Thank you for visiting our website and for your interest in msg life ag. In addition to providing our customers with holistic support, the protection of your personal data is extremely important to us.
The most important categories of data protection information are set out below.
I) Name and address of the controller
The data controller responsible for collecting, processing and using your personal data in the sense of the European General Data Protection Regulation (GDPR) is:
msg life ag
Data Protection, Humboldtstrasse 35, 70771 Leinfelden-Echterdingen, Germany
Tel.: +49 (0)711 949 580, fax: +49 (0)711 949 589 949
II) Name and address of the data protection officer
The data protection officer of the controller is:
msg life ag
Humboldtstrasse 35, 70771 Leinfelden-Echterdingen, Germany
III) General information on data processing
1) Why we use data
We aim to continuously improve our website, products and services and make them more attractive. Only when we know what sections of our website are visited most frequently and for the longest can we optimise the content of the msg life ag website in line with your requirements. If you entrust us with personal information, it will be used by msg life ag for the purposes of technical administration of the website, customer management, product surveys and marketing. The better we understand your wishes, the faster you will be able to find the information on our website.
2) Collection and processing of personal data
In this section, we describe the collection of personal data when you use our website. Personal data are all data that can be attributed to you personally, for example, your name, address, email addresses and user habits.
If our website prompts you to provide personal information such as your name, address or phone number, it is subject to special conditions of which you are made aware through the formulation below:
‘I consent to the collection, processing and use of my personal data, for example, for the purposes of registration, a contact form, a survey, a competition, a request for a publication, a newsletter subscription, the execution of a contract or customer relations and promotional measures. I can withdraw this consent at any time by sending notice to msg life ag, Data Protection, Humboldtstrasse 35, 70771 Leinfelden-Echterdingen, Germany.’
Besides the data that you provide to us, we use information based on how you use our website in order to guide you to information that might be of interest to you as quickly as possible and optimise our website continuously.
When you visit our website, we only collect the personal data that your browser sends to our server. If you would like to view our website, we collect data that are technically necessary for us to display our website and ensure its stability and security. The following data are collected:
The data are also stored in log files on our system.
We only store other personal data if you provide us with them, for example, for the purposes of registration; a contact form; a survey; a competition; a request for a publication; a newsletter subscription; the execution of a contract; or attracting, surveying and notifying potential customers, and in such cases only insofar as permissible on the basis of consent you have granted or in line with the relevant statutory regulations. The data are entered into a form, encrypted and sent to us and then stored by us.
If a user makes use of the form, the data entered in the contact form will be transmitted to us and stored. For example, these data include your first name, surname, job title, company, email address, phone number, your message or comment, your address, postcode, town or city, country and website.
Alternatively, you can also contact us via the email address provided. In this case, the personal data of the user that are transmitted along with the email will be stored.
3) Legal grounds for the processing of personal data
When we obtain the consent of a data subject to the processing of personal data, Article 6, paragraph 1, point (a), of the European General Data Protection Regulation (GDPR) serves as legal grounds.
Article 6, paragraph 1, point (b), of the GDPR serves as legal grounds for the processing of personal data where the processing is necessary for the performance of a contract to which the data subject is party. This also applies to data processing that is necessary to take steps prior to entering into a contract.
Article 6, paragraph 1, point (c), of the GDPR serves as legal grounds for the processing of personal data where processing is necessary for compliance with a legal obligation to which our company is subject.
Additionally, we process personal data for the purposes of our legitimate interests and the legitimate interests of third parties in accordance with Article 6, paragraph 1, point (f), of the GDPR. Such legitimate interests include preserving the functionality of our IT systems, marketing our own and third-party products and services and the legally necessary documentation of business contacts.
4) Purpose of processing
a) The temporary storage of an IP address by the system is necessary for the purpose of transmitting the website to the computer of the user. For this purpose, the IP address of the user must remain stored for the duration of the session. The IP addresses are required to diagnose problems and manage the website, and for demographic information.
