Privacy Policy

USER PRIVACY NOTICE

You can determine whether you give your consent to the use of cookies and similar technologies for analysis and advertising purposes via the cookie settings.

 

MULTIPHOTON OPTICS

In our User Privacy Notice we inform our users, among other things, about our handling of their personal data and the type, scope and purpose of the processing. We always process personal data in compliance with the European General Data Protection Regulation ("GDPR") and the applicable data protection regulation, the Federal Data Protection Act ("BDSG").

A. Data controller and data protection officer

Multiphoton Optics GmbH
Friedrich-Bergius-Ring 15
97076 Würzburg
datenschutz@multiphoton.de

You can contact our data protection officer at any time via the e-mail address provided above.

B. What personal data we process, for what purposes and for how long

When you visit our website and use our services, various personal data are collected depending on what you do on our website and which functions you use. We particularly process your first and last name, your telephone number, e-mail address and all the information you provide us with and the websites you have visited.

I. Visit our website

Generally, you can access our website without having to provide any personal data. However, even if you use our website for a purely informational purpose, we collect certain personal data to be able to display our website to you technically. In addition, we use certain analysis procedures on our website based on cookies and similar technologies and have also integrated links to other websites whose operators may process further (personal) data.

  1. Logfiles
    If you access one of our websites without registering with us or providing any other data, we process the personal data that your browser transmits to our server. This is technically necessary to display our website and to ensure stability and security. Log files record the following data:
    • IP address
    • Date and time of access
    • Time zone difference from Greenwich Mean Time (GMT)
    • Content of the request (concrete page)
    • Access Status/HTTP Status Code
    • Data volume transferred in each case
    • Website from which the request comes
    • Browser
    • Operating system and its interface
    • Language and version of the browser software
    The processing is carried out based on Article 6 (1) (1) (f) GDPR for the purpose of our legitimate interest in the unobstructed operation of our website. The data is stored for a period of 14 days and then automatically deleted.
     
  2. Cookies
    This website uses cookies and similar technologies. Cookies are small text files that are automatically created by your browser and stored on your device from the server when you visit our website. They contain information about your browser, IP address, operating system and internet connection. We do not transfer this data to third parties or link it to personal data without your consent.
    For example, we use session cookies to recognize that you have already visited individual pages of our website. The session cookies are automatically deleted at the end of your session.
    In addition, we also use permanent cookies for the purpose of user-friendliness, which are stored on your device for a certain fixed period. As soon as you visit our website again, your former visits, entries and settings are automatically recognized so that you do not have to provide them again.

    In addition to our own cookies, we also use cookies from third-party providers (third-party cookies) to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you, as well as to display information and advertising tailored specifically to you. These cookies also enable us to recognize that you have already visited our website before. These cookies are automatically deleted after a set period. Please see following points for more detailed information on these individual third-party cookies we use.

    The processing of personal data by means of cookies, which is necessary for the provision of our services, is carried out on the basis of Article 6 (1) (1) (f) GDPR for the purpose of our legitimate interest in the unobstructed provision of our services. In addition, we only process your personal data in connection with cookies (in particular for analysis and advertising purposes and in connection with the third-party providers described below) when you have given us your prior consent to do so in accordance with Article 6 (1) (1) (a) GDPR. The processing is carried out for the purpose of advertising, market research on our website and the enhanced functionality and provision of our services.

    Users can also deactivate cookies by using the corresponding settings in the browser. Please use the help function of your browser to find out how to deactivate and delete cookies. However, this may impair some of the functions of this website and reduce user-friendliness. The http://www.aboutads.info/choices/ (USA) and http://www.youronlinechoices.com/uk/your-ad-choices/ (Europe) sites allow you to manage online ad cookies.
     
  3. Matomo (formerly called Piwik)
    This website uses the open-source web analysis service Matomo. Matomo uses technologies that make it possible to recognize the user across multiple pages with the aim of analyzing the user patterns (e.g. cookies or device fingerprinting). The information recorded by Matomo about the use of this website will be stored on our server. Prior to archiving, the IP address will first be anonymized. Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.). The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.

