Welcome to our Privacy Policy. Protecting your personal data is important to us. Here, we provide a clear and concise explanation of the data we collect, how we process and protect it when you use our website, services, and products. We also inform you about your rights regarding the protection of your data. Our processes comply with legal data protection regulations, especially the GDPR.
E-mail:
datenschutzbeauftragter@mlp.de
Address:
MLP Data Protection Officer
Alte Heerstraße 40
69168 Wiesloch
Right of Access, Art. 15 GDPR
Right to Rectification, Art. 16 GDPR
Right to Erasure, Art. 17 GDPR
Right to Restriction of Processing, Art. 18 GDPR
Right to Data Portability, Art. 20 GDPR
Right to Withdraw Consent, Art. 7(3) GDPR
For newsletters: see respective unsubscribe link
Right to Object to Processing based on Legitimate Interests of the Controller, Art. 21 GDPR
Right to Non-Automated Decision-Making, Art. 22 GDPR
Exercise of Rights:
Electronically:
datenschutz@mlp.de
In writing:
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch
Right to Lodge a Complaint with a Supervisory Authority, Art. 77 GDPR
Exercise of Rights: Contact the State Authorities
Complaint to the MLP Data Protection Officer
Exercise of Rights:
Electronically:
datenschutzbeauftragter@mlp.de
In writing:
MLP Data Protection Officer, Alte Heerstraße 40, 69168 Wiesloch
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Process of a website visit, possibility of delivery of the website, ensuring the functionality of the website, ensuring the security of the information technology systems
Processed data
IP address, name of the retrieved file, date and time of the retrieval, amount of data transferred, status of the retrieval (successful / unsuccessful), browser type and operating system of the end device, URL of the previously accessed page (so-called "referrer URL")
Receiver
Processor, Art. 28 GDPR: SHE Informationstechnologie AG, Donnersbergweg 3, 67059 Ludwigshafen"
Storage period
maximum 7 days
Legal basis
Art. 6 para. 1 f) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Clarification of legal violations (e.g. clarification of acts of abuse or fraud)
Processed data
IP address, name of the retrieved file, date and time of the retrieval, amount of data transferred, status of the retrieval (successful / unsuccessful), browser type and operating system of the end device, URL of the previously accessed page (so-called "referrer URL")
Receiver
The bodies responsible for clarification and prosecution (e.g. authorities, law firms), other MLP companies involved
Storage period
Until the matter has been clarified
Legal basis
Art. 6 para. 1 f) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Submission and management of consents and objections Loading the Google Tag Manager for the technical connection of further services to the website
Processed data
IP address, browser settings, date and time of access
Receiver
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information on data processing by Google:
Google Privacy Policy
Processor, Art. 28 GDPR: Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany
Storage period
No own storage, but transmission to the respective recipient.
Legal basis
Art. 6 para. 1 f) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Consent and revocation management
Processed data
Opt-in and opt-out data user
agent
Consent ID Consent
type Banner language
Referer URL User
settings
Time of consent
Template version
Receiver
Processor, Art. 28 GDPR: Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany
Storage period
3 years
Legal basis
Art. 6 para. 1 f) GDPR, legitimate interest: Necessity to document consent.
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Booking online appointments with customers and interested parties, organising online appointments
Processed data
Contact details, free text details, IP address, the page accessed, time of access, browser configuration (log files), entries in the chat window, your shared files and the whiteboard content, during the online appointment: camera and microphone usage
Receiver
Processor, Art. 28 GDPR: Flexperto GmbH, Neue Grünstr. 27, 10179 Berlin
Storage period
Until the legal basis for the processing ceases to apply.
Legal basis
Art. 6 para. 1 a) GDPR
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Display of the MLP share price on the MLP website using iFrames
Processed data
Information on accessing and using the website (incl. IP address)
Receiver
Processor, Art. 28 GDPR: EQS Group AG, Karlstraße 47, 80333 Munich
Storage period
until the withdrawal of consent
Legal basis
Art. 6 para. 1 a) GDPR
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Newsletter mailing to investors
Processed data
Title, first name, surname, e-mail address
Receiver
none
Storage period
until the withdrawal of consent
Legal basis
Art. 6 para. 1 a) GDPR
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch"
Purposes
Booking and organising appointments with customers and interested parties
Processed data
Title, first name, surname, telephone number, e-mail address, message content, customer number
Receiver
none
Storage period
12 years from termination of the customer relationship, in all other cases 3 years
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch"
Purposes
Communication, fulfilment of requests
Processed data
Title, first name, surname, telephone number, e-mail address, message text, transmitted files, possibly other subject-related information (e.g. customer number, date of birth)
Receiver
none
Storage period
As a rule: up to 3 years.
