Privacy policy

of M&M Enterprise GmbH, FN 545469 k

We, M&M Enterprise GmbH, process your personal data exclusively within the framework of the provisions of the General Data Protection Regulation (DSGVO) and the Data Protection Act. We inform you below about us as well as about the type, scope and purpose of the data collection and the use of the data as well as about your rights as a data subject:

 1. what are personal data?

Personal data is any information relating to an identified or identifiable natural person (e.g. name, contact data, address data, billing data, IP addresses, etc).

 2. person responsible for data processing

M&M Enterprise GmbH, FN 545469 k

1150 Vienna, Tautenhayngasse 14/9

Phone:+43 67764334476

eMail: [email protected]

 

3.description of our services

Unite is a software for contact data management. Our software consists of an app for mobile cell phones and a web application for data administration. With our Unite app you can easily create your digital business cards (V-Card) and exchange your contact data securely and quickly. exchange your contact data. The web application allows you to manage the contact data and to integrate of this data into existing databases. Our goal is to simplify the exchange and management of contact data and to optimize your everyday business.

 4. Collection and processing of your personal data

 4.1 Purpose of the processing

We process your data for the purpose of initiating, maintaining and processing our business and contractual relationships, in particular

Provision of our services (digital business card via QR code, wallet app or NFC card, analytics tools).

-Responding to inquiries and communicating with our customers, users and business partners.

-Marketing and advertising

We do not make any automated decisions pursuant to Art 22 DSGVO.

 

4.2 Types of data processed

-Company name

– UID number

– Contact

-personal master data (e.g. first name, last name, birth name, title)

– Address and contact data (e.g. street, house number, postal code, place of residence, e-mail address)

Phone number, Website, Instagram, Facebook, Twitter, Whatsapp, TikTok, Youtube)

– User and account data (name, e-mail address, passwords)

– Personal data (e.g. position, photo, dates of birth)

– Contract master data (contract relationship, type of service, fee, term, contract history, order history)

– Payment and account data (e.g. IBAN, BIC, name of bank), credit card data, payment status, payment history)

-Data for the execution of the contract and usage data/metadata: e.g. server logging: IP address, user agent, request parameters, timestamp

As a matter of principle, we do not process any special categories of data pursuant to Art 9 (1) DSGVO.

 

4.3 Categories of persons concerned by the processing

-Customers

-User

-business partner

 

4.4 Legal basis for our data processing

-consent according to Art 6 para 1 lit a and Art 7 DSGVO.

-Processing for the fulfillment of our contract and implementation of pre-contractual measures pursuant to Art 6. Abs 1 lit b DSGVO (such as pre-contractual obligations, processing of the contractual relationship, provision and billing of services, communication).

-processing for the fulfillment of our legal obligations pursuant to Art 6 para 1 lit c DSGVO (such as e.g. legally required storage according to § 132 BAO as well as §§ 190 and 212 UGB).

-processing for the protection of our legitimate interests pursuant to Art 6 para 1 lit f DSGVO (e.g. for the internal administration, storage, etc. and for the assertion and defense of legal claims).

 

4.5 Storage duration

As a matter of principle, we will not store your personal data for longer than is necessary for the respective processing purposes. In the event of a contract being concluded, we will retain your personal data after the contract has been fully processed until the expiry of the warranty, guarantee, limitation and statutory retention periods applicable to us, and beyond this until the end of any legal disputes. We will retain data that you have provided to us exclusively for customer service or marketing and information purposes until two years after your last contact with us, unless you revoke your consent before then. However, we have to take into account the legal storage obligations, e.g. for reasons of tax law we have to store contracts and other documents from our contractual relationship in principle for a period of seven years (§ 132 BAO). In justified individual cases, such as for the assertion and defense of legal claims, we may also store your data for up to 30 years after termination of the business relationship.

If the storage of the data is only based on your consent, you can request deletion at any time (data for billing and accounting purposes are subject to the legal obligation to store data in accordance with the Federal Tax Code and are not affected by a deletion request).

 

4.6 Website and use of our services

When you access our website or use our services, your devices transmit personal data to us, which is temporarily and automatically stored in a log file. The storage of the data serves for purposes of system security and operational stability and is based on our predominantly legitimate interest (Art 6 para 1 lit f DSGVO). In doing so, we process the following data:

– IP address of the user

Usage data and metadata: Name of the accessed web page, name of the accessing file, date and time of the retrieval, amount of data transferred, message about successful retrieval, browser type and version, the operating system of the user

We reserve the right to evaluate this data anonymously to detect errors on our website and for the purpose of improving our services. We do not use the data together with other data. The establishment of a personal reference is not possible. The legal basis for this is our predominantly legitimate interest (Art 6 para 1 lit f DSGVO).

We delete the IP addresses after 30 days, unless a further purpose justifies the continued storage. In this case, we delete the data as soon as the purpose ceases to apply.