    We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
     
  4. Google Web Fonts
    To ensure that fonts used on this website are uniform, this website uses so-called Web Fonts provided by Google. When you access a page on our website, your browser will load the required web fonts into your browser cache to correctly display text and fonts. To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Web Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If a respective declaration of consent has been obtained (e.g., consent to the archiving of cookies), the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time. If your browser should not support Web Fonts, a standard font installed on your computer will be used. For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
     
  5. We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google. reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway. Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If a respective declaration of consent has been obtained, the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time. For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

II. Contact form

We offer you various ways to contact us. If you contact us via the online form or by e-mail, we process the information you provide in accordance with Art. 6 (1) (1) (b) GDPR in order to answer your enquiry and to ask possible follow-up questions. The data processed in connection with a business relationship or contact enquiry will be deleted at the latest after the expiry of the statutory retention periods. Those personal data that we must store for the fulfilment of retention obligations will be stored until the end of the respective retention obligation. Within the scope of storage for the fulfilment of retention obligations, access to this data is usually restricted.

We may also process other personal data for the purpose of our legitimate interests based on Art. 6 (1) (1) (f) GDPR, especially to prevent fraud and misuse of our services.

III. E-mail newsletter

So that you can regularly receive useful information from us, we offer you the opportunity to register for our newsletter on our website. Finally, in order to be able to ensure that no mistakes have been made when entering the e-mail address, we use the double opt-in procedure. This means that after you have entered your e-mail address and your name in the corresponding fields, we will send you a confirmation link by e-mail to the e-mail address you have provided. Only when you click on this confirmation link your e-mail address will be added to our distribution list. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Article 6 (1) (1) (a) GDPR. You can revoke your consent to the sending of the newsletter at any time with effect for the future and unsubscribe from the newsletter. You can conveniently declare the revocation by clicking on the unsubscribe link provided in every newsletter email or by sending us a message (see above). The personal data processed in connection with the newsletter will be deleted immediately after you have unsubscribed from it and otherwise after three years at the latest.

Your e-mail address and your name are mandatory for registering for the newsletter. We need your name to be able to address you by name. Furthermore, you have the option of informing us of additional, voluntary questions, suggestions or requests when registering for the newsletter. If you make use of this possibility to contact us, we will use this information to meet your request (see above under II.).

IV. Our social media presences

You can also contact us via our social media presences. In this context, we may process information on activities on our social media presences such as user posts, comments, reactions, etc., direct messages to us and messages sent directly to us via messenger services, mentions and tagging as well as any information you provide to us via our social media presences. We process your personal data to provide you with the requested services on the respective social media presence in accordance with Art. 6 (1) (1) (b) GDPR.

If you use the respective social media presence to interact with us, we use data that the respective social media provider provides us and that is necessary to enable you to access our social media presence (e.g. log data and technical cookies). For example, if you subscribe to messages from us via a messenger service, we store the data necessary for this, e.g. telephone number, user account name or other profile data that you have set to "public" according to your messenger settings.

To the extent necessary, we also use your personal data to verify and enforce our rights or the rights of third parties, in particular in the event of violations of statutory provisions or our User Privacy Notice and in the event of infringement of the rights of third parties. The legal basis is Article 6 (1) (1) f) GDPR.

We also analyze our own social media offerings in order to adapt and improve our content.

In order to compile statistics and analyses of our social media offerings (which, however, do not contain names or other personal data about individual users), we use certain analysis tools. These services allow us to analyze and improve our social media activities. We create analytics reports using the social media analytics tools or third-party tools that use such data provided by the relevant social media provider. The legal basis for these processing operations is Article 6 (1) (1) f) GDPR.

We are in each case jointly responsible with the social media provider for the processing of the personal data used to compile the aforementioned statistics and analyses (Article 26 GDPR). In short, the social media providers will collect and process the data to provide or enable us to provide the statistics and analysis, but without providing us with any information about the behavior of the respective individual users. We will use and perform the analysis to evaluate how our content is received and used.

For more information, please read the Shared Responsibility Agreement with LinkedIn.

