Name and Address of the Controller

The controller is the entity which alone – or jointly with others – determines the purposes and means of the processing of personal data. The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

MIDAS Pool Products GmbH
Represented by: Managing Director Marco Schneider & Managing Director Elena Jakobson
In der Eller 27 | 36119 Neuhof-Dorfborn | Germany
Phone: +49 (0) 6655 90 230-0 | Email: info@midas-gmbh.de | Website: https://www.midas-gmbh.de/de/

1. Scope of the Processing of Personal Data

The controller only collects and uses personal data of its users (hereinafter also referred to as the “data subject” or “visitor”) to the extent necessary to provide a functioning website and display content and services. The collection and processing of personal data for other purposes generally only occurs with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for actual reasons, where the processing is required for pre-contractual or contractual measures, where it is permitted by legal provisions, or where there is a legitimate interest of the controller.

Your personal data is generally collected directly from you, e.g. when you contact us, consent to services on this site, or use forms provided on this website. In addition, technical data that is essential for the operation of the website is automatically collected when you access the site.

2. Legal Basis for the Processing of Personal Data

Where we obtain the data subject’s consent for processing of personal data, the legal basis is Art. 6(1)(1)(a) GDPR. Where special categories of personal data pursuant to Art. 9(1) GDPR are processed, the legal basis is Art. 9(2)(a) GDPR. For any transfers to an unsafe third country based on consent, processing is carried out under Art. 49(1)(1)(a) GDPR. Where you have consented to the storage of cookies or access to information on your device, data processing is also based on § 25(1) TDDDG.

Where processing is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(1)(b) GDPR serves as the legal basis. This also applies to processing necessary for pre-contractual measures. If the person is a contact of a (potential) business partner (customer, supplier, partner), Art. 6(1)(1)(f) GDPR is the legal basis.

If processing is necessary to fulfill a legal obligation to which the controller is subject, Art. 6(1)(1)(c) GDPR applies.

If processing is necessary to protect vital interests of the data subject or another natural person, Art. 6(1)(1)(d) GDPR applies.

If processing is necessary to protect a legitimate interest of the controller or a third party, and the data subject's interests or fundamental rights do not override those interests, Art. 6(1)(1)(f) GDPR applies.

3. Data Deletion and Duration of Processing

Unless a specific retention period is mentioned in this privacy notice, personal data is stored until the purpose of processing no longer applies. The personal data of the data subject will be deleted or blocked as soon as the storage purpose ceases, consent is withdrawn, or processing is objected to. Further storage may occur if it is provided for by European or national legislators in EU regulations, laws, or other regulations to which the controller is subject. Blocking or deletion will also take place when a prescribed retention period expires unless continued storage is necessary for the conclusion or performance of a contract.

4. Data Transfers to Third Countries or International Organizations

If personal data is transferred to a third country or international organization, you will be informed of this separately at the respective point in this privacy notice.

5. Recipients of Personal Data

Within our organization, only those units and individuals who need your personal data to fulfill our contractual and legal obligations will have access to it.

We engage service providers (so-called processors) to fulfill contractual obligations. These include IT maintenance services, video conferencing tools, or newsletter providers. These processors only act upon our instructions and are contractually bound to comply with applicable data protection laws. For this purpose, we enter into data processing agreements with our processors. Where specific processors are used for particular processing, you will be informed of this separately in this privacy notice.

We may also transfer personal data to courts, regulatory authorities, or law firms where this is required by law (Art. 6(1)(1)(c) GDPR) or necessary for the establishment, exercise, or defense of legal claims (Art. 6(1)(1)(f) GDPR), and no overriding interest in non-disclosure exists.

6. Necessity of Providing Personal Data

You are generally not legally or contractually required to provide personal data. However, failure to provide such data may result in you not being able to use certain functions or services on our website. We recommend providing only the personal data necessary for processing your request, executing a service, or using specific website features. If a legal or contractual requirement to provide personal data exists, you will be informed of this separately in this privacy notice.

