Data Protection Declaration

I. Name and Address of Data Controller

The Data Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Commodity Mida Trading AG
Landstrasse 340
FL-9495 Triesen
Liechtenstein
Telephone: +423 392 10 40
Telefax: +423 392 10 49
E-Mail: info@midainvest.com
Internet: www.midainvest.com

II. General information about data processing

1. Extent of processing of personal data

As a matter of principle, we collect and use the personal data of our users only to the extent required to ensure the functioning of our website and of our contents and services. The collection and use of our users’ personal data only routinely occurs after users have granted their consent or if data processing is permitted by law.

To the extent that permission of the affected individual is obtained for the processing of personal data, Article 6 (1) point (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6 (1) point (b) GDPR serves as the legal basis. This also applies to processes that are necessary for the execution of pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 (1) point (c) GDPR serves as the legal basis for processing.

If processing is necessary to safeguard the legitimate interests of our company or those of a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first-mentioned interest, Article 6 (1) point (f) GDPR serves as the legal basis for processing.

3. Deletion of data and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose for its storage expires. In addition, such storage may take place if provided for by the European or national legislator in European Union directives, laws or other regulations to which the data controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfilment of the contract.

III. Contact form and e-mail contact

1. Description and scope of data processing

A contact form is available on our website, which can be used to get in touch electronically. Should a user take advantage of this possibility, the data entered in the input screen will be transmitted to us and saved. These data are:

Given name and surname
Company
Address (Street, Post Code, City, Country)
Telephone Number
E-mail Address

However, the aforementioned data do not cover all mandatory information.

At the time of sending the message, the following data are also stored:

(1) The user’s IP address
(2) Date and time of the request

Your consent is obtained for the processing of the data through the sending process and reference is made to this data protection declaration.

Alternatively, contact is possible via the e-mail address provided. In this case, the user’s personal data that are communicated with the e-mail will be stored.

There is no disclosure of the data to third parties in this connection. The data are used exclusively for the processing of the conversation.

The legal basis for the processing of data is the user’s consent under the terms of Article 6 (1) point (a) GDPR.
If the purpose of the contact is to execute a contract, an additional legal basis for the processing is Article 6 (1) point (b) GDPR.

3. Purpose of data processing

We process personal data from the input screen only for the purpose of establishing the contact. In the case of making contact via e-mail, this is also with a view to the required legitimate interest in the processing of the data.
Other personal data serve during the sending process to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of data storage

Data are erased as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for personal data taken from the contact form’s input screen and data sent by e-mail when the current conversation with the user has been terminated. The conversation has been terminated when the circumstances indicate that the situation concerned has been conclusively clarified.

The user has the opportunity to withdraw his or her consent to the processing of his or her personal data at any time. Should the user get in touch with us via the contact form, he or she can withdraw consent for the storage of his or her personal data at any time. The conversation cannot be pursued further in such a case.

Withdrawal of consent can be confirmed by telephone or by email as well as in writing.

All personal data stored during the course of the contact is erased in this case.

IV. Google Web Fonts

1. Extent of processing of personal data

We have integrated Google Fonts on our website. Google Fonts is used for the uniform representation of fonts. If a user calls our website, the required fonts (= web fonts) are loaded from the user’s browser into its cache (= buffer memory).

When downloading fonts from Google’s servers, the user’s browser will connect to Google. At this point, Google receives the information that the user’s IP address has visited our website.

The operating company of the Google Web Fonts components is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google LLC is certified under the EU-US Privacy Shield.

You can find further information regarding Google Web Fonts at https://developers.google.com/fonts/faq. You can find Google’s data privacy statement at https://policies.google.com/privacy?hl=en.

Should the user’s browser not support Google Web Fonts, a standard font shall be used.

The legal basis for the use of Google Web Fonts components is Article 6 (1) point (f) GDPR.

3. Purpose of data processing

We have integrated Google Web Fonts to ensure the correct presentation of fonts on our website.

Also in this respect, processing is necessary for our legitimate interests pursuant to Article 6 (1) point (f) GDPR.

The user has the opportunity to deactivate Google Web Fonts by means of an opt-out: https://adssettings.google.com/authenticated.

