Information on data protection for MEDIACC business partners

— within the framework of the contractual relationship under Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) —

Status: April 2025

Protecting your personal data is important to us and we take protecting this data very seriously. We therefore comply with the applicable data protection regulations in all our business processes. Here we tell you how we use your data and what rights you have to control this information.

We will only collect and use personal information as described here and in a manner that is consistent with our obligations and your rights under applicable data protection laws and the General Data Protection Regulation (“GDPR”).

‍

1. Responsible person

The person responsible for processing your personal data in accordance with Article 4 No. 7 GDPR is:

MEDIACC GmbH

Sächsische Strasse 70

10707 Berlin

Telephone: 030 521 044 80

email: info@mediacc.de

2. Data protection officer

MEDIACC GmbH

Sächsische Strasse 70

10707 Berlin

Telephone: 030 521 044 80

email: datenschutz@mediacc.de

3. Type and origin of the processed data

MEDIACC processes personal data received from yourself or from third parties commissioned by you (lawyer, broker, cooperation partner), such as

• Personal data, such as last name, date and place of birth, job title and/or profession, affiliation with a company
• Contact data, such as postal address, telephone and fax numbers, electronic addresses
• Order or contract data (e.g. subject matter of the order or request)
• Financial information including bank details, credit/debit card, billing and delivery addresses, bank account numbers
• Customer information data, e.g. information about the contact channel, date, occasion, result
• Communication data as part of advertising measures, e.g. ordering newsletters, press releases, etc., participation in events or content of correspondence or company data, e.g. business purpose, members of the company management, employees, affiliated companies and their employees, information relevant to sales and earnings
• any other information that you provide to us.

If personal data from data subjects is provided to us, you should ensure in advance that you have the right to do so and inform the person concerned that we process their data in accordance with this information.

Processing is any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data such as collection, recording, organization, storage, adjustment or change, reading, querying, use, disclosure through transmission, distribution or any other form of provision, reconciliation or linking, restriction, deletion or destruction.

We also process data from public registers and databases (land register, trade and association registers, publication directories, social media and networks).

‍

4. Purpose and legal basis for processing data

MEDIACC maintains business relationships with interested parties, customers and cooperation partners and processes personal data (hereinafter also referred to as “data”) in accordance with the provisions of the GDPR, the Federal Data Protection Act (BDSG) and other applicable data protection regulations.

4.1 To fulfill a contract or pre-contractual measures (Art. 6 para. 1lit. b GDPR)

Data is processed to execute a contract or to carry out pre-contractual measures. (Art. 6 para. 1 p. 1 lit. f GDPR). Your data is processed exclusively to carry out the activities requested by you and, if applicable, other persons involved in a transaction. Personal data is therefore only ever managed on the basis of the intended business relationship. This provision requires MEDIACC to process the required data. Failure to provide you with the data requested by MEDIACC would mean that MEDIACC would have to refuse (further) execution of the business relationship in order to fulfill the contract we have concluded with you, i.e. for the provision of goods and/or services (including those that we provide or offer to you free of charge). Please note that we cannot conclude a contract with you without your personal data. Such legitimate interests include the provision of services by us or administrative or operational processes within MEDIACC and direct marketing.

We may transfer data about non-contractual conduct or fraudulent conduct during the contractual relationship to a credit agency. The exchange of data with a credit agency is also used to verify identity. Based on the match rates provided by the credit agency, we can see whether a person is stored in the database of the credit agency at the address provided by the customer.

Insofar as we obtain a query from a credit agency, the legal basis is Art. 6 para. 1 lit. b GDPR; insofar as we pass on information about non-contractual conduct to a credit agency, the legal basis is Art. 6 para. 1 lit. f GDPR, insofar as this is necessary to protect legitimate interests of us or third parties and do not prevail over your interests or fundamental rights and freedoms that require the protection of personal data. The legitimate interest is that the credit agency informs third parties about negative payment experiences and thus protects them from their own disadvantages.

