Social Media Privacy Information

I. Registration on Social Media Platforms

On the social media platforms where we present our company, users can register by providing their personal data. This data is entered into a form and transmitted to the platform provider, where it is stored. Registration on the respective social media platforms is voluntary for the user. Please note that each user uses our social media appearances and their functions at their own responsibility, particularly when using interactive features such as commenting, sharing, or rating. When visiting our social media pages, the platform provider collects user information, such as the IP address and the device used by the user. Our company is not involved in the processing of personal data during the use of interactive features or the registration process on the social media platforms. Information about the legal basis for data processing, the purpose of data processing, the duration of storage, requests for information, and the possibility of objections and removal can be found in the privacy policies of the respective platform providers.

For all other personal data processing, there is joint responsibility under Article 26 of the EU General Data Protection Regulation (GDPR). The privacy statement concerning our company can be found in Sections II to VI.

II. Privacy Information of the Company

1. Name and Contact Details of the Responsible Party

The responsible party is the entity that alone or jointly with others determines the purposes and means of processing personal data. The responsible party in terms of the General Data Protection Regulation and other national data protection laws of member states, as well as other legal data protection provisions, is:

MIDAS Pool Products GmbH

Represented by: Elena Jakobson & Marco Schneider

In der Eller 27 | 36119 Neuhof-Dorfborn | Germany

Tel.: +49 (0) 6655 90 230-0 | Email: info@midas-gmbh.de | Website: https://www.midas-gmbh.de

III. General Information on Data Processing

1. Scope of Processing Personal Data

The responsible party collects and uses personal data of its users (hereinafter referred to as "data subject," "affected person," or "visitor") generally only to the extent necessary to provide the social media page and facilitate the user’s interaction. Your personal data is generally collected directly from you, e.g., when you contact us.

2. Legal Basis for Processing Personal Data

If the responsible party obtains consent from the data subject for processing personal data, Article 6(1) sentence 1 letter a of the GDPR serves as the legal basis for the processing. For any transfer to a non-secure third country, processing occurs based on Article 49(1) sentence 1 letter a of the GDPR. If you have consented to the storage of cookies or to access information on your device, the data processing also occurs based on Section 25(1) of the TDDDG.

When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1) sentence 1 letter b of the GDPR serves as the legal basis. This also applies to processing activities necessary to take steps prior to entering into a contract.

If processing of personal data is necessary for compliance with a legal obligation to which the responsible party is subject, Article 6(1) sentence 1 letter c of the GDPR serves as the legal basis.

If the processing is required to protect vital interests of the data subject or another individual, Article 6(1) sentence 1 letter d of the GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by the responsible party or a third party and does not override the interests, rights, and freedoms of the data subject, Article 6(1) sentence 1 letter f of the GDPR serves as the legal basis.

If special categories of personal data are processed under Article 9(1) of the GDPR, one or more of the legal bases mentioned in this section, in conjunction with one or more exceptions from Article 9(2) of the GDPR, will apply. When data is processed based on one of the legal bases mentioned here, a separate notice will be provided for that specific processing.

3. Data Deletion and Storage Duration

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies, or consent is revoked by the data subject, or the processing is objected to. Data may continue to be stored if required by European or national legislators in Union regulations, laws, or other provisions to which the responsible party is subject. Data will be blocked or deleted when the prescribed retention period expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

4. Necessity of Providing Personal Data

The provision of your personal data is generally neither legally nor contractually required. There is no obligation to provide the data. However, failure to provide data may result in an inability to use functions and other processing on our social media pages. We recommend that you only provide personal data necessary for processing your request.

IV. Rights of the Data Subject

If we process personal data about you, you as the data subject have the following rights against us as the responsible party:

1. Right of Access, Article 15 GDPR

You have the right to request information about your personal data that we have collected and stored, including details on processing purposes, origin, recipients, storage duration, and the existence of rights.

2. Right to Rectification, Article 16 GDPR

You have the right to request the correction (including completion) of any inaccurate or incomplete personal data we hold about you. We will promptly make the correction.

3. Right to Erasure, Article 17 GDPR

You may request the deletion of your personal data under the conditions of Article 17 GDPR, unless there are circumstances that allow the responsible party to continue processing the personal data (e.g., legal retention obligations).

4. Right to Restriction of Processing, Article 18 GDPR

Under certain conditions, you can request a restriction on the processing of your personal data as set out in Article 18 GDPR.

5. Right to Notification, Article 19 GDPR

If your personal data has been processed by third parties, the responsible party must notify those third parties about your requests for rectification, erasure, or restriction of processing, unless this is impossible or involves a disproportionate effort. You can request the responsible party to inform you about these recipients.

6. Right to Data Portability, Article 20 GDPR

If you have provided us with personal data, and it is processed automatically based on your consent or a contract, you have the right to request the transfer of your data in a commonly used, machine-readable format, under the conditions of Article 20 GDPR. If you request the direct transfer of data to another responsible party, this will only be done if technically feasible.