The logged data are used exclusively for the purposes of data security, especially to prevent attempts at hacking our server and for statistical evaluations.
b) If you provide us with other personal data, for example, for the purposes of registration; a contact form; a survey; a competition; a request for a publication; a newsletter subscription; the execution of a contract; or attracting, surveying and notifying potential customers, we will use the data for the purposes of customer management and – if necessary – processing and settling any transactions to the extent required in each case.
c) If the data subject contacts a company of the msg life Group with a request for information (e.g. a request for information to be sent through our website), the processing of data is permissible for us to comply with the request. Personal data may be processed for promotional purposes or for market and opinion research as long as it is consistent with the purpose for which the data were originally collected.
d) If the data subject contacts us by email, the processing of personal data establishes the necessary legitimate interest in the processing of the data.
e) The other personal data processed during the sending procedure serve to prevent the misuse of the contact form and ensure the security of our IT systems.
5) Erasure of data and duration of storage
The personal data of the data subject will be erased or blocked as soon as the purpose for which they were stored has been achieved. Data can only be stored beyond this point if provided for by European or national legislation in European regulations, laws or other ordinances to which the controller is subject. The data will then be blocked or erased at the end of a storage period prescribed by these legal standards unless it is necessary to continue storing the data for the conclusion or performance of a contract.
If the data have been stored in log files, they will be deleted within no more than seven (7) days. It is possible to store the data for a longer period. In this case, the IP addresses of the user will be deleted or anonymised in order to prevent them from being associated with the visiting client.
6) Rights to object and erasure
The collection of the data in order to make the website available and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, the user has no right to object.
The user can revoke his/her consent to the processing of their personal data at any time. If the user contacts us by email, he/she can object to the storage of his/her personal data at any time. If you wish to withdraw your consent or modify the personal data you have provided for the purposes of correspondence, registration, etc., please send an email to the Marketing department of msg life ag at firstname.lastname@example.org.
In this case, all personal data that have been stored will be erased.
1) Description and scope of data collection
The provider of the pages automatically collects and stores information in server log files, which your browser sends to us automatically. This information includes:
your browser type and version, your operating system, the referrer URL, the host name of the visiting computer, the date and time of the server request and your IP address.
Such data cannot be attributed to individual people. These data are not merged with other sources of data. We reserve the right to subsequently examine these data if we have specific indications of unlawful use. These data are not merged with other sources of data.
You can set your browser to inform you whenever cookies are in use and allow cookies only in individual cases, to accept cookies in certain situations or to prohibit their use altogether, as well as activate the option to have them automatically deleted when you close the browser. Deactivating the cookies may prevent certain functions of the website from working properly.
2) Legal grounds for data processing
Article 6, paragraph 1, point (f), of the GDPR serves as the legal grounds for the processing of personal data collected by cookies. We have a legitimate interest in the storage of cookies in order to optimise the provision of our services with no technical errors.
3) Purpose of data processing
Technically necessary cookies are used to simplify the use of the website for the user. Some features of our website cannot be provided without cookies. They require the browser to be identifiable even after changing pages.
The user data collected through technically necessary cookies will not be used to create user profiles.
We also have a legitimate interest in processing personal data for these purposes in accordance with Article 6, paragraph 1, point (f), of the GDPR.
4) Duration of storage
5) Rights to object and erasure
Cookies that are already on your computer can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, this might result in some of the features of the website not being fully available.
V) Online applications
If you submit an application through our online application form, all of the data you provide will be stored in our applicant management system. msg life ag will not disclose these data to third parties outside of the msg Group.
VI) Use of Google Analytics
1) Description and scope of data collection
Use of Google Analytics, Google Remarketing, Google Ads conversion tracking and Google Tag Manager, as well as features of partner networks (DoubleClick).
This website uses features from the web services Google Analytics, Google Remarketing, Google Ads conversion tracking and Google Tag Manager. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA, 94043, United States.
Google Analytics uses ‘cookies’, text files that are stored on your computer and that enable analysis of how you use the website. The information generated by the cookie on your use of this website (including your IP address) is sent to a Google server in the United States and stored there.
If IP anonymisation is active on this website, Google will truncate your IP address in advance and within the Member States of the EU or other signatories to the Treaty on the European Economic Area. Only in exceptional cases is the full IP address forwarded to a Google server in the United States and truncated there. The IP address provided by your browser as part of Google Analytics is not combined with other data by Google.
