We manage our web sites in accordance with the principles set out below:

We undertake to comply with statutory data protection regulations and endeavour always to take into account the principles of data avoidance and data minimisation.

1. Name and address of the controller

The controller, within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other statutory data protection regulations, is:

Mandado GmbH
Kopischweg 12a
22455 Hamburg

E-Mail: kontakt@mandado.de
Phone: +49 (0)170 930 9838

2. Explanation of terms

We have designed our Privacy Statement in accordance with the principles of clarity and transparency. However, should there be any ambiguity regarding the use of various terms, the corresponding definitions can be found here.

3. Legal basis for processing personal data

3.1 Processing of personal data according to the GDPR

We process your personal data - such as your first and last names, your e-mail address, IP address, etc. - only if there is a legal basis for doing so. The following rules, in particular, come into consideration here, in accordance with the General Data Protection Regulation (GDPR):

• Art. 6(1)(a) GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• Art. 6(1) (b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Art. 6(1) (c) GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject
• Art. 6 (1)(d) GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person
• Art. 6(1)(e) GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• Art. 6(1)(f) GDPR: Processing is necessary for the purpose of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

However, we will always inform you at the appropriate points in this Privacy Statement of the legal basis on which your personal data are being processed.

3.2 Consent oft the custodian according to Art. 8 (1) GDPR

A custodian must consent to all data processing within the scope of this website for which the consent of a minor who has not yet reached the age of 16 is required. 

Information on the individual data processing operations, their purposes and the categories of data concerned, for which the consent of the person concerned is required, can be found in the data protection declaration.

You may withdraw your consent at any time by sending the withdrawal notice in text form to the contact details of the controller. The processing until the revocation remains lawful.

3.3 Processing of information according to § 25 (1) TTDSG

We also process information pursuant to Section 25 (1) TTDSG by storing information on your terminal equipment or accessing information that is already stored on your terminal equipment. This can be both personal information and non-personal data, e.g. cookies, browser fingerprints, advertising IDs, MAC addresses and IMEI numbers. Terminal equipment in this context is any device connected directly or indirectly to the interface of a public telecommunications network for the purpose of sending, processing or receiving messages, § 2 para.2 no.6 TTDSG.

As a rule, we process this information on the basis of your consent, Section 25 (1) TTDSG.

As far as an exception according to § 25 Abs.2 Nr.1 und Nr.2 TTDSG is given, we do not need your consent. Such an exception is given if we exclusively access or store the information in order to transmit a message via a public telecommunication network or if this is absolutely necessary so that we can provide a telemedia service expressly requested by you.

You may withdraw your consent at any time. We inform you that the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.

4. Disclosure of personal data

Where personal data are disclosed, processing is also carried out within the meaning of section 3, above. At this point, however, we would like to inform you separately about disclosure of data to third parties. The protection of your personal data is particularly important to us. For this reason, we are especially careful when disclosing your data to third parties.

Data is only disclosed to third parties if there is a legal basis for the processing. For example, we disclose personal data to persons or companies acting as processors on our behalf, pursuant to Art. 28 GDPR. A processor is anyone who processes personal data on our behalf, in particular under our instruction and control.

In accordance with the requirements of the GDPR, we conclude a contract with each of our processors in order to ensure that they comply with data protection regulations, thus providing comprehensive protection for your data.

5. Storage period and erasure

We will erase your personal data once those data are no longer necessary for the purposes for which they were collected or otherwise processed, and where the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

6. SSL encryption

This site uses SSL encryption for security reasons and to safeguard the transfer of confidential content, such as any requests you send to us as the operators of the site. An encrypted connection can be identified by the change in the address from “http://” to “https://” and by the padlock symbol in your browser’s address bar.

With SSL encryption activated, the data which you transfer to us cannot be read by third parties.

7. Cookies

We use cookies on our website. Cookies are small data packets created automatically by your browser and stored on your client device when you visit our website. These cookies are used to store information about the client device being used.

When cookies are used, a distinction is made between technically necessary cookies and “other” cookies. Cookies are said to be technically necessary if they are essential for providing an information society service which you have expressly requested.

a) Technically necessary cookies

In order to make the use of our services more convenient for you, we use technically necessary cookies what are known as session cookies (e.g. language and font selection, shopping basket, etc.), consent cookies, cookies to ensure server stability and security, or similar. These session cookies come under the category of technically necessary cookies and are automatically deleted after you have left our site. The legal basis for the cookies derives from Art. 6(1)(f) GDPR, our legitimate interest in the error-free operation of the website and the interest in providing you with our services optimized.

b) Other cookies

Other cookies include cookies for statistical, analysis, marketing and retargeting purposes.

