Privacy Policy

We, membra GmbH, process your data for the purposes mentioned below. The protection of your data is very important to us. You are welcome to contact us with your questions and suggestions. Please use the contact mentioned for this purpose.

We have no influence on the processing of the collected data by your contractual partner (e.g. employer). The responsibility lies with your contractual partner; for questions about this please contact them directly.

 

1.        Responsibility for Data Processing

1.1        Responsible is:

membra GmbH

Energie-Allee 1

55286 Wörrstadt

06732 - 979 90 - 0

 

1.2        You can reach our Data Protection Officer at:

ink solutions GmbH

Jörn Hedderich

Grafenstr. 31a

64283 Darmstadt

2.        Purposes of Processing

We process your data to operate our website "membra-gmbh.de" and to be able to offer our solution membra as a web application and app. You can register on our website for our application. If your contractual partners offer this, you can also use membra without registration to, for example, book individual appointments. At the same time, you have the option to log in with an existing account. We also process personal data for these functions.

3.        Type of Processed Data

3.1         Data Processing through our Web Application membra

In order to provide our services, it is necessary that we process the following data from you:

  • Personal master data (including first and last name, address, date of birth)
  • Contact data (including address, email address, telephone number)
  • Access data (including username and password)
  • Affiliation data (including hierarchy, supervisors)
  • Time tracking data (including times, employer, cost centers, time tracking evaluations, absences, sick/vacation days)
  • Contract billing data (including target-actual comparison data of deployment times)
  • Application/planning data (including deployment planning)
  • Customer or member data (including names, addresses, payment methods)

These mentioned data categories are processed regardless of whether you are in your non-publicly accessible user account of membra or in a publicly accessible area (use without login/registration).

Your contractual partners have the possibility with this data to map certain contractual services that you agree upon with your contractual partners (e.g. management of your membership). Your contractual partners can determine from the data what status your relationship is in (e.g. registered membership).

Your contractual partner also determines the technical implementation of membra in their own environment. For example, it may happen that you receive emails from your contractual partner from our domain (membra.de).

3.2         Data Processing through our membra App

Apart from the web application, our services can also be used through our membra app. In order to provide our services, it is necessary that we process the following data from you:

  • Personal master data (including first and last name, address, date of birth)
  • Contact data (including address, email address, telephone number)
  • Access data (including username and password)
  • Affiliation data (including hierarchy, supervisors)
  • Time tracking data (including times, employer, cost centers, time tracking evaluations, absences, sick/vacation days)
  • Contract billing data (including target-actual comparison data of deployment times)
  • Application/planning data (including deployment planning)
  • Customer or member data (including names, addresses, payment methods)

Use of our service is only possible with an account and corresponding access data. During the transmission of your data, encryption is used.

Furthermore, your contractual partners have the option to request processing of the following data:

  • Geodata (including location)

The purpose of this processing is the responsibility of your contractual partner.

Furthermore, for analysis purposes for optimization and maintenance of functionality, the following data is processed:

  • Information and performance data (including crash logs)

3.3         For the Operation of our Website

For the operation of our website, we process the following data:

  • Technical data (including data about your device, IP address)
  • Session cookies

To improve our website, we use a web analytics tool. Through this tool, we collect data regarding your use of our website. This data includes, for example:

  • the origin domain,
  • the length of the stay,
  • the IP address, or
  • information about the device used.

This data is processed exclusively for statistical recording and evaluation of website visits. Further processing, for example for advertising purposes, does not take place. We use the platform-independent tool "AWStats" for this purpose.

We process your data only to the extent necessary. We transmit data only to third parties who support us in providing our services. We do not use your data to display advertising to you.

This processing of data is carried out in accordance with Article 6 Para. 1 Letter f GDPR for statistical analysis of visitor behavior for the needs-based design of our website. The processing of your data takes place exclusively within Germany on our servers.

Fully automated decision-making (Article 22 GDPR) does not take place at any time.

3.4         For Your Contact

In case of contact by you via the contact form on our website, we process the data you entered there:

  • Name
  • Telephone and email address
  • Company
  • The content of the field "Your message to us"

In case of contact for the purpose of making an appointment by you, we process the data you entered there:

  • Name and position
  • Company and industry
  • Number of employees
  • Internet presence
  • Telephone and email address
  • Telephone availability
  • Customer number
  • User ID in membra
  • Own information from free text fields
  • Information about the appointment, e.g. desired appointment reminder

 

For appointment scheduling, we use among other things the tool "eTermin Online Terminplaner" from eTermin GmbH.

This processing of data is carried out in accordance with Article 6 Para. 1 Letter f GDPR to enable contact.

3.5         Increasing Data Security

The security of the data and information we process is of great importance. In order to ensure optimal data security, we use various services and have implemented different security measures. These include, among other things, in addition to encrypted transmission of data, security measures against external attacks. For this purpose, we partly use service providers who are contractually bound to applicable data protection regulations within the framework of order processing.

3.6         Cookies

 

When visiting and using our website, cookies are used. Cookies are small text files that are stored temporarily on your computer. They cannot execute programs or transfer viruses to your computer. They serve to maintain the functionality of our website.

 

The use of cookies is carried out to protect our legitimate interest (Art. 6 Para. 1 Letter f GDPR). Our legitimate interest lies in the basic functionality of our website.

 

If you want to deactivate, delete or manage cookies, each browser offers a suitable guide:

 

href="https://support.google.com/chrome/answer/95647?tid=111388091" target="_blank">Chrome: Delete, enable and manage cookies in Chrome

 

href="https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=111388091" target="_blank">Safari: Manage cookies and website data with Safari

 

href="https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=111388091" target="_blank">Firefox: Delete cookies to remove data that websites have placed on your computer

 

href="https://support.microsoft.com/de-at/help/17442/windows-internet-explorer-delete-manage-cookies?tid=111388091" target="_blank">Internet Explorer: Delete and manage cookies

 

href="https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies?tid=111388091" target="_blank">Microsoft Edge: Delete and manage cookies

3.7         Web Tracking

 

This website uses based on your consent the tool: "Google Analytics", a web analytics service by Google Inc. ("Google"). Google Analytics enables an analysis of website usage. The generated information about your use of our website is transmitted to a Google server and stored there. The server location is usually the USA. We use the knowledge from this analysis for the needs-based design and improvement of our website.

 

We use Google Analytics in conjunction with the IP anonymization function. It ensures that Google shortens your IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA. There may be exceptional cases in which Google transmits the full IP address to a server in the USA and shortens it there. There is no merging of the IP address transmitted by Google Analytics with other Google data.

 

For the analysis, Google Analytics uses cookies. You can prevent the storage of cookies through an appropriate setting in your browser software. However, we would like to point out that in this case, not all functions of this website may be fully usable. It is also possible for you to prevent the collection of data generated by cookies and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link.

 

href="http://tools.google.com/dlpage/gaoptout?hl=de">http://tools.google.com/dlpage/gaoptout?hl=de">http://tools.google.com/dlpage/gaoptout?hl=de

 

The following cookies are set by Google Analytics:

_ga

Storage duration: 2 years

Used to distinguish users.

 

_gid

Storage duration: 24 hours

Used to distinguish users

 

_gat_gtag_UA_221761277_2

Storage duration: 2 years

Used as identification code of the website, for analysis of website visits.

 

More detailed information about the scope of services of Google Analytics can be found at:

href="https://marketingplatform.google.com/about/analytics/terms/de/">https://marketingplatform.google.com/about/analytics/terms/de/

 

Information about data processing when using Google Analytics is provided by Google at the following link:

href="https://support.google.com/analytics/answer/6004245?hl=de/">https://support.google.com/analytics/answer/6004245?hl=de/

 

General information about data processing, which according to Google should also apply to Google Analytics, can be found in Google's privacy policy at:

href="../AppData/Local/Microsoft/Windows/INetCache/dterr/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P71QO6FK/www.google.de/intl/de/policies/privacy/">www.google.de/intl/de/policies/privacy/

4.        Categories of Recipients

In order to offer our solution membra, it is necessary to transmit certain data to our clients. Our clients are your contractual partners that you can link with your account when using membra. The link to your contractual partner may have already been created when your account was set up. The contractual partners you linked receive access to the corresponding data from Section 3.1. We also transmit this data to your contractual partners when you use a publicly accessible area (use without login/registration). We act as data processors for your contractual partners.

Which data from those mentioned in Section 3.1 is transmitted to your contractual partners is at the discretion of your contractual partner as our client. However, only the data necessary for the provision of services is transmitted.

We also work with various service providers (e.g. external data centers). As part of order processing, we transmit your data to these service providers. Our service providers only receive the data they need for the corresponding service.

Your data never leaves the territory of the European Union.

5.        Legal Basis and Duration of Data Processing

We process your data after setting up your account or when using a publicly accessible area (use without login/registration) for contract fulfillment (Article 6 Paragraph 1 Letter b GDPR).

In addition, we process your data to fulfill legal obligations (Article 6 Paragraph 1 Letter c GDPR). These legal obligations are, for example, retention and documentation obligations.

Additionally, we process your data based on consent (Article 6 Paragraph 1 Letter f GDPR) if you agree to the processing of your geodata within the membra app.

We also process your data to protect our legitimate interests (Article 6 Paragraph 1 Letter f GDPR). Our legitimate interest is the improvement of user experience and functionality of our services as well as the operation of the website "membra-gmbh.de" and the membra app.

We store your data as long as it is necessary for contractual and legal obligations.

If data processing is no longer necessary, we delete your data. We do not delete if the – temporary – data processing is still necessary. In this case, we process your data in a restricted manner. This may be the case for the following purposes:

  • Fulfillment of commercial and tax retention obligations: To be mentioned are the Commercial Code (HGB), the Tax Code (AO), the Banking Act (KWG) and the Money Laundering Act (GwG). The retention or documentation periods specified there are two to ten years.
  • Preservation of evidence within the framework of statutory limitation provisions. According to §§ 195ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.
  • Fulfillment of our contractual relationships.

6.        Your Data Protection Rights

Regarding your personal data, you have the following rights:

  • the right to information according to Article 15 GDPR,
  • the right to rectification according to Article 16 GDPR,
  • the right to deletion according to Article 17 GDPR,
  • the right to restriction of processing according to Article 18 GDPR as well as
  • the right to data portability according to Article 20 GDPR.

 

For the right to information and the right to deletion, the restrictions according to §§ 34 and 35 BDSG apply.

Furthermore, there is a right to lodge a complaint with a competent data protection authority (Article 77 GDPR, § 40 BDSG).

Insofar as the processing of your personal data is based on your consent, you can revoke this consent at any time for the future. You can direct your revocation to . Processing that took place before your revocation is not affected.

You can initiate the deletion/blocking and correction of your personal data as well as the provision of information about this data at the contact address of our data protection officer (see Section 1.2).