MOBOTIX AG, Kaiserstraße, 67722 Langmeil, Germany ("MOBOTIX", "we" or "our") takes the protection of your data seriously. Our security measures therefore closely follow the provisions of the EU General Data Protection Regulation 2016/679 (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”), as amended. In the following, we have outlined how we handle the personal data of visitors to our website, business partners, shareholders and applicants at MOBOTIX. Below, we further provide you information about how personal data is processed by MOBOTIX products, inform you about your data subject rights and how you can contact us and our data protection officer.
2 Information for visitors of our website and newsletter subscribers
2.1 Provision of the website and log files
The following personal data will be stored in a log file automatically when you access our webpages: date and time of access, IP address, link opened, information about web browser and operating system, volume of data transferred, error code and user name (in the case of customized access).
This data will also be generated when any other website is visited and is therefore not a special function of our website. Data is stored for security purposes and to improve our offering. This data is evaluated purely for statistical purposes in an anonymized form.
Processing of this personal data is technically necessary for us to display our website to you and ensure stability and security. The legal basis for processing your personal data is Article 6 (1) f GDPR.
This data is deleted after fourteen (14) days.
A cookie is a small text file containing information that allows us to identify returning visitors to our website. Cookies are stored on your computer. This makes it possible to adapt our website to your needs (e.g. language, country assignment) and to assign information to session steps during a session.
Only the cookie on your computer is identified to determine whether your computer has already accessed our website.
Cookies also offer you, as a user of customized services, the option of not having to register each time you use them. Under no circumstances will personal data be generated or passed on, nor will a link be established with personal data.
The use of all functions of our website requires the admission of cookies during a session. Current browsers have a security setting that ensures that cookies are automatically deleted at the end of a session.
These cookies enable us to improve performance (e.g. load content faster) and display country- and language-specific, localized contact information. The legal basis for this is Art. 6 para. 1 lit. f GDPR. If consent to store cookies has been obtained, processing is based exclusively on this consent in accordance with Art. 6 (1) a GDPR and Section 25 (1) of the Telecommunications Telemedia Data Protection Act (Telekommunikation Telemedien Datenschutz Gesetz – “TTDSG”).
The cookies mentioned in section 2.2 (a) are deleted when you close your browser.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.
(b) Google Analytics
At MOBOTIX, we take the protection of your personal data very seriously and comply with the legal provisions on data protection. Some of the data collected when visiting this website is used for statistical analysis.
In Google Analytics, we have enabled "Google Signals" for advertising purposes. This supplements the existing Google Analytics functions to obtain aggregated data on the age, gender, location, search history and interests of page visitors, provided they have allowed personalized ads in their Google account. By enabling Google Signals, data is collected and linked to the Google account.
You can prevent the collection by Google Analytics by clicking on the following link. This will set an opt-out cookie that will prevent future collection of your data when you visit this website: Disable Google Analytics. You can deactivate the "Google Signals" function at any time via the settings in your Google account: https://adssettings.google.com.
(c) LinkedIn Insight-Tag
The LinkedIn Insight tag enables the collection of data about visits to LinkedIn's website, including URL, referrer URL, IP address, device and browser characteristics, timestamps, and page views. This data is encrypted by LinkedIn, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share personally identifiable information with the site owner, but only provides aggregate reports on the site's audience and display performance. LinkedIn also provides retargeting for site visitors so that the site owner can use this data to display targeted ads outside of its site without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
The use of the above technologies helps us to improve the quality and content of our website and to evaluate and optimize our marketing activities. The aggregated statistical information includes data such as the total number of visitors. For example, we find out how often and in what order individual pages were accessed and how much time visitors spend on our pages on average. We also find out whether users have visited our website at an earlier time. The legal basis for this is your consent pursuant to Section 25 (1) TTDSG and Art. 6 (1) lit. a GDPR, if you have consented. If the transfer to an unsafe third country takes place, this is done on the basis of Art. 49 para. 1 lit. a) GDPR.
