+49 251 933 944 0
EN
DE
Login Login
Logo 23M

Privacy policy

In the following we inform you about the processing of your personal data in the context of the use of our online offer.

Person responsible

23M GmbH

Johann-Krane-Weg 18
48149 Münster

Phone: 0251 - 93394400
Fax: 0251 - 93394499
Mail: info@23M.com


Contact person

If you have any questions about data protection, please use the contact details given above.

Data Protection Officer

Lawyer Johannes Meibers, LL.M.
meibers.datenschutz GmbH
Haus Sentmaring 9
48151 Münster

Phone: +49 251 203 197 - 0
Fax: +49 251 203 197 - 99
Mail: info@meibers-datenschutz.de


Retention Period

We generally delete your personal data when it is no longer necessary for the purposes for which it was collected or otherwise processed.

If we have requested your consent and you have provided it, we will delete your personal data if you withdraw your consent and there is no other legal basis for the processing.

We will also delete your personal data if you object to the processing and there are no overriding legitimate grounds for the processing, or if you object to the processing for direct marketing purposes or related profiling.

If deletion is not possible because processing is still required to fulfill a legal obligation (such as statutory retention periods, etc.) to which we are subject, or for the establishment, exercise, or defense of legal claims, we will restrict the processing of your personal data.

Further information on the retention period can also be found in the following sections.


Your Rights

You have the following rights concerning your personal data:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restriction of processing

  • Right to object to processing

  • Right to data portability

You have the right to object, at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR; this also applies to any profiling based on these provisions. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing. We will then cease processing your personal data for these purposes.

You have the right to withdraw your consent to the processing of your personal data at any time, if you have previously provided such consent. The withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.

You also have the right to lodge a complaint with a supervisory authority regarding our processing of your personal data.


Provision of Your Personal Data

The provision of your personal data is generally neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are generally not obligated to provide your personal data. If this should ever be the case, we will inform you separately when collecting your personal data (for example, by marking mandatory fields in input forms).

Failure to provide your personal data will typically result in us being unable to process your personal data for one of the purposes described below, and you will not be able to use an offer related to that processing (example: without providing your email address, you will not receive our newsletter).

Web Hosting

For web hosting, we use external services. These services may have access to personal data processed as part of your use of our online offering.


Web Server Log Files

We process your personal data to display our online offering to you and to ensure the stability and security of our online offering. Information such as requested element, accessed URL, operating system, date and time of request, browser type and version, IP address, protocol used, data transferred, user agent, referrer URL, time zone difference to Greenwich Mean Time (GMT), and/or HTTP status code is stored in so-called log files (e.g., access logs, error logs).

If we have asked for your consent and you have provided it, the legal basis for processing is Article 6(1)(a) of the GDPR. If we have not requested your consent, the legal basis for processing is Article 6(1)(f) of the GDPR. Our legitimate interest is the proper display of our online offering and ensuring its stability and security.

Security

For security reasons and to protect the transmission of your personal data and other confidential content, we use encryption on our domain. You can recognize this by the "https://" prefix and the lock symbol in the browser bar.

Contacting Us

If you contact us, we will process your personal data to handle your inquiry.

If we have requested your consent and you have provided it, the legal basis for processing is Article 6(1)(a) of the GDPR. If we have not requested your consent, the legal basis for processing is Article 6(1)(f) of the GDPR, with our legitimate interest being the handling of your inquiry. If the processing is necessary to fulfill a contract with you or to take pre-contractual measures at your request, the legal basis for processing is also Article 6(1)(b) of the GDPR.

We use external services to provide and maintain our email inboxes. These services may have access to personal data processed during communication with us. For further details about the services used, the scope of data processing, and the technologies and procedures used, please see the information below and under the provided links:

Gmail
Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland, a subsidiary of Google LLC, United States of America.
Website: https://www.google.com/intl/en/gmail/about/
Further information & privacy: https://policies.google.com/?hl=en
The transfer of personal data to third countries depends on the specific Google service and is subject to various EU Standard Contractual Clauses, if offered by Google. For further information and Google’s responsibility, see: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses can be viewed there. The provider is certified under the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures an adequate level of data protection based on a European Commission decision.

