DATA PROTECTION

YOUR INFORMATION IS SAFE

Thank you for your interest in our website. The protection of your privacy is important for us. We see it as part of the responsibility of our group of companies to protect entrusted information in accordance with legal requirements. Below you will read how we take care of this on our website.

DATA PROTECTION POLICY

Status: May 2024

I. DATA PROTECTION INFORMATION ON THE MEG DERBY WEBSITE

General Terms and Conditions of use for the internet offer

The following terms of use apply to the use of the MEG Derby Limited website in general. These provisions may be unilaterally changed by MEG Derby Limited at any time. If the user registers, he/she also accepts these general terms of use in full for all subsequent visits in the current version.
MEG Derby takes the protection of personal data very seriously. Information such as, name, address, telephone number and e-mail address are so-called “personal data”.
We always act in accordance with applicable data protection laws and regulations and collect, use and process data in accordance with these regulations. Your data will not be sold, lent or provided to third parties without authorization.
In order to protect the confidentiality of your data, only selected, authorized employees of MEG Derby have access to your data. All employees are obliged to act in accordance with the applicable data protection laws and regulations and to comply with them at all times. Before working with our service providers, we conclude special “order processing contracts” to ensure that they also comply with the applicable data protection legislation when we pass on your personal data. This contract ensures that your personal data will be protected. Furthermore, MEG Derby has set up a secure IT environment and takes all measures to prevent unauthorized access to personal data and misuse.

WEBSITE

The contents of the MEG Derby website are protected by copyright. Downloading content of the website is permitted exclusively for private, non-commercial use. The content may not be used on other Internet pages or networked computers without the permission of MEG Derby. In case of violation of this rule, all printed or downloaded contents must be destroyed immediately. We reserve the right to assert further claims for damages in the event of a violation. The website https://meg-derby.com/ and its contents may be closed, changed or temporarily deactivated at any time. No permanent operation of the website is guaranteed. Of course, we endeavor to offer the full functionality of our website at all times. There is no entitlement to the functions provided or to the use of our website. We ask for your understanding in this regard. A claim for damages for the loss of uploaded files and stored content does not arise for the user.

Usage data for statistical purposes

When you visit our websites, so-called usage data is temporarily evaluated on our web server for statistical purposes as a protocol in order to improve the quality of our websites. This data record consists of:

• the name and address of the requested content
• the date and time of the query
• the amount of data transferred
• the access status (content transferred, content not found)
• the description of the web browser and operating system used
• the referral link, which indicates from which page you have reached ours
• the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.

The aforementioned log data is evaluated anonymously.

Storage of the IP address for security purposes

In addition, we store the full IP address transmitted by your web browser for a strictly limited period of seven days in order to recognize, limit and eliminate attacks on our websites. After this period, we delete or anonymize the IP address. The legal basis for this data processing is our legitimate interest to recognize, limit and eliminate attacks on our websites.

Data security

In order to protect your data from unauthorized access as much as possible, we implement technical and organizational measures. We do this by using an encryption mechanism on our websites. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Communication by e-mail/telephone/fax/post

Personal details that you send us by e-mail/phone/fax/post will be of course treated confidentially. We use your data exclusively for the purpose of processing your request. The legal basis for this is our legitimate interest. In addition, you can decide whether you would like to provide us with additional optional information. This information is provided voluntarily and it is not mandatory for contacting us. We process your voluntary information on the basis of your consent. In principle, we do not transfer your data to third parties outside MEG Derby. After we have answered your request, your data will be irretrievably deleted as soon as the data is no longer required and there are no statutory retention obligations to the contrary. Insofar as your data transmitted via the contact form is processed on the basis of our legitimate interest, you can object to the processing at any time. In addition, you can withdraw your consent to the processing of the optional information at any time with effect for the future by sending an email to datenschutz@schwarz-produktion.com.

