Data privacy policy

Responsible entity

MING Labs GmbH Hotterstrasse 3 80331 Muenchen
Tel: +49 89 9017 6725 Email: hello@minglabs.com
CEO: Matthias Roebel
Commercial Register: Amtsgericht Muenchen, HRB 190328

Data protection officer
stefan.georg@minglabs.com

General information on data processing and legal basis

The following data protection policy is to inform users of the website www.minglabs.com about the character, scope and purposes of personal data that is processed by the responsible provider, MING Labs GmbH. It also applies to the provider's external online presences such as social media profiles, and regardless of the used domains, systems, platforms and devices on which this website is run.

With regard to the terms used, such as "personal data", "user" or "processing", we refer to Article 4 of the General Data Protection Regulation (GDPR).

Personal data of users is processed solely in accordance with the relevant data protection regulations. Based on Article 13 GDPR, we inform you about the legal basis of our data processing operations. Unless the legal basis is specified within this data privacy policy, the following shall apply:

  1. The legal basis for the processing of personal data with separate consent are Article 6(1)(a) and Article 7 GDPR;
  2. The legal basis for the processing of data in order to fulfill our services and to execute contractual measures is Article 6(1)(b) GDPR;
  3. The legal basis for the processing of personal data in order to fulfill our legal obligations is Article 6(1)(c) GDPR;
  4. The legal basis for the processing of personal data in order to preserve our legitimate interests is Article 6(1)(f) GDPR.
Data transfer to third parties and third-party providers

Personal data may only be transferred to third parties based on legal permissions and within the legal requirements. We only transfer user data to third parties as long as this is, e.g., based on Article 6(1)(b) GDPR, required for contractual purposes, or when we make use of services within our legitimate interests (Article 6(1)(f) GDPR). Provided that third parties are engaged in the processing of personal data under a "Data Processing Agreement", this happens on the basis of Article 28 GDPR.

As far as we make use of third-party services in order to provide our own services, we take appropriate measures to ensure the protection of personal data according to the relevant legal requirements.

This may include the transfer of personal data to servers outside the EU or to trusted third parties located outside the EU in order to process this data on our behalf. Be aware that many countries do not offer the same legal protection of personal data as is the case within the EU. While your personal information resides in another country, courts, prosecution and national security authorities of the respective country can access your data in accordance with its laws. 

Subject to such legitimate requests for access, we promise that everybody involved in the processing of your personal information outside the EU has to take measures in order to protect them and is only allowed to process them in accordance with our instructions and applicable EU law. We therefore only allow data to be processed in a third country provided that the specific preconditions of Article 44 ff. GDPR apply.

This means that data processing happens, e.g., based on special guarantees such as an officially acknowledged assessment in conformity with the EU's level of data privacy (e.g., for USA, the so-called "Privacy Shield"), or based on compliance with specific contractual obligations (so-called "standard contractual clauses").

What personal data we collect

Contacting us / communication

For questions and matters of any kind, you have a number of options to contact us (e.g., via email, phone or our social media channels). When doing so, the data and information provided by the person contacting us will be processed as far as this is necessary to reply to a specific request. This can include personal data such as name, address, email address, phone number, but also content data such as images, videos or text input. The processing of data for the purpose of making contact with us is carried out in accordance with Article 6(1)(f) GDPR (legitimate interest), and if applicable, in order to fulfill contractual purposes or take precontractual measures (Article 6(1)(b) GDPR).

Newsletter

Subject to your explicit agreement as per Article 6(1)(a) GDPR, we use your email address to send you our newsletter on a regular basis. In case that the content of the newsletter is specifically described during the course of the subscription to the newsletter, this information is decisive for the user's consent. Apart from that, our newsletters provide information on our products, services, promotions and our company. To receive our newsletter, a valid email address is required. 

For newsletter subscriptions, we make use of the so-called double opt-in procedure, i.e., we will send a newsletter to your email address only after you have explicitly agreed to the activation of our newsletter service. To do so, we will send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a corresponding link provided in the notification email.