To support the handling of your inquiry, we use support systems (e.g., booking systems, live chats, ticket systems, or helpdesks) and external services for this purpose. These services may have access to personal data processed during communication with us through a support system. For more information on the services used, the scope of data processing, and the technologies and procedures involved, please refer to the details below and the links provided:

Zendesk Chat
Provider: Zendesk, Inc., United States of America, and Zendesk International Ltd, Ireland.
Website: https://www.zendesk.com
Further information & privacy: https://www.zendesk.com/company/privacy-and-data-protection/ and https://www.zendesk.com/company/legal/
Guarantee: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from us. The provider is certified under the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection based on a European Commission decision.

Zendesk Support
Provider: Zendesk, Inc., United States of America, and Zendesk International Ltd, Ireland.
Website: https://www.zendesk.com
Further information & privacy: https://www.zendesk.com/company/privacy-and-data-protection/ and https://www.zendesk.com/company/legal/
Guarantee: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from us. The provider is certified under the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection based on a European Commission decision.

Cookies & Similar Technologies

Cookies are used on this website. Cookies are text information stored on your device. We distinguish between session cookies, which are deleted immediately after you close your browser, and permanent cookies, which are deleted after a certain period.

In addition to cookies, similar technologies (tracking pixels, web beacons, etc.) may also be used. The following information on cookies also applies to these similar technologies. This also applies to any further processing associated with cookies and similar technologies (analytics & marketing, etc.). This is especially relevant for any consent you may have given for the use of cookies, which extends to other technologies and related processing activities.

Cookies can be used to enable certain functions. They can also be used to measure the reach of our online services, tailor them to meet needs and interests, and optimize our online services and marketing. Both we and external services may use cookies.

To manage the cookies used and relevant consent, we use a consent tool. You can find details about the cookies (purpose, storage duration, external services, etc.) and the consent tool in the following sections and the consent tool itself.

If we have requested your consent and you have given it, the legal basis for processing is Article 6(1)(a) GDPR. If no consent was requested, the legal basis for processing is Article 6(1)(f) GDPR. Our legitimate interest is managing cookies and relevant consent. Depending on the purpose of processing, our legitimate interests can be found in the following sections.

You can prevent cookies from being stored by adjusting your browser settings. Below are links for common browsers with further information on managing cookie settings:

You can also find more opt-out options here: https://www.youronlinechoices.eu/, https://youradchoices.ca/en/tools, https://optout.aboutads.info/?c=2&lang=EN, and https://optout.networkadvertising.org/?c=1.

Preventing cookies may affect the proper functioning of our online services. If you delete all cookies, your settings will be lost and need to be reconfigured.

Additionally, you can activate the “Do Not Track” feature in your browser to indicate that you do not wish to be tracked. Below are links for common browsers with further information on enabling "Do Not Track":

Your consent regarding the use of cookies can also be revoked or managed through our consent tool.

Newsletter

If we have requested your consent and you have given it, we process your email address to send email marketing communications and, if applicable, additional personal data to address you personally. The legal basis for this processing is Article 6(1)(a) GDPR. The specific contents of the email marketing are described when obtaining your consent. In general, the email marketing contains information about us, our products, and services.

We use the double opt-in method to prevent misuse of your personal data. After collecting your email address, we send a confirmation email to the address you provided, asking for confirmation that you indeed wish to receive marketing emails. The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest is the lawful execution of email marketing.

We record the time of your consent and confirmation, your IP address, and the content of your consent statement to demonstrate that your consent was obtained lawfully. The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest is the lawful execution of email marketing.

We use external services for email marketing. More information about these services, the extent of data processing, and the technologies and processes involved can be found at the end of this section and under the provided links.

You can revoke your consent at any time. The legality of the processing carried out based on the consent until the time of revocation is not affected by this. To revoke your consent, you can use the link provided in the emails or contact us using the contact details provided above.

If you revoke your consent, we reserve the right to process your personal data in a so-called blacklist/blocklist to ensure that no further email marketing is sent in connection with this personal data. The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest is preventing unwanted email marketing.

Brevo
Provider: Sendinblue GmbH, Germany.
Website: https://www.brevo.com/en/
Further Information & Privacy: https://www.brevo.com/en/gdpr/ and https://www.brevo.com/en/legal/privacypolicy//

Analytics & Marketing

We process your personal data to measure the reach of our online services, tailor them to suit needs and interests, and optimize our online services and marketing.

If we have requested your consent and you have given it, the legal basis for processing is Article 6(1)(a) GDPR. If we did not request your consent, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest is optimizing our online services and marketing.

