MING Labs GmbH | Schwanthalerstr. 13, Aufgang II | 80336 Muenchen
Tel: +49 89 9017 6725
Email: hello@minglabs.com
CEO: Matthias Roebel
Commercial Register: Amtsgericht Muenchen, HRB 190328

Data Privacy Officer
We have appointed a data privacy officer for our company:

Schmid Datensicherheit GmbH
Heidestr. 4
92637 Weiden / Opf.
Germany
Phone: +49 (0) 961/4712941

If you would like to contact only the data privacy officer of MING Labs GmbH regarding data privacy issues by e-mail, please direct your request to: dsb.minglabs@schmid-datensicherheit.de

If you would like to contact MING Labs GmbH directly about privacy issues via email, please direct your inquiry to: gdpr@minglabs.com

The following data protection policy is to inform users of the website www.minglabs.com about the character, scope and purposes of personal data that is processed by the responsible provider, MING Labs GmbH. It also applies to the provider's external online presences such as social media profiles, and regardless of the used domains, systems, platforms and devices on which this website is run.

With regard to the terms used, such as "personal data", "user" or "processing", we refer to Article 4 of the General Data Protection Regulation (GDPR).

Personal data of users is processed solely in accordance with the relevant data protection regulations. Based on Article 13 GDPR, we inform you about the legal basis of our data processing operations. Unless the legal basis is specified within this data privacy policy, the following shall apply:

1. The legal basis for the processing of personal data with separate consent are Article 6(1)(a) and Article 7 GDPR;
2. The legal basis for the processing of data in order to fulfill our services and to execute contractual measures is Article 6(1)(b) GDPR;
3. The legal basis for the processing of personal data in order to fulfill our legal obligations is Article 6(1)(c) GDPR;
4. The legal basis for the processing of personal data in order to preserve our legitimate interests is Article 6(1)(f) GDPR.

Personal data may only be transferred to third parties based on legal permissions and within the legal requirements. We only transfer user data to third parties as long as this is, e.g., based on Article 6(1)(b) GDPR, required for contractual purposes, or when we make use of services within our legitimate interests (Article 6(1)(f) GDPR). Provided that third parties are engaged in the processing of personal data under a "Data Processing Agreement", this happens on the basis of Article 28 GDPR.

As far as we make use of third-party services in order to provide our own services, we take appropriate measures to ensure the protection of personal data according to the relevant legal requirements.

This may include the transfer of personal data to servers outside the EU or to trusted third parties located outside the EU in order to process this data on our behalf. Be aware that many countries do not offer the same legal protection of personal data as is the case within the EU. While your personal information resides in another country, courts, prosecution and national security authorities of the respective country can access your data in accordance with its laws. 

Subject to such legitimate requests for access, we promise that everybody involved in the processing of your personal information outside the EU has to take measures in order to protect them and is only allowed to process them in accordance with our instructions and applicable EU law. We therefore only allow data to be processed in a third country provided that the specific preconditions of Article 44 ff. GDPR apply.

This means that data processing happens, e.g., based on special guarantees such as an officially acknowledged assessment in conformity with the EU's level of data privacy, based on compliance with specific contractual obligations (so-called "standard contractual clauses") or based on binding corporate rules in accordance with a certain consistency mechanism and further requirements.

For questions and matters of any kind, you have a number of options to contact us (e.g., via email, phone or our social media channels). When doing so, the data and information provided by the person contacting us will be processed as far as this is necessary to reply to a specific request. This can include personal data such as name, address, email address, phone number, but also content data such as images, videos or text input. The processing of data for the purpose of making contact with us is carried out in accordance with Article 6(1)(f) GDPR (legitimate interest), and if applicable, in order to fulfill contractual purposes or take precontractual measures (Article 6(1)(b) GDPR).

Subject to your explicit agreement as per Article 6(1)(a) GDPR, we use your email address to send you our newsletter on a regular basis. In case that the content of the newsletter is specifically described during the course of the subscription to the newsletter, this information is decisive for the user's consent. Apart from that, our newsletters provide information on our products, services, promotions and our company. To receive our newsletter, a valid email address is required. 

