Data protection

at Mahlo

We appreciate your visit on our website and your interest in our offer. We want you to feel comfortable and safe with regards to how we process your personal data. Data protection and transparency are very important to us. This Privacy Notice is meant to help you understand our privacy practices, including which Personal Data we collect, why we collect it, what we do with it, and how we protect it, as well as knowing your individual rights. This information will enable you to always be in full control of your personal data.

Controller

Controller legally responsible for data processing:
Mahlo GmbH + Co. KG
Donaustraße 12
D-93342 Saal / Donau
Germany
info@mahlo.com

Categories of data, purpose and legal basis

It´s possible to visit our website without disclosing any personal data besides the technical data provided for the operation of the website itself. For transparency reasons, our privacy notice can be found on every page.

Personal data is data about an identified or identifiable person. This means any information about you, information that could be used to identify you or that is directly associated with you. We use personal data like your IP address or technical data of your device (e.g. service provider and operating system), only to run and improve our website. We never save this data beyond the fulfilling of its purpose or legal retention periods.

We need this data to run our website. If you object to processing, you won´t be able to use our online offer. We evaluate this kind of information statistically in order to make using our website ever more comfortable. We don´t connect this information to any other data we have collected previously. It´s only meant to improve the performance and attractiveness of our website and its content. Data collected when using our website will be deleted at the latest after 14 months. In some cases, we might be allowed to save data in order to enforce or defend any legal claims.

In any data processing we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR). This includes collecting, saving and using your personal data. We will never use your data for marketing purposes, and we will never sell, rent or leave your personal data to third parties.

Art. 6. 1 b and 1 f are legal basis for processing data in order to take care of information and network security. According to these articles processing of personal data is legal if necessary for the performance of a contract or for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

According to Art. 13 2 e GDPR you are not obliged to provide us with your personal data when using our website. Nevertheless it´s just not possible to run a website without this kind of data.

Recipients of data

Your data will not be disclosed to any other third parties, except if there is a legal obligation to transfer the data. Art. 6 (1) c GDPR in connection with the respective instructions or the legal obligation we are subject to in the individual case, is the legal basis for processing data. Categories of recipients of the data are public authorities in case of a legal obligation and processors that process the data collected online on our behalf. Processors involved are:

Processing of personal data for contact

contact form / service form / application form / order for remote maintenance, spare parts, repair and return

We process information that you enter on our Website or communicate to us in some other way so that we can advise and supervise you following your request. This includes data you fill in a contact form or send us via e-mail. We will use this information only for your particular claims or requests. In order to protect your data, the transmission/transfer is coded by a common encryption method.

Data that you give us using our contact form, service form and form for ordering spare parts will stay encrypted until we have received the double opt-in confirmation. In case we don’t receive the confirmation, the data will be deleted after 30 days.

Your personal data will be deleted after we have answered your request or clarified your claim. Art. 6 1 a GDPR is legal basis for processing your data that you transmit by using the contact form, the service form and the application form. By transmitting your data, you give your consent to data processing for the described purposes. You may withdraw your consent with effect for the future in case you don’t want your data to be processed any more.

Art. 6 1b GDPR is legal basis for processing your data that you transmit by using the form for ordering remote maintenance, spare parts and repair and return.

Newsletter

If you subscribe to our newsletter, we collect your e-mail address and other information which allow us to confirm that this e-mail address belongs to you and that you agree to receiving our newsletter. Further data are not or are only collected voluntarily. We will only use these data for the transmission of the required information, and we will never pass them on to third parties.

Legal basis for the processing of your data that you gave to us by your subscription is your prior consent according to Art. 6 1 a) GDPR. You can at any time revoke your consent with effect for the future, e. g. by clicking the unsubscribe link that you can find in every newsletter.

We will store your data that you gave to us by subscribing to our newsletter until you unsubscribe and will delete them afterwards. Data that have been stored for other purposes remain unaffected.

Our newsletters are delivered by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service that allows us to organize and analyze the newsletter delivery. The data you provided for the purpose of receiving the newsletter (e. g. e-mail address) are stored on servers of CleverReach in Germany or in Ireland.

Newsletters delivered by CleverReach allow us to analyze the behavior of the newsletter receivers. We can analyze among other things how many receivers have opened the Newsletter and how often they clicked what link in the Newsletter. By means of the so-called conversion tracking we can also analyze if a predefined action was taken after clicking a link (e. g. Purchase of a product on our Website).