For analytics and marketing, we use external services. This may involve profiling (for advertising, personalized information, etc.), and profiling can be cross-service and cross-device. Further information about the services used, the extent of data processing, the technologies and processes used, and whether profiling takes place can be found at the end of this section and the provided links.

Further information about cookies & similar technologies can be found above.

Google Ads Conversion Tracking
Provider: Within the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States.
Website: https://support.google.com/google-ads/answer/1722022?hl=en
Further Information & Privacy: https://policies.google.com/?hl=en
Transfer of personal data to third countries depends on the respective Google service and the applicable EU standard contractual clauses if offered by Google. Further information about this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. A copy of the EU standard contractual clauses can be viewed there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures an adequate level of data protection based on a decision by the European Commission.

Google Ads Enhanced Conversions
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/google-ads/answer/9888656?hl=en
Further Information & Privacy: https://policies.google.com/?hl=en
The transfer of personal data to third countries depends on the respective Google service and is subject to various EU Standard Contractual Clauses if offered by Google. More information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses can be viewed there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision by the European Commission.

Google AdSense
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://www.google.com/intl/en_en/adsense/start/
Further Information & Privacy: https://policies.google.com/?hl=en
The transfer of personal data to third countries depends on the respective Google service and is subject to various EU Standard Contractual Clauses if offered by Google. More information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses can be viewed there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision by the European Commission.

Google Analytics
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://marketingplatform.google.com/intl/en/about/analytics/
Further Information & Privacy: https://support.google.com/analytics/answer/6004245?hl=en and https://policies.google.com/?hl=en
The transfer of personal data to third countries depends on the respective Google service and is subject to various EU Standard Contractual Clauses if offered by Google. More information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses can be viewed there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision by the European Commission.

Google Analytics 4
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/analytics/answer/10089681?hl=en
Further Information & Privacy: https://support.google.com/analytics/answer/6004245?hl=en and https://policies.google.com/?hl=en
The transfer of personal data to third countries depends on the respective Google service and is subject to various EU Standard Contractual Clauses if offered by Google. More information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses can be viewed there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision by the European Commission.

Google Remarketing
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/google-ads/answer/2453998
Further Information & Privacy: https://policies.google.com/?hl=en
The transfer of personal data to third countries depends on the respective Google service and is subject to various EU Standard Contractual Clauses if offered by Google. More information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses can be viewed there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision by the European Commission.

Google Signals
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/analytics/answer/7532985?hl=en&ref_topic=7668613#zippy=%2Ctopics-in-this-article
Further Information & Privacy: https://support.google.com/analytics/answer/6004245?hl=en and https://policies.google.com/?hl=en
The transfer of personal data to third countries depends on the respective Google service and is subject to various EU Standard Contractual Clauses if offered by Google. More information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses can be viewed there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision by the European Commission.

Google Tag Manager
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/tagmanager/answer/6102821?hl=en
Further Information & Privacy: https://policies.google.com/?hl=en
The transfer of personal data to third countries depends on the respective Google service and is subject to various EU Standard Contractual Clauses if offered by Google. More information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses can be viewed there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures compliance with an adequate level of data protection based on a decision by the European Commission.

Hotjar
Provider: Hotjar Limited, Malta.
Website: https://www.hotjar.com/
Further Information & Privacy: https://www.hotjar.com/legal/policies/privacy/


Social-Media-Pages

We maintain social media presences on external services in order to be able to communicate with users there and thus optimise our online offering and our marketing.

This privacy policy also applies to the following social media presences:
- Facebook: https://www.facebook.com/23Mcom
- Instagram: https://www.instagram.com/23Mcom
- Twitter: https://x.com/23Mcom
- Youtube: https://www.youtube.com/channel/UC9FFdAXhCHTFPfhTyLdaxTA
- LinkedIn: https://www.linkedin.com/company/23mgmbh/
- Mastodon: https://networker.social/@23M

If we have requested your consent and you have given it, the legal basis for processing is Art. 6(1)(a) of the GDPR. If we did not request your consent, the legal basis for processing is Art. 6(1)(f) of the GDPR, where our legitimate interest lies in optimizing our online offerings and marketing.

In the course of using external services, profiling (for purposes such as advertising, personalized information, etc.) may also occur. Profiling can also take place across services and devices. More information on the services used, the extent of data processing, the technologies and procedures involved, whether profiling occurs when using these services, and information on the logic, scope, and intended effects of such processing for you can be found in the additional information on the services we use at the end of this passage and in the links provided there.

