Privacy Policy

Privacy statement

This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as ‘data’) within our online offer and the related websites, functions and content as well as external online presence, such as our social media profile (see below) collectively referred to as ‘online offer’). With regard to the terms used, such as ‘Processing’ or ‘data controller’ we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Data controller
Michael Franken / mfe
Friedenstraße 4
41812 Erkelenz-Gerderath

Types of processed data

Inventory data (e.g. names, addresses).
Contact details (e.g. email, telephone numbers).
Content data (e.g. text input, photographs, videos).
Usage data (e.g. visited websites, interest in content, access times).
Meta/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (hereinafter we refer to the data subjects as ‘users’).
Purpose of processing
Providing the online offer, its functions and contents.
Answering contact requests and communicating with users.
Safety measures.
Range measurement/marketing
Used terms
‘Personal data’
refers to any information that relates to an identified or identifiable natural person (hereinafter ‘data subject’); a natural person is considered as identifiable, if he or she can be identified directly or indirectly, in particular by assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie) or to one or several specific features, which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
is any process performed with or without the assistance of automated procedures or any such process in connection with personal data. The term goes far and includes virtually every handling of data.
refers to the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separate and subject to technical and organizational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.
refers to any type of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person.
‘Data controller’
refers to the natural or legal person, public authority, institution or other body that, alone or in concert with others, decides on the purpose and means of the processing of the personal data.
‘Data processor’
refers to a natural or legal person, public authority, institution or other body that processes personal data on behalf of the data controller.

Relevant legal bases

In accordance with article 13 GDPR we are notifying you about the legal basis of our data processing. Unless the legal basis is stated in the privacy policy, the following applies: The legal basis for obtaining consent are Article 6 (1) (a) and Article 7 GDPR; the legal basis for the processing for fulfilment of our services and the execution of contractual measures as well as the answer to inquiries is Article 6 (1) (b) GDPR; the legal basis for processing to fulfil our legal obligations is Article 6 (1) (c) GDPR; and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) (f) GDPR. In the event that vital interests of the data subject or any other natural person require processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis

Safety measures

In accordance with Article 32 of the GDPR and taking into account the state of the art, implementation costs as well as nature, scope, circumstances and purposes of the processing and the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures in order to ensure a level of protection commensurate with the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability, and separation. In addition, we have established procedures to ensure the awareness of data subject rights, erasure of data and response to data risks. Furthermore, we already consider the protection of personal data in the development as well as selection of hardware, software and procedures, according to the principle of data protection through technology design and data protection by default (Article 25 GDPR).

Collaboration with processors and third parties

If, in the context of our processing, we disclose data to other persons and companies (data processors or third parties), transmit them or otherwise grant access to the data, this is done only on a statutorily permitted basis (e.g. if a transmission of the data to third parties is required by payment service providers in accordance with Article 6 (1) (b) GDPR), you have consented to a legal obligation or based on our legitimate interests (e.g. the use of agents, web hosters, etc).
If we commission third parties to process data on the basis of a so-called ‘data processing agreement’, this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union [EU] or the European Economic Area [EEA]) or if it happens in the context of the use of third party services or disclosure, or transmission of data to third parties, this will only be done if it is to fulfil our (pre-)contractual obligations, on the basis of your consent, under a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process data in a third country, or have it processed there, if the special conditions of Article 44 et seq. GDPR apply. This means, for example, that the processing is based on special guarantees, such as the officially recognized level of data protection (e.g. for the USA through the ‘Privacy Shield’) or compliance with officially recognized special contractual obligations (so-called ‘standard contractual clauses’).

Rights of data subjects

You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and copy of the data in accordance with Article 15 of the GDPR.
According to Art. 16 of the GDPR, you have the right to request completion of the data concerning
you as well as correction of incorrect data concerning you.
In accordance with Article 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or, alternatively, to require restriction of the data processing in accordance with Article 18 of the GDPR.
In accordance with Article 20 of the GDPR, you have the right to request the data relating to you, which you provided to us, and to have it transmitted to other data controllers.
You also have the right under Article 77 of the GDPR to file a complaint with the competent supervisory authority

Right of withdrawal

You have the right to revoke granted consent in accordance with Article 7 (3) of the GDPR with effect for the future

Right of objection

You may object to the future processing of your data at any time in accordance with Article 21 of the GDPR. The objection may in particular be directed at processing for direct marketing purposes.

