Privacy Policy

This privacy policy applies solely to our website designmanager-tool.com and the ser-vices directly accessible through it ("Minimax website"). In the following privacy policy we explain how your data is handled on the Minimax website. In the event that you are for-warded to websites or apps via links from our Minimax website, please inform yourself there about the respective handling of your data. This privacy policy was last updated on 27 October 2022.

  1. General information on data processing
    1. Person responsible and data protection officer
    2. Principles of data processing and storage period
    3. Your rights
    4. Safety standards
    5. Amendment of the privacy policy
  2. Data processing on the Minimax website
    1. Log data/log files

A. General information on data processing

1. Person responsible and data protection officer

Unless another data controller is expressly named for individual services, the data controller within the meaning of the GDPR as well as all other applicable EU data protection provisions ("Data Controller") is:

Minimax GmbH
Industriestrasse10/12
23840Bad Oldesloe
E-mail: info@designmanager-tool.com                         

Telephone number: + 49 (0) 4531 - 803 0

Every data subject can also contact our data protection officer directly at any time with all questions and suggestions regarding data protection. You can reach him at the following address: Minimax Viking GmbH (data protection officer), Industriestrasse 10-12, 23843 Bad Oldesloe and at dataprivacy@mx-vk.com.

2. Data processing principles and storage period

2.1. Legal basis for the processing of personal data

Personal data is all data that can be related to you personally, such as your title, name, address, email address, IP address, etc. Your personal data will only be collected and processed by us in accordance with the provisions of the EU General Data Protection Regulation ("GDPR") and other provisions of European and applicable national data protection law.

Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a GDPR is the legal basis for the processing of personal data. Any consent can be revoked by you with effect for the future.

When processing personal data that is required to fulfil a contract with you or your company, Art. 6 para. 1 lit. b GDPR is the corresponding legal basis. This also applies to processing operations that already become relevant pre-contractually.

Insofar as the processing of your personal data is necessary for the fulfilment of a legal obligation, Art. 6 para. 1 lit. c GDPR in conjunction with the relevant national or Union law basis serves as the legal basis for the processing. The national or EU legal basis is specified at the appropriate point.

If the processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh our legitimate interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.

Supplementary information on specific data processing via the Minimax website can be found in the following sections of the privacy policy.

2.2. Storage and deletion of data

As a matter of principle, we only store personal data for as long as the specific purpose of the storage requires. If the purpose of storage ceases to apply, your data will be delet-ed or its processing restricted.
In addition, however, it may be that European regulations, applicable national laws or other regulations require us to store the data we process for a longer period. If these storage periods expire, we will delete your data or restrict the processing thereof.

2.3. Recipients of data

We will generally only pass on your personal data to service providers, business partners and other third parties within the framework of the applicable data protection laws and inform you of this in accordance with the legal requirements.

We may disclose personal data to service providers and require them to perform services on our behalf (processing). In doing so, we comply with the strict applicable national and European data protection regulations. The processors are subject to our instructions and are subject to strict contractual restrictions with regard to the processing of personal data. Accordingly, processing is only permitted insofar as it is necessary for the performance of the services on our behalf or to comply with legal requirements. The rights and obligations of the processors with regard to personal data are specified by us in advance.

We may disclose personal information to another third party if required to do so by law or legal process or to provide the services we offer on the Minimax website. We may also be required to provide information to a law enforcement or other authority. We may also disclose information if it is necessary for us to cooperate with you in providing services to you, or if you provide your consent.


2.3.1. Web-Hosting

Our Minimax website and your data are hosted by us at Convotis Lübeck GmbH, Niels-Bohr-Ring 15, 23568 Lübeck ("Convotis"), among others. Convotis may only access the data within the scope of our instructions (processing).

Convotis also takes strict technical measures to protect your personal data. Convotis will not disclose your personal data to third parties unless the disclosure is necessary to process the agreed services or Convotis is required to do so to comply with the law or a valid and binding order of a governmental or regulatory authority. The data transferred for this purpose will be limited to the minimum necessary.

We store the data for no longer than the statutory retention periods.

Further information on data protection at Convotis can be found at: https://convotis.com/en/privacy/

Your data is already hosted on servers in the European Union ("EU") or the European Economic Area ("EEA").