2) Legal grounds for data processing
We use Google Analytics to analyse and regularly improve our website. We can use the statistics generated to improve our website and make it more appealing to you as a user. For the exceptional cases in which personal data are transmitted to the United States, Google complies with the EU–US Privacy Shield: https://www.privacyshield.gov/welcome. Article 6, paragraph 1, point (f), of the GDPR serves as the legal grounds for the use of Google Analytics.
3) Purpose of data processing
Google uses this information on behalf of the operator of this website for the purposes of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage.
4) Duration of storage
Sessions and campaigns are terminated after a given period of time. Sessions are normally terminated after 30 minutes of no activity and campaigns after six months. The maximum time limit for campaigns is two years.
You can prevent the storage of cookies by changing the appropriate setting in your browser software; however, please take note that, in this case, you may not be able to use all of the features of this website to their full extent.
5) Rights to object and erasure
You can prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie that prevents the collection of your data when you visit this website in future will be installed – opt out of Google Analytics.
Additionally, you can prevent Google from collecting or processing the data generated by the cookie concerning your use of our website (including your IP address) by downloading and installing the browser add-on.
VII) Use of social media plug-ins
Our website uses social plug-ins. These are currently the plug-ins provided by Facebook, Twitter, LinkedIn and YouTube. Through these plug-ins, data – including personal data – can be sent to and potentially used by service providers in the United States.
1) Shariff security tools
The website itself does not collect personal data through the social plug-ins or through their use. msg life ag uses Shariff in order to prevent data from being sent to service providers in countries such as the United States without the knowledge of the user. This solution ensures that, initially, no personal data are disclosed to the providers of the individual social plug-ins when you visit our website. Only when you click on one of the social plug-ins can the data be sent to and stored by the service provider.
For more information on Shariff, please visit the website of the provider Heise Medien Gmbh & Co. KG: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
Our website features plug-ins from the social network Facebook, which is provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, United States. You can identify Facebook plug-ins on our website by the Facebook logo or the ‘Like’ button. An overview of the Facebook plug-ins is available here: http://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our website with your Facebook account, please log out of Facebook.
You can change your privacy settings on Twitter in your account settings at http://twitter.com/account/settings.
Our website uses features of the network LinkedIn. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States.
Whenever you visit one of our pages that contains features of LinkedIn, a connection is established with LinkedIn servers. LinkedIn is notified that you have visited our website with your IP address. When you click the LinkedIn ‘Recommend’ button whilst logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. Please note that, as the provider of the website, we have no knowledge of the content of the transmitted data or how they are used by LinkedIn.
5) Google Maps
This website uses the map service Google Maps through an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA, 94043, United States.
It is necessary to store your IP address in order to use the features of Google Maps. This information is generally transmitted to a Google server in the United States and stored there. The provider of the website has no influence over this transmission of data.
We use Google Maps in order to make our website more appealing and make it easy to find the locations we list on our website. This represents a legitimate interest in the sense of Article 6, paragraph 1, point (f), of the GDPR.
We embed YouTube videos on some of the pages of our website. The plug-ins are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States. When you visit one of our pages featuring a YouTube plug-in, a connection to YouTube’s servers is established. The YouTube server is notified of what pages you have visited.
If you are logged into your YouTube account, you enable YouTube to attribute your surfing habits directly to your personal profile. You can prevent this by logging out of YouTube.
If a YouTube video is started, the provider installs cookies which collect information on user behaviour.
If you have opted out of cookies for Google Ads, no cookies will be installed when you watch YouTube videos. However, YouTube also stores impersonal usage information in other cookies. If you wish to prevent this, you have to block cookies in your browser settings.
YouTube is used in the interests of making our website appealing. This represents a legitimate interest in the sense of Article 6, paragraph 1, point (f), of the GDPR.
VIII) Use of Marketo and Salesforce
Our website uses Marketo, a web analysis and marketing service provided by Marketo EMEA Ltd. in Dublin, Ireland (‘Marketo’). The information generated by the cookie on how the user uses the website is normally sent to and stored by Marketo. Marketo will use this information on our behalf for the purposes of evaluating how users use the website, compiling reports on website activity and providing us with other services relating to website activity and Internet usage. Additionally, Marketo is used to store the data you input in the forms on our website in a cookie.
Marketo is used on the basis of Article 6, paragraph, point (f), of the GDPR and serves to optimise our marketing measures.
See here for more information on data protection at Marketo.
