Data Privacy Statement
The protection of your personal data is very important to us, the company MESCO Engineering Inc., 29 Water Street, Suite 301, Newburyport, MA 01950, USA.
For this reason, we treat your personal data confidentially and in compliance with statutory data protection regulations and this Data Privacy Statement.
We would like you to know when we store what data and how we use it and would therefore like to inform you about our data protection measures through this Data Privacy Statement.
In this Data Privacy Statement, you will find information about the kind, scope and processing of personal data (hereinafter “data”) as part of our online offerings and the websites, functions, contents and external online presence associated with them such as social media profiles (hereinafter “online offerings”). Regarding the terms used (e.g. “third party”, “consent”, “contract processor”), we refer to the definitions given in Art. 4 of the General Data Protection Regulation (GDPR); under ”Terminology used” below, you will find the definitions of “personal data”, “processing” and “responsible party” acc. to the GDPR.
MESCO Engineering Inc.
29 Water Street, Suite 301
Newburyport, MA 01950
Tel. + 1 978 358-7881
Managing directors: Thomas Best & Juliane Heyn-Best
We process the following kinds of data:
- Inventory data (e.g. names, addresses)
- Contact data (e.g. e-mail addresses, phone numbers)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. visited websites, interest in contents, access times)
- Meta- & communication data (e.g. device information, IP addresses)
We process personal data i) to make our online offerings, their functions and contents available to you; ii) to answer contact inquiries and communicate in the network; iii) to take security measures and iv) for range measurement and marketing purposes.
Registration is not necessary for most of our service offerings; for some services (e.g. downloading white papers or datasheets), however, it may be necessary for you to provide personal data. If in this case you decide not to provide the personal data that we are requesting, you may not be able to use certain sections of the website.
Personal data are only collected when you provide them voluntarily to us, e.g. when you register, fill out forms, send e-mails, order products or services or send us an inquiry.
We collect and use your personal data so we can offer you, for example, products and services that we believe could interest you or to communicate with you.
Your personal data are processed exclusively in countries of the European Economic Area.
“Personal data” consist of all information that refers to an identified or identifiable natural person (hereinafter “affected person”); a natural person is regarded as identifiable if he/she can be directly or indirectly identified, particularly by assigning an identifier, such as a name, to an ID number, to location data, to an online ID (e.g. cookie) or to one or several special characteristics that express this natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.
“Processing” is every procedure carried out with or without the help of automated processes or any such process series in connection with personal data. The term is broadly formulated and covers virtually any data handling.
“Responsible party” is referred to as the natural or legal person, government authority, institution or another office that decides alone or together with others about the purposes and means of personal data processing.
Relevant legal foundations
Acc. to Art. 13 of the GDPR, we inform you about the legal foundations of our data processing activities. If the legal foundation is not mentioned in the Data Privacy Statement, the following applies:
- The legal foundation for obtaining consents are Art. 6 Para. 1 Letter a & Art. 7 of the GDPR;
- The legal foundation for the processing to perform our services or implement pre-contractual measures and to answer inquiries is Art. 6 Para. 1 Letter b of the GDPR;
- The legal foundation for the processing to comply with our legal obligations is Art. 6 Para. 1 Letter c of the GDPR;
- The legal foundation for the processing to protect our legitimate interests is Art. 6 Para. 1 Letter f of the GDPR;
- The legal foundation for the processing to protect vital interests of the affected person or another natural person is Art. 6 Para. 1 Letter d.
The data we process are deleted acc. to Art. 17 and 18 of the GDPR or their processing is restricted. Unless not expressly indicated otherwise within the framework of this Data Privacy Statement, the personal data that we store are deleted as soon as they are no longer needed for the purposes for which they were collected and when the deletion does not oppose statutory retention obligations. If the data are not deleted because they are necessary for others and for legally permissible purposes (this pertains to data that must be stored due to commercial and tax law reasons, for example), their processing will be restricted, i.e. the data are blocked and not processed for other purposes.
In Germany, acc. to Section 257 Para. 1 of the German Commercial Code (HGB), a 6-year storage period applies for trading books, inventory documents, opening balance sheets, annual financial statements, business letters, accounting records, etc. and acc. to Section 147 Para. 1 of the Tax Code (AO), there is a 10-year storage period for books, records, status reports, accounting records, commercial and business letters, taxation-relevant documents, etc.