For existing customer relationships: Deletion after termination of the customer relationship
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Newsletter dispatch
Processed data
Title, first name, surname, e-mail address
Receiver
Processor, Art. 28 GDPR: Retarus GmbH Aschauerstr.30, 81549 Munich
Storage period
until the withdrawal of consent
Legal basis
Art. 6 para. 1 a) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch (unless expressly stated otherwise)
Purposes
Participation in the competition, organisation of the competition, notification of the prize, distribution of the prize
Processed data
First name, surname, email address, telephone number, address and competition-related details
Receiver
any service providers involved in the organisation of the competition (e.g.labelling, packaging, shipping)
Storage period
until the processing basis ceases to apply
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch"
Purposes
Provision of the "Google Maps" map service
Processed data
Website access, IP address, location data, log data, usage data, cookies
Receiver
Google Inc. (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Further information on data processing by Google:
Google Privacy Policy
Storage period
until the data transfer to Google is completed.
Legal basis
Art. 6 para. 1 a) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Creation and hosting of audio podcasts
Processed data
IP address, device information, statistical information (number of requests, call-off time, etc.)
Receiver
Processor, Art. 28 GDPR: podcaster.de, Wattstr. 11-13, 13355 Berlin
Storage period
Log data: 7 days, Statistical analyses: permanent
Legal basis
Art. 6 para. 1 f) GDPR, legitimate interest: Secure and efficient provision, usage and function analysis and optimisation of the Podcast offers
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Provision of a confidential communication channel for Whistleblowers, possibility to report information on compliance and legal violations
Processed data
Personal master data, contact and address data, free text information
Receiver
Processor, Art. 28 GDPR: EQS Group AG, Karlstr 47, 80333 Munich
Storage period
3 years after conclusion of the proceedings, in the case of legal Retention periods beyond this
Legal basis
Art. 6 para. 1 c) GDPR in conjunction with § 10 HinSchG
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch (unless expressly stated otherwise)
Purposes
Organisation and implementation of events, seminars and career events, communication (e.g. queries, change information)
Processed data
Title, first name, surname, telephone number, e-mail address, free text details, customer number, event name and date, Further event-specific information if applicable
Receiver
Processor, Art. 28 GDPR: MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch, Germany
Storage period
until the end of the cooperation,in individual cases: up to 12 years after termination of the customer relationship"
Legal basis
Art. 6 para. 1 b) GDPR
Purposes
Invitations to events, information on similar products
Processed data
Title, first name, surname, telephone number, e-mail address, Free text details, customer number, event name and date, other eventspecific information if applicable
Receiver
Processor, Art. 28 GDPR: MLP Startup GmbH, Alte Heerstr. 40,69168 Wiesloch
Storage period
until the end of the co-operation, in individual cases: up to 12 years after termination of the customer relationship.
Legal basis
Art. 6 para. 1 f) GDPR, legitimate interest: Information on MLP products
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch, Germany (if not explicitly named otherwise)
Purposes
Organisation and implementation of events, communication (e.g.queries, change information)
Processed data
Title, first name, surname, telephone number, e-mail address, free text details, customer number, event name and date, chat entries, shared screen content, usage data (e.g. times and duration of participation), technical data (e.g. IP address), data on the use of the website, data on the use of the website, etc.),Information on the end device used.
Receiver
Processor, Art. 28 GDPR:
'edudip' of the company edudip GmbH, a German company based in Aachen. Further information on data processing by edudip GmbH can be found at https://www.edudip.com/datenschutzerklaerung/
'Google Meet' of the company Google LLC, Mountain View, California.Further information on data processing by Google: https://policies.google.com/privacy, comparable software offers from other providers
Storage period
until the end of the cooperation, in individual cases: up to 12 years after termination of the customer relationship."
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Continuous improvement of the quality of our products and services
Processed data
Feedback information (e.g. evaluation of online seminars/webinars and MLP offers)
Receiver
none
Storage period
Deletion or anonymisation of survey data after evaluation
Legal basis
Art. 6 para. 1 f) GDPR, legitimate interest: Optimisation of our products and services
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch"
Purposes
Implementation of the application process
Processed data
Contact details, application data (e.g. qualifications, certificates, career),data from interviews, assessments, information from job-related social media platforms (e.g. Xing, LinkedIn)
Receiver
Processor, Art. 28 GDPR: MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch, Germany.
Processor, Art. 28 GDPR: HR4YOU AG, Ulbarger Str. 52, 26629 Großefehn, Germany.
