Skip to content

Privacy Policy

1. Privacy Policy

Data protection is of a particularly high priority for the management of the Mulytic Labs. The use of the Internet pages of the Mulytic Labs is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
This data protection declaration applies to the online offer of Mulytic labs, which can be accessed on the websites available under the domain “” (hereinafter referred to as “our website”).
As a person affected by data processing, you also have the legal right to information on your processed personal data (Art. 15 para. 1 and 2 DSGVO) as well as the rights to deletion (Art. 17 DSGVO) and correction (Art. 16 sentence 1 DSGVO) e.g. incorrect data and to blocking (Art. 18 DSGVO). For details, please refer to the following section “Rights of Data Subjects” within this data protection declaration. It may no longer be possible to continue using our services if your data is deleted or blocked.

2. Name and Address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Mulytic labs GmbH
Hellensteinstr. 4
81245 München

3. Personal data

Personal data is information about personal or factual circumstances of a specific or identifiable natural person. This includes information such as your name, address, telephone number and date of birth, but also data about your specific career, etc., which can be assigned to a specific person with reasonable effort. Information that is not (in)directly associated with your real identity, however, is not personal data.

4. Purpose

We will collect, process and use the personal data you provide online only for the purposes disclosed to you.
Some of the information we may collect from you is necessary to enable us to provide you with the services you request, to fulfill our contracts with you, to comply with legal requirements or if we have a legitimate interest in the use of your information.
If we collect data directly from you, we may ask you for your consent and clearly mark mandatory information (e.g. with an asterisk (*)). You voluntarily provide us with any other information that is not marked.
For the rest, we use your personal data exclusively to be able to offer you an extensive and interesting offer via our web services and to constantly improve this.

5. Legal basis for the processing

The legal basis for the processing of your data may be the following:

  • Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
  • If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR.
  • The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.
  • Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
6. Which personal data is stored and processed?

You can use our websites without providing us with personal data (e.g. name, address, telephone number or e-mail address), unless you make them available to us voluntarily (e.g. for registrations for events, enquiries or surveys) or the corresponding legal provisions on the protection of your data permit this.
Your personal data will be used as follows:

6.1. Data protection for applications and the application procedures

If you apply to us electronically, i.e. by e-mail or via our web form, we collect and process your personal data for the purpose of handling the application procedure and carrying out pre-contractual measures.
By submitting an application on our recruiting page, you express your interest in joining our company. In this context, you provide us with personal data which we use and store exclusively for the purpose of your job search/application.
In particular, the following data is collected:

  • Name (first and last name)
  • E-mail address
  • Telephone number

You also have the opportunity to upload/send via email relevant documents such as a cover letter, your CV and certificates. This may contain further personal data such as date of birth, address, etc. Only authorized employees from the personnel department or employees involved in the application process have access to your data.

Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.

Your data will be stored for a period of 180 days after the end of the application process. As a rule, this is done to fulfill legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or make your data anonymous. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of applications from women or men, number of applications per period, etc.).

In addition, we reserve the right to store your data for inclusion in our “Talent Pool” for 180 days after the end of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for training or internship positions. By accepting the data protection declaration, you consent to any further storage of your data and inclusion in our “Talent Pool”.

If you receive and accept an offer of employment with us as part of the application process, we will store the personal data collected during the application process at least for the duration of the employment relationship.

6.2. Contact possibility via the website

For general inquiries and contact requests, please use our contact form at or send us an e-mail In this case we use your personal data exclusively to answer your inquiries to your satisfaction. It is generally your free decision which data you provide to us. However, we may not be able to fulfil your contact request without certain details required in individual cases.
The legal basis for this data processing is that of Art. 6 para. 1 lit. b DSGVO (which permits the processing of data to fulfil a contract or pre-contractual measures), Art. 6 para. 1 lit. f GDPR (which permits the processing of data to safeguard the data controller’s legitimate interests) and Art. 6 para. 1 lit. a GDPR (which permits data processing on the basis of your consent).

6.3. Cookies

We do not create any personal user profiles. In connection with the retrieval of the information requested by you, data will only be stored on our servers in anonymous form for the provision of our various services or for evaluation purposes. Here general information is logged, e.g. when which contents from our offer are called up or which pages are visited most frequently. For these purposes we use so-called “cookies” (small text files with configuration information). The cookies used serve in particular to determine the frequency of use and the number of users of our websites. This tells us which area of our websites and which other websites our users have visited.
However, these usage data do not allow any conclusions to be drawn about the user. All of this anonymously collected usage data will not be merged with your personal data and will be deleted immediately after the statistical evaluation.
In addition, our websites do not store cookies that do not have purely technically necessary functions and serve the proper functioning of our web services if you have not previously accepted this. Before storing cookies, you must agree to this by selecting the types of cookies you want or accept and cookies on “Accept” on the banner, which contains the reference to the storage of cookies.
The legal basis for this data processing is that of Art. 6 para. 1 lit. f GDPR (which permits the processing of data to safeguard the data controller’s legitimate interests) and Art. 6 para. 1 lit. a DSGVO (which permits data processing on the basis of your consent).
Most browsers are pre-set to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it informs you before cookies are stored. Users who do not accept cookies may not be able to access certain areas of our websites.