You can prevent the installation of feature and advertising cookies by changing the settings in your browser; in this case, you might not be able to make full use of all of the features of the website. Additionally, you can object to the collection of the data generated by the cookie concerning your use of the website by Marketo as well as the processing of the data by Marketo by clicking on the following link:
Please note that if you delete this cookie or all cookies, the information that you have exercised your right to object will be erased as well.
If you wish to withdraw your consent or modify the personal data you have provided for the purposes of correspondence, registration, etc., please send an email to the Marketing department of msg life ag at email@example.com.
Marketo EMEA Ltd.
Cairn House, South County Business Park
msg life ag stores and uses the data you enter on the website in systems belonging to the company salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (‘Salesforce’), for the purposes of customer relationship management (‘CRM’). The address of the US parent company is as follows: The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA.
Salesforce may only access the data within the scope of our instructions (order processing). Salesforce also takes strict technical measures in order to protect your personal data. Salesforce does not give your personal data to third parties unless this is required for the rendering of the agreed services or Salesforce must do so in order to comply with the law or a valid and binding instruction from any governmental or regulatory authority. The data provided in such cases is limited to the minimum required.
Salesforce is certified under the EU–US Privacy Shield agreement, providing an additional guarantee of compliance with European data protection laws when data is processed in the United States (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active). Additionally, a contract for order processing was concluded with Salesforce which includes the standard EU contract clauses if data is processed in the United States for maintenance purposes.
The legal basis for processing your data is Article 6, paragraph 1, point (f), of the General Data Protection Regulation (GDPR). msg life ag uses the CRM system from the provider Salesforce in order to more quickly and efficiently process the requests of users.
The duration of data storage is determined by the legal requirements for data retention.
See the following link for more information on data protection at Salesforce: https://www.salesforce.com/de/company/privacy/.
IX) Where are my data processed?
Your data are processed in Germany. Data are also processed in European and third countries within the boundaries of the law.
X) How secure are my data?
In order to protect your data from being hacked and misused, msg life ag has taken extensive technical and operational security precautions in line with European legislation.
XI) Transfer of personal data
The transfer of personal data to recipients outside of the msg life Group is subject to admissibility criteria concerning the processing of personal data.
The recipient of the data is contractually obliged to process the data, to only use the data for the stated purposes and to process the data in line with the instructions of the msg life Group.
If personal data are transferred by a company based in the European Economic Area to a company based outside of the European Economic Area (a third country), the importing company is obliged to cooperate with any and all queries made by the supervisory authority responsible for the exporting company and heed the conclusions of the supervisory authority with regard to the transmitted data. The same applies analogously to data transfers by companies from other countries. If they are participating in an international certification system for binding data protection regulations for companies, they must ensure that they cooperate with the certification bodies and authorities in accordance with the rules of the system.
In cases of cross-border data processing, each set of national requirements concerning the disclosure of personal data abroad must be met. In particular, personal data are only transferred from the European Union and European Economic Area to a third country if the specific requirements of the GDPR concerning data transfers to third countries are met and the processing of the personal data is lawful. The following are examples of suitable instruments:
XIII) Rights of the data subject
If personal data concerning you are processed, you are a data subject in the sense of the GDPR and you have the following rights with regard to the controller:
1) Right to information
You are entitled to request free information on the scope, origins and recipients of the stored data as well as the purpose for which the data were stored.
a) If personal data are transmitted to third parties, information must also be provided on the identity of the recipient or the categories of recipient.
b) The data subject can object to the processing of his/her personal data for promotional purposes or for market and opinion research. For these purposes, the data must be erased.
2) Right to rectification
You are entitled to obtain from the controller the rectification and/or completion of the personal data concerning you, provided that they are inaccurate or incomplete. The controller must carry out the rectification without delay.
3) Right to erasure
You are entitled to obtain from the controller the erasure of personal data concerning you without delay and the controller is obliged to erase personal data without delay where one of the following grounds applies:
(1) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to Article 6, paragraph 1, point (a), of the GDPR, or Article 9, paragraph 2, point (a), of the GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21, paragraph 1, of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21, paragraph 2, of the GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1, of the GDPR.
4) Right to data portability
You are entitled to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format.
5) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6, paragraph 1, points (e) or (f), of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
6) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Last amended: 20 July 2018
let us know.
We are happy to help!