m-menu-toggle
m-close-menu
ENG
Get in touch

Privacy policy

We are pleased that you have visited our website and are interested in our company. The protection of your personal data is very important to us. The following information explains the nature, scope, and purpose of our processing of personal data when you use our website, contact us, apply for a job, or interact with our company’s social media accounts.

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

THE MEGALON GROUP AG
Astraturm
Zirkusweg 2
20359 Hamburg

Phone: +49 40 734 435 540
Fax: +49 40 734 435 549
Email: info@megalon.de

2. Data Protection Officer

You can contact our external data protection officer at:


, Attorney at Law Kaspar-Ludwig Stolzenhain
Joachimsthaler Straße 24
10719 Berlin

Please mark all mail correspondence "Personal/Confidential."

3. General Information on the Processing of Personal Data

Personal data refers to any information relating to an identified or identifiable natural person. This includes, in particular, name, address, email address, phone number, IP address, or information about usage patterns on a website.

We process personal data only to the extent necessary to provide a fully functional website, to handle inquiries, to conduct recruitment processes, to protect legitimate interests, to comply with legal obligations, or based on your consent.

4. Website Provision and Server Log Files

Every time you visit our website, our web server automatically collects information that your browser transmits to our server. In particular, the following data is processed:

– IP address of the requesting device
– Date and time of access
– Name and URL of the file accessed
– Browser type and version
– Operating system used
– User’s Internet service provider
– Referrer URL
– Access status / HTTP status code
– Amount of data transferred
– Time zone difference from Greenwich Mean Time (GMT)

This data is processed for the purpose of providing the website, ensuring the stability and security of the systems, analyzing errors, and preventing attacks and misuse.

The legal basis for the processing is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the secure, stable, and proper provision of our online services.

Server log files are generally deleted after no more than 7 days, unless their continued retention is necessary in specific cases for evidentiary purposes in connection with concrete security incidents.

5. Cookies and Similar Technologies

We use cookies and similar technologies on our website. These may include, in particular, HTTP cookies, local storage entries, scripts, or similar technologies that store or retrieve information on your device.

We distinguish between technologies that are technically necessary and optional technologies used for statistics, analysis, and marketing.

5.1 Technically Necessary Technologies

Technically necessary cookies and similar technologies are required for the website to function properly and to provide features that you have specifically requested.

The legal basis for storing information on your device or accessing such information is Section 25(2)(2) of the TDDDG. To the extent that personal data is processed in this context, this is done on the basis of Article 6(1)(f) of the GDPR. Our legitimate interest lies in ensuring that our website is provided in a technically flawless, secure, and user-friendly manner.

5.2 Statistical, Analytical, and Marketing Technologies

We use statistics, analytics, and marketing technologies only if you have given us your prior consent to do so.

The legal basis for storing information on your device or accessing such information is Section 25(1) of the TDDDG. The legal basis for the subsequent processing of personal data is Article 6(1)(a) of the GDPR.

You can revoke any consent you have previously given at any time with future effect using our consent tool, or adjust your selections there.

5.3 Retention Period and Management

You can find the retention periods for individual cookies and similar technologies in the settings of our consent tool. You can also delete cookies or prevent them from being stored at any time via your browser settings. Please note that some features of our website may then be available only to a limited extent.

6. Contacting us via email, phone, or the contact form

When you contact us by email, phone, or through a contact form, we process the information you provide to handle your inquiry and communicate with you.

In particular, we process the following data, provided you share it with us:

– First and last name
– Company name
– Email address
– Phone number
– Message content
– Any other information you voluntarily provide

Required fields in contact forms are marked as such. We need this information to process your inquiry. If you do not provide this information, we may not be able to process your inquiry, or may only be able to process it partially.

Your data is processed for the purpose of handling your inquiry, contacting you, and, where applicable, taking steps prior to entering into a contract.

The legal basis is Article 6(1)(b) of the GDPR, provided that your inquiry relates to the conclusion or performance of a contract. In all other cases, processing is based on Article 6(1)(f) of the GDPR. Our legitimate interest lies in the proper handling of inquiries and communication with prospective customers, customers, business partners, and other inquirers.

We will delete the data collected in connection with your inquiry as soon as it has been processed and there are no legal retention requirements or other legitimate reasons for further storage.

7. Application Process

You can apply to our company online. As part of the application process, we process the personal data you provide in your application.

These include, in particular:

– Personal information such as name, address, and contact details
– Application materials such as cover letters, resumes, certificates, and supporting documents
– Information regarding qualifications, professional background, and skills
– Additional information you provide to us in connection with your application

Your data will be processed solely for the purpose of conducting the application process and deciding whether to offer you employment.