COOKIES

Cookies are small text files that are used by websites to make the user experience more efficient. We store cookies on your device if they are absolutely necessary for the operation of this site (required cookies). For all other cookie types we need your consent. This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages. You can change or withdraw your consent at any time on our website under cookie policy. If you would like to contact us personally regarding your consent, please provide your consent ID and the date.
Necessary cookies only contain information on certain settings and are not personalised. They may also be necessary to enable user guidance, security and implementation of the site.
You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed and some functions may no longer be technically available.
You can find an overview of the cookies used with further information (e.g. on storage duration) in our cookie policy.

Google Ads und Google Tag Manager

In certain situations, we utilise the advertising options of Google Ads and Google Tag Manager. In these situations, you will initially be shown content provided by us as a result of a Google search, which you can click on. These are each labelled “Ad”.
As part of a campaign by our HR department, you will be shown job adverts that may be of interest to you after entering a corresponding search term. At this point, we do not have any information about you personally. If you click on the advert shown to you, you will be forwarded directly to our job portal, where you will be taken directly to the relevant job advert. However, before you can view this, you will be given the opportunity to give your consent to personalised tracking via Google Analytics (see the “Google Analytics” section) or to refuse this via our consent banner. If you give your consent, your application will be recorded when you click on “Apply now” and assigned to the corresponding campaign for the purpose of monitoring the effectiveness of this campaign (in short: which applications come via the Google advert?!).
Data processing takes place on the basis of your consent, provided you have given your consent via our consent banner. Your consent is voluntary and can be freely revoked at any time with effect for the future via our cookie policy.

Facebook Marketing Services (Pixel, Conversion Tracking, Ads, Custom Audiences)

On our websites, we integrate Facebook marketing services via the “Facebook Pixel” of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.
The Facebook pixel is a small image file that is loaded when the page is loaded and then enables JavaScript code to be executed in the browser of your end device. This JavaScript code can be used to read various information from your device’s browser and the cookies stored there.
This enables us to recognise visitors to our website and the devices they use. Visitors who have their own user account on the Facebook social media platform can be identified by Facebook as visitors to our websites based on the pixel (cross-device).
The Facebook pixel also enables us to track and analyse your interests based on the websites you visit and your interactions with our websites.
The information that we read out via the Facebook pixel includes in particular

• Information that is contained in the so-called HTTP header when a website is called up in the browser of your end device, in particular usage data such as IP address, information about the web browser used, the location of the page, the files retrieved, the referral link that indicates from which page you came to ours,
• characteristics of the device you use to access our website,
• any cookies already present in the browser of your end device that have been set by Facebook services, e.g. “_fbp” and “fr” marketing cookies,
• Button click data, i.e. data about which buttons on the websites were clicked by visitors, the labels of these buttons and all pages that were visited as a result of the button clicks, e.g. searching for certain items, adding to the shopping basket or completing a purchase,
• Form field names, such as “e-mail”, “address”.

Facebook uses this information to compile statistics for us as part of Facebook conversion tracking in the Facebook Ads ad manager, from which we can recognise how many users have reacted to our ads placed on Facebook and in what way. The conversion of an advert into an action by the website visitor is known as a conversion. Based on these statistics, we can optimise the effectiveness of our ads and manage our targeting strategy. In addition, we use the information collected via the Facebook pixel on our websites to create custom audiences in the Facebook Ads ad manager and to place target group-oriented adverts on Facebook.
Data processing takes place on the basis of your consent, provided you have given your consent via our consent banner. Your consent is voluntary and can be freely revoked at any time with effect for the future via our cookie policy.
In principle, we have no influence on further data processing by the third-party provider. Further information on the handling of personal data by Facebook can be found at https://www.facebook.com/policy.