In Austria, acc. to Section 132 Para. 1 of the Federal Tax Code (BAO), the storage period for accounting documents, records. invoices, accounts, receipts, business papers, revenues and expenditures list, etc. is 7 years; in connection with properties, 22 years and for documents related to electronically rendered services, telecommunication, radio and television services rendered to non-entrepreneurs in EU member states and for which the mini-one-stop-shop (MOSS) is used, it is 10 years.
Collaboration with contract processors and third parties
If as part of our processing for other persons and companies (contract processors or third parties) we disclose data, submit data to them or grant access to the data in any way, then this is done only:
i) Based on legal permission (e.g. when acc. to Art. 6 Para. 1 Letter b of the GDPR data submission to third parties is necessary for contractual performance);
ii) If you consented to this;
iii) If a legal obligation foresees this, or
iv) Based on our legitimate interests (e.g. when appointees, web hosts, etc. are used).
Third parties are commissioned to process data based on a so-called “contract processing agreement” acc. to Art. 28 of the GDPR.
Transfers to third countries
Data processing in a third country (i.e. outside the European Union [EU] or the European Economic Area [EEA]) by us or as part of using third-party services or as part of data disclosure or submission to third parties is done only to fulfill our (pre-) contractual obligations, based on your consent, owing to a legal obligation or based on our legitimate interests. Subject to legal or contractual authorizations, we process or commission to process the data in a third country only when there are the special prerequisites of Art. 44 ff. of the GDPR. Thus, processing takes place, for example, based on special guarantees, such as the officially recognized determination of a data protection level that complies with the EU (for the USA, for example, by the “EU-US Privacy Shield” or in compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Right of revocation
You have the right at any time to revoke consents given acc. to Art. 7 Para. 3 of the GDPR with effect for the future.
Right to object
You can file an objection at any time against the future processing of your data acc. to Art. 21 of the GDPR. The objection is especially against the processing of the data for direct advertising purposes.
Data protection indications in the application process
We process applicant data only for the purposes and as part of the application process in accordance with statutory regulations. We process applicant data to comply with our (pre-) contractual obligations as part of the application process within the meaning of Art. 6 Para. 1 Letter b of the GDPR and Art. 6 Para. 1 Letter f of the GDPR, as far as the data processing becomes necessary for us within the framework of legal proceedings, for example (in Germany, Section 26 of the Federal Data Protection Act [FDPA] applies additionally).
For the application process, applicants must send us their data. If we offer an online form, the required applicant data are identified and otherwise result from the job descriptions. Basically, the necessary applicant data include personal information, mailing and contact addresses and the documents related to the application, such as cover letter, resume (CV) and job references. Apart from that, applicants can send us additional information voluntarily.
When applicants submit their application to us, they agree to the processing of their data for the purposes of the application process in the manner and scope set forth in this Data Privacy Statement.
If certain categories of personal data within the meaning of Art. 9 Para. 1 of the GDPR (e.g. health information such as a severe disability or ethnic origin) should be voluntarily disclosed as part of the application process, they are additionally processed acc. to Art. 9 Para. 2 Letter b of the GDPR. If certain categories of personal data within the meaning of Art. 9 Para. 1 of the GDPR are requested from applicants as part of the application process (e.g. health information if necessary to exercise the profession), they are additionally processed acc. to Art. 9 Para. 2 Letter a of the GDPR.
If applicable, applicants can send us their applications using our website’s online form. The data are transmitted to us in a state-of-the-art encrypted form.
In addition, applicants can send us their applications via e-mail. However, we would like to point out that e-mails are generally not sent encrypted and the applicants themselves must ensure their encryption. For this reason, we cannot assume responsibility for the application’s transmission path between the sender and reception on our server and therefore recommend using the online form or sending the application to us via regular mail.
We can further process the personal data that applicants send to us for employment purposes if the application is successful. Data from applicants whose applications were unsuccessful for the job offer are deleted. If an application is withdrawn (applicants have the right to withdraw it at any time), the applicant’s data is deleted as well.
Subject to a justified revocation of the applicants, the deletion is done once six months have elapsed so we can answer any follow-up questions about the application and meet our obligations to provide proof from the Equal Treatment Act. Bills for possible reimbursement of travel expenses are filed away according to tax law stipulations.