The legal basis is Section 26 of the Federal Data Protection Act (BDSG) in conjunction with Article 88 of the General Data Protection Regulation (GDPR), supplemented by Article 6(1)(b) of the GDPR.

Please note that emails sent in unencrypted form generally do not provide complete protection against access by third parties.

Unless an employment relationship is established, we will generally delete your application documents no later than 6 months after the conclusion of the application process, unless there are legal retention requirements, longer storage is necessary for the purpose of legal defense, or you have expressly consented to longer storage.

If you have consented to being added to our applicant pool, we will retain your application documents for the period specified in your consent. You may revoke your consent at any time, effective for the future.

If an employment relationship is established, your data will be included in your personnel file to the extent necessary and permissible for the purpose of administering the employment relationship.

8. Reach Measurement, Analysis, and Optimization

We use analytics and evaluation technologies on our website to statistically analyze website usage and continuously improve our online offerings. To the extent that this requires access to your device or involves the processing of personal data, such activities are conducted solely on the basis of your consent, unless a legal exception applies.

8.1 Matomo

If you have given your consent, we use Matomo, an open-source web analytics tool, on our website to analyze website usage statistics.

Matomo is hosted on a server that we control or that is integrated in compliance with data protection regulations. The data collected in this process is not disclosed to unauthorized third parties.

When using Matomo, we process the following data in particular:

– Truncated or anonymized IP address
– Pages and subpages visited
– Referrer URL
– Date and time of visit
– Duration of visit
– Technical information about the browser, operating system, and device

We use Matomo with IP anonymization. To the extent that Matomo uses cookies or similar technologies, their use is based solely on your consent.

The legal basis is Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG, to the extent that access to information on your device occurs. In exceptional cases where no access to your device occurs and the processing of personal data is permitted, the legal basis may be Article 6(1)(f) of the GDPR. Our legitimate interest lies in the statistical analysis of the use of our website and in the optimization of our online offering.

You can withdraw your consent at any time with future effect using our consent tool.

[Optional:
The raw data processed by Matomo is deleted or anonymized after [please specify].]

8.2 SEMrush

We use SEMrush as a tool to analyze our online visibility, for search engine optimization, to monitor rankings, keywords, and competitive trends, and to optimize our digital content.

We primarily use SEMrush as an internal analysis and research tool. As a rule, we do not process any personal data from visitors to our website directly through our website. However, if personal data is processed in individual cases, this is done exclusively on the basis of a legal authorization or your consent, where such consent is required.

To the extent that personal data is transferred to recipients in countries outside the European Union or the European Economic Area in connection with the use of SEMrush, such transfers are made exclusively in accordance with Articles 44 et seq. of the GDPR. In the absence of an adequacy decision, the transfer is based on appropriate safeguards, in particular the Standard Contractual Clauses adopted by the European Commission.

The legal basis for the internal use of SEMrush is Article 6(1)(f) of the GDPR. Our legitimate interest lies in optimizing our digital visibility, improving our content, and effectively marketing our offerings.

9. Recipients of personal data

Within our company, access to your personal data is limited to those individuals and departments that need it to fulfill the relevant purposes.

In addition, we disclose personal data to external recipients only to the extent necessary to fulfill a contract, comply with legal obligations, protect legitimate interests, or based on your consent.

This may include, in particular, the following recipients or categories of recipients:

– Hosting service providers
– IT and security service providers
– Maintenance and support service providers
– Telecommunications and communications service providers
– Providers of form, consent, and analytics tools
– Service providers involved in recruitment processes
– Government agencies and public authorities, to the extent required by law
– Consultants and other processors, to the extent permitted

To the extent that external service providers act on our behalf, they do so on the basis of a data processing agreement in accordance with Article 28 of the GDPR.

10. Transfer of Data to Third Countries

Personal data will only be transferred to countries outside the European Union or the European Economic Area if such transfers are permitted by law.

To the extent that such a transfer takes place, it is carried out exclusively in accordance with Articles 44 et seq. of the GDPR, in particular on the basis of an adequacy decision by the European Commission, appropriate safeguards such as standard contractual clauses, or other legal authorization.

11. Company Presence on Social Media

We maintain company profiles on social media to provide information about our company, our services, career opportunities, and news, as well as to communicate with prospective clients, customers, applicants, and other users.

When you visit our social media pages, personal data is processed by both us and the respective platform operator. This may occur even if you do not have a user account on that platform yourself.

The processing is based on Article 6(1)(f) of the GDPR. Our legitimate interest lies in maintaining modern corporate communications, our public image, interaction with users, and the analysis of the reach of our corporate online presence.