With subscribing to our newsletter, we store your IP address and the subscription date in order to be able to prove your subscription. 

You can withdraw your consent to receiving our newsletter at any time. You can do this either via a corresponding link in the newsletter itself or by sending us a message to the email address stated above.

For managing and sending our newsletter, we use "MailChimp", a newsletter publishing platform by US provider The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter subscribers and further types of data described here are stored by MailChimp on their servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. In addition to that and according to their own admission, MailChimp can make further use of this data in order to optimize or improve their own services, e.g., for technical optimization of newsletter submission and/or display, or for economic purposes in order to determine the countries that subscribers are from. MailChimp, however, does not use subscribers' data to send own emails nor to provide the data to third parties.

The newsletters contain a so-called "web beacon". This is a pixel-sized file which is called from MailChimp's server when the newsletter is being opened. Within this call, first of all, technical information such as information on your browser and system as well as your IP address and date/time of your newsletter call are collected. This information serves to technically improve MailChimp's services based on technical data, or on target groups and their reading behavior based on access locations (which can be identified through the IP addresses) or access times.

The collection of statistics also includes assessing if and when newsletters are being opened, and which links are clicked. For technical reasons, this information can be attributed to the individual newsletter subscribers, but it is neither our nor MailChimp's ambition to monitor individual users. The evaluations rather serve to learn about our subscribers' reading habits and to adjust our newsletter content accordingly.

MailChimp is Privacy Shield-certified and, hence, commits itself to comply with the European data protection principles:

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.

Please visit https://mailchimp.com/legal/privacy/ and https://mailchimp.com/legal/terms/ for further information and to learn more about Mailchimp's privacy policy.

Online job applications

On our website, we provide an online job application form. Your personal data such as your name, email address, location as well as further application data is collected and used in order to handle the application process. Legal basis for the processing of this data is Article 26(1)(1) of the Federal Data Protection Act in connection with Article 88(1) GDPR.

We use Personio, an HR and application management software provided by Personio GmbH, Rundfunkplatz 4, 80335 München, Germany, to manage and handle the application process.

In case the application process does not result in an employment, your data will automatically be deleted after 90 days; unless legal provisions (e.g., burden of proof pursuant to the General Act on Equal Treatment) require a longer storage period in accordance with the statuatory periods. Legal basis for this are Article 6(1)(f) GDPR and §24(1)(2) of the Federal Data Protection Act.

In case that you have explicitly agreed to a longer storage period (e.g., pool of candidates), we process your data based on your given consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at anytime with effect for the future (Article 7(3) GDPR).

In case the application process results in an employement, we will continue to store the application data provided by you in our HR management software/your personnel record in order to organize, manage and execute the employment relationship in accordance with further applicable legal requirements. Legal basis for the processing of this data is Article 88(1) GDPR.

If you send us an application per email, your data is processed accordingly. Deletion of the emails happens on a regular basis. 

You can view Personio's detailed privacy policy here: https://www.personio.com/data-security/.

Access data and log files

We run automated access logs on our server(s), i.e., access data is being collected. This data includes the name of the website/file called, date and time of the call, data volume transferred, report on successful call, browser type and version, operating system, referrer URL (the previously visited website), IP address as well as the provider.

Data is collected explicitly on the basis of our legitimate interest in accordance with Article 6(1)(f) GDPR, namely for maintenance and optimization of our services as well as for security reasons (e.g., investigation on abusive acts).

Cookies

We make use of cookies on our website. Cookies are pieces of information that are transferred from our web server or web servers of third parties to the web browser of the user, and are being stored for future calls. Cookies can be small files or other types of information storage.

The use of cookies, on the one hand, serves to make the usage of our services attractive. We therefore implement so-called "session cookies" in order to learn that a user has accessed individual pages of our website. These cookies are automatically deleted when you leave our website. Besides that, temporary cookies, which are stored on the users' device for a specified period of time, are used in order to improve usability. When a user returns to our website to use our services, it is automatically recognized that the user has visited our site before and which inputs and settings were made so they do not have to be entered again.

