1.General information about data processing
1.1. Name and address of the controller:
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States as well as other data protection regulations is:FELD M GmbH
Managing Director: Lutz Wiechert, Dipl. Kfm.
1.2. Data protection officer’s contact details
The data protection officer responsible for compliance with the General Data Protection Regulation and supplementary data protection regulations is:Feld M GmbH
– Datenschutz –
Tel +49 (0) 89 / 60807600
1.3. Recipients of the collected data
Access to your personal data collected during your visit to on www.feld-m.de will only be granted to those who need it to fulfil our contractual obligations. Specifically, these are:
- Our management and sales team when contacting us via the contact form.
- Our HR team when contacting us via our application management system.
- Web analytics team to optimize the visibility and usability of our website.
- Contract processors, such as external hosters, to ensure the operation of the website and individual functional areas.
- Recipients are also contract processors who provide tools for web analysis and application management.
1.4. Extent to which personal data is processed
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG-new) on the basis of the following legal principles:
- (1) Article 6(1) point (b) GDPR: Personal data may be processed for the performance of a contract or pre-contractual measures.
- (2) Article 6(1) point (f) GDPR: The controller may process personal data to the extent required to safeguard its own legitimate interests.
In accordance with legal requirements, we only collect data appropriate for the intended purpose.
1.5. Transfer of personal data to third countries
Personal data is transferred to third countries via the cookies and tracking tools used on www.feld-m.de. The necessary contractual agreements exist with the respective service providers.
1.6. Duration of storage
We principally erase personal data collected on www.feld-m.de once it is no longer required for the processing purpose or on completion of any legal verification and retention period.
If the data are no longer required for the performance of contractual or legal obligations, these are regularly erased unless their temporary processing is necessary for the following purposes:
- Preservation of evidence in the context of the statutory statute of limitations. According to Section 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the standard period of limitation is 3 years.
1.7. Rights of the data subject
If personal data relating to you is processed, you are considered to be a data subject within the meaning of the GDPR and you have the following rights in respect to the controller:
1.7.1. Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data relating to you is processed by us.
If that is the case, you can request information from the controller about the following information:
- (1) The purposes for which the personal data are processed;
- (2) The categories of personal data being processed;
- (3) The recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
- (4) The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- (5) All available information on the source of the data if the personal data are not collected from the data subject;
- (6) The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- (7) Whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard you have the right to be informed about appropriate safeguards pursuant to Article 46 relating to the transfer.
1.7.2. Right to rectification
You have the right to obtain from the controller the rectification and/or completion of personal data relating to you insofar that the processed personal data is incorrect or incomplete. The controller must make the rectification without undue delay.
1.7.3. Right to restriction of processing
You may request the restriction of the processing of your personal data relating to you under the following conditions:
- (1) You contest the accuracy of the personal data relating to you, for a period enabling the controller to verify the accuracy of the personal data;
- (2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- (3) The controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or
- (4) You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your reasons.
If the processing of personal data relating to you has been restricted, this data – with the exception of storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing in accordance with the above conditions, you will be notified by the controller before the restriction of processing is lifted.
1.7.4. Right to erasure
a) Erasure obligation
You can demand that the controller deletes your personal data relating to you without undue delay, and the controller shall have the obligation to erase this data without undue delay where one of the following grounds applies:
- (1) The personal data relating to you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- (2) You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing.
- (3) You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for processing, or you object to the processing pursuant to Article 21(2) GDPR.
- (4) The personal data relating to you have been processed unlawfully.
- (5) The erasure of the personal data relating to you is required to fulfil a legal obligation under Union or Member State law, to which the controller is subject.
- (6) The personal data relating to you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obligated to erase the personal data pursuant to Article 17(1) GDPR, the controller, taking available technology and the cost of implementation into account, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that the processing is necessary
- (1) for exercising the right of freedom of expression and information;
- (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in exercising official authority vested in the controller;
- (3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
- (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, in so far as the law referred to in subparagraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- (5) for the establishment, exercise or defence of legal claims.
1.7.5. Right to be informed
If you have exercised your right to obtain from the controller the rectification, erasure or restriction of processing, it is obliged to notify all recipients to whom your personal data have been disclosed about the rectification or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed by the controller about these recipients.
1.7.6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, provided that
- (1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or is based on a contract pursuant to point (b) of Article 6(1) GDPR; and
- (2) the processing is carried out by automated means.
In exercising this right you also have the right to have the personal data concerning you transmitted directly from one controller to another, provided that this is technically feasible. These rights should not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in exercising official authority vested in the controller.
1.7.7. Right to object
You have the right at any time, for reasons that arise from your particular situation, to object to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
1.7.8. Right to revoke your declaration of consent concerning data privacy
If the processing of your personal data is based on your consent, you may revoke your consent to processing at any time with future effect. The relevant data will then be blocked or erased immediately in accordance with legal storage periods.
