Customer privacy notice

​Website privacy notice

Thank you for visiting our homepage and for your interest in mySaveID GmbH. In addition to the holistic support of our customers, the protection of your personal data is an important concern for us.

In the following, you will find out which activities we carry out in the course of your visit to our website, in accordance with the applicable legal provisions on data security, what information we collect, if any, and in what form it is processed.

Any changes to the privacy policy will be updated on this page to keep you informed about what data mySaveID GmbH stores and uses.

You will find the most important data protection information below, arranged thematically.

I. Name and address of the person responsible

​Responsible for the collection, processing and use of your personal data within the meaning of the EU General Data Protection Regulation is:

msg mySaveID GmbH
Amelia-Mary-Earhart-Strasse 14
60549 Frankfurt
Germany

Telephone: +49 69 580045-4000
E-mail: info@mysaveid.de

If you wish to object to the collection, processing and use of your data by mySaveID GmbH in accordance with these data protection provisions, either in whole or in respect of individual measures, you can send your objection by e-mail, fax or letter to the above address. 
E-Mail: datenschutz@mysaveid.de

II. Name and address of the data protection officer

The data protection officer of the data controller is:

msg mySaveID GmbH
-Data Protection Officer-
Amelia-Mary-Earhart-Strasse 14
60549 Frankfurt
Germany

Phone: +49 69 580045-4000
E-mail: datenschutz@mysaveid.de

III. General information on data processing

1. why we use data

Our offerings should be constantly improved and made more attractive. Only if we know which sections of our websites are visited most frequently and for the longest time can we optimise the content of the msg websites according to your requirements. If you entrust us with personal information, msg systems ag will only use it to the extent necessary for the technical administration of the websites, for customer management, for product surveys and for marketing. The better we understand your wishes, the faster you will find the information you are looking for on our Internet pages.

2. information on the collection of personal data

In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.

If you are requested to provide personal information such as name, address or telephone number on our pages, this is subject to special provisions to which you will be made aware.

​We use this data exclusively for the above-mentioned purposes. It will not be passed on to third parties outside mySaveID GmbH. The companies of the msg Group are an exception here.

In addition to the data you provide us with, we use information in the way you use our offer to guide you as quickly as possible to the information that may be of interest to you and to constantly optimise our offer.

3. legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

>Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

4. data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject.

During the operation of msg mySaveID GmbH, the archived customer data (in paper form and electronically) is archived in accordance with the requirements of VDG § 16.4 and stored over the validity period of the certificates.

Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

IV. Provision of the website

1. collection of personal data when visiting our website

When you visit our website, we only collect personal data with your express consent in the context management (cookie query), which your browser then transmits to our server. If you wish to view our website, we collect data that is technically necessary for us to display our website to you and to ensure stability and security. You will find a complete overview at the bottom of the page. The following data is collected:

  • IP address of the user
  • Date and time of the request
  • Content of the request (concrete page)
  • Data volume transferred in each case
  • ​Website from which the request comes
  • Information about the browser type
  • Operating system of the user
  • Language and version of the browser software
  • >Websites from which the user's system accesses our website
  • Websites that are accessed by the user's system via our website

This data is also stored in the log files of our system. This data is not stored together with other personal data.

2. legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

1. purpose of the processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

The logged data is used exclusively for data security purposes, in particular to defend against attempted attacks on our web server and for statistical evaluations.

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven (7) days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated/anonymised so that it is no longer possible to assign the calling client.

2. possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

 .

V. Use of cookies

1. description and scope of data collection

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies cannot execute programs or transmit viruses to your computer.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

2. legal basis for the data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f DSGVO.

3. purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

The user data collected through technically necessary cookies are not used to create user profiles.

These purposes also constitute our legitimate interest in processing the personal data pursuant to Art. 6 (1) lit. f DSGVO.

4. duration of the storage

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies at any time by changing the settings in the Consent Management ("Cookie Window") and in your internet browser.