2.3 Use of the contact form
You could send us your request via the contact form. The use of this contact form is voluntary, you are not obliged to use it. If you contact us via the contact form and provide data to us, we will only use this data to process your request. Your data will not be shared with third parties.
The legal basis for the processing of your personal data is Art. 6 (1) lit. b GDPR, if your request is necessary for the implementation of (pre)contractual measures, otherwise our legitimate interest under Art. 6 (1) lit. f GDPR to be able to process the requests of our users.
We store the personal data provided to us through the contact form only to handle your request or if this is required by statutory retention periods.
2.4 Use of the newsletter
We could subscribe to our newsletter on our website. The processing of your personal data for marketing communications is only based on your consent pursuant to Art. 6 Para. 1 lit. a GDPR. The following personal data will be processed on basis of your consent: salutation, first name, last name, e-mail address. You can withdraw your consent at any time. If you wish to opt-out to receive the newsletter in the future, you can unsubscribe at any time by sending an e-mail to firstname.lastname@example.org or via the unsubscribe link, which you will find in every newsletter.
We have implemented a double opt-in process to prevent third parties from signing you up for a newsletter via our homepage without your consent. We send an e-mail with a link to the e-mail address you have provided. By clicking on this link, you confirm that you agree to subscribe to the specified newsletter. Only then is your subscription active.
Without this confirmation, the entry of personal data and thus the desired registration for a newsletter, event or similar cannot be completed.
2.5 Use of the registration forms
MOBOTIX also provides registration forms on this website, which you can use to register for training courses, events and the like. The data required for this purpose, such as address data, name and contact data of the person registering, are transmitted internally by MOBOTIX to the persons responsible for processing and are used exclusively for the intended purpose of processing the registration. The e-mail address and telephone number provided in this context are required so that you can be contacted in case of queries regarding your registration and so that we can send you a reservation confirmation and further information about the events.
The processing of your personal data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.
2.6 Use of social media platforms
If our websites contain icons from social media providers (e.g. YouTube), we only use these to passively link to the pages of the respective providers or to integrate the video content in order to make our websites more attractive and user-friendly. The processing of personal data takes place on basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to promote our company. The respective provider of the social media platform is responsible for data privacy compliance of social media platform.
MOBOTIX makes information available not only on its own website, but also on social media platforms such as Facebook, Twitter, YouTube, LinkedIn and similar. On these platforms, you can like or comment on our pages or individual posts. Beyond that, MOBOTIX does not transmit or evaluate any personal data such as user-specific statistics.
By clicking on the buttons, you will be redirected to our page at the respective providers or, in the case of Youtube, the linked video will be played by pressing the "play button", i.e. your information will only be transferred to the respective provider by clicking and forwarding it for the first time. For information on the processing of your personal data when using the services of the providers, please refer to the respective data protection notices of the respective provider.
When you visit our social media pages, it may be necessary for data concerning you to be processed. We operate the following social media sites:
The respective operator of the social media platform is also responsible for the processing of your personal data. We do our best to the extent possible to ensure that the operator of the social media platform complies with the applicable data protection laws. Please refer to the data protection notices of the respective social media platform.
3 Information for our business partners and customers
If you are (or would like to be) a business partner of MOBOTIX, we need to record and use certain personal data about your and/or persons within your organization to fulfil our contractual obligations, or to be able to communicate with you. Without this personal data, we will generally have to decline entering into a contract or executing an order, or to cease performing obligations under an existing contract and terminate it
3.1 Fulfillment of the contractual relationship
To the extent required, we process the first name and family name, any titles or academic degrees, the company name, job function, address, telephone details, e-mail address, gender and language preference of our business partners.
We use the data set out above in order to fulfil our contractual obligations and/or to communicate with business partners and fulfil our legal obligations. The legal basis for processing your personal data is Article 6 (1) b and c GDPR.
We will delete personal data of our business partners ten (10) years after the last documented communication in accordance with our legal obligations under Sections 247 of the German Commercial Code (Handelsgesetzbuch – “HGB”) and 147 of the German Fiscal Code (Abgabenordnung – “AO”), or as soon as the respective business partner exercises his/her/its right to demand erasure as set out below. This is without prejudice to your rights as a data subject, including the right to demand erasure.
3.2 Customer Support
If you contact us through our website, by phone or by email to obtain support, including warranty and out-of-warranty repair, we may process the following information: your name, mailing address, email address, phone number, cell phone number, purchased product and location, username and password.
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b and c GDPR.
This data will be processed for as long as we need it to process your customer inquiry and will be deleted after expiration of the statutory limitation period for the respective MOBOTIX product, but at the latest after expiration of the statutory retention period of ten (10) years according to §§ 247 HGB and 147 AO.
3.3 Customer portal
If you use our customer portal, we store the following data collected there for our own purposes and to share it with selected sales partners as part of the MOBOTIX partner program: your name, postal address, e-mail address, telephone number, cell phone number, username and password, preferred language, your associated company and industry, purchased products, support requests and training participations. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b and c GDPR.
3.4 MOBOTIX license portal
If you use our license portal, we store the following data collected there only to grant a license and license administration: your name, postal address, e-mail address, telephone number, cell phone number, username and password, preferred language, your associated company, purchased licenses and devices on which you have activated these licenses. You can also find more details about this at:
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b and c GDPR.
3.5 Communication with our customers
For communication with our customers, we use the communication and collaboration tool Microsoft Teams. For information about the processing of your personal data when using Microsoft Teams, please refer to the Microsoft privacy notice available at: https://privacy.microsoft.com/en-US/privacystatement#mainnoticetoendusersmodule.
4 Information for shareholders
If you are a shareholder of MOBOTIX, we are under a legal obligation to record and process the following data about you: the holder’s name, date of birth, address, and the number of shares held. Shareholders are obliged to specify these details to us.
MOBOTIX uses your personal data for the purposes provided for by the German Stock Corporation Act (Aktiengesetz – “AktG”) – in particular, maintaining the share ledger (as set out in more detail below), carrying out general meetings, as well as for giving notice when share ownership exceeds or falls below certain thresholds. The legal basis for processing your personal data is the German Stock Corporation Act in conjunction with Article 6 (1) c GDPR.
If you take part in the General Meeting, we are obliged, pursuant to Section 129 (1) sentence 2 AktG, to include you in the list of participants, stating your name, domicile, the number of shares held, and the type of ownership. Other shareholders and other participants of the General Meeting will be able to inspect these details during the meeting; shareholders will continue to have access for up to two (2) years afterwards pursuant to Section 129 (4) AktG.
Where a shareholder demands that items be placed on the agenda, the Company will publish these items, provided that the requirements under German company law are met, stating the shareholder's name. Likewise, MOBOTIX will make counter-proposals or proposals of candidates for election available on the MOBOTIX website, provided that the requirements under German company law are met, stating the shareholder's name (for details, please refer to Sections 122 (2), 126 (1) and 127 AktG.
In addition, we may process your personal data in order to fulfil further legal obligations such as regulatory requirements as well as to comply with retention periods under company, commercial or tax law. For example, where MOBOTIX appoints and instructs proxies for the General Meeting, data evidencing the instruction must be documented in a verifiable manner, and retained as well as protected against unauthorized access for three (3) years (Section 134 (3) sentence 5 AktG. The legal basis for processing your personal data in this case are the respective legal rules in conjunction with Article 6 (1) c GDPR.
In individual cases, MOBOTIX will also process your data in order to protect its own legitimate interests pursuant to Article 6 (1) f of the GDPR. This is the case, for example, in the event of a capital increase where individual shareholders must be excluded from information on offers for subscription on the grounds of their nationality or place of residence in order to comply with the securities laws of the countries concerned.
If we intend to process your personal data for another purpose, we will inform you in advance and in accordance with applicable law.
We continue to use your personal data as well as other information that you provide to us as a shareholder or shareholder representative (e.g. questions or voting instructions for the Annual General Meeting) for the purposes provided for in the German Stock Corporation Act (AktG), the Implementing Regulation (EU) 2018/1212 and the German Securities Trading Act (WpHG). This includes, in particular, the maintenance of the share register, communication with you as a shareholder or shareholder representative) and intermediaries acting on your behalf, as well as the handling of general meetings, and the preparation of statistics (e.g. for the presentation of shareholder development, number of transactions or for overviews of the largest shareholders). The legal basis for the processing of your personal data is Article 6 (1) (c) and (4) GDPR and the AktG (in particular Sections 67 and 67 e (1) AktG) .
As a matter of principle, we will delete or anonymize your personal data as soon as it is no longer required for the above-mentioned purposes, unless we are obliged to retain the data due to a legal obligation to provide proof or a legal retention period. Such obligations to provide proof or to retain data result from the German Commercial Code (HGB), German Tax Code (AO) or the Money Laundering Act (GwG).
Data recorded in connection with General Meetings must generally be retained for three (3) years. Data recorded in the share register is generally kept for a period of ten (10) years after the sale of the shares. Beyond that, MOBOTIX will only retain personal data if this is necessary in connection with claims asserted against MOBOTIX (subject to statutory limitation periods of up to 30 years). Your rights as a data subject, including the right to request deletion of the data, remain unaffected.
5 Information for applicants
You can submit your application to MOBOTIX via our website – using the application form provided – or by post. We may not be able to process your application if you do not provide the required data.
We will record the first name and family name, any titles or academic degrees, address, date of birth, nationality, telephone details and e-mail address of applicants.
Providing personal data requested in connection with an application is voluntary. The legal basis for the processing of your personal data is the necessity for such processing in order to take a decision on entering into an employment relationship, pursuant to Section 26 (1) BDSG.
If you submit your application, we will record and compile your personal information separately from other personal data, and will then pass it on to the department responsible within MOBOTIX for carrying out the application proceedings. Your application will be transmitted using HTTPS encryption, whilst the respective data will be stored in our database in unencrypted form. The files (PDF, JPG, GIF, PNG) will be stored within a password-protected area blocked against external access. We will use the details provided with your application exclusively for this purpose. It goes without saying that we will not pass on these details to third parties without your consent.
The legal basis for the processing of your personal data is Art. 88 GDPR and § 26 (1) BDSG.
The personal data of rejected applicants for a maximum of six (6) months in accordance with Section 15 (4) of the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – “AGG”) and Section 61b (1) of the Labour Court Act (Arbeitsgerichtsgesetz – “ArbGG”). The personal data of the hired applicants will be stored for a period of the employment relationship and after its termination for a period of the statutory limitation period of three (3) years. This is without prejudice to your rights as a data subject, including the right to demand erasure.
6 Data processed by MOBOTIX products
MOBOTIX is a producer of cameras which typically capture and help recording video data and thermal radiometry data. When one of our cameras is used in practice, MOBOTIX is not the data controller for the data recorded by the camera, but rather MOBOTIX’s customers are operating the devices on their own responsibility and as separate data controllers. When you enter any premises or an establishment where a MOBOTIX product is installed, a camera or a dual vision (thermal + visible) camera can detect pictures and surface temperature and additional analytics to indicate whether a data subject’s surface temperature is above a minimum. This information may be used by the respective operator of the camera to determine various standard operating procedures like whether someone may safely enter the premises. For further details please see the signage placed by the respective operator and data controller or other available privacy notices published by the operator and data controller. MOBOTIX or its representatives do not have access to any of the data being processed or stored by the independent operator. We help our customers, i.e., the independent operators, in setting up the system or for support, maintenance and related activities only via prior explicit approval and written authorization of the customer/operator/data controller. The system has appropriate security features like encryption to protect the data from unauthorized access.
7 Technical measures to protect your data
Your personal data is stored by MOBOTIX on servers in the European Union (EU), protected according to the state of the art and secured against unauthorized access. MOBOTIX employees are bound to secrecy and confidentiality when handling personal data.
8 Disclosure to third parties
If your data is processed by our service providers assisting us with customer service or the delivery of our products, the amount of the transmitted data is limited to the minimum necessary.
We have diligently selected our processors and entered into the data processing agreements pursuant to Art. 28 GDPR to ensure confidentiality of personal data with trust and to comply with our own data protection standards.
As part of processing operations, we share your data with the following recipients:
- Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 lit. b or f GDPR, insofar as it does not involve data processors;
- Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the disclosure is then Art. 6 para. 1 lit. c GDPR;
- Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 lit. b or f GDPR.
9 Third country transfer
If a transfer of data to third parties becomes necessary for the fulfillment of the data processing purposes (e.g. delivery of goods), we ensure that your data remains within the European Union or the European Economic Area.
If this is not possible in exceptional cases and a transfer of data to a third country becomes necessary, this is done based on so-called standard contractual clauses of the EU Commission and, if necessary, the implementation of further technical and organizational measures, insofar as these are required after the performance of a transfer impact assessment.
10 Your rights as a data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against us as the controller:
10.1 Right to rectification or erasure of data or restriction of processing
Pursuant to Art. 16 GDPR, you have the right to have personal data corrected if it is not (any longer) correct or to have it filled in if it is incomplete.
You may request the deletion of your personal data, subject to the conditions set out in Art. 17 GDPR. Your right to erasure depends, for example, on whether we need the data concerning you to comply with a legal obligation. Subject to the conditions set out in Art. 18 GDPR, you have the right to request restriction of the processing of the data concerning you.
10.2 Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to have this data transferred by us to another controller without hindrance. When exercising this right, you also have the right to have the personal data concerning you transferred directly to another data controller, if this is technically possible.
10.3 Right to object to processing
In addition to the aforementioned rights, you have the right to object in accordance with Art. 21 GDPR as follows:
(a) Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) GDPR (data processing in the public interest) and Art. 6(1)(f) GDPR (data processing on the basis of legitimate interest).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
(b) Right to object to processing of data for advertising purposes
In individual cases, we process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
10.4 Right to request access to your data
In accordance with Art. 15 GDPR, we will be happy to provide you upon request with information about the data we have stored about you, including information about the origin and recipient and the purpose of the storage.
10.5 Right of withdrawal
You may revoke your consent to the use of your personal data in accordance with Art. 7 (3) GDPR at any time with effect for the future. For more information about your right of revocation and how it is handled by MOBOTIX, please visit the following page: https://www.mobotix.com/en/declaration-of-withdrawal
10.6 Right to file a complaint
You have the right to communicate with the competent data protection supervisory authority and, if necessary, to file a complaint with this authority.
The authority responsible for MOBOTIX is: The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz, Germany.
Before you contact the data protection supervisory authority, we would be pleased if you contact our data protection officer to discuss the issue. You will find his contact details below.
10.7 Your rights under the California Consumer Privacy Act.
Below is more information if the California Consumer Protection Act applies to you.
(a) Right to access or delete personal information.
Under the California Consumer Privacy Act, you may have the right to request information about MOBOTIX's collection of your personal information or access to or deletion of your personal information. If you would like to do any of these things, please contact us at email@example.com. Depending on your choice of data, certain services may be restricted or unavailable.
(b) No sale of personal information.
MOBOTIX does not sell consumer personal information as those terms are defined in the California Consumer Privacy Act.
(c) No discrimination.
MOBOTIX will not discriminate against any consumer in the exercise of his or her rights under the California Consumer Privacy Act.
11 Exercise your rights, How to contact our data protection officer
Your trust is important to us. Therefore, we would like to answer your questions regarding the processing of your personal data at any time. If you have any questions that are not answered by this data protection declaration or if you would like more detailed information on any point, please contact our data protection officer at any time at firstname.lastname@example.org.