Storage period
6 months after completion of the application procedure
Legal basis
Art. 6 para. 1 b) GDPR, Art. 6 para. 1 f) GDPR, legitimate interest: Utilisation of voluntarily provided, unsolicited information in the Application procedure.
If you have any questions about the application process, please contact employerbranding@mlp.de
Responsibility
MLP SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Startup GmbH, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Inclusion of the application in the application process of other MLP Companies
Processed data
Contact details, application data (e.g. qualifications, certificates, career), data from interviews, assessments, information from job-related social media platforms (e.g. Xing, LinkedIn)
Receiver
MLP Group companies, Processor, Art. 28 GDPR: HR4YOU AG, Ulbarger Str. 52, 26629 Großefehn, Germany
Storage period
6 months after completion of the application procedure
Legal basis
Art. 6 para. 1 a) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Carrying out the application process, contacting Career opportunities
Processed data
Contact details, application data (e.g. qualifications, certificates, career), data from interviews, assessments, information from job-related social media platforms (e.g. Xing, LinkedIn)
Receiver
MLP Banking AG, Alte Heerstraße 40, 69168 Wiesloch, Those involved in the application process: divisional directors, office and university team leaders, regional managers, etc.
Processor, Art. 28 GDPR: HR4YOU AG, Ulbarger Str. 52, 26629 Großefehn
Storage period
12 months after completion of the application procedure
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Contact and invitations to MLP topics, Career and specialist information, invitations to MLP events, current job offers, networking
Processed data
Contact details, application data (e.g. qualifications, certificates, career), data from interviews, assessments, information from job-related social media platforms (e.g. Xing, LinkedIn)
Receiver
Processor, Art. 28 GDPR: HR4YOU AG, Ulbarger Str. 52, 26629 Großefehn
Storage period
2 years
Legal basis
Art. 6 para. 1 a) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Assessment of suitability for a position as an MLP consultant with subsequent contact by the head of the responsible university team
Processed data
Contact details, e-mail, telephone number, survey data, suitability data
Receiver
Head of the responsible university team
Storage period
If suitable: 2 years, otherwise 6 months
Legal basis
Art. 6 para. 1 a) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Tariff comparison and brokerage, preparation of an insurance offer
Processed data
Identity and contact details, date of birth, tariff-relevant information (e.g. vehicle details, occupation, mileage, property ownership, Family situation, passengers)
Receiver
Insurance companies
Storage period
12 years after conclusion of the contract,without contract: up to 5 years
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Property valuation
Processed data
Contact details, property data
Receiver
Processor, Art. 28 GDPR: PriceHubble AG, Uraniastr.31, 8001 Zürich
Storage period
until the processing basis ceases to apply
Legal basis
Art. 6 para. 1 a) GDPR, § 25 para. 1 sentence 1 TDDDG Further information can be found here [ LINK: https://mlp.de/#]
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Determination of eligibility, support with the application process (incl.assessment centre), implementation and organisation of the scholarship program, communication with the applicant, sending of documents
Processed data
Surname, first name, address, contact details (mobile number, e-mail address), date of birth, information about the course of study, application documents
Receiver
the persons involved in the implementation of the scholarship program, including the counsellor in charge.
Storage period
Scholarship holders: Maximum 3 years after completion of the scholarship program
Rejected applicants: Maximum 6 months after completion of the selection procedure
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Determination of eligibility, implementation and organisation of the scholarship program, communication with the applicant, sending of documents
Processed data
Surname, first name, address, contact details (mobile number, e-mail address), date of birth, information about the course of study, application documents
Receiver
the persons involved in the implementation of the scholarship program (the respective patron of the selected special scholarship and the counsellors)
Storage period
Scholarship holders: Maximum 3 years after completion of the scholarship program
Rejected applicants: Maximum 6 months after completion of the selection procedure
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Implementation the registration process, registering your card for the Mastercard Identity Check procedure (Mastercard ID Check)
Processed data
data provided for registration (e.g. credit card number, telephone number), session cookie (3dsecure-cardprocess.de), IP address, referrer
Receiver
Processor, Art. 28 GDPR:
VR Payment GmbH, Saonestraße 3a, 60528 Frankfurt am Main, Germany
Controller, Art. 4 No. 7 GDPR:
MasterCard Europe SPRL, Chausée de Tervuren 198A, 1040 Waterloo, Belgium. Further information on data processing by Mastercard Europe SPRL can be found in Mastercard's data protection information [LINK :https://www.mastercard.de/de-de/datenschutz.html]
Storage period
12 years after termination of the contractual relationship
Legal basis
Art. 6 para. 1b) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
providing access to the database, communication
Processed data
Title, surname, first name, telephone number, e-mail address, place of study, degree program, date of birth, details in free text fields, if applicable MLP-customer number
Receiver
The Electives Network Ltd, 1A Fisher Lane, Bingham, Nottinghamshire, NG13 8BQ, United Kingdom.