You can find further information about the data analysis by CleverReach here:

https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.  

Legal basis for processing is your prior consent according to Art. 6 1 a) GDPR. You can at any time revoke your consent with effect for the future by unsubscribing the newsletter. If you do not agree to the analysis by CleverReach, you have to unsubscribe the newsletter. Therefore, we provide you with an unsubscribe link in every newsletter message.

We will store your data that you gave to us by subscribing to our newsletter until you unsubscribe. Your data will be deleted by us as well as by CleverReach after you unsubscribed our newsletter. Data that have been stored for other purposes remain unaffected.

For more information we refer to the CleverReach data protection information:

https://www.cleverreach.com/de/datenschutz/

Fairs

Our sales staff will collect conversation and contact information during your visit to one of our booths. These are used to initiate a business relationship and on the basis of our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. b and f GDPR. The trade fair protocols are digitized and stored in our ERP system. If no business relationship is established, the logs and your contact information will be deleted after 5 years.  Subject to your consent, we will send you the information you have requested to the contact address provided, also by e-mail, or contact you by telephone. The legal basis for this is Art. 6 Para. 1 S. 1 lit a GDPR. Information on revocation can be found in the corresponding paragraph of this data protection notice.

Cookies

We use session cookies on our website. In the following, we would like to briefly explain the purpose of these cookies. Cookies are short snippets of text that we store on your computer. Cookies do not execute commands on your computer, so they do not pose a security risk. Session cookies store certain information while you browse our website and are not stored permanently, but are deleted when you leave our website. The use of session cookies is based on Article 6 (1) (f). The operation of the website is in the legitimate interest of the controller. You can control the handling of cookies in your browser, you can even reject cookies altogether or configure your browser so that cookies are deleted regularly. You will find sufficient information on this on the Internet.

Google Analytics

This Website uses Google Analytics, a web analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called “Cookies” – small text files that are placed on your computer and which allow an analysis of the use of our website by you.

Among other things, the following data is collected from you: IP address, time spent on the website, language, location, and the browser you are using. The analysis is carried out by means of an algorithm (machine learning) that measures and analyzes your user behavior based on the collected data and can recognize it on other devices you use. By default, your IP address is anonymized by shortening it before it is transmitted to Google.

We have disabled Google Signals.

You can find more detailed information about how Google uses those data here: https://policies.google.com/privacy/partners?hl=de

The transfer of data to the USA is based on the Data Privacy Framework. Google Analytics will only be used if you have given your consent.  The legal basis is Art. 6 Para. 1 S. 1 lit a GDPR and § 25 TTDSG.

You can revoke this consent at any time by clicking on the "Cookie settings" button under "Cookies" and saving a new selection.

The data collected with Google Analytics is passed on internally to our marketing department.

Leadinfo

We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.

Purpose of data processing is identifying businesses that visited our website in order to conduct effective direct marketing or to optimize the use of the traffic on our website.

Legal basis for processing is our legitimate interest according to Art. 6(1) f GDPR.
You can object to the use of your data for direct marketing at any time, without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates.

In particular the following data can be processed: IP-Address, name of the business, LinkedIn profile URL, business e-mail address, contact data of key decision makers that have pro-actively visited our website.

We will store any personal data as long as needed in order to fulfill the purpose. After fulfillment of the purpose any personal data will be deleted as long as they are not suspect to legal retention periods.

We will only use Leadinfo with your prior permission. Legal basis is Art. 6(1) a GDPR.

We have entered into a data processing agreement with Leadinfo.

Google Remarketing

This Website uses the remarketing function of Google Inc. This function is used to present users within the Google advertising network interest-based advertisement. It is placed a so-called “Cookie” on the browser of the website visitor which allows recognizing the visitor in case he calls up a webpage that belongs to the Google advertising network. On those pages, users can be presented advertisements that relate to content on websites that have been called up by the visitor before and which use the Google remarketing function. We only place the Google remarketing cookie with your prior consent to cookies. Legal basis is Art. 6(1) a GDPR.

