Processing

We have entered into an agreement with CleverReach for the outsourcing of our data processing and fully implement the requirements of the German data protection authorities when using CleverReach.

Training

(in accordance with your legally binding registration Art. 6 (1) b) GDPR and on the basis of our legitimate interests Art. 6 (1) f) GDPR)

In order to prepare and conduct a training class and, if necessary, to document it, personal data will be processed on the basis of your legally binding registration. Based on our legitimate interest and in order to carry out follow-up work, e.g. for the evaluation of trainings or for follow-up information about thematically similar (follow-up) events and event-relevant publications, personal data will also be processed. This is also done to improve the quality of our training classes. In alignment with our public relations strategy, we may also process image and video recordings and publish them on our website. This is done on the basis of our legitimate economic interests. You will be informed of this separately with each registration and must provide us with your consent. You have the right to object to the use of your data and have the right to withdraw your consent.

The stored data includes your personal information (name, title, form of address, etc.), your contact details, event information, the legal basis for data storage and, if applicable, image and video recordings.

Some of the training classes of the MES Academy and tudoor academy are also offered as live webinars. This will be explicitly communicated to you when you register for a training class. Accordingly, the respective regulations of the "MES Webinars", "MES Live Webinars" and "MES On Demand Webinars", which you will find below, also apply.

Training participants agree to be contacted and agree to have their data stored for the preparation, implementation, follow-up, and documentation of the training classes. If no further contact is made with our company, your personal data will be deleted from the database after 36 months with a processing period of up to three (3) months, or in individual cases, after verification. For documentation purposes vis-à-vis the public authorities and in accordance with the legal data protection requirements, event documents are retained for a period of ten (10) years.

tudoor academy

(in accordance with your legally binding registration Art. 6 (1) b) GDPR and on the basis of our legitimate interests Art. 6 (1) f) GDPR)

tudoor academy is a cooperation between MES and samoconsult GmbH to provide various training classes. Depending on the type of training class, these can be conducted via webinar or in-person.

Your data will be processed accordingly by tudoor academy. The data to be processed corresponds to that of the face-to-face trainings as well as live and on-demand webinars. For more information about samoconsult GmbH's privacy policy, please visit: http://www.samoconsult.de/datenschutz.html

We process this data according to our legitimate interest for example in optimizing our processes, improving the quality of our training classes and services, etc. When you registering for one of our training classes or webinars, we will inform you about this and you must agree to it in order to take part.

The participant data required to conduct a training class will be shared with the respective trainers.

Training Classes and Webinars Held by Third Parties

(in accordance with your legally binding registration Art. 6 (1) b) GDPR and on the basis of our legitimate interests Art. 6 (1) f) GDPR)

For training classes that take place in the USA, People's Republic of China or India, the respective privacy policies of the partner companies, subsidiary as well as distributors apply.

For training classes in Detroit, MI. U.S., offered by dSPACE, Inc. the privacy policies of dSPACE, Inc. apply.

For more information, please visit: https://www.dspace.com/en/inc/home/privacypolicy.cfm

For training classes offered by Model Engineering Solutions Ltd. (Shanghai, China), the privacy policy of Model Engineering Solutions Ltd. applies.

MES Webinars

(in accordance with your consent granted according to Art. 6 (1) a) GDPR) and your legally binding registration Art. 6 (1) b) GDPR)

MES' Live Webinars

We use Cisco WebEx Meeting Center for the streaming and registration management of the MES Webinar Series. The data entered during registration is stored in the Cisco WebEx Meeting Center and is transferred to the MES customer database (Projektron BCS) and processed for the corresponding purposes. Please note that Cisco WebEx Meeting stores your IP address. However, we do not store this information in our CRM program or in any other way. We are therefore unable to respond to any request for information from you regarding your IP address. For more information, please refer to the Cisco WebEx Meeting Center privacy statement:
https://www.cisco.com/c/en/us/about/legal/privacy-full.html

Webinar participants agree to be contacted and to have their data stored for the preparation, execution, follow-up, and documentation of the webinars. If no further contact is made with our company, your personal data will be deleted from the database after 36 months with a processing period of up to three (3) months, or in individual cases, after verification.

MES’ On-Demand Webinars

In order to view our on-demand webinars, we collect the contact data you entered in the form and transfer it to our customer database (Projektron BCS). By entering your data, you give us your consent to transfer and process this data.

Online SAE Evaluation Test

(exceptions for certain cases if there is no adequate decision made with the recipient country and if there are no suitable guarantees according to Art. 46 GDPR (Art. 49 (1) a) b) GDPR))

The SAE evaluation test is a voluntary option that can be purchased in addition to our ISO 26262 training class. The test takes place online and is uploaded onto our website. The landing page created for this purpose cannot be indexed or tracked by Google. After each training class where an SAE test has been completed, the page is taken offline again. After successfully completing the test, the data is forwarded to the U.S. company, SAE International. SAE International then issues the certificates for the participants who passed the evaluation test.

Before making a purchase, all participants who want to take part in the evaluation test are notified about the transfer of data to SAE International and the resulting data processing that is carried out by SAE International. Participants cannot take the test unless they give their consent.

