The protection of personal data is important to us at MGT-COMMERCE GmbH (hereinafter "MGT-COMMERCE"). This Privacy Policy gives you an overview on how MGT-COMMERCE processes your personal data. It applies to the use of the CloudPanel software offered by MGT-Commerce (hereinafter the "Software").

1. Responsible data controller.

Responsible for the data processing is:
MGT-COMMERCE GmbH
represented by its managing director Raphael Thiel
Mendelssohnstrasse 27,
10405 Berlin, Germany

We or our data protection officer will be happy to respond to your information requests and feedback on the subject of data protection.
Simply email us at : privacy@cloudpanel.io

2. Purposes and legal bases for our data processing activities

2.1. Log files.

Each time you use our Software, your browser automatically transfers certain information to us in so-called log files, which is being processed (usage data). The information saved in the logfiles allow no direct conclusion to be drawn about you as a person.

In particular, the following information can be subject to our processing in the log files:

  • - IP address (internet protocol address) of the device from which the website is accessed;
  • - Server ID;
  • - Date and time as well as duration of the retrieval;
  • - Operating system and information about the browser used;
  • - http status code (e.g. for “successful response” or “requested file not found”).

It is necessary to process this data to enable the use of our Software and to guarantee the long-term functionality, availability and security of our systems. The legal basis for this data processing is Art. 6 (1)(b) GDPR (performance of contract).

2.2. User Account.

In order to activate our Software and to enable the functionalities of the Software, you need to provide us with the following information to create a user account (user data):
  • - First name, surname;
  • - Email address;
  • - Password;
  • - Server ID;

We need this information in order to provide you with the Software license and, if necessary, to alert you about security-related information and updates. The legal basis for this data processing is Art. 6 (1)(b) GDPR (performance of contract).

2.3. Making contact.

You have various ways of making contact with us. These include contact by e-mail via the address in the “contact” section of the Software. In this context, we process data solely for the purpose of communication with yourself. The legal basis is Art. 6 (1)(b) of the GDPR. The data which we collect when using the contact section are automatically erased after full processing, unless we still need to keep your enquiry for the fulfilment of contractual or legal duties.

2.4. Direct marketing purposes.

We may process your personal data from time to time for direct marketing purposes and will provide you with relevant news about our product and service range on the basis of Art. 6 (1)(f) GDPR to the extent that this is permissible after balancing your interests to pursue the legitimate interests of MGT-COMMERCE. You may object this data processing at any time with effect for the future. For further details about your right to object, please see Section 5.7 below.

3. Disclosure of data and service providers

In principal, we will only pass on your personal data to external recipients if:
  • - you have given your express consent to this pursuant to Art. 6 (1)(a) GDPR;
  • - disclosure is necessary pursuant to Art. 6 (1)(f) GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that there is an overriding legitimate interest in not disclosing the data;
  • - we are legally obliged to do so under Art. 6 (1)(c) GDPR; or
  • - if this is permitted by law and is required under Art. 6 (1)(b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.

Part of the data processing described in this Privacy Policy may be carried out by our service providers. This may in particular include data centres and IT service providers that maintain our systems and operate our Software. If we pass data on to such service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organizational measures in place to protect the rights of data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.

If these service providers process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than that of the European Union. In such cases, MGT-COMMERCE ensures that the service providers concerned guarantee an equivalent level of data protection, either by contract or otherwise (e.g. by concluding Standard Contractual Clauses with the service provider or by ensuring that the service provider is certified according to the EU-US-Privacy Shield).

4. Retention and duration of storage.

MGT-COMMERCE generally retains personal data only for as long as is necessary to provide our software services to you as a Licensee. MGT-COMMERCE then erases the personal data with the exception of data that we are required to maintain in order to comply with contractual or legal (e.g. under tax or commercial law) retention periods (e.g. invoices).

MGT-COMMERCE may also need to retain some of your personal data even after you have closed your user account if we have a legitimate interest in doing so or if we have to comply with our legal obligations. For instance, MGT-COMMERCE must store some of your personal data for purposes of book-keeping. Unless set out otherwise above, your personal data will in principle be deleted or blocked as soon as the purpose of the storage ceases to exist.

5. Your data subject rights.

5.1. How can you assert your rights?

To assert your rights, please use the information in the “Responsible data controller” section. Please make sure that we are able to uniquely identify you. Alternatively, you can also adjust the settings in your user account to correct the data you entered during registration.

5.2. Your rights of access and rectification.

You may request that we confirm whether we process personal data concerning you, and you have a right of access to the personal data of yours which we process. Should your data be inaccurate or incomplete, you may request that it be rectified or completed. If we have passed on your data to third parties, we will inform them about the rectification to the extent required by law.

5.3. Your right to erasure.

If the legal requirements are met, you can request that we erase your personal data without delay. In particular, this is possible if
  • - your personal data is no longer needed for the purposes for which it was collected; the legal basis for the processing was solely your consent and you have withdrawn this;
  • - you have objected to processing for advertising purposes (“advertising objection”);
  • - You have objected to processing, citing the legal basis of the balancing of interests for personal reasons, and we cannot prove that there are overriding legitimate reasons for a processing;
  • - your personal data has been unlawfully processed; or
  • - your personal data must be erased in order to comply with legal requirements.

If we have passed on your data to third parties, we will inform them about the erasure to the extent required by law. Please note that your right to erasure is subject to restrictions. For example, we do not have to, or rather are not allowed to, erase any data that we have to retain further due to legal retention periods. Data which we require for the establishment, exercise or defense of legal claims is also excluded from your right to erasure.

5.4. Your right to restriction of processing

If the legal requirements are met, you can request that we restrict processing. In particular, this is possible if
  • - the accuracy of your personal data is disputed by you, in which case we will restrict the processing until we have had the opportunity to verify its accuracy;
  • - the processing is not lawful, and you request a restriction of use instead of erasure (see previous section); we no longer require your data for the purposes of processing, but you need it to establish, exercise or defend your legal claims;
  • - you have objected for personal reasons, in which case we will restrict the processing until it is established whether your interests prevail.

If there is a right to restriction of processing, we will mark the data concerned in order to ensure that it will only be processed within the narrow limits that apply to such limited data (in particular to defend legal claims or with your consent).

5.5. Your right to data portability.

You have the right to receive, in a transferable format, personal data that you have provided to us for the performance of the contract or on the basis of your consent. In this case, you can also request that we transfer this data directly to a third party, to the extent that this is technically feasible.

5.6. Your right to withdraw your consent.

If you have consented to us processing your data, you can withdraw this at any time with effect for the future. This will not affect the lawfulness of the processing of your data before the withdrawal.

5.7. Your right to object to direct marketing.

You can also object to the processing of your personal data for advertising purposes at any time (“advertising objection”). 

5.8. Your right to object for personal reasons

You have the right to object to data processing by us for reasons arising from your particular situation, insofar as this is based on the legal basis of a legitimate interest.  We will then cease processing your data, unless we can – in accordance with the statutory provisions – prove compelling legitimate reasons for further processing which outweigh your rights.

5.9. Right to lodge a complaint with the supervisory authority.

You have the right to lodge a complaint about the data processing activities carried out by MGT-COMMERCE before a competent data protection authority. A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.

6. Changes to this Privacy Policy.

MGT-COMMERCE reserves the right to amend this Privacy Policy at its own discretion and at any time.

Berlin, July 2020