Data protection

at Mahlo

We appreciate your visit on our website and your interest in our offer. We want you to feel comfortable and safe with regards to how we process your personal data. Data protection and transparency are very important to us. This Privacy Notice is meant to help you understand our privacy practices, including which Personal Data we collect, why we collect it, what we do with it, and how we protect it, as well as knowing your individual rights. This information will enable you to always be in full control of your personal data.


Controller legally responsible for data processing:
Mahlo GmbH + Co. KG
Donaustraße 12
D-93342 Saal / Donau

Categories of data, purpose and legal basis

It´s possible to visit our website without disclosing any personal data besides the technical data provided for the operation of the website itself. For transparency reasons, our privacy notice can be found on every page.

Personal data is data about an identified or identifiable person. This means any information about you, information that could be used to identify you or that is directly associated with you. We use personal data like your IP address or technical data of your device (e.g. service provider and operating system), only to run and improve our website. We never save this data beyond the fulfilling of its purpose or legal retention periods.

We need this data to run our website. If you object to processing, you won´t be able to use our online offer. We evaluate this kind of information statistically in order to make using our website ever more comfortable. We don´t connect this information to any other data we have collected previously. It´s only meant to improve the performance and attractiveness of our website and its content. Data collected when using our website will be deleted at the latest after 14 months. In some cases, we might be allowed to save data in order to enforce or defend any legal claims.

In any data processing we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR). This includes collecting, saving and using your personal data. We will never use your data for marketing purposes, and we will never sell, rent or leave your personal data to third parties.

Art. 6. 1 b and 1 f are legal basis for processing data in order to take care of information and network security. According to these articles processing of personal data is legal if necessary for the performance of a contract or for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

According to Art. 13 2 e GDPR you are not obliged to provide us with your personal data when using our website. Nevertheless it´s just not possible to run a website without this kind of data.

Recipients of data

We only share personal data within our organization if and when necessary for the purposes specified in this privacy notice. We don´t share personal data with any third party outside of our organization unless one of the following circumstances applies.

Art 6 1c GDPR
Processing is necessary for compliance with a legal obligation to which the controller is subject.

Recipients of your personal data may be public offices as well as processors, processing the data collected online in our behalf. (Google, Webhosts, etc.)

Data processors are

Processing of personal data for contact

contact form / service form / application form / order for remote maintenance, spare parts, repair and return

We process information that you enter on our Website or communicate to us in some other way so that we can advise and supervise you following your request. This includes data you fill in a contact form or send us via e-mail. We will use this information only for your particular claims or requests. In order to protect your data, the transmission/transfer is coded by a common encryption method.

Data that you give us using our contact form, service form and form for ordering spare parts will stay encrypted until we have received the double opt-in confirmation. In case we don’t receive the confirmation, the data will be deleted after 30 days.

Your personal data will be deleted after we have answered your request or clarified your claim. Art. 6 1 a GDPR is legal basis for processing your data that you transmit by using the contact form, the service form and the application form. By transmitting your data, you give your consent to data processing for the described purposes. You may withdraw your consent with effect for the future in case you don’t want your data to be processed any more.

Art. 6 1b GDPR is legal basis for processing your data that you transmit by using the form for ordering remote maintenance, spare parts and repair and return.


If you subscribe to our newsletter, we collect your e-mail address and other information which allow us to confirm that this e-mail address belongs to you and that you agree to receiving our newsletter. Further data are not or are only collected voluntarily. We will only use these data for the transmission of the required information, and we will never pass them on to third parties.

Legal basis for the processing of your data that you gave to us by your subscription is your prior consent according to Art. 6 1 a) GDPR. You can at any time revoke your consent with effect for the future, e. g. by clicking the unsubscribe link that you can find in every newsletter.

We will store your data that you gave to us by subscribing to our newsletter until you unsubscribe and will delete them afterwards. Data that have been stored for other purposes remain unaffected.

Our newsletters are delivered by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service that allows us to organize and analyze the newsletter delivery. The data you provided for the purpose of receiving the newsletter (e. g. e-mail address) are stored on servers of CleverReach in Germany or in Ireland.

Newsletters delivered by CleverReach allow us to analyze the behavior of the newsletter receivers. We can analyze among other things how many receivers have opened the Newsletter and how often they clicked what link in the Newsletter. By means of the so-called conversion tracking we can also analyze if a predefined action was taken after clicking a link (e. g. Purchase of a product on our Website).

You can find further information about the data analysis by CleverReach here:  

Legal basis for processing is your prior consent according to Art. 6 1 a) GDPR. You can at any time revoke your consent with effect for the future by unsubscribing the newsletter. If you do not agree to the analysis by CleverReach, you have to unsubscribe the newsletter. Therefore, we provide you with an unsubscribe link in every newsletter message.

We will store your data that you gave to us by subscribing to our newsletter until you unsubscribe. Your data will be deleted by us as well as by CleverReach after you unsubscribed our newsletter. Data that have been stored for other purposes remain unaffected.