6.4. Data Protection Compliant Content Sharing via Social Media Plugins

On our websites are plug-ins of the social networks mentioned in detail below. These plugins are identified within the framework of our online presence by the respective button belonging to the service. The plugins allow users to share, post or recommend links to the relevant websites on social networks such as Facebook, Twitter, Google+ and Instagram. By your active interaction with these plugins, e.g. by clicking the respective button or leaving a comment, this corresponding information is transmitted directly to the respective service and stored there.
When you visit one of our websites, which contains such an activated plugin, your browser establishes a connection to the servers of the respective service, which in turn transmits the content of the plugin to your browser and integrates it into the displayed page. Thus the information about the visit of our web pages is passed on to the respective service. We do not collect personal data ourselves using the social plugins or about their use and have no influence on which data an activated plugin collects and how these are used by the provider. It must be assumed that at least the IP address and device-related information is recorded and used. It is also possible that the service providers try to save cookies on the computer used. If you are logged in to the respective service simultaneously via your personal user account during your visit to our website (e.g. via another browser session), the service provider can assign the visit to our website to your account.
The usual social media plugins transfer the above-mentioned user data to the respective operator of the social network each time a page is accessed. You do not need to be logged in or a member of the network.
The legal basis for this data processing is that of Art. 6 para. 1 lit. a GDPR (which allows data processing on the basis of your consent).

6.6.1. Data protection provisions about the application and use of Twitter

On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service. The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.
If you activate the plugin, a connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address and can thus assign your visit to our websites to your Twitter user account, especially if you are logged in at the same time as your Twitter user account.
By using the implemented features of Twitter, your browser connects to the Twitter server and the websites you visit are linked to your Twitter account and made known to other users. Personal data is also transmitted to Twitter. We do not collect personal data ourselves using the plugins or about their use and have no influence on which data an activated plugin collects and how it is used by Twitter. Which personal data is processed beyond the above-mentioned information may depend on the settings you have chosen within your Twitter profile. Please refer to the Twitter privacy policy:

6.6.2. Data protection provisions about the application and use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.
You can recognize the LinkedIn plugins by the LinkedIn logo or the “Share” button on this website.
If you activate the plugin, a direct connection between your browser and the LinkedIn server is established via this. LinkedIn receives the information that you have visited this website with your IP address. If you click the LinkedIn “Share-Button” while logged into your LinkedIn account, you can link the contents of this website on your LinkedIn profile. This allows LinkedIn to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, are not aware of the content of the transmitted data or its use by LinkedIn.
Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn’s official data protection information. You can find these notes at

6.7. Server-Log files

Your visit to our websites is automatically logged by our web servers.
In connection with the retrieval of the information requested by you from our web services, data for the provision of our various services or for evaluation and security purposes are collected and, if necessary, stored in anonymous form (without personal reference). The web servers we use automatically store data about the retrieval of our web services in so-called server log files. This is the following data:

  • IP address
  • Referrer URL (the page from which you are visiting us)
  • Time of the server request
  • Host name of the accessing device (the name of your Internet service provider)
  • Browser type and browser version
  • the operating system used and its settings

The processing of the above mentioned data is done for security purposes, for general fraud prevention and as a precaution against attacks on our web services. This data is not automatically combined with data from other data sources.

If your IP address is also automatically logged, it will be automatically deleted after 7 days at the latest.

Furthermore, only general information is recorded, e.g. when which content is called up from our offer or which pages are visited most frequently, the names of the requested files as well as their retrieval date and time. These data are evaluated for the improvement of our offer and do not allow any conclusions about your person.

We will not use this information for any other purpose.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data to protect the data controller’s legitimate interests.

7. Period for which the personal data will be stored

We only store personal data that you provide us for as long as it is needed to fulfill the purposes for which this data was provided or as long as this is required by law:

  • If you conclude contracts with us, we store and process your personal data for the duration of your contractual relationship and also for the fulfillment of post-contractual obligations and matters and for the duration of the statutory retention periods (maximum 10 years);
  • If you apply through us for vacant positions with us, we will delete your application data at the latest 180 days after completion of the application procedure, unless you have given us your consent to permanently store your data for future job vacancies;
  • If you send us an inquiry, we process your personal data for the duration of processing your inquiry.

When we no longer need your personal data, we delete it from our systems and records or make it anonymous so that you can no longer be identified.