Users have the option to create a user account and the necessary mandatory information is communicated to the users as part of the registration. The data entered during registration are used for the purposes of using the offering. Users can be informed via e-mail about offering- or registration-relevant information (e.g. changes in the scope of the offering or technical circumstances). If a user has closed his/her user account, the data associated with the customer account are deleted as long as their storage is not necessary owing to commercial or tax law reasons acc. to Art. 6 Para. 1 Letter c of the GDPR. If a cancellation has occurred, it is the responsibility of users to secure their data before the contract ends. We are entitled to irretrievably delete all user data stored during the contractual term.
When our registration and sign-in functions are used as well as the user account, we store the IP address and the time when the respective user acted. The storage is done based both on our legitimate interest and the interest of the users to protect against misuse and other unauthorized use. In principle, these data are not forwarded to third parties except if they are necessary to pursue our claims or there is a legal obligation to do so acc. to Art. 6 Para. 1 Letter c of the GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.
If a user contacts us (e.g. via contact form, e-mail, telephone or social media), the information provided is processed to handle the contact inquiry and its execution acc. to Art. 6 Para. 1 Letter b of the GDPR. The user data can be stored in a customer relationship management system (“CRM system”) or a similar inquiry organization system.
We delete inquiries when they are no longer necessary, but we check their necessity every two years. Moreover, statutory archiving obligations apply.
Cookies and the right to object in direct advertising
“Cookies” are small files stored in the computers of users that can store various kinds of information. A cookie serves primarily to store the information about a user (or the device on which the cookie is stored) during or also after visiting an online offering. Cookies that are deleted when the user leaves an online offering and closes his browser are called temporary cookies, “session cookies” or “transient cookies”. This kind of cookie can store the content of a shopping cart in an online shop or a login status, for example. On the other hand, cookies that remain stored even after closing the browser are called “permanent” or “persistent”. These cookies can store, for example, the login status in case the user visits a page after several days. Such a cookie can also store users’ interests, which are used for reach measurement or marketing purposes. Cookies offered by providers other than the parties responsible for operating the online offerings are known as “third-party cookies” (if they are cookies of the responsible party, they are called “first-party cookies”).
In our online offerings, we use temporary and permanent cookies, which we explain in our Data Privacy Statement.
Users who do not want cookies to be stored in their computer are requested to deactivate the corresponding option in their browser’s system settings, where already stored cookies can also be deleted. However, we would like to point out that the exclusion of cookies can lead to functional restrictions of our online offerings.
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services that we use for the purposes of operating these online offerings.
As part of this, we or our hosting provider process inventory data, contact data, content data, contractual data, usage data as well as meta- and communication data of customers, interested parties and visitors of these online offerings based on our legitimate interest in an efficient and secure provision of these online offerings acc. to Art. 6 Para. 1 Letter f of the GDPR in connection with Art. 28 of the GDPR (conclusion of the contract processing agreement).
Collection of access data and log files
Based on our legitimate interests within the meaning of Art. 6 Para. 1 Letter f of the GDPR, we or our hosting provider collect data about every access to the server on which this service is located (so-called server log files). These access data include the name of the retrieved web page, file, date and time of the retrieval, the transferred data quantity, the successful retrieval notification, the type of browser along with the version, the user’s operating system, the referrer URL (page last visited), the IP address and the inquiring provider.
Log file information is stored for no more than 7 days due to security reasons (e.g. to elucidate misuse or fraudulent acts) and deleted afterwards. Data that needs to be stored longer for proof purposes are not deleted until final clarification of the respective matter.
Involvement of third-party services and contents
Within our online offerings and based on our legitimate interests (i.e. interest in the analysis, optimization and cost-effective operation of our online offerings within the meaning of Art. 6 Para. 1 Letter f of the GDPR), we use content or service offerings of third-party providers to integrate their contents and services (hereinafter uniformly referred to as “contents”) such as videos or fonts, for example.
