1. General Information

Thank you for visiting our website mid.de. Security and protection of our customers’ and users’ data is our highest priority. We have set out our website and business processes in such a way that the least possible personal data is collected or processed. The following data protection declaration explains which information we collect during your visit to our website and which parts of this information are used and how. You can read how your personal data is handled below.
This website uses an SSL or TLS encryption for security reasons and to protect your personal data and other confidential content (e.g. requests to the controller). The “https://” string and the lock icon in your browser indicate that the connection is encrypted.

2. Log Files

We process access data (your IP address in particular) on our website for statistical evaluation for company use, security and improving our website. This enables us more effective presentation of our website and to identify errors. We record access data when our site is accessed and save it in a log file:

  • Name of the website accessed
  • Date and time access
  • Data recorded / message about successful access
  • Browser type and version
  • Operating system
  • Referrer URL
  • Requesting provider / your IP address

We cannot identify you using this data. Log data is regularly deleted, no later than 30 days after it was recorded. Legal grounds for processing the data is in our legitimate interest for the purpose of Art. 6 Par. 1 (f) of the GDPR.

Cookies

Our site uses so-called “cookies”. These are text files which are used by our website to make your visit quicker and easier; they enable access to secure areas of our website.

Depending on where a cookie originated from, you can differentiate between a first-party and third-party cookie:

First-Party Cookies

Cookies created and locally stored by website operators for processing controllers or a processor commissioned by the controller. Only the operator can access these cookies.

Third-Party Cookies

Cookies created, set and accessed by third-party suppliers; these are not used as processors for website users.

Depending on the period of validity, you can also differentiate between transient and persistent cookies:

Transient Cookies

Cookies which are automatically deleted when you close the browser. These include session cookies.

Persistent Cookies

CCookies which a stored for a predefined period of time on your device once the browser is closed.

Depending on their property and purpose of use, user permission may be required for use of certain cookies. You can also differentiate between cookies which require obligatory user permission:

Cookies (Consent Not Required):

Cookies that are essential for the website operator to provide the service required (“essential cookies”).

Cookies (Consent Required):

Cookies that are used for all other purposes than those mentioned above (“non-essential cookies”).

If user permission is required, then we only use precisely these cookies if you previously granted permission to do so. A “cookie banner” appears when you access our website, where you can click a button to grant permission for using cookies. Necessary cookies cannot be deactivated via this website's cookie banner. However, You can manage and deactivate these cookies in your general browser at any time.

4. Third Party

We use various third party services to provide our services and continuously improve; personal data must be processed for this purpose. For example, our website uses tracking technology so that we can measure, assess and continuously improve. We can also identify and avert fraud and security risks to protect our users and partners.

4.1 Google Analytics

We use Google Analytics, a web analysis service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4. Ireland (“Google”). Google Analytics uses cookies for analyzing how you use the website. Google uses this information on our behalf to evaluate how the user uses our online offer, to compile reports about activities carried out within this online offer and to deliver information about the use of this online offer and internet use of linked services. Pseudonym user profiles may be created from the processed data. Your data protection is our top priority, this is why we have employed a configuration parameter “anonymizeIP” alongside Google Analytics.

The code records your IP address as truncated. Your personal usage data is kept anonymous in Google Analytics. Google will truncate the user’s IP address within European Union member states or in other contracting states in the European Economic Area. The user’s IP address communicated via the browser will not be associated with other data held by Google. Information about how you use our online offer created by the cookie is normally transferred to a Google server in the USA and stored there.
Data processing is carried out based on your consent, in accordance with Article 6, Paragraph 1 of the GDPR, if you have given your consent for our banner to be used. You can revoke your consent any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner.

Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR.
You can find more information about Google’s data use, setting options and appeal options under Google’s privacy policy, as well as settings for Google advertisements. You can find more information about terms of use of Google Analytics and data protection law here.

4.2 HubSpot

We use services provided by the software HubSpot. HubSpot is an American software company with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).

HubSpot is a service platform. The service used is an integrated software solution for managing customer data and various aspects of our online marketing. This includes analysis of the landing pages and reporting. “Web beacons” are used for this and cookies are stored on your device used

  • IP address,
  • Geographical location,
  • Type of browser,
  • Duration of the visit,
  • Accessed pages.