ONLINE APPLICATION (JOB PORTAL)

MEG Derby is always on the lookout for qualified and motivated employees. You can use our job portal to apply quickly and conveniently. The data transmitted to us for this purpose will be processed exclusively within the scope of the law for the initial screening and to be able to send you a corresponding answer. The data will only ever be made available to the HR department and the relevant decision-makers within MEG Derby. The data of a specific application will be deleted after three months at the latest after completion of the application process for this position. If, in individual cases, your application is very interesting for us, but there is currently no suitable position available for you in the company, we will contact you and ask for your consent to store the data for a longer period of time so that we can consider you if a suitable position becomes available. Please note that applications that you send us by e-mail are transmitted to us unencrypted. We therefore recommend that you use the job portal. You also have the option of registering for our job portal, which you can use to apply for other positions in addition to your application for a specific position. There you will also find a transparent description of how we handle your personal data.

StepStone Quick Apply

For job advertisements on the StepStone platform, you have the option of applying directly for the specific advertised position using the “Quick Apply” function. In this case, StepStone collects the data relating to your application (name, address, telephone number, date of birth and details of your educational background and professional experience) and sends it to us for further processing of your application. In this case, StepStone will inform you transparently from the outset about the data processing taking place.
StepStone provides you with all the necessary information about the StepStone Quick Apply function via the following link: https://www.stepstone.de/e-recruiting/en/rechtliches/tc-job-listings/?intcid=Button_RC-homepage_Nav_Language-English

Press enquiries

We process data (name, business contact details such as email address and – if necessary – the name of the organisation you represent) that is collected as part of your press enquiry by email or contact form (see contact form/email contact) on the basis of our legitimate interest. The legitimate interest lies in our public relations work, freedom of expression and freedom of information, as we as a company have an interest in disseminating news as widely as possible.
In addition, depending on the specific enquiry, this data may be passed on within the Schwarz Group. In particular, but not exclusively, this includes the forwarding of data to other press offices within the Schwarz Group. The legitimate interest here arises from the interest in processing your press enquiry effectively and professionally.

Map services

On our websites, we embed map services that are not stored on our servers. To ensure that calling up our websites with embedded map services does not automatically lead to the content of the third-party provider being reloaded, we only display locally stored preview images of the maps in a first step. This does not provide the third-party provider with any information.
Only after you click on the preview image will the content of the third-party provider be reloaded. This provides the third-party provider with the information that you have accessed our site as well as the technically necessary usage data. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us permission to download content from the third-party provider.
The embedding is based on your consent, provided that you have previously given your consent by clicking on the preview image.
Please note that the embedding of some map services may result in your data being processed in third countries (e.g. countries that require additional safeguards by applicable data protection regulations). In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal. If we use providers in inadequate third countries and you consent, the transfer to this third country takes place based on your consent.

II. DATA PROTECTION INFORMATION FOR CUSTOMERS AND BUSINESS PARTNERS OF MEG DERBY

With the following information, we would like to inform our customers (business partners, suppliers, interested parties, end users) or the contact persons of our customers about our handling of the collection, processing and forwarding of personal data. The entity responsible for the data processing described below is the entity named in the legal notice (controller).

Purpose of data processing/legal basis

As part of a business relationship with our customers, we process personal data of our customers’ contact persons such as name, address, e-mail address, telephone/fax number, tax number, customer number, bank details. The processing is carried out for the purposes of clear identification and the initiation, execution, administration and processing of contracts, for general business correspondence and for the preparation of invoices and credit notes or refunds, the administration and enforcement of claims, compliance with legal regulations, data security and in the interest of comprehensive customer support. The legal basis for data processing in the context of the business relationship usually follows from the contract and is provided for by law in Art. 6 para. 1 lit. b) UK GDPR. In some cases, data processing also takes place to fulfil legal obligations. The permissibility for this is based on Art. 6 para. 1 lit. c) UK GDPR. In a few cases, we also collect and process contact data (surname, first name, contact date) from end users for the purpose of processing an enquiry in the context of a complaint. This data processing is carried out on the basis of a legitimate interest in the form of clarification of the complaint and is legally legitimised by Art. 6 para. 1 lit. f) UK GDPR. We consider the protection of the personal data obtained in this context by deleting this data in connection with the respective complaint immediately after clarification of the enquiry.