4.2 In the context of a legitimate interest of us or third parties (Art. 6 para. 1 lit. f DSGVO)

In addition to the actual fulfilment of the (pre) contract, we may process data if it is necessary to protect our legitimate interests or those of third parties, unless the interests of the persons concerned or fundamental rights and freedoms conflict with this. Legitimate interests may include our economic interests, our legal interests, our interests in maintaining and ensuring compliance, or even IT security. Legitimate interests exist, for example, in the following cases:

Obtaining information for credit checks; processing data and obtaining information to avoid conflicts of interest; measures for business management and development of services and products; recovery of receivables; risk management within the company; asserting legal claims and defense in legal disputes; ensuring EDV/IT security; measures for building and plant security (e.g. access controls) and to ensure domestic law; prevention and clarification of Criminal offences; traceability of orders, inquiries, etc. and other agreements; goodwill proceedings.

4.3 Use of data for advertising purposes such as newsletters, surveys, etc. and your right to object (Art. 6 para. 1 lit. f DSGVO, § 7 para. 3 UWG)

With the consent of the person concerned, we use their data for advertising purposes, such as sending our newsletters, for advertising surveys or inviting people to events of interest to them. In doing so, we collect mandatory information, such as the email address, but also information that is provided to us voluntarily. We use the voluntary information to permanently improve our customer relationship and make it customer-friendly, to be able to address affected persons individually in the future and to inform them about the services that interest them. All data subjects can unsubscribe from notifications at any time by clicking on the link contained in our newsletters and unsubscribing or by contacting us at the contact address above.

We process data to send newsletters, surveys, etc. and to personalize the message on the following legal basis: If you have given us your consent, in accordance with Art. 6 para. 1 lit. a GDPR; if you have provided us with your e-mail address in connection with the purchase of goods or services or we send you personalized advertising, to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG; our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG; our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG; our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG; our legitimate interests in accordance with Art. 6 para. 1 lit. Our interest is based on our economic interests in Implementation of advertising measures and target group-oriented advertising.

If we receive your e-mail address in connection with the conclusion of the contract and the provision of our services and you have not objected to this, we reserve the right to send you regular information about similar services from our offer by e-mail. You can object to this use of your e-mail address at any time by sending a message to the contact option described above or via a link provided for this purpose in the newsletter email, without incurring any costs other than the transmission costs at the basic rates.

‍

5. Sharing your data

Before entering into a business relationship, we usually agree on a confidentiality agreement. This duty of confidentiality also applies to all employees and otherwise agents of MEDIACC.

Initially, only our authorized employees will be aware of the data.

As part of its activities, MEDIACC may be required to pass on this data to authorities or other third parties, which in turn are subject to a duty of confidentiality.

In principle, data will only be passed on to third parties if this is permitted or required by law or if consent has been given. We also share data with the service providers we use to provide our services to the extent necessary. We limit the transfer of data to what is necessary to provide our services. In some cases, our service providers receive data as contract processors and are then strictly bound by our instructions when handling the data. In some cases, the recipients act independently with the data that we transmit to them.

Recipients of data include:

• Affiliated companies, insofar as they work for us as contract processors and, for example, provide IT services or insofar as this is necessary to provide our services
• legal advisors, mediators, courts, authorities, etc., insofar as this is necessary to provide our services as part of the business relationship or representation in legal matters
• Cooperation with other service providers or with other consultants and other third parties engaged in consultation with you
• Payment service providers and banks to collect outstanding payments from accounts or pay out refunds
• agencies and printing companies that support us in carrying out advertising measures
• IT service providers who, among other things, store data, assist with the administration and maintenance of systems, as well as file archivists and shredders
• logistics service provider to deliver documents, etc.
• legal and tax advisors in asserting our claims;
• public bodies and institutions, insofar as we are legally obliged to do so.

Otherwise, your data will only be passed on if

• you have given your express consent to this in accordance with Article 6 (1) (a) of the GDPR
• the transfer in accordance with Article 6 (1) (f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
• in the event that there is a legal obligation to transfer data in accordance with Article 6 (1) (c) GDPR, and
• This is legally permitted and is required in accordance with Article 6 (1) (b) GDPR to process contractual relationships with you.

In addition, we do not share data with third parties.