2.3.2. Other categories of recipients

Personal data may be transferred to the following recipients or categories of recipients: 

  • Courts, authorities or other state institutions, insofar as legal obligations exist
  • Internal company recipients (e.g. for purpose-specific processing within the responsible departments)
  • External processors within the meaning of Art. 28 DSGVO

3. Your rights

Insofar as we process your personal data, you are a "data subject" within the meaning of the GDPR. As a data subject, you have the following rights towards us:

3.1. Right of access regarding processing

You can request information from us at any time within the framework of the legal provisions as to whether personal data is being processed by us. If this is the case, you have the right to request information about the scope of the data processing (cf. Art. 15 GDPR). Please note that the right to information may be restricted in certain legal circumstances.

3.2. Right of rectification

You have the right to have your data corrected and/or completed if the personal data processed about you is incorrect or incomplete (cf. Art. 16 GDPR).

3.3. Right to restrict processing

If the conditions for this exist, you can demand the restriction of the processing of your personal data (cf. Art. 18 GDPR). 

3.4. Right to erasure

You can demand that we delete the personal data concerning you without delay, provid-ed that the conditions for this are met. The right to erasure does not exist, for example, insofar as the processing is necessary (cf. Art. 17 GDPR).

3.5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom the personal data relating to you has been disclosed of this rectification or erasure of the data or restriction of processing, un-less this proves impossible or involves a disproportionate effort. We will inform you of these recipients if you so request (cf. Art. 19 GDPR).

3.6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another company without hindrance from us, provided that the condi-tions for this exist (cf. Art. 20 GDPR).

3.7.  Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. f GDPR (Art. 21 para. 1 GDPR). The consequence of the objection is that Minimax will no longer process the personal data concerning you, unless Minimax can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

You can inform us about your objection under the following contact details:

Minimax Viking GmbH (Data Protection Officer)
Industriestrasse10-13
23843 Bad Oldesloe

E-mail: dataprivacy@mx-vk.com

3.8. Right to revoke the declaration of consent under data protection law

If you have given a declaration of consent under data protection law, you can revoke this at any time. The revocation of the consent does not affect the lawfulness of the pro-cessing carried out on the basis of the consent until the revocation (cf. Art. 7 DSGVO).

3.9. Recht auf Beschwerde bei einer Datenschutz-Aufsichtsbehörde

Without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your residence, place of work or place of the alleged infringement, if you consid-er that the processing of personal data relating to you infringes applicable data protection laws.

4. Safety standards

We have implemented appropriate physical, technical and administrative security stand-ards to protect personal data from loss, misuse, alteration or destruction. All service pro-viders and affiliates are contractually bound to maintain the confidentiality of personal da-ta. In addition, they may not use the data for purposes that have not been authorized by us. Because the security of your data is important, your entire visit is conducted over a se-cure TLS connection. If personal data is collected, the data transfer is also TLS-encrypted. The TLS encryption process protects your data from unauthorized access on its way through the internet.

5. Amendment of the privacy policy

We may update this privacy policy from time to time to keep it up to date with current le-gal requirements or to reflect changes to our services available through the Minimax website (for example, the introduction of new services). If anything has changed since your last visit, please refer to the date in the first paragraph of this privacy policy.

B. Data processing on the Minimax website

1. Log data/log files

Each time you visit the Minimax website, our system automatically collects data and information from your terminal device. In particular, the following data is collected:

  • the anonymized IP address of the requesting end device
  • the date and time of access
  • the website from which the requested file was accessed (referrer URL)
  • a description of the browser and the version of the browser used
  • The installed operating system
  • the name of the file and the URL of the requested file
  • the volume of data transferred
  • the access status (i.e. whether the file was transferred or possibly not found, etc.)

The aforementioned data is stored in the log files of our system. As a rule, this data is not stored together with other personal data. Your IP address is anonymized by the hoster by truncating the last byte of the IP address.

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 p. 1 lit. f GDPR. The temporary storage of the data is necessary to enable the delivery of the website. Furthermore, this data is used to optimize our website and to ensure the functionality of the website and the security of our information technology systems. An evaluation of the log files for marketing purposes does not take place.

In the event that the data is stored in log files, the data is usually anonymized at the end of each day and completely deleted after 32 days. The data is stored for reasons of system security, e.g. to be able to clarify incidents of misuse, security or malfunctions. Data from log files whose further storage is necessary for evidentiary purposes are generally excluded from deletion until the final clarification of the respective incident and may be passed on to investigating authorities in individual cases if necessary.