Storage period
3 years after deactivation of the account with TEN.
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Search for and creation of advertisements for practice successors or partners, verification of identity, communication with the responsible consultant
Processed data
Surname, first name, address, telephone number, e-mail address, date of birth, MLP client number if applicable, information on the advert
Receiver
none
Storage period
2 years after the last contact with MLP In the case of a contractual relationship with MLP: 12 years after termination of the cooperation
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Contract and asset overview within one application
Processed data
Identity and contact details
Receiver
none
Storage period
up to 12 years after termination of the contractual relationship
Legal basis
Art. 6 para. 1 b) GDPR
Purposes
Operation of the application, login procedure
Processed data
Customer number, user name, contract content, communication data, access PIN, cookies required for operation (financepilot-pe.mlp.de and kundenportal.mlp.de)
Receiver
none
Storage period
12 years after termination of the contractual relationship
Legal basis
Art. 6 para. 1 b) GDPR in conjunction with § 25 para. 2 no. 2 TDDDG
Purposes
Evaluation of user behaviour
Processed data
Type and scope of use
Receiver
none
Storage period
until cancellation
Legal basis
Art. 6 para. 1 a) GDPR
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
News and information dispatch on MLP products and services Financial Consultancy SE
Processed data
Contact data for the customer and consultant profile, contract data for the Contract overview
Receiver
none (MLP Banking AG does not receive data access)
Storage period
12 years after termination of the contractual relationship
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Provision and use of the MLP Banking App
Processed data
Usage data (such as domain names, URL and IP addresses, system and system environment information, time and log information), online banking and bank account data, transaction data, authorisation data (such as customer number, user name and PIN), Location data
Recipients
Atruvia AG, Fiduciastrasse 20, 76227 Karlsruhe
Storage period
12 years after conclusion of the contract
Legal basis
Art. 6 para. 1 b) GDPR
Purposes
Mobile payments (Android: "Digital payment", Apple: "ApplePay")
Processed data
Card, device, authentication and Transaction data, information required to protect payment transactions (in particular fraud prevention)
Recipients
Service providers for card payments, such as Mastercard.
Processor, Art. 28 GDPR: Atruvia AG, Fiduciastr. 20, 76227 Karlsruhe.
Storage period
12 years after conclusion of the contract
Legal basis
Art. 6 para. 1 b) GDPR
Purposes
Map service, address search
Processed data
Access and use of the website (incl. IP address), location data, Log data, cookies
Recipients
Google Inc. (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Further information: Google Privacy Policy [LINK:https://www.google.com/policies/privacy?hl=de] Google Terms of Use [LINK: https://maps.google.com/help/terms_maps.html]
Storage period
until the processing basis ceases to apply
Legal basis
Art. 6 para. 1 b) GDPR
Purposes
Mailbox function
Processed data
Mailbox contents (such as messages and documents)
Recipients
Atruvia AG, Fiduciastrasse 20, 76227 Karlsruhe
Storage period
12 years after conclusion of the contract
Legal basis
Art. 6 para. 1 b) GDPR
Purposes
Real-time payment system “WERO” of the European Payments Initiative (EPI):
• Initiation and receipt of Wero transactions
• Prevention of fraud and misuse
• Analytics and reporting to provide transaction overviews
• Processing of personal data in the event of an out-of-court dispute ((pre-)dispute) for the purpose of resolution
Processed data
Personal data: name, postal address, email address, mobile phone number, date of birth, nationality
Wero-specific identification data: Wero ID (“proxy”), Wero user ID
Transaction data: IBAN, transaction amount, type of transaction, time and place of transaction, technical reference numbers, consent to a Wero transaction, payment plan, spending limit, delivery address, transaction purpose
Usage data: identification data and IP address of the end device, time of use of the Wero wallet
Dispute data: data automatically collected or provided by the customer, e.g. purchased items, correspondence with merchants, reasons for the dispute
Recipients
Processor, Art. 28 GDPR: DZ BANK AG Deutsche Zentral-Genossenschaftsbank, Platz der Republik, 60325 Frankfurt am Main
Storage period
12 years after contract conclusion
Legal basis
Art. 6 para. 1 b) GDPR
Art. 6 para. 1 c) GDPR in conjunction with anti-money laundering provisions (fraud prevention)
Purposes
Scan2Bank (photo transfer)
Processed data
Transfer data (payee, IBAN of the recipient, payment amount and purpose) on the corresponding photos or files (e.g. Invoices, remittance slips or QR codes)
Recipients
Atruvia AG, Fiduciastrasse 20, 76227 Karlsruhe,
Gini GmbH, Ridlerstraße 57, 80339 Munich
Storage period
after successful processing
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Authentication of the user and authorisations by means of a transaction number (TAN) via a pushTAN service or a direct Authentication request (direct release)
Processed data
Data required for the purposes of processing
Receiver
Atruvia AG, Fiduciastr. 20, 76227 Karlsruhe Further information: Data protection information VR SecureGo plus -Atruvia [Link:https://atruvia.de/datenschutzerklaerung-vr-securego-plus-ios
Storage period
Storage period required for the processing purposes
Legal basis
Art. 6 para. 1 b) GDPR
Responsibility
MLP Banking AG, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Execution of cross-border transfers, urgent domestic transfers, ensuring system security, checking the transfer order (in particular for identification and prevention of payment fraud)
Processed data
Transfer data (e.g. IBAN)
Receiver
Payee, payment service provider of the payee, joint controller, Art. 26 GDPR: Society for Worldwide Interbank Financial Telecommunication SC (Swift), Avenue Adèle 1, B-1310 La Hulpe, Belgium. Further information on joint responsibility with Swift can be found in the Swift Personal Data Protection Policy [LINK: https://www.swift.com/de/node/11256]
Storage period
Until the transfer transaction has been completed or within the statutory time limits Retention obligations
Legal basis
Art. 6 para. 1 b) GDPR Information on data processing for the purpose of statistical analysis and product development by Swift SC can be found at Swift Pseudonymised Account Statistics [LINK: https://www.swift.com/aboutus/legal/compliance/data-protection-policies/pseudonymised-accountstatistics] Contact Objection: opt.out@swift.com
Responsibility
MLP Finanzberatung SE, Alte Heerstr. 40, 69168 Wiesloch
Purposes
Electronic document dispatch
Processed data
Telephone number, e-mail addresses, usage data, document content
Receiver
Processor, Art. 28 GDPR: Flixcheck GmbH, Martin-Kremmer-Str. 12, 45327 Essen
Storage period
maximum 3 months
Legal basis
Art. 6 para. 1 a) GDPR
Verification via SMS channel Time of use, end device details, confirmation event
Processor, Art. 28 GDPR: Flixcheck GmbH, Martin-Kremmer-Str. 12, 45327 Essen
30 days
"Art. 6 para. 1 b) GDPR
You can use social media plugins displayed on our websites to establish connections to various social internet networks, with which you can send (post) information (such as a link to this page or a review) to the selected network. To ensure that you have complete data control, the buttons used only establish direct contact with the respective networks when you actively click on them. By activating the plugin, the following data can be transmitted to the respective providers IP address, browser information, operating system, screen resolution, installed plugins, origin of visitors and the URL of the current website if you have followed a link (referrer). The next time you visit our website, the social media plugins will be displayed again in the preset inactive mode, so that it is ensured that no data is stored in engaged service providers:
Facebook/Instagram: Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland);
privacy policy
X: x corp. 865 FM 1209, Building 2, Bastrop TX 78602).
privacy policy
Xing: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland;
privacy policy
Youtube: YouTube, LLC, Cherry Ave., USA; vertreten durch Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States).
privacy policy
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
privacy policy
MLP uses the platform YouTube.com to upload and make its own videos publicly accessible. YouTube is offered by YouTube LLC (Cherry Ave., USA), represented by Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States).
MLP integrates videos stored on YouTube directly on some of its websites. When you access such an embedded video, your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific internet page), access status/HTTP status code, data volume transferred in bytes, website from which the request comes (link), browser used, operating system and its interface, as well as the language and version are transmitted to YouTube. This connection to YouTube servers is only established if you explicitly consent to the transmission of this data to YouTube. Only then will the content be displayed on our website.
By activating YouTube videos embedded on our site, MLP does not collect any personal data. The transmission of the aforementioned data to YouTube occurs with your consent based on Art. 6 para. 1 a) DSGVO. Consent can be revoked at any time for the future via the consent management tool. For further information on how YouTube processes your data, please refer to YouTube's privacy policy
The transmission and further processing of your personal data in third countries that do not offer an adequate level of data protection (such as the USA) may pose a potential risk that your data may be processed by local authorities for control and monitoring purposes, and you may not have any legal remedies. MLP has no influence over these risks.