We use these cookies on the basis of your consent in accordance with Art. 6 (1) (a) DSGVO.

You can withdraw your consent to the use of cookies at any time. We would like to inform you that the revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until the withdrawal.

For this purpose, you can either edit your cookie settings on our website, deactivate the use of cookies in your browser settings (whereby the functionality of the online offer can also be limited) or, in individual cases, set an opt-out for the corresponding service.

You can also declare your objection to the use of cookies for marketing purposes via the EU website http://www.youronlinechoices.com/ or generally at http://optout.aboutads.info.

We will point out the legal basis on which this data is processed for the respective services within the data protection declaration.

8. Cookie banner

To obtain consent for the cookies we use, we use the cookie banner of the service provider "Complianz BV". This itself sets a so-called consent cookie to query and process the respective consent status. This consent cookie is technically necessary and is therefore used based on our legitimate interest pursuant to Art. 6 (1)(f) GDPR, § 25 (1) TTDSG.

9. Collection and storage of personal data, their type and intended purpose

a) External hosting

Our website is hosted at bei all-inkl.com, Rene Münnich, Hauptstr. 68, 02742 Friedersdorf. For this reason, all personal data collected on our website is stored on the servers of our hoster, unless an external service of a third party is integrated. This may be the IP address, your e-mail address, communication data or the like. You can find out what specific personal data is involved in the individual functions and services explained by us below. If we use an external service of a third party, this will be made clear in the description of the respective service or tool.

The hoster processes your data only on our instructions and to the extent necessary to fulfill the services on the website. The hoster does not process the data for its own purposes. We have concluded a data processing agreement with the hoster.

b) When visiting the website

When you access our website, information is automatically sent to our web server by the browser being used on your client device. This information is stored temporarily in what is known as a log file. The following information is recorded without any action on your part and stored until it is automatically erased:

• the IP address of the computer making the request,

• the date and time of access,

• the name and URL of the requested file,

• the website from which the site is accessed (referrer URL),

• the browser used, and if applicable, your computer’s operating system and the name of your access provider.

We process the above-mentioned data for the following purposes:

• to ensure the connection to the website is established smoothly,

• to ensure that our website is convenient to use,

• for evaluation of system security and stability, and

• for other administrative purposes.

Data which permit you to be identified as an individual, such as the IP address, will be erased after 7 days at the latest. Any data we store beyond this period will be pseudonymised, so that they can no longer be associated with you.

The legal basis for the data processing is Art. 6(1)(f) GDPR. Our legitimate interest derives from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of identifying you as an individual.

9.3 Contact form

We provide a form on our website for you to contact us at any time. In order to use the contact form, you are required to enter a name (so that we can address you in person) and a valid e-mail address which we can use to contact you, so that we know who is making the request and we are able to process it.

If you send us requests using the contact form, your data from the request form will be processed, including the contact details you provided in it and your IP address, pursuant to Art. 6 (1)(b) and (f) GDPR, for taking steps prior to entering into a contract with you in response to your request, or to exercise our legitimate interest, i.e. in the performance of our business activities.

Requests and the data associated with them will be erased no later than 3 months after receipt, unless they are required for further contractual relationship purposes.

9.4 Use of Google Maps

Our website uses the Google Maps API. Through the use of Google Maps, information about your use of this website (including your IP address) may be transferred to and stored on a server of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) in the United States.

Google may transfer the information obtained from Maps to third parties if required by law or if third parties process this data on behalf of Google. Your IP address will not under any circumstances be combined with other Google data. However, we must point out that it would technically be possible for Google to identify individual users based on the data received.

We have no control over whether your personal data and personal profile are used by Google for other purposes. If you wish to avoid this, you can disable the Google Maps service and thus prevent the transfer of data to Google. To do this, all you have to do is disable JavaScript in your browser. In that case, no data will be transferred, but you will no longer be able to use the map display on our website.