11.1 Facebook and Instagram

We maintain company pages on Facebook and Instagram. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When you visit our Facebook or Instagram pages, Meta processes your personal data. This may include, in particular, usage data, device information, interaction data, communication content, and data used to measure reach.

To the extent that Meta provides us with so-called Insights or aggregated usage statistics for our pages, we share joint responsibility in accordance with Article 26 of the GDPR.

Meta provides information on joint controllership and the processing of Insights data in its Privacy Policy and supplementary agreements.

It cannot be ruled out that personal data may be transferred to third countries, in particular to the United States. According to Meta, such transfers are carried out in accordance with legal requirements.

For more information about Meta's data processing practices, please see Meta's Privacy Policy.

11.2 LinkedIn

We maintain a company profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

When you visit our LinkedIn page, LinkedIn processes users' personal data. This may include, in particular, profile data, usage data, interaction data, device information, and communication data.

To the extent that LinkedIn provides us with aggregated reach and usage statistics for our company page, we share joint responsibility in accordance with Article 26 of the GDPR.

LinkedIn provides further information on joint responsibility and the processing of personal data in its privacy policy and supplementary information.

It cannot be ruled out that personal data may be transferred to third countries, in particular to the United States. According to LinkedIn, such transfers are carried out in accordance with legal requirements.

For more information about how LinkedIn processes data, please refer to LinkedIn’s privacy policy.

11.3 TikTok

We maintain a corporate presence on TikTok to provide information about our company, our services, career opportunities, and news, as well as to communicate with interested parties, customers, applicants, and other users. When you visit our TikTok presence, personal data is processed by both us and TikTok. This may include, in particular, usage data, device information, interaction data, communication content, and data for measuring reach. TikTok provides its own data protection information and a Privacy Center for this purpose.

Processing is carried out on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest lies in modern corporate communication, external presentation, interaction with users, and analysis of the reach of our corporate presence.

Insofar as TikTok provides us with aggregated information or statistics on the use of our company presence, joint responsibility within the meaning of Art. 26 GDPR may exist in this respect. For more information on data processing by TikTok, please refer to TikTok's privacy policy and the TikTok Privacy Center.

It cannot be ruled out that personal data may be transferred to third countries, in particular the US or Singapore, or processed there. TikTok itself has pointed out for Europe that European user data may be stored in the US and Singapore and that, under certain conditions, access from other countries is also possible. According to TikTok, the transfer takes place in accordance with legal requirements.

12. Links to social media platforms

Our website contains links to our company profiles on social media platforms. When you click on one of these links, you will leave our website and be redirected to the respective platform. Once there, the privacy policy of the respective provider applies.

Simply displaying links on our website does not result in the automatic transmission of data to the respective platform operators.

13. Retention period

We retain personal data only for as long as is necessary to achieve the respective processing purposes, as required by statutory retention obligations, or where we have a legitimate interest in further retention, such as for the establishment, exercise, or defense of legal claims.

Once the relevant purpose no longer applies and there are no statutory retention requirements or other legal grounds preventing deletion, the relevant data will be deleted.

14. Your Rights

Under the applicable legal provisions, you have the following rights in particular:

– Right of access pursuant to Art. 15 GDPR
– Right to rectification pursuant to Art. 16 GDPR
– Right to erasure pursuant to Art. 17 GDPR
– Right to restriction of processing pursuant to Art. 18 GDPR
– Right to data portability pursuant to Art. 20 GDPR
– Right to object pursuant to Art. 21 GDPR
– Right to withdraw consent pursuant to Art. 7(3) GDPR with effect for the future

To exercise your rights, you can contact us at any time at info@megalon.de or reach out to our Data Protection Officer.

You also have the right to file a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection laws.

The competent supervisory authority is, in particular:

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg
Email: mailbox@datenschutz.hamburg.de

15. Right to object under Article 21 of the GDPR

To the extent that we process your personal data on the basis of Article 6(1)(f) of the GDPR, you have the right to object to such processing at any time on grounds relating to your particular situation.

If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes.

16. Data Security

We take appropriate technical and organizational measures to protect your personal data from loss, destruction, tampering, and unauthorized access.

We continuously update our security measures in line with technological advancements. Whenever an encrypted connection is available on our website, data is transmitted using state-of-the-art encryption technology.

17. Validity and Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to ensure that it remains in compliance with current legal requirements or to reflect changes to our website, our services, or the procedures we use.

The most recent version published on our website applies.

The latest version is available at:
www.megalon.de/datenschutzerklaerung

As of March 12, 2026

Home

Services & Investments

TMG Team

360° Flow Hub

Cases

sustainability

career

Contact
Get in touch