For information on data transfers by social media providers, please read their terms of use, especially their privacy policy.

V. Online application

Thank you for your interest in our company. We would like to inform you about the processing of the personal data you have submitted as part of the application process as well as any personal data we may have collected.
For you to be able to apply to us online, we use an online application tool provided by our service provider, with whom we have concluded a corresponding data processing agreement. Our service provider may only process your personal data for us according to our instructions and only for the purpose of your application.

We only process your personal data insofar as this is necessary for the purpose of the performance of the application process and for the decision on the establishment of an employment relationship with us. The legal basis for this is Article 88 GDPR in conjunction with section 26 BDSG as well as Article 6 (1) (1) b) GDPR for the performance of a contract with us or in order to take steps at the implementation of contractual relationships with us.

We store your personal data for as long as they are required for the decision on your application; they are deleted a maximum of six months after the end of the application process (e.g. the announcement of the rejection decision), unless longer storage is legally required or permitted or you have consented to the inclusion of our talent pool.

Only we and our parent company, Heidelberg Instruments Mikrotechnik GmbH, have access to your personal data provided via the online application tool. We do not transfer your personal data to third parties or to other EU countries. Should your application be considered for a vacancy in one of our affiliate companies, only with your consent we will forward your application documents to them. You can revoke your consent at any time with effect for the future.
Please also refer to the information on the joint responsibility with our parent company that exists in some cases below under VII.

Further information about the processing of your personal data by our parent company can be found in the information on data processing for the application process. Information on your rights as a data subject can be found below under IX.

VI. Data processing for compliance with legal obligations, for the performance of a task carried out in the public interest and for the protection of legitimate interests

We may also process the personal data presented in order to comply with legal obligations to which we are subject. In this case, the processing is based on Article 6 (1) (1) c) GDPR. We may, pursuant to Article 6 (1) (1) e) GDPR, we may also process the aforementioned personal data for the assertion of legal claims and defense in legal disputes.
Where necessary, we also process personal data beyond the purposes described above to protect our legitimate interests or the legitimate interests of third parties. This processing is then carried out based on Article 6 (1) (1) f) GDPR. Our legitimate interests include, in particular, the prevention and investigation of criminal offences and serious misuse of our services.

VII. Transfer of your personal data and joint responsibility with group companies

The personal data we collect is generally processed within our company. Depending on the type of personal data, only certain departments or organizational units have access to this personal data for which access is required in each case. These include, in particular, the specialist departments involved in the provision of our digital offerings or the respective business processes (e.g. our IT department) or, in the case of job applications, our HR department.

In addition, it is possible that our parent company also has access to personal data via the online application tool used (see V above), which is required for the decision on the establishment of an employment relationship with it. In this case, we and our parent company are jointly responsible for your personal data. We have concluded a joint controller agreement for this purpose in accordance with Article 26 GDPR. Only the personal data required for the decision on the establishment of an employment relationship with our parent company will be jointly processed as described above.
The controllers have agreed among themselves which of them fulfils which obligations under the GDPR. This concerns in particular the exercise of the rights of the data subjects and the fulfilment of the information obligations under data protection law (Article 13 and 14 GDPR) and the data subject rights (Article 15-23 GDPR). According to this agreement, Multiphoton Optics GmbH is also responsible for the information to be provided to data subjects and their rights. In fulfilling their obligations, the responsible parties shall work closely together and support each other in accordance with the agreement concluded. In particular, they shall provide each other with the necessary information to be able to properly fulfil information obligations and data subject rights. In the event of an application without a potential employment opportunity with one of our group subsidiaries, we, Multiphoton Optics GmbH, are your contact for exercising your data subject rights. However, regarding your applicant data, you are also free to exercise your data protection rights against the other data controllers, i.e. our group affiliate companies, if employment with them is also a possibility.

In addition, to the extent permitted by law, we may also transfer personal data to third parties outside our company, in particular to those recipients who provide services for us on a separate contractual basis, which may include the processing of personal data, as well as non-public and public bodies, insofar as we are obliged to transfer your personal data due to legal obligations.