Technical data (and possibly your IP address) is automatically collected upon accessing the website as it is essential for site functionality. If you do not agree with this, please exit the site.

When we process personal data relating to you, you are a data subject under the GDPR and have the following rights:

1. Right to Access (Art. 15 GDPR)

You have the right to obtain information about your personal data we process, including the purposes of processing, the categories of data, recipients, storage duration, and your rights.

2. Right to Rectification (Art. 16 GDPR)

You have the right to request the correction or completion of your data if it is inaccurate or incomplete.

3. Right to Erasure (Art. 17 GDPR)

You may request the deletion of your personal data unless legal obligations or other legitimate grounds for continued processing exist.

4. Right to Restriction of Processing (Art. 18 GDPR)

You can request the restriction of processing under the conditions of Art. 18 GDPR.

5. Right to Notification (Art. 19 GDPR)

If your data has been disclosed to third parties and is rectified, deleted, or restricted, we will inform those recipients unless this is impossible or requires disproportionate effort. You may request to be informed of these recipients.

6. Right to Data Portability (Art. 20 GDPR)

If data processing is based on consent or a contract, and is carried out automatically, you have the right to receive your data in a structured, commonly used, machine-readable format, and – where technically feasible – to transmit it to another controller.

7. Right to Object (Art. 21 GDPR)

You may object to processing based on legitimate interests (Art. 6(1)(1)(e or f) GDPR) at any time, citing reasons related to your particular situation. In such a case, your data will no longer be processed unless compelling legitimate grounds exist. If your data is used for direct marketing, you may object at any time without providing reasons.

8. Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to decisions based solely on automated processing – including profiling – unless permitted by contract, law, or your explicit consent, and appropriate safeguards are in place.

9. Right to Withdraw Consent (Art. 7(3) GDPR)

You may revoke your consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. The revocation can be sent via email or post to the controller.

10. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in your place of residence, workplace, or the place of the alleged infringement.
Our competent authority is:
The Hessian Commissioner for Data Protection and Freedom of Information
However, you may also contact another data protection authority.

For security reasons and to protect the transmission of confidential content – such as inquiries sent via forms – this website uses SSL/TLS encryption. An encrypted connection is indicated by a change in the address bar of the browser from "http://" to "https://" and by the lock icon in your browser. If SSL/TLS encryption is active, transmitted data cannot be read by third parties.

1. Description and Scope of Data Processing

This website is hosted by an external service provider (hereinafter “host”). Personal data collected on this site is stored on the servers of the host. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access data, and other data generated via a website.

2. Legal Basis for Processing

The legal basis for processing is Art. 6(1)(1)(f) GDPR, serving the provision of the website.

3. Purpose of Processing

The use of the host is for the secure, fast, and efficient provision of our website by a professional provider. This is also where our legitimate interest lies.

4. Storage Duration, Objection, and Removal

Data is deleted when no longer required to fulfill the purpose for which it was collected. In the case of website access data, this occurs once the session ends.
Storage in log files and the collection of data for website provision are absolutely necessary for operation. Therefore, there is no option for the user to object.

5. Data Processing Agreement

Data is processed by our external host:
compositum Multimedia-Agentur GmbH, Lindenstraße 37a, 36037 Fulda, Germany
We have concluded a data processing agreement with our hosting provider.

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the device accessing the site.

The following data is collected:

1. Information about the browser type and version used
2. The user's operating system
3. The user's internet service provider
4. The user's IP address
5. Date and time of access
6. Websites from which the user's system accesses our website
7. Websites that are accessed by the user's system via our website

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal Basis for Data Processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) sentence 1 lit. f GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s device. For this purpose, the user's IP address must be stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

4. Duration of Storage, Objection, and Removal Options

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for providing the website, this is the case when the respective session ends.

In the case of data storage in log files, this is the case after no more than 14 days. Extended storage is possible. In this case, the IP addresses of users are either deleted or anonymized so that assignment to the accessing client is no longer possible.

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no option for the user to object.