The recorded information and website content is stored on our software partner HubSpot’s servers in Ireland. We use HubSpot for analyzing use of our website. This enables us to continuously improve our website and make it user-friendly. We also use information to determine which services we provide are of interest to our customers and newsletter subscribers and to contact them for these advertising purposes. We also use this information to improve website use for you.We only use your IP address in truncated form. HubSpot truncate the user’s IP address within European Union member states or in other contracting states in the European Economic Area. Full IP addresses are rarely sent to a HubSpot server in the USA and truncated there.Cookies have a typical service life of 13 months. We delete all personal data collected via HubSpot as soon as the purpose the data was collected for has been obtained, as long as this does not infringe any legal requirements. Information about how you use our online offer created by the cookie is normally also transferred to a Google server in the USA and stored there. Data processing is carried out based on your consent, in accordance with Article 6, Paragraph 1 of the GDPR, if you have given your consent for our banner to be used. You can revoke your consent any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner. Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR. You can find more information about HubSpot functions in the HubSpot Inc. privacy policy.

4.3 salesforce.com CRM System

We use the Salesforce CRM system. Salesforce.com is represented in Germany by: Salesforce.com Germany GmbH, Erika-Mann-Strasse 63, 80636 Munich, Germany. The address of the parent company in USA is: The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA.

We implement Salesforce.com as a management system for customer contact data, potential new customers contact data and customer care. Personal data is collected, processed and stored for this purpose. A limited number of authorized users have access to the database to search company information about customers and potential new customers or to be able to answer support queries.

Salesforce.com only uses personal data for technical processing and does not pass this information on to third parties. Salesforce.com may store and process your data on servers in a third country (i.e. outside the European Union (EU) or European Economic Area (EEA)). Salesforce.com acts on our behalf as a processor and only acts exclusively upon our instructions. MID GmbH has contractual agreements with Salesforce.com to comply with requirements.

Salesforce.com is a certified license holder of the TRUSTe Privacy Seal and is also certified within the framework of the EU – US Privacy Shield regulations. Salesforce.com also has an additional guarantee to comply with the European data protection law for data processed in USA.

Salesforce.com’s data protection regulations apply and can be found via the following URL: www.salesforce.com/company/privacy/

5. Social Plug-Ins

We use social plug-ins from various providers of social networks. Social plug-ins enable website content to be distributed via social networks. You can find social plug-ins from various internet services on this website. The details page contains information about these individual plug-ins and examples of their use and integration.

5.1 Google Web Fonts

Our website uses web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) to ensure standardized font display.

When a site is accessed, your browser loads the necessary web fonts into your browser cache so that text and fonts can be correctly displayed. Your browser must connect to the Google servers for this purpose; personal data may need to be sent to the Google LLC servers in USA for this.

It is not possible to ensure an adequate level of data protection in view of Google LLC and data processing being carried out in the USA. Authorities may be able to access the data for security and monitoring purposes without the need to inform you or This means you being able to appeal this. We cannot influence to what extent Google will process this data for their own purposes or link it with your other user profiles.

This is why we have integrated Google fonts locally on our web server and not on the Google servers. There is no connection to the Google servers and therefore no data communication and no data is stored. Legal grounds for processing the data is in our legitimate interest for the purpose of Art. 6 Par. 1 (f) of the GDPR.

You can revoke processing of this data at any time using the settings in your browser or certain browser extensions. Please note that this may produce some functional limitations to the website. You can find further information about Google Web Fonts here and in Google’s privacy policy.

5.2 Google Tag Manager

We use Google Tag Manager, an online advertising program provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

This service manages website tags via an interface. Google Tag Manager only implements tags. That means: No cookies are used and no personal data is collected. Google Tag Manager triggers other tags which, in turn, collect data.

Tag Manager is run in your browser, i.e. at the very least, stored as information in your device’s storage.

Data processing is carried out based on your consent, in accordance with Art. 6, Par. 1 of the GDPR, if you have given your consent for our banner to be used. You can revoke your consent any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner. Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR.

You can find additional information about handling of user data in the Google Tag Manager Use Policy.

5.3 Facebook Pixel

We use “Facebook Pixel” on our website. This is a service provided by Facebook Ireland Ltd (from hereinafter referred to as “Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook Pixel is a tool developed by Facebook for determining which of our website viewers should be shown which adverts or so-called “Facebook Ads”. We employ Facebook Pixel to show Facebook Ads for our users who have already shown interest in our internet offers we provide or those who our website content may be relevant for (interest-related advert placement). We want to use Facebook Pixel to ensure that our Facebook Ads are relevant to the user. We can use Facebook Pixel to target our Facebook advertising for statistical and market research purposes by tracing whether the user is forwarded to our site if they click on a Facebook advert and whether they interact with the site.
Please note that Facebook also saves and processes your data for its own purposes. Facebook is, therefore, considered by the DGPR to be a data processing third party. Data processing is carried out by Facebook within the framework of Facebook’s data use policy.
Your data may be passed onto Facebook Inc. (USA) as part of Facebook. This may mean that data is processed outside of the EU or EEA. It is not possible to ensure an adequate level of data protection in view of Facebook Inc. and data processing being carried out in the USA. Authorities may be able to access the data for security and monitoring purposes without the need to inform you or you being able to appeal this.
We cannot influence to what extent Facebook will process this data for their own purposes or link it with your other user profiles. You will receive information about how the Remarketing Pixel works and Facebook ads in line with the third party’s data use policy: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information about data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other as well as www.facebook.com/about/privacy/your-info.

Data processing is carried out based on your consent, in accordance with Article 6, Paragraph 1 of the GDPR, if you have given your consent for our banner to be used. You can revoke your consent any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner. Data transfer to a third country takes place based on Article 49 Paragraph 1 of the GDPR.

5.4. LinkedIn Insights

Our website uses LinkedIn Pixel provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Code implemented on this page can evaluate user behavior of user’s who have accessed this website via a LinkedIn advert. This can be used for improving LinkedIn advert content. This data is collected and stored by LinkedIn. We may view the data collected; the data may only be used within advertisement operation. Cookies are also used by LinkedIn pixel code.

LinkedIn is informed about the visit to the website when the LinkedIn pixel is used; this is done so that the visitor is shown suitable adverts on LinkedIn. If you have a LinkedIn account and are logged-in, then your visit to this website will be assigned to your LinkedIn user account.

Data processing is carried out based on your consent, in accordance with Art. 6, Par. 1 (a) of the GDPR, if you’ve given your consent for our banner to be used. You can retract your consent at any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner. Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR.

You can find more information about LinkedIn’s data policy here.

6. Social Media

We maintain an online presence on social networks to communicate with active social network users and provide information about us. No direct link between your browser and the respective social network’s server is established when you visit our site. Data is only redirected once you have agreed to data transfer by clicking under private settings. This tool does not automatically transfer user data to these platform operators. Please refer to the privacy policy and information provided by the operator of the respective network for more detailed information about how your data is handled and options to appeal.

6.1 LinkedIn

Our website uses the LinkedIn network’s “Share Function”. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Clicking on the LinkedIn button takes you to your user account in a separate browser window, as long as you are logged-in to your LinkedIn user account. The plug-in directly connects your browser and the LinkedIn server. LinkedIn receives information that you have visited our website using your IP address. LinkedIn can then assign your visit to our website to you and your user account. We do not have access to the content of the (personal) data sent and have no knowledge as to what LinkedIn does with this information. You can find further information in LinkedIn’s privacy policy.

6.2 Xing

Our website uses the Xing network’s “Share Function”. The provider is Xing AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Clicking on the Xing button takes you to your user account in a separate browser window, as long as you are logged-in to your Xing user account. The plug-in directly connects your browser and the Xing server. Xing receives information that you have visited our website using your IP address. We do not have access to the content of the (personal) data sent and have no knowledge as to what Xing does with this information. You can find further information in Xing’s privacy policy.

6.3 Facebook (Fanpage)

We have a fan page on Facebook to share information about MID GmbH activity. We want to provide those interested in our company, customers and applicants with an insight into our corporate culture and activities we are undertaking. This is an offer provided by Facebook Ireland Ltd (hereinafter referred to as “Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

  • Registration information, such as user name, password, e-mail address
  • Profile information, such as first name, last name, telephone number, image
  • Log file information, such as web query, IP address, browser type, landing pages, pages accessed.
  • Device ID
  • Meta data, such as hashtags, geotags, comments

Even if you are not a Facebook user, cookies or small text files may be stored in your browser as identifiers to enable tracking of your behavior. Facebook user data is normally also processed for market research and advertising purposes. Complex user profiles are created using user behavior (when visiting social media sites); Facebook can use these to show users personalized advertisements both in and out of Facebook. You can find more information about this in the respective data protection policy.

