Privacy policy
Thank you for visiting the website of Multiloop GmbH. Below you will find the privacy policy, which provides detailed information about the processing of your personal data on the website www.multiloop.com and the web app app.multiloop.com/.
As the data controller, we attach great importance to the confidential and secure processing of your personal data and have taken extensive technical and organizational measures to meet the requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-neu), the Telecommunications-Telemedia Data Protection Act (TTDSG), and other data protection regulations.
No transfer of your personal data to third parties takes place on this website unless this is necessary for the purpose at hand or you have expressly consented to it. The processing of the data collected from you via the website occurs solely for the purposes outlined in this privacy policy.
1. Contact details of the controller & Data Protection Officer
The controller in accordance with Art. 4 No. 7 GDPR for the processing of your personal data is:
Multiloop GmbH, Zugspitzstr. 15, DE-82046 Pullach
Phone: +49 (0)89 215 4151 40
Fax: +49 (0)89 215 4151 49
Email: info(a)multiloop.com
For further details about our company, please refer to the imprint information on our website
2. Log files when visiting the website
When you open this website, your browser automatically sends data to the website's server. This data is partially relevant to data protection and is stored for a limited time in a log file. The log files are technically necessary to display the website to you. Further storage of the log files that goes beyond your visit to the website occurs in order to ensure the functionality of the website and the security of the information technology systems. The following data is collected in the context of log files:
Date and time of access
IP address from which access occurs
Hostname of the accessing computer
Success or failure of page access
Used browser and operating system
Transferred data volume
Website from which the visitor comes (Referrer URL)[IF1]
As you can see from the listing, your use of the website results in the logging of the IP address of the computer you are using. Depending on the IP address, it may be possible to identify users. However, an evaluation of the captured IP addresses for this purpose does not take place unless it is necessary for the purposes of law enforcement.
On what legal basis is this data processed and how long is it stored?
The data is processed based on legitimate interest according to Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in offering you our service without disruption and, if necessary, being able to track and trace malfunctions (such as hacker attacks). The retention period of the log files is [90] days after the website is accessed; afterwards, the data will be automatically deleted.
Are there other recipients of the data besides the controller?
Both the hoster and the web designer have access to the log files. In both cases, this access takes place within the framework of a data processing agreement according to Art. 28 para. 3 GDPR.
3. Processing when returning a reusable container
If you return a reusable container at one of our return points and use our web app for the purpose of refunding your deposit, we process your name, your payment data (IBAN, email address), and the return point and container ID to refund the deposit amount for the reusable container. No further personal data is processed by us.
On what legal basis is this data processed and how long is it stored?
The data is processed according to Art. 6 para. 1 sentence 1 lit. b) GDPR for the fulfillment of a contract with you. The retention period is 3 years after the deposit refund has been made. The retention period results from the regular limitation period according to § 195 BGB.
Are there other recipients of the data besides the controller?
In principle, we do not pass your data on to third parties unless we indicate this in this privacy policy. IT and software service providers commissioned by us may gain access to your data stored in our IT systems for processing your request. We have concluded a data processing agreement according to Art. 28 GDPR with the relevant service providers. Depending on which payment service provider you choose, your personal data may be included (further information can be found under No. 4).
4. Involvement of payment service providers
In order to provide our service, we cooperate with payment service providers (e.g. PayPal). If you select such a payment provider, they will receive your personal data. The payment service provider acts as its own controller for data processing based on the contract concluded with you. Further information can be found in the respective privacy policy of your payment service provider.
5. Contacting us
Our website does not have a contact form. If you would like to get in touch with us, you will find appropriate contact details at various points on our website that allow you to contact us by email, phone, or post. Which data about yourself you disclose to us during contact is, of course, up to you. We only process the personal data necessary to respond to your request.
On what legal basis is this data processed and how long is it stored?
Your data that you provide to us when contacting you is processed based on legitimate interest according to Art. 6 para. 1 sentence 1 lit. f) GDPR. This permission provision allows the processing of personal data in the context of the "legitimate interest" of the controller unless your fundamental rights, freedoms, or interests outweigh. Our legitimate interest lies in processing and responding to your request. You can object to this data processing at any time if there are reasons arising from your particular situation that speak against the data processing. The personal data collected in this context will be deleted immediately once your request has been completely processed and there are no reasons for further retention (e.g. accountability, contract completion, etc.).
Are there other recipients of the data besides the controller?
Commissioned IT and software service providers may gain access to your data stored in our IT systems for processing your request. This access is based on a contract for data processing according to Art. 28 para. 3 GDPR.
6. Links to other websites
Our website contains links to third-party websites. We have no influence on the processing of your data on these third-party sites. The providers of these websites are responsible for the processing that occurs there, the data protection precautions, and the published content.
7. Security
To protect your data processed through our website, we have implemented numerous technical and organizational measures (TOMs). These include, for example, the confidentiality, integrity, availability, and resilience of your data. The security measures we have implemented are regularly checked and adapted to the current state of technology.
8. Rights of the data subjects
The rights of data subjects according to data protection law describe the rights and freedoms of individuals affected by data processing according to Art. 12 ff. GDPR. They also protect informational self-determination, which arises from the Basic Law, and serve to provide information and transparency.
9. Right to access
You have the right under Art. 15 GDPR to request information about the personal data stored about you. We are happy to comply with your request for information. Please direct your request for information to the following email address: info@multiloop.com.
If you make use of your right to information, we will store your request and the response in order to fulfill our accountability obligations. A transfer of your request for information to third parties is not intended. Should this be necessary for important reasons, you will, of course, be informed.
10. Right to rectification, deletion, and restriction
If incorrect personal data about you is processed, you have the right to rectification according to Art. 16 GDPR. If the necessary prerequisites are met, you can demand the deletion or restriction of the processing of your personal data according to Art. 17, 18 GDPR. We are happy to comply with your request for rectification, deletion, and restriction. Please direct your request in writing to our data protection officers.
If you make use of your right to rectification, deletion, or restriction, we will store your request and the response to fulfill our accountability obligations.
11. Right to object
Pursuant to Art. 21 GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data that occurs due to a legitimate interest according to Art. 6 para. 1 sentence 1 lit. f) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. Please direct your objection in writing to our data protection officer.
If you make use of your right to object, we will store your request and the response to fulfill our accountability obligations.
12. Contact with the data protection supervisory authority
If you believe that a processing of personal data carried out by us violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority responsible for us can be reached at the following contact details:
Bavarian State Office for Data Protection Supervision
P.O. Box 1349
DE-91504 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de
13. Change of provisions
Please take note of the currently valid version of this privacy policy. We reserve the right to change the privacy policy for technical, organizational, or legal reasons. (As of 05/2024)