Some of the cookies are for security reasons, are essential to run our website (e.g., to display the website correctly), or are required to store your preferences from the cookie banner. 

Legal basis for the data processing is your given consent in accordance with Article 6(1)(a) GDPR. With regard to cookies that are essential either for security reasons or to run our website, legal basis is our legitimate interest in accordance with Article 6(1)(f) GDPR.

Most browsers accept cookies automatically. You can still configure your browser in a way that no cookies are being stored on your computer, or a notification appears each time a new cookie is about to be installed. Completely deactivating cookies can, however, lead to a limited functionality of our website.

Google Analytics

Based on your given consent, we use Google Analytics to analyze, improve and economically operate our website. Goolge Analytics is a web analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google". 

Please note that, with the use of the service, data may be transferred to a third country outside the EU (USA). Google Inc. is Privacy Shield-certified, and, hence, commits itself to providing an adequate level of data protection in accordance with Article 45 GDPR. 

You can view Google's detailed privacy policy here: https://policies.google.com/privacy.

In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of our website such as browser type/version, operating system, referrer URL (the previously visited website), host name of the accessing computer (IP address) as well as date and time of the server request is transferred to a Google server and stored there.

The information is used to evaluate the usage of our website, to create reports on website activities and to fulfill further services connected to the website and internet usage for the purpose of market research and the needs-based shaping of this website. IP addresses are anonymized, so no allocation can be made ("IP masking“).

No data will be transferred to Google without your consent. Even after you have given consent, you can diaallow the use of cookies by selecting the relevant settings in your browser. This can, however, lead to a limited functionality of our website.

You can also refuse the collection of data generated by the cookie and related to your use of our website (incl. your IP address) as well as the processing of that data by Google after you have given consent by downloading and installing the browser add-on provided here: https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser plug-in or when using a browser on a mobile device, please use the link below to set an opt-out cookie. This will prevent future collection of data by Google Analytics when using this website. Please note: This opt-out cookie only applies to the browser used at that time and only for this domain. When you delete your cookies in your browser, you will have to click the link again.

Links to external platforms (social media, blog)

Our website includes links to some of our online profiles on the social media and blog/publishing platforms listed below. By implementing a simple linked graphic or text link instead of plug-ins, we prevent that data is being processed by the related platforms when you just visit our website. A connection to the respective platform is established only as a corresponding link is being clicked.

Once you are being redirected to a platform, data is collected and processed by the responsible provider. This includes usage data (e.g., access times, pages visited) as well as communication data (e.g., IP address, device information). If you have a user account with the respective platform provider and are logged in while clicking on the related link on our page, the provider may collect and process further personal data like name, address, email address, phone number, but also content data such as images, videos or text input, and associate this data with your personal user account. 

To prevent your data from being linked with your personal user account, you need to make sure that you are either logged out from the related platform or that you have adjusted your user account settings accordingly before clicking the related link on our website.

Please note that your user data may be processed outside the EU (e.g., in the USA). This can lead to increased risks for you, e.g., with regard to accessing that data at a later point. It can neither be accessed by us. The access possibility lies with the platform provider only. Requesting information or exercising data subject rights will therefore best be addressed directly to the platform provider.

Please review the privacy policies of the individual providers for details on the applicable data protection regulations including the specific kinds of data processing or information on how to object.

Instagram

Instagram is a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The processing of data, in this case, is a joint responsibility of Facebook Ireland Limited and MING Labs GmbH. You can view the agreement on the regulations and obligations of this joint responsibility in accordance with GDPR here: https://www.facebook.com/legal/terms/page_controller_addendum.

Parent company Facebook, Inc., 1601 Willow Road, Menlo park, CA 94025, USA, is Privacy Shield-certified and, hence, commits itself to comply with the European data protection principles: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

You can view Instagram's detailed privacy policy here: http://instagram.com/about/legal/privacy.