Recipients and categories of recipients

We only process our customers’ personal data internally for the above-mentioned purposes. Data is not passed on to recipients outside the company. The only exception to this is if we are obliged to do so by law or if service providers perform activities on our behalf (so-called processors) that are subject to instructions and can therefore view customer data. These service providers are carefully selected, audited by us and contractually bound in accordance with Art. 28 UK GDPR. We do not use our customers’ data for other purposes, in particular for marketing purposes.

Storage period/criteria for determining the storage period

We store the data required in each case for the duration of the business relationship with you and until the expiry of the applicable limitation periods and any resulting claims and to comply with statutory retention obligations.

Consequences of not providing personal data

Unless otherwise stated in the previous chapters, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract. Our customers are generally not obliged to provide personal data for the above-mentioned purposes. Failure to provide the aforementioned personal data may mean that your enquiry will not be answered or that a business relationship cannot be entered into.

III. PRIVACY NOTICE FOR OUR SOCIAL MEDIA PAGES

When you visit our Social Media page, it may be necessary to process data relating to you. We would therefore like to inform you in accordance with Article 13 of the UK General Data Protection Regulation (UK GDPR) about the handling of your data and your rights resulting from this.

1.1. Responsibility (Controller)

Responsible for the operation of our LinkedIn page is:

MEG Derby Limited
6000 Dove Valley Park, Park Avenue
Foston, Derbyshire
DE65 5BT
United Kingdom

In addition to us, LinkedIn is also responsible for the processing of your personal data. Insofar as we can influence this and configure the data processing, we will work within the scope of the possibilities available to us to ensure that LinkedIn handles the data in a manner that complies with data protection law. In this context, please also note the data protection notice of LinkedIn.
Pursuant to Art. 26 UK GDPR, we have a joint controllership with LinkedIn. Within this framework, LinkedIn runs the entire IT infrastructure of the service, maintains its own data protection guidelines, maintains a separate user relationship with you (if you are a registered user of LinkedIn) and, together with Schwarz Produktion Stiftung & Co. KG, is also responsible for the deletion of illegal or inappropriate posts and content on the site. In addition, LinkedIn is solely responsible for all questions regarding the data of your user profile, to which we as a company have no access. The LinkedIn has no influence on the processing of your data by Schwarz Produktion Stiftung & Co. KG in the context of customer communication or competitions.
If you would like to exercise your data subject rights (more on this under 1.6) with regard to a specific data processing over which we do have influence, please contact us. We will then examine your request (e.g., request for information or objection) ourselves or, if necessary, forward it to LinkedIn, if your request concerns data processing by LinkedIn.
You can find more information on data processing by LinkedIn and further objection options in its privacy policy: https://de.linkedin.com/legal/privacy-policy