If we have requested your consent and you have given it, the legal basis for processing is Art. 6(1)(a) of the GDPR. If we did not request your consent, the legal basis for processing is Art. 6(1)(f) of the GDPR, where our legitimate interest lies in optimizing our online offerings and marketing.

In the course of using external services, profiling (for purposes such as advertising, personalized information, etc.) may also occur. Profiling can also take place across services and devices. More information on the services used, the extent of data processing, the technologies and procedures involved, whether profiling occurs when using these services, and information on the logic, scope, and intended effects of such processing for you can be found in the additional information on the services we use at the end of this passage and in the links provided there.

Facebook
Provider: Meta Platforms Ireland Limited, Ireland. Meta Platforms Ireland Limited is a subsidiary of Meta Platforms, Inc., United States of America.

Website: https://www.facebook.com

The provider and we are joint controllers. We have entered into an agreement with the provider, which you can view at https://www.facebook.com/legal/terms/page_controller_addendum and https://www.facebook.com/legal/controller_addendum.

Further information & data protection: https://developers.facebook.com/docs/plugins/, https://www.facebook.com/legal/terms/information_about_page_insights_data, https://www.facebook.com/privacy/policy/, https://de-de.facebook.com/policies/cookies/, https://www.facebook.com/help/566994660333381?ref=dp and https://de-de.facebook.com/help/568137493302217

Guarantee: EU Standard Contractual Clauses. A copy of the EU Standard Contractual Clauses can be requested from us. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection based on a decision by the European Commission.

Instagram
Provider: Meta Platforms Ireland Limited, Ireland. Meta Platforms Ireland Limited is a subsidiary of Meta Platforms, Inc., United States of America.

Website: https://www.instagram.com

Further information & data protection: https://help.instagram.com/581066165581870 and https://help.instagram.com/519522125107875

Guarantee: EU Standard Contractual Clauses. A copy of the EU Standard Contractual Clauses can be requested from us. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection based on a decision by the European Commission.

LinkedIn
Provider: If you are in the EU, the European Economic Area (EEA), or Switzerland, this service is offered by LinkedIn Ireland Unlimited Company, Ireland. If you are outside the EU, the EEA, or Switzerland, it is provided by LinkedIn Corporation, United States of America.

Website: https://www.linkedin.com

Further information & data protection: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy

Guarantee: EU Standard Contractual Clauses. A copy of the EU Standard Contractual Clauses can be requested from us.

X
Provider: If you live within the European Union, EFTA countries, or the United Kingdom, the controller is Twitter International Unlimited Company, Ireland. If you live in the United States of America or another country outside the EU, EFTA countries, or the UK, the controller is X Corp., United States of America.

Website: https://x.com/

Further information & data protection: https://x.com/de/privacy, https://help.twitter.com/de/rules-and-policies and https://help.twitter.com/de/safety-and-security

Guarantee: EU Standard Contractual Clauses. A copy of the EU Standard Contractual Clauses can be requested from us.

YouTube
Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland, a subsidiary of Google LLC, United States of America.

Website: https://www.youtube.com

Further information & data protection: https://policies.google.com/?hl=de

The transfer of personal data to third countries depends on the specific Google service and the applicability of different EU Standard Contractual Clauses if provided by Google. More information on this and Google's responsibility can be found at Google GDPR Compliance (https://business.safety.google/gdpr/). A copy of the EU Standard Contractual Clauses can be viewed there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection based on a decision by the European Commission.

Applications

If you apply to us, we process your personal data to conduct the application process and to make a decision about establishing an employment relationship. After the application process, we will limit the processing of your personal data and delete or destroy it within six months of receiving a rejection unless you have consented to the continued use of your personal data.

If we have requested and you have given your consent, the legal basis for processing is Art. 6(1)(a) of the GDPR. If we did not request your consent, the legal basis is Art. 6(1)(f) of the GDPR, with our legitimate interest in properly conducting the application process and, if necessary, defending against claims arising from a rejected application. If processing is necessary for a decision on establishing an employment relationship, the legal basis for processing is also § 26(1) sentence 1 of the Federal Data Protection Act (BDSG).

Go up
LinkedIn Instagram Mastodon Facebook X (Twitter)

23M GmbH

Johann-Krane-Weg 18

D-48149 Münster

Phone +49 251 933 944 0 (callback)

Mail info@23M.com

Subscribe to the newsletter

23M Logo

© 23M GmbH

Terms

Privacy

Imprint

Abuse