According to Google’s own statement, Google does not collect personal data during this process. In case you still don’t want the Google Remarketing to be active, you can deactivate it by modifying the settings here: http://www.google.com/settings/ads

As an alternative you can deactivate the use of cookies for interested-based advertisement by following these instructions: https://optout.networkadvertising.org/?c=1

Social Media profiles

Facebook and Instagram
We have a profile at Facebook and Instagram. Supplier respectively is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. We entered a Joint-Controllership-Agreement with Facebook. This agreement states for which data processing operations we or Facebook are responsible when you visit our Facebook-Fanpage. Facebook-Ireland is primarily responsible according to GDPR for the processing of Insight data. You can view this agreement here:
https://www.facebook.com/legal/terms/page_controller_addendum

You can modify your advertising preferences in your profile by yourself. Therefore, click on the following link and log in.
https://www.facebook.com/settings?tab=ads 

You can find detailed information within the data protection notice of Facebook:
https://www.facebook.com/about/privacy/ 

Xing
We use a Xing account operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
The data protection notice of Xing can be found here:
https://privacy.xing.com/de/datenschutzerklaerung 

LinkedIn
We use a LinkedIn account operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. In order to modify your settings concerning advertising measures in your profile at LinkedIn, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

The data protection notice of LinkedIn can be found here:
https://www.linkedin.com/legal/privacy-policy 

Youtube

We have integrated YouTube videos (operator of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) via a so-called iframe. This iframe will only be loaded if you agree to this by selecting it accordingly in the cookie banner. As soon as you do that, a connection to YouTube's server in the USA will be established.

This connection is necessary to be able to display the respective video on our website via your Internet browser. In the course of this, YouTube will at least record and process your IP address, the date and time as well as the website you visited. In addition, a connection to Google's "DoubleClick" advertising network is established.

If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of functionality and for the analysis of user behavior, YouTube permanently stores cookies on your device via your Internet browser.

In addition, Google loads so-called web fonts into your browser cache after your consent to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. For more information about Google Web Fonts, see

https://developers.google.com/fonts/faq

and Google's privacy policy:

https://www.google.com/policies/privacy/.

The legal basis is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

We also use a YouTube channel of the operator Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page on which Youtube video is embedded, your IP address and various technical data of your device such as operating system, browser used, etc. is stored by Youtube on servers in the USA.

The legal basis for the processing of your data is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

When you visit our YouTube channel, the operator processes, among other things, your personal data such as IP address and information about your device. If you are logged in with your Google account, this data can be linked to your account.

For optimizing reach and improving our offer, we use the statistical data provided by Google about the use of the channel. In particular, we can view the following data: 

  • Number of views on our videos
  • Number of subscribers to our channel
  • Traffic Source
  • Endpoint information
  • Demographic data
  • Categories of other videos viewed by viewers of our videos.

We have no influence on the generation of these statistics.

Further information on data processing and storage duration by and at Google can be found at:

https://policies.google.com/privacy?hl=de

In addition, we may process your personal data to respond to inquiries or for other communication via our channel.

The legal basis for the processing is your consent, which you give us by visiting our channel and writing a comment or entering into other communication with us (Art. 6 para. 1 p. 1 lit. a GDPR).

Your rights

According to GDPR you have the following rights with regard to your personal data. You can find more detailed information in Art. 15 to 21 GDPR as well as in §§ 32 to 37 German Federal Data Protection Act. 

You have the right to access your personal data. You may also request the rectification of inaccurate data. Under certain conditions you have the right to erasure, the right to restriction and the right to data portability. Further, you have the right to object to processing of personal data which is based on point (e), (f) of Art. 6(1), including profiling based on those provisions. You may withdraw your consent at any time and without giving reasons with effect for the future.

You may assert these rights directly with the controller. Therefore, informal contact is sufficient. You may send an Email or a letter.

You also have the right to lodge a complaint with a supervisory authority if you find our processing of your personal data to be inconsistent with applicable data protection law. A list of federal Data Protection Commissioner and contact data can be found here:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html  

Do you have questions?

In case of any further questions please feel free to contact our officer for data protection: 

David Gabel - Email: david.gabel@your-insider.com 

General information concerning data protection and processing of personal data can be found at https://www.dsgvo-support.de

 


Data protection notice for Facebook

Welcome to our Facebook page.

We want you to feel comfortable and safe with regards to how we process your personal data. Data protection and transparency are very important to us. That’s why we want to inform you accordingly.

We entered into a Joint-Controllership-Agreement with Facebook according to Art. 26 GDPR. You can call up this agreement here: https://www.facebook.com/legal/terms/page_controller_addendum]

This agreement states that Facebook comprehensively undertakes the obligations arising from data protection laws.