We would like to point out that internal data protection (Art. 47 DSGVO) at MES is comprehensive and all-inclusive, but due to the current legal basis we need your consent in order to forward your data to the U.S. company, SAE International. This serves your data security as well as our processing purposes.

Your data will be kept for ten (10) years due to the necessary accounting and legal requirements for bookkeeping purposes. If no billing takes place, your data will be checked after 36 months and deleted within a processing period of three (3) months.

Surveys and Evaluation Forms

(in accordance with our legitimate interests to fulfil our business purposes according to Art. 6 (1) f) GDPR and your consent according to Art. 6 (1) a) GDPR)

We use customer surveys and online or print evaluation forms in order to improve the quality and to measure the effectiveness of our events, webinars, training classes or similar. The questions mentioned in the surveys/evaluation forms and corresponding answers are collected and processed. This data is used for analysis and statistics. In the case of certain surveys/evaluations, the data is immediately anonymized. A request for information is not possible in the case of anonymous surveys/evaluations, as the data collected cannot be traced to a survey respondent and/or the person requesting information in any way.

If the surveys/evaluations are not completely anonymized, the persons participating in the survey will be expressly informed of this in advance. The legal basis for processing this data rests on your active consent to participate in our surveys or evaluation forms. The data collected will be treated with appropriate sensitivity and confidentiality. If there is no longer a legal basis to collect or process the data and the data is not anonymized, it will be deleted immediately. Print copies will be shredded or otherwise destroyed immediately.

Evaluation requests from customers are entered into our CRM program (Projektron BCS) and are only carried out on request or due to purchase orders or commissions. Article (Art. 6 lit. b) of the GDPR is the legal basis for data processing in this case.

Regarding surveys and evaluations conducted via Cisco WebEx Meeting, the corresponding data protection provisions of the third-party provider apply. As in the case of webinars, the data is also taken from MES to carry out a survey or evaluation and stored anonymously. Please note that Cisco WebEx Meeting stores your IP address. However, we do not store this information in our CRM program or in any other way, shape or form. We are therefore unable to respond to any request for information from you regarding your IP address. For more information, please refer to the Cisco WebEx Meeting Center privacy statement:
https://www.cisco.com/c/en/us/about/legal/privacy-full.html

YouTube

(in accordance with our legitimate interests according to Art. 6 (1) f) GDPR)

We use plugins from YouTube to integrate and display video content on our website. The provider of the video portal is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When a webpage with an integrated YouTube plugin is accessed and you activate the corresponding content, your browser creates a direct connection with YouTube's servers. This tells YouTube which of our pages you have visited.

If you are logged in to YouTube as a member, YouTube can directly assign your browsing behavior to your personal profile. You are able to prevent this by logging out of your YouTube account.

YouTube is used to help make the services and video content offered on our website appealing.

Further information about the scope and purpose of the data collection and the further use and processing of the data by YouTube as well as your associated rights and configuration options to protect your privacy can be found in the YouTube privacy policy: https://policies.google.com/privacy.

Data and Order Processing

In order to fully comply with the legal data protection requirements, we have entered into a contract with Google for order processing. YouTube is a part of Google.

 
Matomo - Cookies

(in accordance with our legitimate interests to fulfil our business purposes according to Art. 6 (1) f) GDPR)

We use the open source software tool Matomo on our website. This is a so-called web analysis service. Matomo uses cookies. These are small text files that your web browser stores on your device. Cookies help us to make our offer more user-friendly, effective, and secure.

Each time one of the individual pages of this website is opened, the internet browser on your IT system is automatically triggered by the Matomo component to transmit data to our server for the purpose of online analysis. Within the framework of this technical procedure we obtain knowledge of personal data, such as the IP address, which allows us, among other things, to track visitors' approximate location and clicks.

In the process, a certain degree of anonymization is guaranteed, ensuring your right to data privacy.

  • Your IP address is anonymized to 2 bytes.
  • A pseudonym for your user ID is created by means of a salted hash function.
  • Your exact location is indeterminable for us, solely the region in which you are located.
  • Tracking is enforced without cookies.
  • The referrer-URL is not recorded, however the referrer type is still evaluated.

This personal data is stored by us and is not shared with third parties. You can disable the use of cookies on our website at any time by changing the relevant settings in your internet browser and thereby permanently object to the use of cookies. This also prevents Matomo from using cookies on the IT system.

If you wish, you can object to the collection of your data by Matomo. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo does not store any session data. Please also note that if you delete your cookies, this will result in the opt-out-cookie also being deleted and you may have to reactivate it.

Further details about the provider Matomo's privacy policy can be found here: https://matomo.org/gdpr-analytics/?footer

Google Web Fonts

(in accordance with our legitimate interests to fulfil our business purposes according to Art. 6 (1) f) GDPR)

Our website uses Google Web Fonts for the consistent representation of fonts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The use of these web fonts makes a uniform presentation of our website possible, regardless of which fonts are used or are available locally. To do this, the corresponding fonts from Google servers are loaded into the cache of your web browser. This tells Google that our website has been accessed using your IP address. The use of Google Web Fonts takes place on the legal basis mentioned above. As operators of this website, we have a legitimate interest in the optimal presentation and transmission of our web presence.