4.7 Requests, registration, creation of user accounts and digital business cards

When making inquiries, in the course of your registration or when creating user accounts and digital business cards, it is necessary for you to enter data on our website. In addition, we process data that arises in connection with the use of our services. The data is stored and processed for the purposes of fulfilling our contract, carrying out pre-contractual measures and for communication purposes (Art 6 para 1 lit b DSGVO). In doing so, we process the following data:

– Data that you provide to us yourself in the context of an inquiry, your registration or as a user of our software and/or website or for the conclusion of a contract: Company name, UID number, contact person, personal master data (e.g. first name, last name, title), address and contact data (e.g. street, house number, postal code, eMail address, telephone number, website, Instagram, Facebook, Twitter, Whatsapp, TikTok, Youtube), personal information (e.g. photo, date of birth).

-User and account data: Name, e-mail address, passwords

Payment and account data: IBAN, BIC, bank name, credit card details, payment status, payment history

– Contract master data (e.g. contract relationship, type of service, product interest, fee, term, contract history, order history)

– Data for the execution of the contract and usage data/metadata: Server logging: IP address, user agent, request parameters, timestamp

The storage of the data entered by you for the creation of a digital business card is encrypted. The key is managed by a trustee to which we have access only in the following cases: In case of a court order or in case of a serious threat to public safety.

We store the data that we process in connection with the use of our services until the user account is deleted, unless there are longer retention obligations. These may result from tax laws or from other laws. We delete this data in any case as soon as the

legal periods have expired and no other reason for storage arises (e.g. legal disputes).

 

4.8 Disclosure of data

We only transfer your personal data to third parties if we are legally obliged to do so, if this is permitted by law or if the transfer is necessary for the fulfillment of the contract or if you have consented to it. The transfer of your personal data only takes place on the basis of the DSGVO. Personal data will be passed on in particular to the following recipients:

– Accounting, tax advisor (Art 6 para 1 lit c and f DSGVO)

-IT provider (Art 6 para 1 lit f DSGVO)

– Banks and payment service providers for the processing of payment transactions (Art 6 para 1 lit b DSGVO)

– Contractual partners, such as Sendinblue (Art 6 para 1 lit b DSGVO)

– Service providers, such as software providers, post office, DHL, UPS (Art 6 para 1 lit b DSGVO)

– Lawyers, courts (Art 6 para 1 lit c and f DSGVO)

– Insurances (Art 6 Abs 1 lit a and c DSGVO)

– Accounting and auditing firms (Art 6 para 1 lit c DSGVO)

If we commission third parties with the processing of data on the basis of a so-called order processing contract for the fulfillment of the contract, this is done on the basis of Art. 28 DSGVO. The order processors only receive your data insofar as this is necessary for the fulfillment of the contract. We ensure that they comply with the provisions of data protection laws in the same way as we do.

The data transfer is exclusively encrypted. The storage location of the data is always Germany.

Transfers to third countries

If we process data outside the European Union or the European Economic Area in a third country, or if we do so in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is doneto fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. We will only have your data processed in a third country, subject to legal or contractual permissions, if the special requirements of Art. 44 et seq. DSGVO, such as on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (standard contractual clauses).

 5. rights of the data subjects

Provided that the legal requirements are met, you have the right to

– free information about whether we are processing personal data relating to you (right of access pursuant to Art. to information pursuant to Art. 15 DSGVO);

– to correct or complete any inaccurate or incomplete data concerning you. (right to rectification pursuant to Art 16 DSGVO);

-to erasure of personal data concerning you (right to be forgotten pursuant to Art 17 DSGVO);

-to restrict the processing of your personal data if

– you dispute the accuracy of the data, for a period of time that allows us to verify the accuracy,

– the processing is unlawful and you object to the erasure of your personal data,

– we no longer require the personal data for the purposes of processing, but you however, require this data for the assertion or defense of legal claims;

– you have objected to the processing (Art 21 Para. 1 DSGVO) (right to restriction according to Art 18 DSGVO).

You have the right to object to processing of your personal data that is necessary to protect our legitimate interests or those of a third party, provided that you have a confidentiality interest in your data that outweighs our interest in continuing to process your data (right to object pursuant to Art. 21 DSGVO). The objection can be made in particular against processing for direct marketing purposes.

You have the right to receive the personal data that you have provided to us and that concerns you in a structured, common and machine-readable format (right to data portability pursuant to Art. 20 DSGVO).

If we process your data based on your consent, you have the right to revoke this consent at any time. This does not affect the lawfulness of the processing carried out until the revocation (Art 7 (3) DSGVO).

If you believe that your right to lawful processing of your personal data has been violated, please contact us immediately, by eMail, mail or telephone. We will process your complaint promptly. You also have the right to lodge a complaint with the supervisory authority for data protection matters responsible for you. The competent supervisory authority in Austria is the data protection authority.

 6. data processing security

In accordance with Art. 32 of the GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. These measures include, in particular, the pseudonymization and encryption of personal data and ensuring the confidentiality, integrity and availability of the data. Our hosting provider is ISO 27001 certified.

 7. Cookies

 Our website uses cookies. Cookies are small text files that are sent when visiting a website and are temporarily stored on the hard drive of the website user and/or customer. If the corresponding server of our website is called up again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can then evaluate the information obtained through this process in various ways. Cookies can be used, for example, to control advertising or to make it easier to navigate a website. If you wish to prevent the use of cookies, you can do so by locally changing your settings in the Internet browser used on your computer, i.e. theprogram used to open and display Internet pages (e.g. Internet Explorer, Mozilla Firefox, Opera or Safari, etc.). You can delete stored cookies in the system settings of the browser. The exclusion of cookies leads to functional limitations of our online services.

First-party cookies, which are used by us on the basis of our predominantly legitimate interest (Art 6 para 1 lit f DSGVO):

 

__Session cookie

Provider: M&M Enterprise GmbH

Type: 1st party HTTP cookie

Purpose: to store the user’s session on the website to enable better navigation and user experience.

Sequence: When closing the browser window.

 

_language cookie

Provider: M&M Enterprise GmbH

Type: 1st party HTTP cookie

Purpose: language transfer and website presentation in different languages

Sequence: When closing the browser window

The following third-party cookies are used on the basis of your consent (Art 6 para 1 lit a DSGVO):

 

– __stripe_mid, __stripe_sid:

Third-party provider: Stripe

Type: 3rd party HTTP cookie

Purpose: These cookies are set to enable payment processing via our payment provider. They are only set upon successful payment by a registered user.

Expiration: Cookies expire after 1 year and 1 day.

Additional privacy notices:

Stripe’s privacy policy applies to the processing of data collected during payment processing. These can be viewed here: https://stripe.com/at/privacy

 

– __sendinblue

Third Party Provider: Send in Blue

Type: 3rd party HTTP cookie

Purpose: Automation of the eMails

Expiration: 1 year, 1 day

The following privacy notices apply to Send in Blue:

https://www.sendinblue.com/legal/privacypolicy/

 

– __covve

Third Party Provider: Covve

Type: 3rd party HTTP cookie

Purpose: OCR Scanning

Expiration: 1 year, 1 day

The following privacy notices apply to Covve:

https://covve.com/privacy-policy

 

– __google_recaptcha

Third-party providers: Google reCAPTCHA, Google Inc.

Type: 3rd party HTTP cookie

Purpose: To protect our website from spam and automated requests and to verify user input.Procedure: 10 minutes The following privacy notices apply to Google reCAPTCHA, Google Inc: https://policies.google.com/privacy

 

-1P_JAR

Third-party providers: Google Analytics, Google Inc

Type: 3rd party HTTP cookie

Purpose: Advertising optimization

Expiration: 1 month

The following data protection information applies to Google Analytics, Google Inc :

https://safety.google/security-privacy/

 

– CONSENT

Third-party providers: Google Analytics, Google Inc

Type: 3 rd party HTTP cookie

Purpose: Advertising optimization

Expiration: Forever

The following data protection information applies to Google Analytics, Google Inc:

https://safety.google/security-privacy/

 8. analytics tools and plugins

Google reCAPTCHA

We use “Google reCAPTCHA” on our website. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

The data processing is based on Art 6 para 1 lit f DSGVO. We have a legitimate interest in protecting our web offers from abusive automated spying and from SPAM.

For more information about Google reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/

and https://www.google.com/recaptcha/intro/android.html .

Google Analytics

 We use “Google Analytics” on our website. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).

Google Analytics is used to analyze the use of the website by website users. The collected data, including your IP address, is used to evaluate website usage and website activity. Google Inc. processes the collected data on our behalf.

Google Analytics uses “cookies” that are stored on your terminal device. The information collected by the cookies isusually sent to a Google server in the USA and stored there.

IP anonymization is used on our website. The IP address of the website visitor is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address and the evaluation takes place in pseudonymous form.

The data processing is based on Art 6 para 1 lit f DSGVO. We have a legitimate interest in the evaluation of website usage and website activity.

You can use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de

For more information on Google Analytics, please visit: https://support.google.com/analytics/answer/6004245?hl=de

 

Google Fonts

Our website uses Google Fonts, a font service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter “Google”).

Google Fonts is a server-side service that allows us to embed fonts without having to store them on our own server. The use of Google Fonts takes place within the framework of our legitimate interest in a uniform presentation of our website.

When you visit our website, a connection to Google’s servers is established. Through this, information about your IP address is transmitted to Google and stored.

Google uses this information to monitor how our website is used, to provide us with reports on website activity, and to provide other services related to website activity and internet usage.

Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. We have no influence on the data that Google collects in this process.

We have contractually agreed with Google that Google will process and use the data exclusively in accordance with the requirements of data protection law.

Further information on data processing by Google can be found in Google’s privacy policy: https://www.google.com/policies/privacy/.