Adjustments to your personal settings can be made here (login required): https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/.

Instagram's data protection officer, with Facebook Ireland Limited as the responsible provider, can be contacted via this online form: https://www.facebook.com/help/contact/540977946302970.

LinkedIn

LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Parent company LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, is Privacy Shield-certified and, hence, commits itself to comply with the European data protection principles: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

You can view LinkedIn's detailed privacy policy here: https://www.linkedin.com/legal/privacy-policy.

Medium

Medium is a service provided by A Medium Corporation, 760 Medium Street, San Francisco, CA 94102, USA.

You can view Medium's detailed privacy policy here: https://medium.com/policy/medium-privacy-policy-f03bf92035c9.

Adjustments to your personal settings can be made here (login required): https://medium.com/me/settings.

Medium's data protection officer, represented by VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland, can be contacted via this online form: https://www.verasafe.com/privacy-services/contact-article-27-representative.

Twitter

Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Twitter Inc. is Privacy Shield-certified and, hence, commits itself to comply with the European data protection principles: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

You can view Twitter's detailed privacy policy here: https://twitter.com/de/privacy.

Adjustments to your personal settings can be made here (login required): https://twitter.com/personalization.

Data security

All of your browser's communication with our services is secured via an encrypted SSL connection in order to protect your data against unauthorized access by third parties. Only selected administrators can access your data and only to the extent as it is necessary to maintain the services.

Apart from that, we take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or access by unauthorized persons. Our security measures are constantly being improved according to the technological development.

Deletion of data

Data stored by us will be deleted once it is no longer required for the intended purpose  and provided that no legal retention obligations object to a deletion. If user data cannot be deleted due to further and lawful purposes, the processing of this data will be limited, i.e., data is locked and not processed for other purposes.

Data subject rights

You have the following rights:

  1. in accordance with Article 15 GDPR, to receive information about your personal data processed by us upon request;
  2. in accordance with Article 15 GDPR, to immediately request rectification of inaccurate or incomplete personal data stored by us;
  3. in accordance with Article 17 GDPR, to request deletion of personal data stored by us as long as its processing is not required to exercise freedom of expression and information, to fulfill a legal obligation, for reasons of public interests or to claim, exercise or defend legal rights;
  4. in accordance with Article 18 GDPR, to request limitation of processing of your personal data;
  5. in accordance with Article 20 GDPR, to receive information on your personal data provided to us in a structured, common and machine-readable format or to request its transmission to another responsible entity;
  6. in accordance with Article 7(3) GDPR, to revoke your consent once given to us, effective for the future;
  7. in accordance with Article 77 GDPR, to complain to a supervisory authority. You can do this by approaching the supervisory authority of your usual place of residence or place of work or the supervisory authority of our registered office.
Right of objection

Provided that your personal data is processed based on legitimate interests in accordance with Article 6(1)(f) GDPR, you have the right, in accordance with Article 21 GDPR, to lodge an objection against the processing of your personal data when there are valid reasons arising out of your particular situation, or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specification of a particular situation. If you want to make use of your right of objection, simply send us an email to the email address mentioned above.

Right of withdrawal

Provided that you have given consent in accordance with Article 6(1)(a) GDPR, you have the right to withdraw this consent at any time with effect for the future. Withdrawing consent does not affect the lawfulness of data processings that have been performed before your withdrawal and based on your previous consent. If you want to make use of your right of withdrawal, simply send us an email to the email address mentioned above. 

Changes to this data privacy policy

We reserve the right to make changes to this data privacy policy from time to time to meet the obligations of changed legal positions or to extent the scope of functions of our internet presence. You should therefore review this data privacy policy on a regular basis to stay informed about the protection of your data. By continuing the use of our services, you agree with this data privacy policy in its current version.

ROTATE YOUR PHONE TO PORTRAIT MODE TO CONTINUE BROWSING THIS WEBSITE ¯\_( )_/¯