A prerequisite for this, in any case, is the ability of the third-party providers of these contents to recognize the IP addresses of the users because without it they cannot send the contents to their browser. Thus, the IP address is necessary for displaying these contents. Our aim is to integrate only those contents in our online offerings whose respective providers use the IP address only to deliver their contents. Moreover, third-party providers can use so-called tracking pixels/pixel tags (invisible graphics also known as “web beacons”) for statistical or marketing purposes. With the help of these tracking pixels, information about visitor traffic on the pages of this website can be evaluated, for example. The pseudonymous information can also be stored in cookies on the user’s device. Among other things, they can contain technical information about the browser and operating system, referring web pages, time of the visit and other details about the use of our online offerings and can additionally be connected to such information from other sources.
Google is certified under the Privacy Shield Framework and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=A...).
Google uses this information on our behalf i) to evaluate the usage of our online offerings by the users; ii) to compile reports about the activities within these online offerings, and iii) to render additional services to us that are related to the usage of these online offerings and internet use. During the course of this, pseudonymous usage profiles of the users can be created from the processed data.
We use Google Analytics only with activated IP anonymization. This means that the IP address of Google users within the member states of the European Union or in other contracted states to the Agreement on the European Economic Area is shortened. Only in exceptional cases will the full IP address be transferred to a Google server in the USA to be shortened there.
The IP address transmitted by the user’s browser will never be combined with other Google data. By setting their browser software accordingly, users can prevent cookie storage. In addition, users can prevent the collection of the data related to their use of the online offerings generated by the cookie and Google’s processing of these data by downloading the browser plugin from the link http://tools.google.com/dlpage/gaoptout?hl=de and installing it.
For more information about Google’s data usage as well as setting and objection options, consult Google’s Data Privacy Statement (https://policies.google.com/technologies/ads) and the settings for displaying Google’s advertising insertions (https://adssettings.google.com/authenticated).
The users’ personal data are deleted or anonymized after 14 months.
Online presence in social media
We are present in online social networks and on platforms in order to communicate with the customers, interested parties and users active in them so we can inform them about our services. When the respective networks and platforms are accessed, the business terms and conditions and the data processing guidelines of the respective operators apply.
Unless otherwise indicated in our Data Privacy Statement, we process the data of users if they communicate with us within the social networks and platforms, e.g. post articles about our online presence or send us messages.
In our online offerings, we integrate the videos of the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The Data Privacy Statement is found at https://www.google.com/policies/privacy/ and the opt-out in https://adssettings.google.com/authenticated.
In our online offerings, we integrate the fonts of the provider Google LLC (“Google Fonts“), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The Data Privacy Statement is found at https://www.google.com/policies/privacy/, and the opt-out at
In our online offerings, we integrate the maps of the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data can include especially the users’ IP addresses and location data. However, they are not collected without the users’ consent (generally implemented as part of the settings of their mobile devices). The data can be processed in the USA. The Data Privacy Statement is found at https://www.google.com/policies/privacy/, and the opt-out at https://adssettings.google.com/authenticated.
In our online offerings, we can integrate the functions and services of the service provider XING AG, Dammtorstraße 29-32, D-20354 Hamburg, Germany. They can include images, videos or texts and buttons with which users can state whether they like the contents and with which they can subscribe to our articles. If the users are members of the XING platform, XING can allocate the access to the above-mentioned contents and functions to the local user profiles. You find XING’s Data Privacy Statement here: https://www.xing.com/app/share?op=data_protection.
Within our online offerings, functions and contents of the LinkedIn service, offered by the LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, can be integrated. Contents such as images, videos or texts and buttons can be included so users can state whether they like the contents and they can use it to subscribe to our articles. If the users are members of the LinkedIn platform, LinkedIn can allocate the access to the above-mentioned contents and functions to the local user profiles. You find LinkedIn’s Data Privacy here: https://www.linkedin.com/legal/privacy-policy, and you find the opt-out here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
LinkedIn is certified under the Privacy Shield Framework and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=A...).
The following paragraphs inform you about the contents of our newsletters, the registration, shipping, and statistical evaluation process as well as about your rights to object. By subscribing to our newsletter, you agree to the receipt and described processes.
Content of the newsletters: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletters”) only when the recipient has consented to it or a corresponding legal permission has been received. If the newsletter contents are specifically described in a registration for it, then they are relevant to the users’ consent. Otherwise, our newsletters contain information about us and our services.