​The specific storage period of the cookies used can be found in our cookie policy. You can find this here

2. possibility of objection and removal

Cookies that have already been saved can be deleted at any time.This can also be done automatically.If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

VI. E-mail / Contact form / Support form

1. description and scope of data collection

Our website contains a contact form that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. These data are:

  • First name
  • Name
  • Function
  • Company
  • Your e-mail address (mandatory field)
  • Phone
  • Your message (mandatory field)

The following data is also stored at the time the message is sent:

  • The IP address of the user
  • Date and time of registration

For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

If necessary, the data will be passed on to other members of the msg Group in this context due to the internal distribution of tasks. The data is used exclusively for processing the conversation.

2. legal basis for the data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit.a DSGVO if the user has given his consent.

3. purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

2. possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.

If you wish to revoke your consent / storage, please contact the marketing department of mySaveID GmbH by e-mail, datenschutz@mysaveid.de.

All personal data stored in the course of contacting us will be deleted in this case.

VII. online applications

If you apply via our online application form, all the data you provide will be stored in our applicant management system. mySaveID GmbH will not pass this data on to third parties outside the group of companies.

For more information about online applications, please see the privacy policy in our applicant management system at https://karriere.msg.group/datenschutz-bewerber.

VIII. User registration

1. description and scope of data collection

On our website, we offer users the opportunity to register by providing personal data (e.g. to register for events or career events). The data is entered into an input mask and transmitted to us in encrypted form and stored. The data is not passed on to third parties outside the group of companies. The following data is collected as part of the registration process:

  • Salutation (mandatory field)
  • First name (mandatory field)
  • Last name (mandatory field)
  • E-mail (mandatory field)

Depending on the event, additional personal data may be requested.

As part of the registration process, the user's consent to the processing of this data is obtained.

2. legal basis for the data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

3. purpose of the data processing

User registration is required for the provision of certain content and services on our website, for example:

  • Registration for events or career events (e.g. university fairs)
  • Request for publications (e.g. customer magazines, studies or white papers)
  • Feedback on the customer magazine Public Sector

4. duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process when the registration on our website is cancelled or modified.

2. possibility of objection and removal

As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time. Please contact the marketing department of mySaveID GmbH, marketing@msg.group, by e-mail. Your request will be forwarded by us to the appropriate departments.

IX. Online presences in social media

We maintain publicly accessible profiles in social networks in order to get in touch with users, interested parties and customers active there and to be able to inform them about our services there.

With social networks such as Facebook or Google +, it can happen that user data is processed outside the European Union in third countries - such as the USA. This can make it more difficult for users to enforce their rights. We strive to only integrate social networks that comply with EU data protection standards. And document this through their privacy policies and/or standard data protection clauses (SDK).

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. The data is usually used for market research and advertising purposes. In this way, personalised advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices and platforms on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

1. Legal basis 

Our social media presences are intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a, Art. 7 DSGVO).

2. responsible person and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

3. storage period

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

4. social networks in detail

XIV. Soziale Plugins (Facebook, Twitter, LinkedIn, XING, YouTube)

No so-called "social plugins" are currently used on our website.

XV. Where is my data processed?

Your data will be processed in Germany. To the extent permitted by law, data processing also takes place in other European and non-European countries. A transfer to third countries is not planned.

XII. How secure is my data?

mySaveID GmbH has taken extensive technical and operational security precautions in accordance with applicable European law to protect your data from unauthorised access and misuse.

XVII. Will my data be passed on to third parties?

Data is not passed on to third parties, with the exception of companies in the msg Group.

XVIII Rights of the data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. right to information

You can request information free of charge about the scope, origin and recipients of the stored data as well as the purpose of storage.

2. right of rectification

You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall rectify the data without undue delay.

3. right to erasure

You may request the controller to erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.

(4) The personal data concerning you have been processed unlawfully.

(5) The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) DSGVO.

4. right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format.

5. right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

6. right to complain to the supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Supervisory authority responsible due to the registered office of mySaveID GmbH:

The Hessian Commissioner for Data Protection and Freedom of Information


Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone: 0611-1408 0
E-Mail: poststelle@datenschutz.hessen.de

Status:4.04.2023