Data security is very important to us, and in order to protect your data, we have taken appropriate measures to adequately protect the data collected. We use industry-standard and recognized mechanisms to protect all personal information we store.

6. Transfer of your data to third countries

Data transfer to countries outside the EU and the EEA (so-called third countries) only takes place insofar as this is necessary in the context of processing or fulfilling our pre-contractual or contractual relationships with a client or, if applicable, other contractual partners (e.g. when using a law or tax consulting firm based in a third country), is required by law (e.g. tax reporting requirements), consent has been given to us or as part of order processing. If service providers are used in a third country, they are obliged to comply with the level of data protection applicable in the EU as a result of the agreement on EU standard data protection clauses. Alternatively, we transfer the data on the basis of the Binding Corporate Rules or to countries for which there is an EU adequacy decision. For more information, please contact our data protection officer. In addition, we do not transfer personal data to countries outside the EU and the EEA or to international organizations. I

7. Duration of storage of your data

MEDIACC processes and stores your personal data within the framework of legal storage obligations. After expiry of storage periods, your data will be deleted or the paper documents destroyed, unless MEDIACC is obliged to do so due to storage and documentation obligations under tax and commercial law (e.g. Commercial Code, Criminal Code, Medicines Act, Medical Device Ordinance).

If consent has been given, we will store the above data until you withdraw your consent or — if we use your data for advertising purposes — until you object.

In addition, we are subject to various storage and documentation obligations, including but not limited to, professional requirements, the Commercial Code, the Tax Code and the laws on clinical trials. The storage and documentation periods specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

If the data is no longer required to fulfill contractual or legal obligations and rights, they are regularly deleted, unless their — temporary — further processing is necessary in individual cases to fulfill the purposes listed in section 4. In these cases, we may store and, if necessary, use data for a period of time agreed with the purposes even after the end of our business relationship or our pre-contractual legal relationship.

8. Your rights

Under certain conditions, you can assert your data protection rights against us:

Right to information: Within the framework of Article 15 GDPR, you are entitled at any time to request confirmation from us as to whether we are processing data relating to you; if this is the case, you are also entitled under Article 15 GDPR to provide information about this data and certain further information (including processing purposes, categories of data, categories of recipients, planned storage period, your rights, the origin of the data, use of automated decision-making and, in the event of a transfer to a third country, the appropriate guarantees) and a copy of your data on received.

Right to rectification: In accordance with Article 16 GDPR, you are entitled to require us to correct the personal data stored about you if it is incorrect or incorrect. Please let us know if your details change.

Right to delete: Under the conditions of Article 17 GDPR, you are entitled to demand that we delete personal data relating to you immediately. Among other things, the right to deletion does not exist if the processing of personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) to fulfill a legal obligation to which we are subject (e.g. statutory storage obligations) or (iii) to assert, exercise or defend legal claims.

Right to restrict processing: Under the conditions of Article 18 GDPR, you are entitled to demand that we restrict the processing of your personal data.

Right to data portability: Under the conditions of Article 20 GDPR, you are entitled to require us to provide you with the personal data relating to you that you have provided to us in a structured, common and machine-readable format.

Right to object: You are entitled to object to the processing of your personal data under the conditions of Article 21 GDPR, so that we must stop processing your personal data. The right of objection exists only within the limits provided for in Article 21 GDPR. In addition, our interests may prevent the processing from being terminated, so that we are entitled to process your personal data despite your objection.

Right of Withdrawalt: You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

Right to lodge a complaint with a supervisory authority: Under the conditions of Article 77 GDPR, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy. The supervisory authority responsible for MEDIACC is:

Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin, phone: 030 13889 -0, e-mail: mailbox@datenschutzberlin.de

However, we recommend that you always address a complaint to our data protection officer first (see section 2 above). If possible, your requests to exercise your rights should be addressed in writing to the address given in section 1 above or directly to our data protection officer in accordance with section 2.

9. Changes to our privacy policy

We will review this policy regularly and amend it as appropriate. Any change to the way we process your personal data will be notified to you prior to processing. We recommend that you check this policy page regularly to stay up to date.

‍

‍