Data processing by MLP
As the operator of the MLP YouTube channel, MLP collects and processes data from your use of our offerings, which is provided to us by YouTube. This information includes statistics on visits to our profile, reports on the playback time of our videos, and user interactions such as "likes". Additionally, MLP processes information about individuals who actively interact with our YouTube channel, such as by subscribing or using YouTube's communication features.
MLP uses this information in its legitimate interest pursuant to Art. 6 para. 1 f) DSGVO to ensure communication with you and to adjust our published content regarding its reach and target audience.
For the operation of our Facebook/Instagram pages, Facebook Ireland Ltd. ("Facebook"), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and MLP are jointly responsible under data protection law. According to the existing agreement, Facebook primarily bears responsibility for fulfilling information obligations and ensuring technical and organizational measures.
The full agreement can be viewed at Link
Processing of Personal Data by MLP
MLP is responsible for data protection for data collected during promotions or when leaving comments or other contributions on our pages. If you leave comments, likes, or other contributions on our fan pages, this data will be permanently published on our Facebook/Instagram page. MLP uses the data in accordance with Art. 6 para. 1 f) DSGVO solely to contact you via Facebook or Instagram if necessary and to respond to your requests, suggestions, or criticisms. If you provide us with purpose-specific consents for the use of your personal data via our Facebook or Instagram fan page, you can revoke these consents any time at datenschutz@mlp.de.
You do not need to be a member of Facebook to view the content of our Facebook fan page or on Instagram. However, we point out that Facebook itself collects and processes personal data each time you visit our Facebook or Instagram page. MLP has no influence on this data collection and processing; Facebook is the data protection responsible entity.
Processing of Personal Data by Facebook
As soon as you access our Facebook or Instagram page, your browser establishes a connection with Facebook and transmits information. Facebook uses this data and data from your interaction with our Facebook/Instagram pages at least to create personalized advertising, user profiles, and for market research. Information on what data Facebook collects can be found in Facebook's and Instagram's privacy policies, available at privacy policy and privacy policy
Facebook uses cookies to store and further process this information, which are stored on users' various devices. If you are logged into Facebook or Instagram when accessing our Facebook/Instagram page, Facebook can link the visit to our Facebook/Instagram website with your personal user account and store and analyze your activities across devices.
You can object to the processing of your personal data by Facebook (so-called Opt-Out) here: LINK and here LINK
Processing of Personal Data for Statistical Purposes (Insights)
Through the "Insights" of our Facebook/Instagram pages, statistical data of various categories is available to MLP. In our own interest according to Art. 6 para. 1 f) DSGVO, we use Insights to obtain statistical information about the use of our page. This information allows us to capture the reach and effectiveness of campaigns, postings, and other activities through prepared statistics and to continuously optimize our Facebook/Instagram pages based on this. Detailed information on Facebook Insights can also be found at LINK
MLP, as the operator of the pages, has no influence on the generation and presentation of statistical data through Insights. The function cannot be disabled, and the generation and processing of data by MLP cannot be prevented. In the context of using Facebook Insights, MLP only receives anonymized statistics from Facebook about the use of our Facebook/Instagram pages. MLP can only see how many users have performed certain interactions. The statistics of the Insight data do not allow MLP to draw any conclusions about your person, but according to Facebook's terms of use, we can identify subscribers and fans of our pages and view their publicly shared profiles and information. Further information can be found at LINK
Your Rights
You can assert your rights to information, correction, objection, deletion, restriction of processing, and data portability in connection with our Facebook/Instagram fan pages directly with Facebook or with MLP. According to the supplementary agreement LINK , MLP is obliged to forward these requests to Facebook within 7 days.
MLP uses the platform Xing and its application Kununu to promote our company and our quality as an employer, and to facilitate your contact with us.
For the operation of our Xing page, MLP and New Work SE (Am Strandkai 1, 20457 Hamburg) are jointly responsible under data protection law.
Processing of Personal Data by Xing
New Work SE (hereinafter referred to as "Xing") is responsible for the operation of the Xing platform and the Kununu application. When you visit our Xing page, Xing collects your IP address and other information stored in cookies on your PC. This information is used, among other things, to provide us, as the operator of the MLP Xing page, with statistical information about the use of the page. If you access our Xing page while logged into your Xing account, Xing can directly associate the visit with your Xing account. We explicitly point out that Xing stores this data (e.g., personal information, IP address, etc.) and uses it for its own purposes. MLP has no influence on the data processing by Xing. Xing is solely responsible for this under data protection law.