V. Adobe Typekit

1. Extent of processing of personal data

We have integrated the plugin Adobe Typekit on our website. Adobe Typekit is used for the uniform representation of fonts. When the user accesses our website, the user’s internet browser establishes a connection to the Adobe Typekit servers in order to load the required fonts (so-called web fonts) into the buffer cache (browser cache) of the user’s internet browser. In doing so, Adobe Typekits gains knowledge of the user’s IP address.

The operating company is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. You can find further information about how Adobe Typekit functions at https://www.adobe.com/de/privacy/policies/typekit.html.

Should the user’s browser not support Adobe Typekit, a standard font shall be used.

The legal basis for data processing is Article 6 (1) point (f) GDPR.

3. Purpose of data processing

We have integrated Adobe Typekit to ensure the correct presentation of fonts on our website.

Also in this respect, processing is necessary for our legitimate interests pursuant to Article 6 (1) point (f) GDPR.

VI. Google Maps

1. Extent of data processing

We have integrated Google Maps on our website. Google detects the user’s IP address and stores it on Google’s servers in the US; in this way, the content of Google Maps can be transferred to the user’s browser.

The operating company of the Google Maps components is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google LLC is certified under the EU-US Privacy Shield. You can find Google’s data privacy statement at https://policies.google.com/privacy?hl=en.

The legal basis for the use of Google Maps components is Article 6 (1) point (f) GDPR.

3. Purpose of data processing

We use Google maps to ensure that our website is perceived as attractive. Furthermore, Google Maps serves to make it easier to find the locations given on our website.

Also in this respect, processing is necessary for our legitimate interests pursuant to Article 6 (1) point (f) GDPR.

The user has the opportunity to deactivate Google Maps by means of an opt-out: https://adssettings.google.com/authenticated.

VII. Rights of the data subject

If your personal data are processed, you are the data subject within the meaning of GDPR and you have the following rights with respect to the data controller:

1. Right of disclosure

You can request a confirmation from the data controller as to whether your personal data are being processed by us.

If such data processing exists, you can request that the data controller disclose to you the following information:

(1) the purposes for which your personal data are processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;

(4) the period for which the personal data will be stored, or if specific information about this is not possible, the criteria used to determine that period;

(5) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information on the source of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether your personal data will be transferred to a third country or an international organisation. In this connection you can demand, pursuant to Article 46 GDPR, to be informed about such data transfer.

2. Right of rectification

You have a right to obtain from the data controller the rectification and/or completion of data, insofar as the processed personal data relating to you is incorrect or incomplete. The data controller must make the rectification without delay.

3. Right to restrict processing

You can, within the following conditions, demand that the processing of personal data of which you are the data subject be restricted:

(1) if you contest the accuracy of your personal information for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims; or

(4) if you objected to processing pursuant to Article 21 (1) GDPR pending the verification as to whether the legitimate grounds of the controller override yours as the data subject.

If the processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Should data processing be restricted according to the above-mentioned conditions, you will be informed by the data controller before the restriction is lifted.

4. Right of erasure

a) Duty to erase

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent to the processing of data according to Article 6 (1) point (a) or Article 9 (2) point (a) GDPR and there is no other legal ground for its processing.

(3) Pursuant to Article 21 (1) GDPR you object to the processing of your data and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Article 21 (2) GDPR.

(4) Your personal data have been processed unlawfully.

(5) Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) Your personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Article 17 (1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for the establishment, exercise or defence of legal claims.

5. Right of notification

If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller is under obligation to notify all recipients to whom the personal data relating to yourself has been disclosed of the corresponding rectification or erasure of data or of the restriction of their processing. The controller is exempted from this obligation where such notification proves impossible or unreasonable.

You have the right to be informed of who these recipients are.

6. Right to data portability

You have the right to receive personal data concerning you which you have provided to a controller, in a structured, commonly used and machine-readable format. In addition you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1) the processing is based on consent pursuant to Article 6 (1) point (a) or Article 9 (2) point (a) or on a contract pursuant to Article 6 (1) point (b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right to data portability you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. The right referred to here shall not adversely affect the rights and freedoms of others.

The right of data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) points (e) or (f); this also applies to profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Should you object to data processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or which similarly affects you in a significant way. This does not apply if the decision

(1) is necessary for entering into, or the performance of, a contract between you and the data controller;

(2) is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

In the cases referred to in points (1) and (3) the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to complain to a supervisory body

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.