For newsletter subscriptions, we make use of the so-called double opt-in procedure, i.e., we will send a newsletter to your email address only after you have explicitly agreed to the activation of our newsletter service. To do so, we will send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a corresponding link provided in the notification email.

With subscribing to our newsletter, we store your IP address and the subscription date in order to be able to prove your subscription. 

You can withdraw your consent to receiving our newsletter at any time. You can do this either via a corresponding link in the newsletter itself or by sending us a message to the email address stated above.

For managing and sending our newsletter, we use "MailChimp", a newsletter publishing platform by US provider The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter subscribers and further types of data described here are stored by MailChimp on their servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. In addition to that and according to their own admission, MailChimp can make further use of this data in order to optimize or improve their own services, e.g., for technical optimization of newsletter submission and/or display, or for economic purposes in order to determine the countries that subscribers are from. MailChimp, however, does not use subscribers' data to send own emails nor to provide the data to third parties.

The newsletters contain a so-called "web beacon". This is a pixel-sized file which is called from MailChimp's server when the newsletter is being opened. Within this call, first of all, technical information such as information on your browser and system as well as your IP address and date/time of your newsletter call are collected. This information serves to technically improve MailChimp's services based on technical data, or on target groups and their reading behavior based on access locations (which can be identified through the IP addresses) or access times.

The collection of statistics also includes assessing if and when newsletters are being opened, and which links are clicked. For technical reasons, this information can be attributed to the individual newsletter subscribers, but it is neither our nor MailChimp's ambition to monitor individual users. The evaluations rather serve to learn about our subscribers' reading habits and to adjust our newsletter content accordingly.

MailChimp has contractually committed itself to transfer and process all data of its users from Switzerland, the EU and the UK in accordance with the standard contractual clauses of the EU.

Please visit https://mailchimp.com/legal/privacy/ and https://mailchimp.com/legal/terms/ for further information and to learn more about Mailchimp's privacy policy.

On our website, we provide an online job application form. Your personal data such as your name, email address, location as well as further application data is collected and used in order to handle the application process. Legal basis for the processing of this data is Article 26(1)(1) of the Federal Data Protection Act in connection with Article 88(1) GDPR.

We use Personio, an HR and application management software provided by Personio GmbH, Rundfunkplatz 4, 80335 München, Germany, to manage and handle the application process.

In case the application process does not result in an employment, your data will automatically be deleted after 90 days; unless legal provisions (e.g., burden of proof pursuant to the General Act on Equal Treatment) require a longer storage period in accordance with the statuatory periods. Legal basis for this are Article 6(1)(f) GDPR and §24(1)(2) of the Federal Data Protection Act.

In case that you have explicitly agreed to a longer storage period (e.g., pool of candidates), we process your data based on your given consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at anytime with effect for the future (Article 7(3) GDPR).

In case the application process results in an employement, we will continue to store the application data provided by you in our HR management software/your personnel record in order to organize, manage and execute the employment relationship in accordance with further applicable legal requirements. Legal basis for the processing of this data is Article 88(1) GDPR.

If you send us an application per email, your data is processed accordingly. Deletion of the emails happens on a regular basis. 

You can view Personio's detailed privacy policy here: https://www.personio.com/data-security/.

We run automated access logs on our server(s), i.e., access data is being collected. This data includes the name of the website/file called, date and time of the call, data volume transferred, report on successful call, browser type and version, operating system, referrer URL (the previously visited website), IP address as well as the provider.

Data is collected explicitly on the basis of our legitimate interest in accordance with Article 6(1)(f) GDPR, namely for maintenance and optimization of our services as well as for security reasons (e.g., investigation on abusive acts).

We make use of cookies on our website. Cookies are pieces of information that are transferred from our web server or web servers of third parties to the web browser of the user, and are being stored for future calls. Cookies can be small files or other types of information storage.

The use of cookies, on the one hand, serves to make the usage of our services attractive. We therefore implement so-called "session cookies" in order to learn that a user has accessed individual pages of our website. These cookies are automatically deleted when you leave our website. Besides that, temporary cookies, which are stored on the users' device for a specified period of time, are used in order to improve usability. When a user returns to our website to use our services, it is automatically recognized that the user has visited our site before and which inputs and settings were made so they do not have to be entered again.