We may retain certain personal information in order to comply with our legal and regulatory obligations and to enable us to administer our rights (e.g. to enforce our claims in court), or for statistical purposes (in anonymous form).

8. Data Security

For a secure transmission of your personal data we use a so-called SSL encryption. According to the current state of knowledge, this form of transmission is recognised as a secure form of data transmission. We make every effort to take technical and organisational security measures to protect your personal data against unintentional or unlawful deletion, alteration or loss and against unauthorised disclosure or access. Our employees are accordingly bound to secrecy and data protection.
In order to prevent the loss or misuse of data stored by us, we take extensive technical and organisational security precautions which are regularly checked and adapted to technological progress. Insofar as it is within our sphere of influence, we use modern encryption techniques and a large number of other measures in particular to prevent unauthorised access by third parties. If SSL or TLS encryption exists, the data you exchange with us cannot be read by third parties.
However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data can be read by third parties – even if this is done by e-mail. We have no technical influence on this. In such cases, it is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.

9. Transmission of data

If these cases are not listed in this privacy statement, we will not sell or market your personal data to third parties or pass them on for any other reason.
In addition to the other cases mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent in the following cases:

  • If it is necessary for the clarification of an illegal or abusive of our web pages or for the prosecution, personal data are passed on to the prosecution authorities as well as if necessary to damaged third parties. However, this only happens if there are concrete indications of illegal or abusive behaviour. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement authorities, authorities that prosecute fined offences and the tax authorities.
  • A disclosure to third parties bound to professional secrecy can take place if this is necessary to enforce the contractual conditions or other agreements as well as our claims arising from contracts that you have concluded with us.

The legal basis for data transmission is Art. 6 para. 1 lit. b GDPR, which permits the processing of data in order to fulfil a contract or pre-contractual measures and Art. 6 para. 1 lit. f GDPR, which permits the processing of data in order to safeguard the data controller’s legitimate interests.

As our business develops, the structure of our company may change as its legal form changes, subsidiaries, parts of companies or components are established, purchased or sold. In such transactions, customer information will be shared with the part of the company to be transferred with your consent. Whenever personal data is passed on to third parties to the extent described above, we will ensure that it is used in accordance with this data protection declaration and the relevant data protection laws and ask you for your consent.

However, your personal data can also be processed on our behalf by our reliable, external service providers (“contract processors”).

We rely on reliable, external service providers who conduct a number of business processes on our behalf and only provide them with the information they need to provide the services and we do not require them to use your personal information for any other purpose. We make every effort to ensure that all contractors with whom we work protect your personal data. For example, we can commission the following companies with services for which the processing of your personal data is necessary:

  • Third parties who support and help us to provide digital and e-commerce services, including CRM, web analytics and search engine and user content maintenance tools;
  • Advertising, marketing, digital and social media agencies to assist us with advertising, marketing and campaign activities, to analyse their effectiveness and to manage your contact requests and questions;
  • Third parties who assist us in providing IT services, including platform providers, hosting services, maintenance and support for our databases, and our software and applications that contain information about you (in some cases, such services simply include access to your data to perform the desired task);

The legal basis for data transmission is Art. 6 para. 1 lit. b GDPR, which permits the processing of data in order to fulfil a contract or pre-contractual measures and Art. 6 para. 1 lit. f GDPR, which permits the processing of data in order to safeguard the data controller’s legitimate interests.

We have concluded a contract with all our order processors for order processing in accordance with Art. 28 GDPR and fully implement the strict requirements of the German data protection authorities when using these services.

10. Rights of the data subject

If we process personal data as the data controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right of access (Art.15 GDPR), the right to rectification (Art.16 GDPR), the right to erasure (‘right to be forgotten’) (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR), the right to object (Art. 21 GDPR). If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Art. 7 III GDPR.
If you wish to exercise your above rights, please contact us using the contact details given in the “Imprint” section.
Please note that we may require proof of identity and full details of your request before we can process your request.

11. Hyperlinks to other websites

Our website contains so-called hyperlinks to websites of other providers. When these hyperlinks are activated, they are redirected from our website directly to the websites of other providers. With these links to external companies and other third parties, Mulytic Labs is not responsible for the data protection requirements or the content of these websites.

12. Concluding provisions

This data protection declaration can be called up, saved and printed out at any time under the URL of this page. Since changes in the law or changes in our internal processes may make it necessary to adapt this data protection declaration, we ask you to read this data protection declaration regularly.
We reserve the right to adapt this data protection declaration at any time so that it always meets the current legal requirements or to reflect changes in the application procedure or the like. If you visit the recruiting page again or apply again, the new data protection declaration will apply.
Last updated: March 2019
Mulytic Labs Mergenthaler str. 6, 81247 München

© Mulytic Labs – All Rights Reserved.