For more information on data processing at Xing, please visit privacy policy .Information on how to manage or delete information about you on Xing can be found at LINK
Processing of Personal Data by MLP
MLP is responsible under data protection law when you contact us via our Xing page, e.g., via form or messenger. We use this data solely for the purpose of responding to your inquiry or for contacting you and the associated technical administration. The legal basis for this is our legitimate interest in responding to your inquiry according to Art. 6 para. 1 f) DSGVO. If your contact aims at concluding a contract, Art. 6 para. 1 b) DSGVO serves as the legal basis. Your data will be deleted by MLP after the final processing, provided that there are no legal retention obligations to the contrary.
Processing of personal data in Joint responsibility of MLP and Xing
Various types of statistical data for MLP can be accessed via the so-called “Insights” on our Xing page. In our own interest in accordance with Art. 6 Para. 1 f) GDPR, we use Insights to obtain statistical information about the use of our site. This information enables us to record the reach and effectiveness of campaigns, postings and other activities through prepared statistics and, on this basis, to continuously optimize our Xing page as needed. For this purpose, MLP only uses the data provided by Xing as part of the Insights function.
You can exercise your rights to information, correction, objection, deletion, restriction of processing and data portability in connection with our Xing page directly from Xing LINK or assert it against MLP.
MLP processes personal data via its X account, and data processing by X takes place at the same time.
Processing of Personal Data by X:
MLP uses the technical platform and services of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, for the short message service offered on its websites.
MLP points out that you use the short message service and its functions offered here at your own responsibility. This applies in particular to the use of interactive functions (e.g., sharing, rating). Information on what data X processes and for what purposes it is used can be found in X's privacy policy: privacy policy
X processes your voluntarily entered data such as name and username, email address, phone number, or the contacts of your address book if you upload or synchronize it. X also analyzes the content you share to determine your interests, stores and processes confidential messages you send directly to other users, and can determine your location based on GPS data, wireless network information, or your IP address to provide you with advertisements or other content.
X may use analytics tools such as X-Analytics or Google Analytics for evaluation. MLP has no influence on the use of such tools by X and has not been informed about any potential use. If such tools are used by X for the MLP account, MLP has neither commissioned, confirmed, nor supported this in any way. MLP is not provided with the data obtained from the analysis by X. Only certain non-personal information about activity, such as the number of profile or link clicks through a specific short message, is visible to MLP through its account. Moreover, MLP has no way to prevent or disable the use of such tools on its X account.
X receives information when you view content, even if you have not created an account. These so-called "log data" may include the IP address, browser type, operating system, information about the previously accessed website and the pages you visit, your location, your mobile provider, the device you use (including device ID and application ID), the search terms you use, and cookie information. Through X buttons or widgets embedded in websites and the use of cookies, X can track your visits to these websites and associate them with your X profile. Based on this data, content or advertisements can be tailored to you.
You can restrict the processing of your data in the general settings of your X account and under "Privacy and Security". Additionally, on mobile devices (smartphones, tablets), you can restrict X's access to contact and calendar data, photos, location data, etc.,in the settings.This, however, depends on the operating system used.
Further information on these points is available on the following X support pages:
Information on how to access your data on X can be found here: LINK
Information about the conclusions X draws about you can be found here: LINK
MLP has no influence on the type and scope of data processed by X, the type of processing and use, or the transfer of this data to third parties, and no way to control this. By using X, your personal data is collected, transferred, stored, disclosed, and used by X, and transferred to and stored and used in the United States, Ireland, and any other country where X does business, regardless of your place of residence.
The transmission and further processing of your personal data in third countries that do not offer an adequate level of data protection (such as the USA) may pose a potential risk that your data may be processed by local authorities for control and monitoring purposes, and you may not have any legal remedies. MLP has no influence over these risks.
Data Processing by MLP
The data you enter on X, particularly your username and content published under your account, is used by MLP in its own interest for public relations and advertising for its own products and services in accordance with Art. 6 para. 1 f) DSGVO, possibly for retweets, replies, or own tweets that refer to your account. The data you freely publish and distribute on X may be included in our offerings and made accessible to our followers. No further data is collected by MLP.
MLP uses the platform LinkedIn to promote our company and our quality as an employer, and to facilitate your contact with us.
For the operation of our LinkedIn career page, MLP and LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) are jointly responsible under data protection law. According to the existing agreement, LinkedIn primarily bears responsibility for fulfilling information obligations and ensuring technical and organizational measures.