7. Right to Object, Article 21 GDPR

You have the right to object to the processing of your personal data at any time if the processing is based on a balancing of interests (as per Article 6(1) sentence 1 letters e and f). In such cases, the processing of your personal data will cease unless the responsible party can demonstrate compelling, legitimate grounds for the processing.

8. Automated Individual Decision-Making, Article 22 GDPR

You have the right not to be subject to decisions based solely on automated processing, including profiling, which have legal effects or similarly affect you.

9. Right to Withdraw Consent, Article 7(3) GDPR

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal.

10. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The supervisory authority responsible for us is the Hessian Data Protection Officer.

V. Contact via Email

1. Description and Scope of Data Processing

We provide email addresses on our social media pages for contact purposes. When you contact us via email, the personal data transmitted through the email is stored. The data is not shared with third parties and is only used for processing the conversation.

2. Legal Basis for Data Processing

The legal basis for processing personal data transmitted via email is Article 6(1) sentence 1 letter f GDPR. If the contact is aimed at concluding a contract, the legal basis for processing is Article 6(1) sentence 1 letter b GDPR.

3. Purpose of Data Processing

The data is processed solely for the purpose of handling the contact.

4. Duration of Storage

The data is deleted when it is no longer necessary for the purpose for which it was collected.

5. Right to Object and Removal

You can object to the storage of your personal data at any time by contacting us via email or mail.

VI. Contact via Social Media Platform (Contact Form, Chat)

1. Description and Scope of Data Processing

If you contact us through a social media platform’s contact form or chat, your personal data will be processed by the platform provider and stored on their systems. The data is used solely to process your inquiry.

2. Legal Basis for Data Processing

The legal basis for processing personal data for handling user inquiries is Article 6(1) sentence 1 letter f GDPR.

3. Purpose of Data Processing

The purpose is solely to process the user’s inquiry.

4. Duration of Storage

The data is deleted when it is no longer necessary for the purpose it was collected.

5. Right to Object and Removal

You can object to the storage of your personal data at any time. If you object, the conversation cannot continue, and your personal data will be deleted.

VII. Facebook (a product of Meta)

Name and Address of the Data Controllers:

Joint controllers for the operation of this Facebook page within the meaning of the EU GDPR are:

Meta Platforms Ireland Limited (hereinafter referred to as "Facebook" or "Meta")
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

and

Our company (see II – 1.)

1. Information about our Facebook page

We operate this page to promote our services, positions, and products and to interact with you. For more information about us, our activities, and our company, please visit our website.

As the operator of the Facebook page, we have no interest in collecting and further processing your personal data for analysis or marketing purposes.

The operation of this Facebook page, including the processing of users' personal data, is based on our legitimate interests in providing a modern and supportive means of information and interaction for and with our users and visitors in accordance with Article 6(1)(f) GDPR.

2. Processing of personal data by Meta

Meta Platforms, Inc. is the US parent company of Meta Platforms Ireland Limited. The headquarters of Meta's parent company are located in a third country from a data protection perspective.

The European Data Protection Regulation (GDPR) requires that the transfer of personal data that has already been processed or is to be processed after being transferred to a third country or international organization is only permissible if an equivalent level of data protection as required by the GDPR is ensured.

Meta Platforms, Inc. has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards for data processing in the United States (existence of an adequacy decision by the EU Commission under Art. 45(1), 3 GDPR). Any company certified under the DPF commits to adhering to these data protection standards. You can find the list of certified companies at: https://www.dataprivacyframework.gov/list. There, you can search for the provider's name and view the certification directly.

Meta processes user data for the following purposes, among others: advertising (analysis, creation of personalized advertisements), creation of user profiles, and market research. Meta uses cookies to store and further process this information, i.e., small text files stored on users' devices. If the user has a Facebook profile and is logged in, the storage and analysis also occur cross-device.

If you have questions about your rights with Facebook, please contact Facebook directly. You can find your general rights under the GDPR in section IV of this privacy policy.

If inquiries for information are made to us as the page operator, we are required by the additional agreement with Meta to forward these inquiries—whether from private individuals or authorities—to Meta within 7 days. This is also stipulated in the above-mentioned Controller Addendum: https://www.facebook.com/legal/terms/page_controller_addendum

If you no longer wish for the data processing described here, please disconnect your user profile from our page by using the "I don't like this page anymore" function.

Meta's privacy policy contains further information on data processing: https://www.facebook.com/about/privacy/ and here you can find options for opt-out: https://www.facebook.com/settings?tab=ads

3. Statistical Data (Insights)

Facebook "Insights" are statistical data from different categories that are available to us. These statistics are generated and provided by Facebook. As the page operator, we have no influence on the creation and presentation. This feature cannot be disabled to prevent the generation and processing of data. For a selected period, Facebook provides us with the following data about our Facebook page: total number of page views, "likes," page activities, post interactions, reach, video views, post reach, comments, shared content, replies, gender distribution, origin based on country and city, language, views and clicks in the shop, clicks on the route planner, clicks on phone numbers, data related to linked Facebook groups.