Cookies and right of objection to direct mail

Cookies are small files that are stored on users’ computers. A variety of information can be stored within the cookies. A cookie serves primarily to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or ‘session cookies’ or ‘transient cookies’, are cookies that are deleted after a user leaves an online offer and closes their browser. Such a cookie may, for example, store the content of a shopping cart in an online shop or a login status. ‘Permanent’ or ‘persistent’ cookies remain stored even after the browser has been closed. For example, the login status can be saved if users visit them after several days. Likewise, such a cookie may store the interests of the users, which are used for range measurement or marketing purposes. A ‘third-party cookie’ refers to cookies that are offered by providers other than the person responsible for providing the online offer (their own cookies are called ‘first-party cookies’).
We can use temporary and permanent cookies and clarify this in the context of our privacy policy.
If users do not want cookies stored on their machine, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. Exclusion of cookies can lead to functional restrictions of this online offer.
A general objection against the use of cookies used for online marketing can be declared for a variety of services, especially for tracking, on the US side at or the EU side at
Furthermore, storage of cookies can be turned on or off in the settings of the browser. Please note that not all features of this online offer may be usable, if you turn off cookies.

Deletion of data

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated in this privacy statement, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other legally permitted purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.
According to legal requirements in Germany, storage takes place for 10 years according to §§ 147 paragraph 1 of the German taxcode (AO), 257 paragraph 1 No. 1 and 4, paragraph 4 of German Commercial Code (HGB) (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.), and for 6 years in accordance with § 257 paragraph 1 nos. 2 and 3, paragraph 4 of the HGB (commercial papers).
According to statutory requirements in Austria storage takes place for 7 years according to § 132 paragraph 1 of the BAO (accounting documents, receipts/invoices, accounts, documents, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years if the documents are related to electronically supplied services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU Member States and for whom the Mini-One-Stop-Shop (MOSS) is applied

Administration, financial accounting, office organization, contact management

We process data in the connection with administrative tasks as well as organization of our business, financial accounting and compliance with statutory obligations, such as archiving. In doing so, we process the same data that we process in the course of rendering our contractual services. The processing bases are Article 6 (1) (c) of the GDPR, Article 6 paragraph 1 lit. f of the GDPR. The processing affects customers, prospects, business partners, and website visitors. The purpose and interest in processing lies in administration, financial accounting, office organization, data archiving, i.e. tasks that serve to maintain our business operations, perform our duties and provide our services. Deletion of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the financial administration, consultants, such as tax accountants or auditors, as well as other payment offices and payment service providers.
Furthermore, we store information on suppliers, organizers and other business partners on the basis of our business interests, e.g. for the purpose of contacting you later. We generally store this (mostly) company-related data permanently.


During contact with us (e.g. via contact form, email, telephone or social media), the information provided by the user is processed in order to process and answer the contact request in accordance with Article 6 (1) (b) of the GDPR. The information provided by the user can be stored in a customer relationship management system (‘CRM System’) or comparable request management system.
We delete the requests, if they are no longer required. We check the requirement every two years; furthermore, the legal archiving obligations apply.

Hosting and emailing

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, email delivery, security and technical maintenance services we use to operate this online offering.
We (or our hosting provider) process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offer based on our legitimate interests in an efficient and secure provision of this online offer in accordance with Article 6 (1) (f) of the GDPR in conjunction with Article 28 of the GDPR (conclusion of contract for data processing)

Collection of access data and log files

We (or our hosting provider) collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 paragraph 1 lit. f GDPR. The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes are excluded from the erasure until the final clarification of the incident.
Created with the “” by RA Dr Thomas Schwenke
© MFE 2016 - 2019