Double opt-in and record keeping: Registration to our newsletter takes place in a so-called double opt-in process that proceeds as follows: After registration, you receive an e-mail requesting you to confirm your registration. This confirmation is necessary to prevent registration with third-party e-mail addresses. So the registration process can be proven according to the legal requirements, newsletter registrations are recorded. This includes the storage of both the time of registration and confirmation and of the IP address. Changes to your data stored with the shipping provider are recorded in the same manner.
Registration data: Submission of the e-mail address is enough for registration to the newsletter. We request your name so we can personally address you in the newsletter.
The shipment of the newsletter and the performance measurement associated with it are based on the consent of the recipients acc. to Art. 6 Para. 1 Letter a & Art. 7 of the GDPR in connection with Section 107 Para. 2 of the Telecommunications Act (TKG) or based on the legal permission acc. to Section 107 Para. 2 & 3 of the TKG.
The registration process is recorded based on our legitimate interests acc. to Art. 6 Para. 1 Letter f of the GDPR. Our interest consists in the use of a user-friendly and secure newsletter system, which should satisfy both our business interests and the users’ expectations in addition to allow the proof of consents.
Cancellation/revocation: You can cancel the subscription to our newsletter at any time, i.e. revoke your consents to us to send you the newsletter. At the end of each newsletter, there is a link to cancel it. Based on our legitimate interests, we can store the cancelled e-mail addresses for up to three years before deleting them. This storage serves to prove a formerly given consent. The processing of these data is limited and takes place only to fend off possible claims. Users can request an individual deletion at any time if they simultaneously confirm the former existence of a consent.
Newsletter shipping provider
The shipping provider is entitled to use the recipients’ data in pseudonymous form, i.e. without allocation to a user to optimize or improve his own services (e.g. technical optimization of the shipping and presentation of the newsletter or use for statistical purposes). However, the shipping provider does not use the data of our newsletter recipients to write to them and does not forward the data to third parties either.
Newsletter performance measurement
The newsletter contain a so-called “web beacon”, a pixel-sized file that our server – if we use one at all – or the shipping provider’s server retrieves when the newsletter is opened. In this retrieval, technical information (e.g. information about the browser and your system), your IP address and the time of the retrieval are collected.
This information is used for the technical improvement of the services. This takes place with the help of the technical data or the data pertaining to the target groups and their reading behavior by means of the retrieval locations (can be determined via the IP address) or the access times. Statistically collected is also whether the newsletters are opened, when they are opened and what links are clicked on. Owing to technical reasons, this information can be theoretically allocated to the individual newsletter recipients, but it is neither our aim nor that of the shipping provider (if used) to observe individual users. Rather, we use these evaluations to identify our users’ reading habits so we can adapt our contents better for them or send them different contents according to their interests.
Rights of the affected persons
Acc. to Art. 15 of the GDPR, you have the right to request a confirmation from the responsible party whether data pertaining to you are processed. Acc. to Art. 15 of the GDPR, you also have the right to get information about these personal data and additional information, and to a copy of the personal data that are the object of the processing.
Acc. to Art. 16 of the GDPR, you have the right to request from the responsible party the immediate correction of your incorrect personal data and the completion of incomplete personal data.
In agreement with Art. 17 of the GDPR, you have the right to request from the responsible party that the personal data that concern you are deleted immediately. Alternatively, in agreement with Art. 18 of the GDPR, you have the right to request the data processing to be restricted when the conditions mentioned in Art. 18 of the GDPR are present.
Acc. to Art. 20 of the GDPR, you have the right to request to receive the data pertaining to you that you provided us and also have the right to submit these data to another responsible party (right to data portability).
Furthermore, acc. to Art. 77 of the GDPR, you have the right to complain to the competent supervisory authority.
Amendment to this Data Privacy Statement
At certain intervals, we reserve the right to modify our Data Privacy Statement owing to legal and/or organizational reasons. Since you only become aware of such changes when we publish the amended Data Privacy Statement on this website, please note the current version of our Data Privacy Statement. We only inform you whenthe changes make a cooperation on your part (e.g. consent) or another individual notification necessary.
If you have questions or complaints related to our compliance with this Data Privacy Statement or have recommendations or comments about how to improve our data protection, please contact our data protection appointee Simon Brandmeier, 37 Kirschmatt, 79576 Weil am Rhein, Germany, tel. +49 7621 799 411, firstname.lastname@example.org.
Version 01 / date 05/24/2018