The full agreement can be viewed at LINK
Processing of Personal Data by LinkedIn
LinkedIn Ireland Unlimited Company is responsible for the operation of the LinkedIn platform. When you visit our LinkedIn page, LinkedIn collects your IP address and other information stored in cookies on your PC. This information is used, among other things, to provide us, as the operator of the MLP LinkedIn page, with statistical information about the use of the page. If you access our LinkedIn page while logged into your LinkedIn account, LinkedIn can directly associate the visit with your LinkedIn account. We explicitly point out that LinkedIn stores this data (e.g., personal information, IP address, etc.) and uses it for its own purposes. MLP has no influence on the data processing by LinkedIn. LinkedIn is solely responsible for this under data protection law.
For more information on data processing at LinkedIn, please visit privacy policy . Here you will also find information on how to manage or delete information about you on LinkedIn. Information on how to object to the use of cookies and tracking measures by LinkedIn can be found at privacy policy .
Processing of Personal Data by MLP
MLP is responsible under data protection law when you contact us via our LinkedIn page. We use this data solely for the purpose of responding to your inquiry or for contacting you and the associated technical administration. The legal basis for this is our legitimate interest in responding to your inquiry according to Art. 6 para. 1 f) DSGVO. If your contact aims at concluding a contract, Art. 6 para. 1 b) DSGVO, possibly in conjunction with § 26 BDSG, serves as the legal basis. Your data will be deleted by MLP after the final processing, provided that there are no legal retention obligations to the contrary.
Processing of Personal Data in Joint Responsibility by MLP and LinkedIn
Through the "Page Insights" of our LinkedIn page, statistical data of various kinds is available to MLP. In our own interest according to Art. 6 para. 1 f) DSGVO, we use Page Insights to obtain statistical information about the use of our page. This information allows us to capture the reach and effectiveness of campaigns, postings, and other activities through prepared statistics and to continuously optimize our LinkedIn page based on this. The statistics of Page Insights do not allow MLP to draw any conclusions about your person.
You can assert your rights to information, correction, objection, deletion, restriction of processing, and data portability in connection with our LinkedIn page directly against LinkedIn LINK or with MLP. According to the agreement on joint responsibility with LinkedIn, MLP is obliged to forward these requests to LinkedIn within 3 working days.
For the operation of our company presence on social media platform TikTok, MLP and TikTok Information Technologies UK Ltd (6th Floor, One London Wall, London, EC2Y 5 EB, UK) and TikTok Technology (10 Earslfort Terrace, Dublin, D02T380, Ireland) are jointly responsible for data protection.
The complete agreement on joint responsibility can be viewed at privacy policy .
Processing of personal data by MLP
MLP processes and uses your data, which is provided to MLP by TikTok, to provide video information on various topics from the world of financial advice, to present our services on our TikTok profile and to interact with registered users. If you leave likes or other contributions as a visitor to our TikTok profile, these will be permanently published in our TikTok profile. MLP uses the data in accordance with Art. 6 Para. 1 f) GDPR exclusively to contact you via the TikTok medium if necessary and to respond to your requests, suggestions or criticisms.
Processing of personal data by TikTok
As soon as you access the MLP company profile on TikTok, your browser establishes a connection with TikTok and transfers at least server log files (P address, name of the file accessed, date and time of retrieval, amount of data transferred, status of retrieval (successful/unsuccessful ), browser type and operating system of the end device as well as the URL of the page previously accessed (so-called “referrer URL”). To view the content on our TikTok profile, you do not have to be a member of TikTok. Specific information about what data TikTok collects about its users can be found at privacy policy .MLP has no influence on the processing of your personal data by TikTok.
Processing of Personal Data in Joint Responsibility by MLP and TikTok
Statistical information of various categories is available to MLP via the so-called ""Analysis"" in our TikTok company profil. MLP uses this information about the use of our content on TikTok in accordance with Art.6 Para.1 f) GDPR to record the reach and effectiveness of our offers on TikTok by means of prepared statistics and to continuously optimise our offer on this basis in line with requirements. As the operator of the MLP company profile on TikTok, MLP has no iinfluence on the generation and presentation of statistical data by TikTok. The function cannot be switched off and the generation and processing of data cannot be prevented by MLP. However, MLP only receives anonymised statistics on the use of our profile content. MLP can only recognise how many users have carried out certain actions.This information does not allow MLP to draw any conclusions about your person. However, in accordance with the TikTok Terms of Service, we may identify subscribers to our profile and view their public profiles and information. This is also possible if you mark a video from MLP with a heart, comment on a video or use the “Duet” or “Stitch” functions. You can find further information about this at LINK .
Your rights
You can exercise your rights to information, correction, objection, deletion, restriction of processing and data portability in connection with our MLP company profile on TikTok directly to TikTok (via your own profile settings; instructions at LINK or the data protection officer of TikTok . If you would like to assert your rights against MLP in connection with the MLP company profile on TikTok, please contact MLP