The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can carry out your revocation in the same way as your consent. Alternatively you can send your revocation of consent, stating your full name and email address, to the following postal or email address:Feld M GmbH
– Datenschutz –
Phone +49 (0) 89 / 60807600
1.7.9. Exclusion right in automated decisions on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
- (1) is required for the conclusion or performance of a contract between you and the controller,
- (2) is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
- (3) is made with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
1.7.10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Article 78 of the GDPR.
A list of data protection officers and their contact details can be found on the following link:
2. Provision of the website and creation of log files
2.1. Description and scope of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected in this regard:
- 1. Browser type and browser version
- 2. Operating system used
- 3. Referrer URL
- 4. Subsites
- 5. Host name of the computer accessing the site
- 6. Time of the server request
- 7. IP address
- 8. Language
- 9. Device type
This data will not be merged with other data sources.
The data is also stored in our system’s log files. This data is not stored together with the user’s other personal data.
2.2. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. To achieve this, the user’s IP address must be stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
2.3. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6(1) point (f) GDPR. The legitimate interest of the website operator lies in the trouble-free provision of the website and the associated website services for users.
2.4. Duration of storage
The data will be erased as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
The data is erased after 14 days. The service provider uses script-based deletion.
2.5. Means of objection and termination
The collection of data for providing the website and the storage of data in log files is absolutely imperative for operating the website. Users therefore do not have any possibility to object.
The data subject can prevent our website from setting cookies at any time by accordingly adjusting the settings on the Internet browser used and thus permanently disabling the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all standard Internet browsers. However, not all the functions on our website may be fully usable if the data subject disables the setting of cookies in the Internet browser used.
4. Web analysis by Google Analytics (with anonymisation function)
4.1. Description and scope of the data processing
Google Analytics (with an anonymisation function) is integrated on our website. Google Analytics is a web analytics service. Web analysis refers to the capturing, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject came to our website (so-called referrers), which subpages of the website were accessed or how often, and for how long the subpage was viewed. We use web analytics primarily for optimising our website and for conducting cost-benefit analyses of the internet advertising.
We use Google Analytics as part of the Google marketing platform. In the application, Google Analytics also includes advertising functions (Double Click, remarketing). In addition, a user-based analysis is possible, with which user profiles can be formed.
The operator for the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the application “_gat._anonymizeIp” for web analytics through Google Analytics. By means of this application, the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our website from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area.
Google Analytics sets a cookie on the data subject’s information technology system. An explanation of what cookies are has already been provided above. Setting this cookie enables Google to analyse the usage of our website. Each time one of the webpages is accessed on this website, which is operated by the controller and in which a Google Analytics component has been integrated, the Internet browser on the data subject’s information technology system is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google is provided with personal data, such as the IP address of the data subject, which among other things help Google to track the origin of the visitors and clicks, and subsequently enable the settlement of commissions.
The cookie stores personal information, such as the access time, the location from where the access was made, and the frequency with which our website is visited by the data subject. Each time you visit our website, your personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
4.2. Purpose of the data processing
The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.
Google Analytics’ advertising capabilities enable its customers to create a remarketing audience based on specific behavioral, demographic, and interest data and to share these lists with Google Ads, use demographic and interest data in analytics reports, and create segments based on demographic and interest data. The purpose of the processing is to specifically address the user as part of a target group and also to display personalized content based on the processed personal data.
4.3. Legal basis for data processing
The legal basis for the web analysis by Google Analytics is Article 6(1) point (a) GDPR.
4.4. Duration of storage
The data stored by tracking is erased as soon as it is no longer needed for the stated purposes. In our case data is erased after 26 months.
4.5. Means of objection and termination
DAs described above, the data subject can prevent our website from setting cookies at any time by accordingly adjusting the settings on the Internet browser used and thus permanently disabling the setting of cookies. Such an adjustment of the Internet browser settings would also prevent Google from setting a cookie on the data subject’s information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Furthermore, you can prevent Google from logging the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to installing the browser plugin, especially on Internet browsers on mobile devices, you can prevent your data from being collected by Google Analytics by clicking on the following link:
[ga-optout label=”Google Analytics status:”]
This stores a so-called opt-out cookie on your device which prevents the future collection of your data by Google Analytics when visiting this website.
Please note that if you delete cookies in your browser settings, the opt-out cookie from Google Analytics could also be deleted, which would then have to be re-enabled by you.
5. Consent Management with Usercentrics
5.1. Description and scope of the data processing
We use the Usercentrics Consent Management Platform as a consent management tool for the analytics activities on our website.
We process the following data:
- (1) Consent data and associated data (anonymous logbook data (Consent ID, Processor ID, Controller ID), consent status, timestamp)
- (2) Device data or data of the devices used (e.g. shortened IP addresses (IP v4, IP v6), device information, timestamp)
- (3) User data (e.g. email, ID, browser information, SettingIDs, changelog)
The consentID (contains the above-mentioned data), the consent status incl. time stamp are stored in the local storage of your browser and simultaneously on the cloud servers used. Further processing will only take place if you make a request for information or revoke your consent. In this case, the responsible party (FELD M) is provided with the corresponding information in a compact data format in an easily readable text form for the purpose of data exchange (JSON file).