Some of the cookies are for security reasons, are essential to run our website (e.g., to display the website correctly), or are required to store your preferences from the cookie banner. 

Legal basis for the data processing is your given consent in accordance with Article 6(1)(a) GDPR. With regard to cookies that are essential either for security reasons or to run our website, legal basis is our legitimate interest in accordance with Article 6(1)(f) GDPR.

Most browsers accept cookies automatically. You can still configure your browser in a way that no cookies are being stored on your computer, or a notification appears each time a new cookie is about to be installed. Completely deactivating cookies can, however, lead to a limited functionality of our website.

Based on your given consent, we use Google Analytics to analyze, improve and economically operate our website. Goolge Analytics is a web analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

Please note that, with the use of the service, data may be transferred to a third country outside the EU. Google's headquarter is registered in the USA as Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can view Google's detailed privacy policy here: https://policies.google.com/privacy. More information about the handling of user data by Google Analytics can be found in the privacy policy of Google: https://support.google.com/analytics/answer/6004245?hl=de.

In the context of web analysis, Google Analytics uses so-called "Cookies" and creates pseudonymized user profiles. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of our website such as browser type/version, operating system, referrer URL (the previously visited website), host name of the accessing computer (IP address) as well as date and time of the server request is transferred to a Google server and stored there.

The information is used to evaluate the usage of our website, to create reports on website activities and to fulfill further services connected to the website and internet usage for the purpose of market research and the needs- based shaping of this website. IP addresses are anonymized, so no allocation can be made ("IP masking”).

No data will be transferred to Google without your consent. Even after you have given consent, you can disallow the use of cookies by selecting the relevant settings in your browser. This can, however, lead to a limited functionality of our website.

You can also refuse the collection of data generated by the cookie and related to your use of our website (incl. your IP address) as well as the processing of that data by Google after you have given consent by downloading and installing the browser add-on provided here: https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser plug-in or when using a browser on a mobile device, please use the link below to set an opt-out cookie. This will prevent future collection of data by Google Analytics when using this website.

Please note: This opt-out cookie only applies to the browser used at that time and only for this domain. When you delete your cookies in your browser, you will have to click the link again.

This website uses Google Tag Manager, provided you have consented to the use of Google Analytics. Google Tag Manager is a Google tool for managing and configuring data collection by Google Analytics. These settings are defined in our website. As soon as the Google Tag Manager is running, at least your IP address can be forwarded to Google. The provider in Europe is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager itself works without cookies, but uses so-called tags and triggers. Tags are information embedded in a website and evaluated by other services. Triggers are events that trigger the activation of tags, e.g. when a user clicks on an active element or scrolls the website. The Google Tag Manager makes the relevant data available to the analysis tool in its proper form. General information about the Google services can be found in Google’s privacy policy, further information on Google Tag Manager can also be found at support.google.com/tagmanager/answer/9323295.

Our website includes links to some of our online profiles on the social media and blog/publishing platforms listed below. By implementing a simple linked graphic or text link instead of plug-ins, we prevent that data is being processed by the related platforms when you just visit our website. A connection to the respective platform is established only as a corresponding link is being clicked. Opening up one of the respective platforms via the link buttons is voluntary and constitutes an act of consent.

Once you are being redirected to a platform, data is collected and processed by the responsible provider. This includes usage data (e.g., access times, pages visited) as well as communication data (e.g., IP address, device information). If you have a user account with the respective platform provider and are logged in while clicking on the related link on our page, the provider may collect and process further personal data like name, address, email address, phone number, but also content data such as images, videos or text input, and associate this data with your personal user account. 

To prevent your data from being linked with your personal user account, you need to make sure that you are either logged out from the related platform or that you have adjusted your user account settings accordingly before clicking the related link on our website.

Please note that your user data may be processed outside the EU (e.g., in the USA). This can lead to increased risks for you, e.g., with regard to accessing that data at a later point. It can neither be accessed by us. The access possibility lies with the platform provider only. Requesting information or exercising data subject rights will therefore best be addressed directly to the platform provider.

Please review the privacy policies of the individual providers for details on the applicable data protection regulations including the specific kinds of data processing or information on how to object.