We can analyze use of our Facebook fan page using statistics provided by Facebook. This enables us to continuously improve what is shown on Facebook. Facebook sets our fan page cookies on your device and collects so-called “insight data” about how our fan page is used:

  • Information about your visit to our Facebook fan page (your IP address, internet page visited last, file name, URL)
  • Information about your Facebook interaction with regard to content (“likes”)
  • Your comments, along with the time and date, may be stored

We do not, however, use this information. You cannot be identified from this insights function and the statistics it provides at any time during your visit to our fan page. As operator, we have no influence over how your data is processed or any other information from Art. 13 of the GDPR, e.g. how long cookies are stored on the user’s device. Primary responsibility for data processing lies with Facebook.Your data may be passed onto Facebook Inc. (USA) as part of Facebook. This may mean that data is processed outside of the EU or EEA. It is not possible to ensure an adequate level of data protection in view of Facebook Inc. and data processing being carried out in the USA. Authorities may be able to access the data for security and monitoring purposes without the need to inform you or you being able to appeal this. We cannot influence to what extent Facebook will process this data for their own purposes or link it with your other user profiles. This fan page is run based on our rightful interest in accordance with Art. 6 Par. 1 (f) of the GDPR to provide up-to-date information and interaction for our users and visitors. We recommend that you do not use our fan page in future if you wish to revoke use of embedding. Data transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR. You can find Facebook contact information, settings options for advertisements and data use policy here. You can find further information about our common responsibility with Facebook here.

6.4 YouTube

We use YouTube on our internet pages. This is a video portal provided by YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”.
A connection is made to the server in the USA by YouTube as soon as you access one of our internet pages which has a YouTube video embedded in it. This connection is necessary so that the respective video can be played on our internet page via your internet browser. YouTube requires the minimum information of your IP address, the date and time and the internet page you visited. YouTube stores cookies via your internet browser on your device for functionality and behavior analysis purposes.

Your Youtube data is sent to Google Ireland Limited and Google LLC (USA). This may mean that data is processed outside of the EU or EEA. It is not possible to ensure an adequate level of data protection in view of Google LLC and data processing being carried out in the USA. Authorities may be able to access the data for security and monitoring purposes without the need to inform you or This means you being able to appeal this. We cannot influence to what extent Google will process this data for their own purposes or link it with your other user profiles.

Data processing is carried out based on your consent, in accordance with Art. 6, Par. 1 (a) of the GDPR. By clicking on the video you hereby provide your consent to load Google data. Transfer to a third country takes place based on Art. 49 Par. 1 (a) of the GDPR. You can revoke your consent any time. To do so, please follow this link and make the necessary changes to the settings for use of this banner.

You can find more information about this under “Cookies”. Google provides more information about collection and use of data, as well as your rights and protection options with regard to this in their data protection information.

7. Handling of Applicant Data

If you apply for a position electronically, i.e. via e-mail or using our web form, then we will collect and process your personal data for application procedure purposes and for the execution of pre-contract measures.

  • Name (first and last name)
  • E-mail address
  • Phone number
  • Available from
  • Salary expectations, if applicable

You also have the option of uploading important documents, such as a covering letter, your resume and certificates. These may include additional personal information, such as date of birth, address etc. Only authorized HR employees and those involved in the application process have access to this data.

Your information is only processed for implementing and verifying the application process. Legal grounds are taken from Art. 88 Par. 1 of the GDPR, in connection with § 26 Par. 1 Sentence 1 BDSG. We do not normally require any particular type of personal data for the application process (e.g. information about a severe disability) Art. 9 GDPR However, if you do willingly share such, then the data will processed in accordance with Art. 9 Par. 2 (b) of the GDPR, in connection with t § 26 Par. 3 BDSG.

If your application is successful, then we will process your data in accordance with Art. 88 of the GDPR in connection with § 26 BDSG.

7.1 Data Erasure

We will erase your personal data once our application decision has been reached. If your application is unsuccessful, then we will erase your personal data and application documents six months after the end of the application process, as long as we do not need to store this information for a longer period of time due to legal reasons (e.g. damages, exercise or defense of legal claims for the duration of the legal dispute, travel expense claims etc.).

If your application is then successful, we will store your data for the period of duration you are in our employment. You will receive further information about how your data will be handled once you start employment with us.

7.2 Passing Data to Third Parties – Personio

DData sent within the framework of your application is encrypted using a TLS encryption and stored in a database. This database is operated by Personio GmbH, which provides a personnel and applicant management system. Personio is our processor in accordance with Art. 28 of the GDPR. The basis for the processing is a contract for job processing between us as the accountable body and Personio.