VIII. Data processing outside the EU or EEA

In principle, the processing of personal data by us takes place exclusively within the EU or the European Economic Area.

In individual cases, however, it may be necessary for us to transfer information to recipients in "third countries". "Third countries" are countries outside the European Union or the Agreement on the European Economic Area in which a level of data protection that is comparable to that in the European Union cannot be assumed without further ado. If the information transferred also includes personal data, we ensure before such a transfer that the required adequate level of data protection is guaranteed in the respective third country or at the recipient in the third country. This may result in particular from an "adequacy decision" of the European Commission, which establishes an adequate level of data protection for a specific third country as a whole. Alternatively, we can also base the data transfer on the EU standard contractual clauses agreed with a recipient or on a declaration of consent provided by you accordingly.

We will be happy to provide you with further information on the appropriate and adequate safeguards for compliance with an adequate level of data protection upon request. Further information on the EU standard contractual clauses (in English) can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and information on the adequacy decisions (in English) at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

IX. Your rights as a data subject

As a data subject, you have various rights regarding us, which we would like to inform you about in more detail below.
To exercise these rights, you are welcome to contact us (datenschutz@multiphoton.de).

  1. Right of access, Article 15 GDPR
    You have the right to obtain information from us about whether and what personal data concerning you we process. This includes, among other things, information on how long and for what purpose we process the personal data, wher the personal data originates from and to which recipients or categories of recipients, we transfer it. In addition, we can provide you with a copy of the personal data undergoing processing.
  2. Right to rectification, Article 16 GDPR
    As a data subject, you have the right to request that we correct information about you that is not or no longer accurate without undue delay. In addition, you can request that we complete your incomplete personal data. If required by law, we will also inform third parties about this rectification if we have passed on your data to them.
  3. Right to erasure ("right to be forgotten"), Article 17 GDPR
    You have the right to request that we erase your personal data without undue delay if one of the following reasons applies:
    • Your data is no longer necessary for the purposes for which it was collected or otherwise processed, or the purpose has been achieved;
    • You withdraw consent and there is no other legal basis for the processing;
    • You object to the processing and there are no overriding legitimate grounds for the processing;
    • Your personal data has been processed unlawfully;
    • the deletion of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
    Please note that your right to erasure may be restricted by legal provisions. These include the restrictions listed in Article 17 GDPR and section 35 BDSG.
  4. Right to restriction of processing, Article 18 GDPR
    You also have the right to request to restrict the processing of your personal data if one of the following applies:
    • You contest the accuracy of your personal data for a period that allows us to verify the accuracy of the personal data;
    • the processing is unlawful and you oppose to the erasure of the personal data and request instead the restriction of the use of your personal data;
    • we no longer need your personal data for the purposes of processing, but you need it for the establishment, exercise or defense of legal claims, or
    • You have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.
    If you have obtained a restriction on processing under the above list, we will inform you before the restriction is lifted.
  5. Right to withdraw your consent, Article 7 (3) GDPR
    You may withdraw any consent at any time with effect for the future. This withdrawal can take the form of an informal communication to the above contact addresses or via the technical means provided by us for this purpose. If you withdraw your consent, the legality of the data processing carried out up to that point will not be affected.
  6. Right to data portability, Article 20 GDPR
    As a data subject, you have the right to receive personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to others. The exercise of this right does not affect your right to erasure.
  7. Right to complain to the supervisory authority, Article 77 GDPR
    If you believe that the processing of your data by us violates applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities.
  8. Right to object, Art. 21 GDPR
    As the data subject, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (1) e) or f) GDPR; this also applies to profiling based on these provisions. In the event of such an objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a data subject, or the processing serves to establish, exercise or defend legal claims.

    If we process personal data for the purpose of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
    If you, as the data subject, object to processing for direct marketing purposes, we will no longer process the personal data concerned for these purposes.

 

Change to our data protection information

In order to ensure that our data protection information always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies if the Privacy Notice must be adapted due to new or revised services. We will be happy to provide you with the previous Privacy Notice on request.

October 2021