Google’s Privacy Policy is available here: https://www.google.com/policies/privacy/?hl=de

Through the integration of Google Maps, the Google Fonts are also dynamically reloaded by Google, without this being actively determined by the website operator or visitor.  The integration of these web fonts takes place through a server call, usually a Google server in the USA. Through this, the following may be transmitted to the server and stored by Google:

- Name and version of the browser used

- Website from which the request was initiated (referrer URL)

- Operating system of your computer

- Screen resolution of your computer

- IP address of requesting computer

- Language settings of the browser or operating system used by the user

You can find more detailed information in Google's privacy policy, which you can access here:

www.google.com/fonts#AboutPlace:about  

www.google.com/policies/privacy/

We provide you with Google Maps as a service, so that you can accurately identify our location and, if necessary, better plan your visit to us. The use of Google Maps is therefore based on your consent in accordance with Art. 6  (1) (a) GDPR.

9.5 Google Tag Manager

We use the Google Tag Manager from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. Google Tag Manager is an administration and management tool in which other tracking and/or statistics tools can be centrally managed and played out. 

When you visit our website and give your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR, Google Tag Manager collects and processes your IP address, which may also be transferred to the USA. However, Google Tag Manager itself does not create any user profiles or analyses.

We have concluded an order processing contract with Google.

You can find the Google privacy policy here.

10. Analysis and tracking tools

https://www.linkedin.com/legal/privacy-policy

11. Rights of the Data Subject

You shall have the following rights:

11.1 Right of access

Pursuant to Art. 15 GDPR, you shall have the right to request information about your personal data being processed by us. This right of access includes the following information:

• the purposes of the processing
• the categories of the personal data
• the recipients or categories of recipient to whom your data have been or will be disclosed
• the envisaged data storage period, or at least the criteria used to determine that period
• the existence of the right to rectification, erasure, restriction of processing or objection
• the existence of the right to lodge a complaint with a supervisory authority
• the source of your personal data, where they were not collected by us
• the existence of automated decision-making, including profiling, and where appropriate, meaningful information about the logic involved.
  
  

11.2 Right to rectification

In accordance with Art. 16 GDPR, you shall have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data stored by us.

11. 3 Erasure

In accordance with Art. 17 GDPR, you shall have the right to obtain from us without undue delay the erasure of your personal data stored by us, unless further processing is required for one of the following reasons:

• the personal data are still necessary for the purposes for which they were collected or otherwise processed;
• to exercise the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, to the extent that the right referenced in a) is likely to render impossible or seriously impair the achievement of the objectives of that data processing, or
• for the establishment, exercise or defence of legal claims.
  
  

11.4 Right to restriction of processing

Pursuant to Art. 18 GDPR, you may request the restriction of processing of your personal data, for one of the following reasons:

• You contest the accuracy of your personal data.
• The processing is unlawful, and you oppose the erasure of your personal data.
• We no longer require the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims.
• You object to processing pursuant to Art. 21(1) GDPR.
  
  

11.5 Notification obligation

If you have requested rectification or erasure of your personal data or restriction of processing in accordance with Art.16, Art.17(1) and Art.18, we shall notify all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You may request that we inform you about those recipients.

11.6 Right to data portability

You shall have the right to obtain the personal data which you have provided to us in a structured, commonly used and machine-readable format.

You shall also have the right to request the transfer of these data to a third party, provided that processing was carried out by automated means and based on your consent pursuant to Art. 6(1)(1)(a) or Art. 9(2)(a) or for the performance of a contract pursuant to Art. 6(1)(1)(b) GDPR.

11.7 Withdrawal of consent

Pursuant to Art. 7(3) GDPR, you shall have the right at any time to withdraw consent you have previously granted to us. The withdrawal of consent shall not affect the lawfulness of processing carried out based on consent before its withdrawal. We may not carry out any further processing based on your consent, once you have withdrawn it.

11.8 Right to lodge a complaint

Pursuant to Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.

11.9 Right to object

Where your personal data are processed based on legitimate interests pursuant to Art. 6(1)(1)(f) GDPR, you shall have the right pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes. In the latter case, you shall have a general right to object which we shall implement without the need for your particular situation to be specified. You may exercise your right to object or to withdraw consent simply by sending an e-mail to isabel.veldkamp@mandado.de

11.10 Automated individual decision-making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right shall not apply if the decision:

• is necessary for entering into, or for the performance of, a contract between you and us,
• is authorised by Union or Member State law to which we are subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
• is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in a) and c), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.

12. Amendment of the Privacy Statement

If we amend the Privacy Statement, this will be indicated on the homepage and registered customers will be informed.

Version of 20.02.2024