8. Newsletter

You can register for our newsletter on our website to receive more information. We will only use the information provided by you to send you the newsletter. Our legal grounds for this processing of information is your content in accordance with Art. 6 Par. 1 (a) of the GDPR. You can unsubscribe from our newsletter at any time. We will then delete your consent for the newsletter to be sent and your data will be removed from statistical analysis. It is not possible to separately delete either just your consent for receiving the newsletter or statistical analysis. You can find a link to unsubscribe at the bottom of each newsletter.

8.1 Passing Data to Third Parties – HubSpot

We send our newsletter using a newsletter distribution platform, “Hubspot”, 25 First Street, 2nd Floor, Cambridge, MA 02141, United States.

Your personal data is stored on the HubSpot servers. HotSpot uses this information for sending and analyzing the newsletter in our contract. HotSpot may use some of this data for optimizing or improving their own services, e.g. technical optimization of distribution and visualization of the newsletter or for commercial goals to determine which countries recipients are from. HubSpot does not use our newsletter recipients’ data to write to them or pass on their information to third parties.

The newsletter contains “web beacons”, i.e. a pixel-sized file which is accessed by the distribution provider’s server when the newsletter is opened. This collects technical information, such as information about the browser and your system, as well as your IP address and time of opening the newsletter. This information is used for improving the technical service using technical data or target groups and your reading behavior using the access location (which can be determined using the IP address) or time of access.

Statistical analysis includes determining whether the newsletter was opened, when it was opened and which links were clicked on. This information can be associated to individual newsletter recipients due to technical reasons. However, neither we nor the distribution supplier wish to monitor our users. Analysis is carried out purely to determine the reading habits of our users so that we can better target our content to them or to send different content to our users, depending on their respective interests. Use of a distribution supplier, carrying out statistical analysis and logging registration processes are based on our rightful interest in accordance with Art. 6 Par. 1 (f) of the GDPR.

We are geared towards enabling a user-friendly and secure newsletter system which both serves our business interests and meets the expectations of our users. You can get more information about HubSpot’s privacy policy directly from them.

9. Contact via E-Mail / Contact Form

You can write us a personal message. We require your first name, last name, company name and e-mail address for the message function. We use this data based on Art. 6 Par.1 (f) of the GDPR so that we can reply to your query. Art. 6 Par.1 (b) of the GDPR may also be considered as a legal basis if your query is based on the execution of pre-contract measures.

You can decide whether you wish to share more information with us. This information is voluntary and is not required for making contact. Data which you voluntarily provided in the form is collected based on Art. 6 Par. 1. (a) of the GDPR. Consent can be revoked at any time.

10. Your Rights as a Data Subject

You have various rights of the individual regarding data processing, regulated in the GDPR.

Right to Rectification (Art. 16 GDPR): Have you the right to obtain confirmation as to whether your personal data is being processed.

Right to Erasure (Art. 17 GDPR): You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.

Recht auf Löschung (Art. 17 DSGVO): You have the right to obtain from the controller the erasure of personal data concerning you without undue delay.

Right to Restriction of Processing (Art. 18 GDPR): You have the right to obtain from the controller restriction of processing where one of the prerequisites mentioned in Art. 18 GDPR is given.

Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format where one of the prerequisites mentioned in Art. 20 of the GDPR is given.

Conditions for Consent (Art. 7 GDPR): You have the right to withdraw your consent at any time, in accordance with Art. 7 Par. 3 of the GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to Object (Art. 21 GDPR): WYou have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning your which is based on point (e) or (f) of Article 6 (1).

Right to Lodge a Complaint (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. You can lodge the complaint with a supervisory authority in your Member State or place of work. The address for our relevant supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Germany

Telephone: +49 (0) 981 180093-0
E-mail: poststelle(at)lda.bayern.de

11. Information about the Person Responsible / Data Protection Officer

Please contact us with any further questions you may have about personal data we have stored.

MID GmbH
Dr. Martin Müller
Kressengartenstraße 10
90402 Nuremberg
Germany

MID GmbH is the data controller in terms of data protection rules. You can send any contact request e-mails to datenschutzbeauftragter[at]mid.de. Our data protection officer is Mr Ali Tschakari, LL.M. Bitkom Servicegesellschaft mbH, Albrechtstrasse 10, 10117 Berlin, Germany. You can contact him directly via the e-mail address datenschutz(at)bitkom-consult.de.

12. Final Provisions

MID GmbH reserves the right to change this privacy policy at any time so that it meets the current legal requirements or to incorporate changes to services into the Data Protection Declaration, e.g. when introducing a new service or changes to the website. The new data protection declaration applies each time you visit this website.

Last Update: August 2022