More information about Google Web Fonts can be found at:

Google Maps

(in accordance with our legitimate interests to fulfil our business purposes according to Art. 6 (1) f) GDPR)

Our website uses Google Maps. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Maps enables you to determine the exact location of MES and to use additional features provided by Google.

Modeling Guidelines Interest Group (MGIGroup)

(in accordance with your consent granted according to Art. 6 (1) a) GDPR)

The MGIGroup forms a network of internal and external experts who discuss certain topics concerning model-based software development. We created the MGIGroup on the LinkedIn platform and use it on said platform.

You can read more about LinkedIn's privacy policy here:
https://www.linkedin.com/legal/privacy-policy

Some of the information and data that members of this group share with us on the LinkedIn platform is stored in our contact management system (Projektron BCS). As long as you are a member of the MGIGroup, your data will be processed by us within reasonable limits. If you choose to leave the group, your data will be stored for three (3) years after which, provided there is no further active contact between you and MES, deleted within three (3) months. If you want your contact data to be deleted sooner than that, you are welcome to contact us. Please note that a processing period of three (3) months for the deletion of your data must also be taken into account here.

Similarly, the responses of the respective person to the surveys asked for are stored, analyzed, and evaluated. The results of these surveys are then made anonymous so that we can publish the results of the surveys on our website. Personal data is not passed on to external persons or other members. Furthermore, our regulations regarding evaluation forms and surveys apply.

A request for information is not possible if the data has already been made completely anonymous, as no conclusions can be drawn between the data collected and the person requesting information.

As far as the surveys have not been made completely anonymous, the persons participating in the survey will be actively informed in advance (when registering with MGIGroup, but at the latest for each individual survey). The legal basis is ensured through the active consent to participate in the survey. The data collected will be treated with appropriate sensitivity and confidentiality. If there is no longer a legal basis to collect or process the data and the data is not anonymized, it will be deleted immediately. Print copies will be destroyed immediately.

WeChat

(in accordance with your consent granted according to Art. 6 (1) f) GDPR)

We use WeChat to communicate with our Chinese customers operating in the People's Republic of China. There is a QR link on this website that takes website visitors to the WeChat website. MES does not store or otherwise process the data there. WeChat IDs are only generated and stored from active contact with (potential) customers. Customers deliberately pass these IDs on to MES for contact and information assurance purposes. This data is processed in accordance with the GDPR and the Cybersecurity Law of the People's Republic of China.

When you use or visit the WeChat website, their privacy policy comes into force:
https://weixin.qq.com/cgi-bin/readtemplate?lang=en&t=weixin_agreement&s=privacy&cc=CN

You can read more about the user guidelines here:
https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=1503979103&version=1&lang=en_US&platform=2&token=1207450815

Job Applications

Data collection and processing are based on the following legal bases: your binding registration (Art. 6 (1) b) GDPR the processing of special categories of personal data (Art. 9 (2) b) GDPR), data processing in the context of employment (Art. 88 (1) GDPR), and data processing for purposes of the employment relationship (in accordance with the German Bundesdatenschutzgesetz (BDSG) / German Federal Data Protection Act Art. 26 (1) BDSG)

Data is collected and processed solely for the purpose of carrying out the application procedure for a position for which you have applied. For this purpose, we store your personal details, your contact address, your application documents, and the internal evaluation of your application. If there is a claim for reimbursement of travel expenses, your bank details will also be stored for this purpose.

The external software Personio is used for the processing of incoming job applications. Personio offers a cloud application for managing employee and application data. Data is processed according to European safety standards and the servers are hosted in Frankfurt, Germany in compliance with ISO/IEC 27001.

Personio's corresponding data protection standards and agreements can be found here:

A data processing agreement has been concluded with the company Personio, as well as the relevant technical organizational measures.

Personio is prohibited from transferring data to third parties. To use Personio, our employees are required to use two-factor authentication. Your data will only be transferred to the extent necessary for the application process, and only to employees who are involved in the application process due to their position or responsibility.

The data will be deleted after the completion of the application procedure or will be kept for no longer than a maximum of six (6) months. The statutory retention periods apply to payment-relevant data.

If you apply via a third-party provider, such as Indeed or similar, their privacy policies and data protection regulations come into force.

We currently actively use the following platforms and/or our job advertisements are mirrored on the respective websites:

Xing (https://privacy.xing.com/en/privacy-policy)

LinkedIn (https://www.linkedin.com/legal/privacy-policy)

Indeed (https://indeed.com/legal?hl=en&redirect=true)

Stepstone (https://www.stepstone.de/Ueber-StepStone/Rechtliche-Hinweise/datenschutzerklaerung/)

If a provider is not listed here, but nevertheless publishes our job advertisements on their website, the respective privacy policies and data protection regulations of the website operator come into force.

Source: Adapted from mein-datenschutzbeauftragter.de
Translated inhouse by MES from German into English.