Instagram

MING Labs GmbH has a presence on the social network Instagram. Instagram is a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The processing of data, in this case, is a joint responsibility of Facebook Ireland Limited and MING Labs GmbH. You can view the agreement on the regulations and obligations of this joint responsibility in accordance with GDPR here: https://www.facebook.com/legal/terms/page_controller_addendum.

We have no influence on the data protection regulations and settings in Instagram. Responsible parent company is Facebook, Inc., 1601 Willow Road, Menlo park, CA 94025, USA.

You can view Instagram's detailed privacy policy here: http://instagram.com/about/legal/privacy.

Adjustments to your personal settings can be made here (login required): https://www.instagram.com/accounts/login/next=/accounts/privacy_and_security/.

Instagram's data protection officer, with Facebook Ireland Limited as the responsible provider, can be contacted via this online form: https://www.facebook.com/help/contact/540977946302970.

LinkedIn

MING Labs GmbH has a presence on the social network LinkedIn. LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Data collected when visiting this presence may be processed and used outside the EU area. Responsible parent company is LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

You can view LinkedIn's detailed privacy policy here: https://www.linkedin.com/legal/privacy-policy.

Medium

Medium is a service provided by A Medium Corporation, 760 Medium Street, San Francisco, CA 94102, USA.

You can view Medium's detailed privacy policy here:
https://medium.com/policy/medium-privacy-policy-f03bf92035c9.

Adjustments to your personal settings can be made here (login required): https://medium.com/me/settings.

Medium's data protection officer, represented by VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland, can be contacted via this online form:
https://www.verasafe.com/privacy-services/contact-article-27-representative.

Twitter

Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Data collected when accessing this service may be processed and used outside the EU area.

You can view Twitter's detailed privacy policy here:
https://twitter.com/de/privacy.

Adjustments to your personal settings can be made here (login required): https://twitter.com/personalization.

All of your browser's communication with our services is secured via an encrypted SSL connection in order to protect your data against unauthorized access by third parties. Only selected administrators can access your data and only to the extent as it is necessary to maintain the services.

Apart from that, we take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or access by unauthorized persons. Our security measures are constantly being improved according to the technological development.

Data stored by us will be deleted once it is no longer required for the intended purpose  and provided that no legal retention obligations object to a deletion. If user data cannot be deleted due to further and lawful purposes, the processing of this data will be limited, i.e., data is locked and not processed for other purposes.

You have the following rights:

1. in accordance with Article 15 GDPR, to receive information about your personal data processed by us upon request;
2. in accordance with Article 15 GDPR, to immediately request rectification of inaccurate or incomplete personal data stored by us;
3. in accordance with Article 17 GDPR, to request deletion of personal data stored by us as long as its processing is not required to exercise freedom of expression and information, to fulfill a legal obligation, for reasons of public interests or to claim, exercise or defend legal rights;
4. in accordance with Article 18 GDPR, to request limitation of processing of your personal data;
5. in accordance with Article 20 GDPR, to receive information on your personal data provided to us in a structured, common and machine-readable format or to request its transmission to another responsible entity;
6. in accordance with Article 7(3) GDPR, to revoke your consent once given to us, effective for the future;
7. in accordance with Article 77 GDPR, to complain to a supervisory authority. You can do this by approaching the supervisory authority of your usual place of residence or place of work or the supervisory authority of our registered office.

Provided that your personal data is processed based on legitimate interests in accordance with Article 6(1)(f) GDPR, you have the right, in accordance with Article 21 GDPR, to lodge an objection against the processing of your personal data when there are valid reasons arising out of your particular situation, or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specification of a particular situation. If you want to make use of your right of objection, simply send us an email to the email address mentioned above.

Provided that you have given consent in accordance with Article 6(1)(a) GDPR, you have the right to withdraw this consent at any time with effect for the future. Withdrawing consent does not affect the lawfulness of data processings that have been performed before your withdrawal and based on your previous consent. If you want to make use of your right of withdrawal, simply send us an email to the email address mentioned above. 

We reserve the right to make changes to this data privacy policy from time to time to meet the obligations of changed legal positions or to extent the scope of functions of our internet presence. You should therefore review this data privacy policy on a regular basis to stay informed about the protection of your data. By continuing the use of our services, you agree with this data privacy policy in its current version.