1. Controller

Joint Controllers for operation of this Facebook page are:

a)
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbor

Dublin 2 Ireland

You can contact Facebook’s data protection officer by using this form:
www.facebook.com/help/contact/540977946302970.

and

b)

Mahlo GmbH & Co. KG
Donaustraße 12
D-93342 Saal/Donau

Our external data protection officer can be contacted via E-Mail:
david.gabel@your-insider.com

2. Categories of Data, purpose and legal basis

Concerning the data processing by Facebook we refer to their data protection notice:

https://www.facebook.com/privacy/explanation

In the following we explain to you the data processing operations carried out by us.

a) Statistical Data

We can retrieve statistical data of different categories via the so-called “Insights” (https://www.facebook.com/business/a/page/page-insights).

These statistics are created and provided by Facebook. We as operator cannot influence creation and display. We can neither deactivate this function nor prevent the creation and processing of the data. Facebook provides us with the following data for a definable period of time for the categories, respectively, fans, subscribers, people reached, people interacting: Total number of call ups, “Likes”, page activity, post interactions, range of the posts, comments, shared content, answers, share of men and women, origin concerning country and city, language, call ups and clicks in the shop, clicks on the route planner, clicks on phone numbers. Also, in doing so, data of the Facebook Groups connected with our Facebook page are provided.

As a result of the continuous development of Facebook, the availability and processing of data changes, wherefore we refer to the data protection notice of Facebook for more detailed information.

Legal basis for processing is Art. 6 1 f GDPR. Making our posts and activities more attractive for the users is our legitimate interest. For example, we use the distribution of age and gender for addressing our users in an adjusted way and the preferred visiting hours of the users for timely optimized planning of our posts. Information about the user’s device help us adjusting our posts in appearance.

b) Interactions with our account

Also, you can interact with our account. For example, you can do that by pressing the “Like” button, share or comment on a post or by directly writing to us.

In case of you interacting with us, we inevitably process your data as we then can see your account and therefore have access to your personal data; this includes your username, profile picture or date or time of your interaction. According to Facebook’s terms of use, that every user has agreed to when creating a Facebook profile, we can identify subscribers and fans of the page and view their profile as well as their shared content.

These data are information that are only provided through an interaction with our profile. Legal basis for processing is Art. 6 1 b GDPR.

3. Recipient of data

We would like to point out that Facebook might transmit your data to third parties. We cannot influence this, though. You can find more detailed information within the data protection notice of Facebook: www.facebook.com/privacy/explanation   

We only share personal data within our organization if and when necessary for the purposes specified in this privacy notice. We don´t share personal data with any third party outside of our organization unless one of the following circumstances applies.

Art 6 (1) c GDPR

Processing is necessary for compliance with a legal obligation to which the controller is subject.

Recipients of your personal data may be public offices as well as processors, processing the data collected online in our behalf (Webhosts, designer etc.)

4. Storage period and erasure

You can find information about data storage by Facebook in their data protection notice: www.facebook.com/privacy/explanation.  

We store the personal data transmitted to us by you only for the period of time that is necessary to fulfil the purposes for which the data have been transmitted or as long as we are obligated by law to store them. After fulfilment of the purpose and/or after the legal retention period has expired, we either delete or block the data.

5. Your rights

According to GDPR you have the following rights with regard to your personal data. You can find more detailed information in Art. 15 to 21 GDPR as well as in §§ 32 to 37 German Federal Data Protection Act. 

You have the right to access your personal data. You may also request the rectification of inaccurate data. Under certain conditions you have the right to erasure, the right to restriction and the right to data portability. Further, you have the right to object to processing of personal data which is based on point (e), (f) of Art. 6(1), including profiling based on those provisions. You may withdraw your consent at any time and without giving reasons with effect for the future. 

You may assert these rights directly with the controller. Therefore, informal contact is sufficient. You may send an Email or a letter. 

You also have the right to lodge a complaint with a supervisory authority if you find our processing of your personal data to be inconsistent with applicable data protection law. A list of federal Data Protection Commissioner and contact data can be found here: 

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html  

 

If processing by Facebook is involved, you can directly contact Facebook. In particular this is the case when it’s about processing in the scope of the “Insights”.

You can contact Facebook via this form: https://www.facebook.com/help/contact/2061665240770586.  

Furthermore, you might send a letter to:

Facebook Ireland Ltd.   
4 Grand Canal Square   
Grand Canal Harbour   
Dublin 2 Ireland   

As an alternative you might also contact us, and we transmit your request – according to our agreement with Facebook as per Art. 26 GDPR – to Facebook.