We create statistics regarding the consent status – given or not given. To this point no user informaction is saved. Only the frequency and location of clicks are saved.
Personal data is stored on a Google Cloud Server located in the EU (Brussels, Frankfurt/Main).
5.2. Purpose of the data processing
The purpose of data processing is to analyse and manage the consents granted in order to comply with our obligation to comply with GDPR-compliant consent management. The use of Usercentrics serves the purpose of proving consent given and consent not given as well as their administration.
The concrete processing purposes of the personal data mentioned under 5.1 are:
- (1) Obtaining and providing consent
- (2) Provide evidence of which device you used to give your consent, and at what time
- (3) Legitimization of access to the settings and documentation of changes
5.3. Legal basis for data processing
The legal basis for the management of your consent to process your personal data is 6(1) point (f) GDPR. Our legitimate interest lies in the legally secure documentation and verifiability of consents, the control of marketing measures on the basis of the consent given and the optimisation of consent quotas.
5.4. Duration of storage
The data is deleted as soon as it is no longer needed. The associated cookie has a duration of 60 days.
The withdrawal document of a previously given consent shall be kept for a period of three years. The storage is based on our accountability pursuant to 5(2) GDPR. This obliges us to comply with the processing of personal data in accordance with the General Data Protection Regulation.
Furthermore, the storage duration does not exceed the regular statute of limitations according to § 195 BGB of three years. This limitation period begins at the end of the year in which the claim arose (§ 199 BGB). Consequently, the three-year limitation period begins at the end of 31.12. and ends three years later on 31.12., midnight.
5.5. Means of objection and elimination
The function can be switched on and off in our “privacy settings” by selecting the checkbox.
6. Contact form
6.1. Description and scope of the data processing
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the enquiry and in case of follow-up questions. We will not share this information without your consent. The only mandatory fields are your first and last name, your company and your professional email address. The data is required to send you the associated documents in a personalised way.
The information you provide in the contact form will remain with us until you ask us to delete it, or the purpose for storing the data no longer applies (for example, after your enquiry has been processed). Mandatory statutory provisions – especially retention periods – remain unaffected.
6.2. Purpose of the data processing
The personal data from the input mask is processed for the sole purpose of dealing with your enquiries. In the case of contact by email, we have a legitimate interest in processing the data since we as a company always strive to deal with your inquiries.
The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
6.3. Legal basis for data processing
The legal basis for processing the data when contacting us via the contact form for requesting further details about the Link Manager or TV2WEB offerings is the performance of a contract or pre-contractual measures pursuant to Article 6(1) point (b) GDPR.
6.4. Duration of storage
The data will be erased as soon as it is no longer necessary for the purpose of its collection. For personal data entered in the input mask in the contact form and personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be erased at the latest after a period of 14 days.
6.5. Means of objection and termination
Users can terminate the contractual or pre-contractual relationships at any time. If users contact us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored for contact purposes will be erased in this case.
7.1. Description and scope of the data processing
Applications for open positions or unsolicited applications are made handled via the application portal of Feld M. For this purpose, we draw on the support of an external service provider who operates the portal.
The following data is collected:
- First name, last name
- E-mail address, telephone number
- curriculum vitae
- Cover letter, application photo
The data is stored on the systems of the service provider. After successfully submitting your application, you will receive a link to delete and process edit your application. Our personnel department will also be informed by the system when as soon as the application is received and the application will then be integrated into the selection process.
7.2. Purpose of the data processing
Personal data is processed for the purpose of establishing employment relationships and to safeguard the business operations of FELD M GmbH.
7.3. Legal basis for data processing
We process the personal data of our applicants to establish employment relationships. The legal basis for processing applicants’ personal data is Art. 88 DS-GVO and § 26 BSDG-new.
The storage of your applicant data in the FELD M application tool after cancellation is based on your consent in accordance with Art. 6 Para. 1 lit. a DS-GVO.
7.4. Duration of storage
Application data of rejected applicants will be deleted or returned by FELD M after a period of 6 months, after the end of the application process or after the rejection has been issued. Applications received by post will only be returned. Applications submitted electronically to FELD M GmbH will be deleted from the systems accordingly.
The application data of applicants not required for employment will also be deleted after this period.
7.5. Means of objection and termination
You can withdraw and delete your application at any time via the deletion and/or processing editing link sent to you. Alternatively, you can send a deletion request to the system, whereupon deletion will be initiated internally.
If, despite a negative decision on your application, you wish to remain in the FELD M applicant tool for a position to be filled later, this will be done exclusively on the basis of your consent. You can revoke your consent at any time as followsby contacting us via:
- Email: firstname.lastname@example.org
- Phone:: +49 (0) 89 / 55 29 756 . 36
- Mail: FELD M GmbH, Sandstraße 33, 80335 München
8. External Linking
Our Website contains links to external pages for example to Social Media and Google Maps (location).
9.1. Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
9.2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
9.4. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
9.10. Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.