1.2. Data processing by us

The purpose of the data processing by us on LinkedIn, in addition to the communication of company information on the respective brand pages (news, facts & figures, communication of specific specialist areas), communication of information on own brand production (new products, production cycle/production processes, quality) as well as on the sustainability strategy, publication of information on employee engagement, above all local employee recruitment (employee stories, employee benefits; career introduction; application process; employee events, job advertisements). The data you enter on LinkedIn, such as username, comments, videos, pictures, likes, public messages, etc. are published by LinkedIn and are not processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. We may share your content on our site if this is a function offered by LinkedIn. By sharing, your username is also visible. If you operate under your real name or are recognizable via photos in your profile, identification by other users on our part cannot be ruled out. Posts that we share on our company page are permanently stored there. When you delete your post, it is also deleted from our site. If you do not wish to be shared on our site, you can object to this via the above-mentioned method. In addition, we communicate with you via LinkedIn, for example by responding to your comments or coordinating enquiries in a targeted manner.
If you send us a request via LinkedIn, depending on the content, we may also refer you to other secure communication channels that guarantee confidentiality. For example, you always have the option of sending us your enquiries to the address stated above or by e-mail to info@schwarz-produktion.com. The choice of the appropriate communication channel is your own responsibility.
The legal basis for the processing of your data is Art. 6 (1) (f) UK GDPR. The data processing is carried out in the legitimate interest of conducting public relations for our company and being able to communicate with you.
Some social media platforms create statistics based on usage data and contain information about your interaction with our social media site. We cannot influence the implementation and provision of these statistics, nor can we prevent them. However, we do not make use of optional statistics from LinkedIn.
We process this information in accordance with Art. 6 (1) (f) UK GDPR in the legitimate interest of validating the use of our social media pages and improving our content in a target group-oriented manner.
We also occasionally use LinkedIn to provide targeted advertising.
For this purpose, we use target group definitions that are provided to us LinkedIn. We only use anonymous target group definitions – that is, we define characteristics based on, for example, general demographic information, behavior, interests and connections. LinkedIn uses these to display advertisements to its users accordingly. The legal basis for this is the consent that LinkedIn has obtained from its users. If you wish to revoke this consent, please use the revocation options provided by LinkedIn, as LinkedIn is responsible for this processing. Occasionally, we or LinkedIn also use publicly available data for target group definition. The legal basis for this processing is then Art. 6 (1) (f) UK GDPR. The legitimate interest on our part is to define a target group that is as suitable as possible. We never use sensitive categories of personal data mentioned in Art. 9 and 10 of the UK GDPR for target group definition.
We do not use target group definition based on location data. We do not pass on any personal data to LinkedIn as part of the target group definition.
If you wish to object to certain data processing over which we have control, please contact us using the contact details provided above.

1.3. Storage period

We delete your personal data when they are no longer required for the aforementioned processing purposes and no legal retention obligations prevent deletion.
Any public post by you on LinkedIn will remain in the timeline indefinitely unless we delete it due to an update of the underlying topic, a violation of the law or our guidelines, or you delete the post yourself.
We have no influence on the deletion of your data by LinkedIn itself. Therefore, the data protection guidelines of LinkedIn apply in addition.

1.4. Data processing by LinkedIn

LinkedIn may use web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with LinkedIn.
We would therefore like to point out that it cannot be ruled out that LinkedIn uses your profile and behavioral data to evaluate your habits, personal relationships, preferences, etc. In this respect, we have no influence on the processing of your data by LinkedIn, so that the use of LinkedIn is at your own responsibility.
You can find more information on data processing by LinkedIn, configuration options for protecting your privacy as well as further objection options and, if available and concluded, the agreement in accordance with Art. 26 UK GDPR in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

IV. USER RIGHTS AND CONTACT DETAILS

Finally, we would like to summarize all your data protection rights once again:

Rights as a data subject
As a website user, you have the possibility to assert the following rights against us as well as against the provider of the social media platform if the prerequisites are met:

Right of access
You have the right to request confirmation as to whether your personal data is being processed.

Right of rectification
You have the right to request the immediate correction of any inaccurate personal data concerning you and, if necessary, the completion of any incomplete data.

Right to erasure
You have the right to request the deletion of your personal data without delay, to the extent certain grounds apply according to applicable law.
Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no statutory retention obligations prevent deletion.

Right to restriction of processing
You have the right to request the restriction of processing to the extent certain grounds apply according to applicable law , e.g., if you have objected to the processing, for the duration of the review by the controller.

Right to data portability
In certain cases, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

Right of objection
If data is collected based on our legitimate interest or based on the performance of a task carried out in the public interest or in the exercise of official authority, you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right of appeal to a supervisory authority
You have the right to lodge a complaint with the Information Commissioner, or to the extent applicable to you with a supervisory authority, if you are of the opinion that the processing of data concerning you violates data protection provisions. The right of complaint can be asserted in particular before the Information Commissioner or to the extent applicable to you with a supervisory authority in the member state of your usual place of residence, your place of work or the place of the alleged infringement.

Contact details of the data protection officer
Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
office@datenschutz-sued.de

Contact details of the responsible person
MEG Derby Limited
6000 Dove Valley Park, Park Avenue
Foston, Derbyshire
DE65 5BT
United Kingdom