The master.ing GmbH (hereinafter referred to as "we", "us") is pleased about your visit to our website https://master.ing (hereinafter referred to as "Website").
Our principle is to collect only what we need and to process this information solely to provide you with the service you expect.

The controller responsible for processing personal data on our website within the meaning of the General Data Protection Regulation (hereinafter referred to as "GDPR") is:

master.ing GmbH
Sckellstraße 6
81667 München
Deutschland

For data protection-related inquiries or to exercise your rights as a data subject, you can contact us anytime via email at datenschutz@master.ing.

Our appointed data protection officer is:
 
Kertos GmbH
Briennerstraße 41
80333 Munich
Germany
Email: dsb@kertos.io

Personal data are all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, phone number, date of birth, email address, or IP address. Information that we cannot (or only with disproportionate effort) relate to your person, such as through anonymization of the information, is not considered personal data. The processing of personal data (e.g., collecting, querying, using, storing, or transmitting) always requires a legal basis such as your consent.

We collect and use personal data of our users only to the extent that it is technically necessary to provide a functional website and our content and services or information.
When you access and use our website, we collect personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.
 
The following information is collected without your intervention and stored until it is automatically deleted:

We process the aforementioned data for the following purposes:

Art. 6 para. 1 lit. f GDPR serves as the legal basis. The processing of the aforementioned data is necessary for the provision of a website and to enable safe and comfortable use and thus serves to protect a legitimate interest of our company.
‍

As soon as the aforementioned data are no longer required for the display of the website, they are deleted (at the latest after 30 days). The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. The user therefore has no possibility to object. Further storage is carried out in individual cases if this is required by law.
‍

We use the external service provider Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA (hereinafter “Webflow”) to host our website. Your personal data is shared with Webflow in order to provide and host the website. Webflow processes this data on our behalf as a processor in accordance with Art. 28 GDPR. For more information about data protection at Webflow, please refer to their privacy policy at (https://webflow.com/legal/privacy). The data processing agreement (DPA) concluded with Webflow can be requested from us.

We primarily process your data within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers may be located outside the EEA in so-called "third countries". The General Data Protection Regulation imposes high demands on the transfer of personal data to third countries. All our data recipients must meet these requirements. Before we transfer your data to a service provider in a third country, each service provider is initially checked for their level of data protection. A service provider is only selected if they can demonstrate an adequate level of data protection outside the EEA. Regardless of whether our service providers are located within the EEA or in third countries, each service provider must conclude a data processing contract with us. For service providers outside the EEA, additional requirements must be met. According to Art. 44 ff. GDPR, personal data can be transferred to service providers who meet at least one of the following conditions:

Within our company, only those persons who need your personal data for the respective purposes have access to it. Your personal data will only be shared with external recipients if we are legally permitted to do so or if you have consented. Below you will find an overview of the respective recipients:

We use hosting services provided by Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA (“Webflow”) to ensure the high performance and security of our website. Webflow operates the technical infrastructure, including caching/CDN. When a page is accessed, connection data (e.g., IP address, date/time, requested resource, user agent) is processed. The legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interest in the efficient provision and security of our website). We have a data processing agreement with Webflow (Art. 28 GDPR). If data is transferred to third countries, we base this on Art. 44 ff. GDPR (e.g., appropriate safeguards such as standard contractual clauses or an adequacy decision). Log data is only stored for as long as is necessary for operation, security, and troubleshooting.

We do not use cookies or similar technologies (e.g., local/session storage, device fingerprinting, universal IDs) on our website. We do not measure reach, nor do we engage in marketing or third-party tracking.

We do not currently use any analysis, marketing, or profiling tools. We do not measure reach, track users, or set cookies or similar technologies. Server and access data are processed exclusively for the operation, security, and troubleshooting of our website (see “Provision and use of the website”; Art. 6 para. 1 sentence 1 lit. a GDPR.

We do not currently embed any content or plugins from external platforms (e.g., YouTube, map services, social widgets) on our website. Therefore, no data is transferred to such third-party providers through embedded content.

When you register for the Pre-Launch Circle using our form, we process the following data:

The data is processed for the following purposes:

The legal basis is Art. 6 (1) (a) GDPR (consent).
The data will be deleted as soon as it is no longer required for the purpose or you revoke your consent.

We are committed to treating your personal data confidentially. To prevent manipulation, loss, or misuse of your data stored with us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress.
However, we point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data - e.g., during transmission by e-mail - can be viewed by third parties. We have no technical influence on this. It is your responsibility as a user to protect the data you provide against misuse by encryption or other means.

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also takes place if a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or fulfillment of a contract.

With regard to your personal data, you have the following legal rights against us:
‍
‍Right of Access
You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to further information, e.g., about the processing purposes, the recipients, and the planned duration of storage or the criteria for determining the duration.
‍
‍Right to Rectification
You have the right to request the rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.
‍
Right to Erasure (“Right to be Forgotten”)‍
You have the right to request erasure if the processing is not necessary. This is the case, for example, if your data is no longer needed for the original purposes, if you have withdrawn your consent under data protection law or if the data has been unlawfully processed.
‍
‍Right to Restriction of Processing
You have the right to request the restriction of processing, e.g., if you believe that the personal data is incorrect.
‍
Right to Data Portability‍
You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
‍
‍Right to Object  
You have the right to object, on grounds relating to your particular situation, at any time to the processing of certain personal data concerning you. In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
‍
‍Right to Withdraw Your Data Protection Consent
You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out up to the withdrawal.

Notwithstanding these rights, you have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data violates data protection regulations.