We use these available data to make our Facebook page more attractive to users (e.g., distributions by age and gender for customized addressing, timing our posts, visual optimization for end devices). According to Facebook's terms of use, which each user agrees to when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other shared information.

VIII. Instagram (a product of Meta)

Name and Address of the Data Controllers:

Joint controllers for the operation of this Instagram page within the meaning of the EU GDPR and other data protection laws are:

Meta Platforms Ireland Limited (hereinafter referred to as "Instagram" or "Meta")
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

and

Our company (see II – 1.)

1. Information about our Instagram page

We operate this page to promote our services, positions, and products and to interact with you. For more information about us, our activities, and our company, please visit our website.

As the operator of the Instagram page, we have no interest in collecting and further processing your personal data for analysis or marketing purposes.

The operation of this Instagram page, including the processing of users' personal data, is based on our legitimate interests in providing a modern and supportive means of information and interaction for and with our users and visitors in accordance with Article 6(1)(f) GDPR.

2. Processing of personal data by Meta

Meta Platforms, Inc. is the US parent company of Meta Platforms Ireland Limited. The headquarters of Meta's parent company are located in a third country from a data protection perspective.

If you have questions about your rights, please contact Meta directly. You can find your general rights under the GDPR in section IV of this privacy policy.

Further information can be found in Meta's privacy policy at: https://instagram.com/about/legal/privacy/

IX. YouTube

Name and Address of the Data Controllers:

Joint controllers for the operation of this YouTube page within the meaning of the EU GDPR and other data protection laws are:

Google Ireland Limited (hereinafter referred to as "YouTube")
Gordon House, Barrow Street
Dublin 4
Ireland

and

Our company (see II – 1.)

1. Information about our use of YouTube

We operate this page to promote our services, positions, and products and to interact with you. For more information about us, our activities, and our company, please visit our website.

As the operator of the YouTube page, we have no interest in collecting and further processing your personal data for analysis or marketing purposes.

The operation of this YouTube page, including the processing of users' personal data, is based on our legitimate interests in providing a modern and supportive means of information and interaction for and with our users and visitors in accordance with Article 6(1)(f) GDPR.

2. Processing of personal data by YouTube

Google, LLC is the US parent company of Google Ireland Limited. The headquarters of YouTube's parent company are located in a third country from a data protection perspective.

Google LLC has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards for data processing in the United States (existence of an adequacy decision by the EU Commission under Art. 45(1), 3 GDPR). Any company certified under the DPF commits to adhering to these data protection standards. You can find the list of certified companies at: https://www.dataprivacyframework.gov/list. There, you can search for the provider's name and view the certification directly.

If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

If you have questions about your rights, please contact YouTube directly. You can find your general rights under the GDPR in section IV of this privacy policy.

Further information on how YouTube handles user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy

X. XING

Name and Address of the Data Controllers:

Joint controllers for the operation of this XING page within the meaning of the EU GDPR and other data protection laws are:

New Work SE (hereinafter referred to as "XING")
Dammtorstraße 30
20354 Hamburg
Germany

and

Our company (see II – 1.)

1. Information about our use of XING

We operate this page to promote our services, positions, and products and to interact with you. For more information about us, our activities, and our company, please visit our website.

As the operator of the XING page, we have no interest in collecting and further processing your personal data for analysis or marketing purposes.

The operation of this XING page, including the processing of users' personal data, is based on our legitimate interests in providing a modern and supportive means of information and interaction for and with our users and visitors in accordance with Article 6(1)(f) GDPR.

2. Processing of personal data by XING

If you are logged into your XING account, XING can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your XING account.

If you have questions about your rights with XING, please contact XING directly. You can find your general rights under the GDPR in section IV of this privacy policy.

Further information on how XING handles user data can be found in XING's privacy policy at https://privacy.xing.com/de/ihre-privatsphaere

XI. LinkedIn

Name and Address of the Data Controllers:

Joint controllers for the operation of this LinkedIn page within the meaning of the EU GDPR and other data protection laws are

LinkedIn Ireland Unlimited Company
Wilton Park House, Wilton Park
Dublin 2
Ireland

and

Our company (see II – 1.)

1. Information about our use of LinkedIn

We operate this page to promote our services, positions, and products and to interact with you. For more information about us, our activities, and our company, please visit our website.

As the operator of the LinkedIn page, we have no interest in collecting and further processing your personal data for analysis or marketing purposes.

The operation of this LinkedIn page, including the processing of users' personal data, is based on our legitimate interests in providing a modern and supportive means of information and interaction for and with our users and visitors in accordance with Article 6(1)(f) GDPR.

2. Processing of personal data by LinkedIn

If you are logged into your LinkedIn account, LinkedIn can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your LinkedIn account.

If you have questions about your rights with LinkedIn, please contact LinkedIn directly. You can find your general rights under the GDPR in section IV of this privacy policy.

Further information on how LinkedIn handles user data can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy