Privacy Policy

How we handle your data

The protection of your privacy is very important to Müller-BBM AG. We process your personal data only in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and other statutory data protection provisions, in particular the German Federal Data Protection Act (BDSG). The following information explains in detail how your data is handled when you use our website.

INFORMATION ABOUT THE RESPONSIBLE PARTY

The responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Müller-BBM AG
Helmut-A.-Müller-Strasse 1 - 5, 82152 Planegg/Munich, Germany

T +49 89 2620228-00 | info(at)mbbm-ag.com | www.mbbm-ag.com

INFORMATION ABOUT THE DATA PROTECTION OFFICER (DPO)

We have appointed as our data protection officer:

Data Protection Officer of Müller-BBM AG
c/o activeMind AG Management- und Technologieberatung
Potsdamer Str. 3, 80802 Munich, Germany

T +49 89 919294-900 | datenschutz(at)mbbm-ag.com

1. DATA SUBJECT RIGHTS

Your data subject rights

You can exercise the following rights at any time using the contact details provided:

Information about your data stored by us and its processing (Art. 15 GDPR),
Correction of inaccurate personal data (Art. 16 GDPR),
Deletion of your data stored by us (Art. 17 GDPR),
Restriction of data processing if we are not yet permitted to delete your data due to legal obligations (Art. 18 GDPR),
Objection to the processing of your data by us (Art. 21 GDPR) and
Data portability, if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).

The right to information and the right to erasure may be subject to restrictions in accordance with Sections 34 and 35 of the German Federal Data Protection Act (BDSG).

If you have given us your consent, you can revoke it at any time with effect for the future. You can lodge a complaint with a supervisory authority at any time, e.g. with the respective supervisory authority of the federal state in which you reside or with the authority responsible for us as the controller.

A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

2. OVERVIEW OF INDIVIDUAL PROCESSING

A) Contact

Type and purpose of processing: Our website features a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored.

The following data is also stored when the message is submitted:

Date and time of the request
URL from which the request was made
Other information provided to us via the contact address

You can also contact us via the email addresses provided. In this case, the personal data transmitted with the email will be stored. This includes the date and time the email was sent, the email address, IP addresses, and information about the servers involved in the email communication. You can also contact us using the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call.

Regardless of the type of communication you choose, we collect the content of your request. Your data will be stored for the purpose of individual communication with you.

Legal basis: The data entered in the contact form is processed based on of a legitimate interest (Art. 6 (1) lit. f GDPR). Our legitimate interest in processing your data is to enable you to contact us easily.

If you contact us to request a quote, the data entered in the contact form will be processed for the purpose of taking steps prior to entering into a contract (Art. 6 para. 1 lit. b GDPR).

Recipients: The recipients of the data are, if applicable, technical service providers who act as processors for the operation and maintenance of our website.

Storage period: Data will be deleted no later than 6 months after processing of the request. If a contractual relationship is established, we are subject to the statutory retention periods. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.

Provision mandatory or required: The provision of your personal data is voluntary. However, we can only process your request if you provide us with the necessary data and the reason for your request.

Objection: Please read the information about your right of objection in accordance with Art. 21 GDPR.

B) Server log files

Collection of general information when you visit our website

Type and purpose of processing: When you access our website, i.e. when you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, and similar information. This data is processed in particular for the following purposes:

Ensuring a smooth connection to the website
Ensuring the smooth use of our website
Ensuring and evaluating system security and stability, in particular for the purpose of detecting misuse
Ensuring the technically error-free presentation and optimization of our website

We do not use your data to draw conclusions about your person. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

Legal basis and legitimate interest: Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and misuse detection.

Recipients: Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period: Data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 7 days, unless a security-related event occurs (e.g., a DDoS attack). In the event of such an event, server log files will be stored until the security-related event has been eliminated and fully clarified.

Provision mandatory or required: The provision of the aforementioned personal data is neither required by law nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.

Objection: Please read the information about your right to object in accordance with Art. 21 GDPR.

C) Reach measurement (web)

Type and purpose of processing: Reach measurement is used to evaluate visitor flows to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous data. With the help of reach analysis, we can, for example, identify at what times our online offering or its functions or content are used most frequently or invite reuse. We can also identify which areas require improvement.

For statistical evaluation, we use MATOMO in “cookieless tracking” mode on our website to improve our services. MATOMO is an open-source web analytics tool that anonymizes your usage behavior.

MATOMO collects the following data on our behalf:

Location of access
Length of stay
Which subpages you visit on our website
How you visit our website (mobile or desktop)
Which operating system you use to visit our website
At what time you visit our website
Which browser you use to visit our website
IP address (anonymized by MATOMO by masking the last two fields of the IP address with 2 bytes; this anonymization cannot be reversed)

Legal basis: Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest. The measurement of reach and the resulting information are suitable for adapting the website.

Recipients: We use technical service providers for the operation and maintenance of our website, who act as our processors.

Storage period: The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

Provision mandatory or required: The provision of data is neither required by law nor contractually required.

Objection: Please read the information about your right to object in accordance with Art. 21 GDPR.

D) Captcha

Collection of general information when visiting our website

Type and purpose of processing: To verify whether the data entered on this website (e.g., in a contact form) is entered by a human or by an automated program, we use the “FriendlyCaptcha Advanced” service with a dedicated EU data center provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

Friendly Captcha is a proof-of-work-based CAPTCHA solution in which the user's device solves a cryptographic challenge. This solution starts automatically as soon as the website visitor enters a website with Friendly Captcha enabled. Friendly Captcha only collects data that is necessary for security purposes. No data is used or stored for the purpose of identifying a natural person or for marketing purposes. Data that could identify a user, such as IP addresses, is anonymized using one-way hashing. Furthermore, no HTTP cookies are used, and no data is stored in a permanent browser storage (such as LocalStorage or IndexedDB). This means that no consent from the end user is required to use Friendly Captcha.

Legal basis and legitimate interest: The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam. These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.

Recipients: Recipients of the data may be technical service providers who provide web services.

Storage period: Data is stored for the duration of a single visitor session.

Provision mandatory or required: The provision of the aforementioned personal data is neither required by law nor contractually required. However, without solving the captcha, the intended service and functionality cannot be guaranteed.

E) Registration for events

Type and purpose of processing: If necessary, our website provides a form for registering for events, which can be used for electronic registration. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored. The following data is also stored at the time of submission:

Date and time of registration
Email address
Salutation, title, and position
First name and last name
Company and department
Country, city, postal code, and street
Phone
Subject
Text in the input field Note/comment
Selected event

Legal basis and legitimate interest: For the processing of the data, consent is obtained when the registration is submitted and reference is made to this privacy policy. The data will be used exclusively for planning and conducting the event (registration data). We process the data for the duration of the fulfillment of the contractual services and maintenance of customer relationships. The other personal data processed during the submission is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Recipients: Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period: Data will only be processed in this context once it is no longer required to fulfill the purpose for which it was collected and as long as the relevant consent has been given. After revocation, it will be deleted unless there are legal obligations to retain it.

Provision mandatory or required: The provision of the aforementioned personal data is voluntary.

Revocvation: You have the right to revoke your consent to the processing of your personal data at any time. Upon revocation, your data will be deleted. All personal data stored in the course of contacting us will be deleted in this case, unless commercial and tax law retention obligations prevent this. You can revoke your consent by sending us an email or letter.

3. INFORMATION ABOUT YOUR RIGHT TO OBJECT UNDER ART. 21 GDPR

Right to object in individual cases

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) lit. f GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipients of an objection

The objection can be made informally with the subject line “Objection” and stating your name, address, or other identifying characteristics to:

Data Protection Officer of Müller-BBM AG
Email: datenschutz(at)mbbm-ag.com | Phone: +49 89 919294-900

4. CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

5. TLS ENCRYPTION

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., TLS) via HTTPS.

6. QUESTIONS ABOUT DATA PROTECTION

If you have any questions about data protection, please send us an email at: datenschutz(at)mbbm-ag.com.

As of: 05.2025