For more information we refer to the CleverReach data protection information:


When visiting our stand, our marketing staff will collect meeting and contact information. Those will be used for the purpose of the preparation of a business connection and our legitimate interests based on Art. 6 1 b) and f). The fair protocols will be digitized and stored within our ERP-system. We will delete your contact information as well as the fair protocols after 5 years in case we did not enter into a business relationship with each other. With your prior consent we will send you information requested or contact you via telephone.

Legal basis is Art. 6 1 a GDPR.


We use two types of cookies: session cookies and persistent cookies. Cookies are small text files that we place on your computer. Cookies cannot execute any commands and therefore, they pose no security risk.
Session Cookies store information during the visit of our website. They are not stored permanently on your computer since they disappear when the browser is closed. When you visit our website for the first time, we inform you about the use of cookies. We store your perusal in a cookie so that we don’t have to show you this information every time you visit our website. Legal basis for the use of cookies is Art. 6 1 f GDPR. According to this article processing of personal data is legal if necessary for the purpose of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights of the data subject. The controller has a legitimate interest in operating the website.
You can define the handling of cookies by yourself in your browser, you can completely refuse cookies, or you can set your browser to regularly delete cookies. You can find sufficient information concerning this matter on the Internet.

Google Analytics

This Website uses Google Analytics, a web analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called “Cookies” – small text files that are placed on your computer and which allow an analysis of the use of our website by you. You can find more detailed information about how Google uses those data here:

We will only use Google Analytics with your prior permission. Legal basis for processing is Art. 6(1) a GDPR.


We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit On this page: you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.

Purpose of data processing is identifying businesses that visited our website in order to conduct effective direct marketing or to optimize the use of the traffic on our website.

Legal basis for processing is our legitimate interest according to Art. 6(1) f GDPR.
You can object to the use of your data for direct marketing at any time, without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates.

In particular the following data can be processed: IP-Address, name of the business, LinkedIn profile URL, business e-mail address, contact data of key decision makers that have pro-actively visited our website.

We will store any personal data as long as needed in order to fulfill the purpose. After fulfillment of the purpose any personal data will be deleted as long as they are not suspect to legal retention periods.

We will only use Leadinfo with your prior permission. Legal basis is Art. 6(1) a GDPR.

We have entered into a data processing agreement with Leadinfo.


We use Hotjar, a web analysis service by
Hotjar Limited Dragonara Business Centre

5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, Europe

to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e. g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. 

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site."

Legal basis für processing is your prior permission (Art. 6 (1) a GDPR). We will store your data after the fulfillment of the purpose only within the scope of legal obligations.

We have entered into a data processing agreement with Hotjar.

Google Remarketing

This Website uses the remarketing function of Google Inc. This function is used to present users within the Google advertising network interest-based advertisement. It is placed a so-called “Cookie” on the browser of the website visitor which allows recognizing the visitor in case he calls up a webpage that belongs to the Google advertising network. On those pages, users can be presented advertisements that relate to content on websites that have been called up by the visitor before and which use the Google remarketing function. We only place the Google remarketing cookie with your prior consent to cookies. Legal basis is Art. 6(1) a GDPR.

According to Google’s own statement, Google does not collect personal data during this process. In case you still don’t want the Google Remarketing to be active, you can deactivate it by modifying the settings here:

As an alternative you can deactivate the use of cookies for interested-based advertisement by following these instructions:

Social Media profiles

Facebook and Instagram
We have a profile at Facebook and Instagram. Supplier respectively is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. We entered a Joint-Controllership-Agreement with Facebook. This agreement states for which data processing operations we or Facebook are responsible when you visit our Facebook-Fanpage. Facebook-Ireland is primarily responsible according to GDPR for the processing of Insight data. You can view this agreement here:

You can modify your advertising preferences in your profile by yourself. Therefore, click on the following link and log in. 

You can find detailed information within the data protection notice of Facebook: 

We use a Xing account operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
The data protection notice of Xing can be found here: 

We use a LinkedIn account operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. In order to modify your settings concerning advertising measures in your profile at LinkedIn, please use the following link: 

The data protection notice of LinkedIn can be found here: 

For embedding Videos from Youtube we use the so-called privacy-enhanced mode. Operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Your rights

According to GDPR you have the following rights with regard to your personal data. You can find more detailed information in Art. 15 to 21 GDPR as well as in §§ 32 to 37 German Federal Data Protection Act. 

You have the right to access your personal data. You may also request the rectification of inaccurate data. Under certain conditions you have the right to erasure, the right to restriction and the right to data portability. Further, you have the right to object to processing of personal data which is based on point (e), (f) of Art. 6(1), including profiling based on those provisions. You may withdraw your consent at any time and without giving reasons with effect for the future.

You may assert these rights directly with the controller. Therefore, informal contact is sufficient. You may send an Email or a letter.

You also have the right to lodge a complaint with a supervisory authority if you find our processing of your personal data to be inconsistent with applicable data protection law. A list of federal Data Protection Commissioner and contact data can be found here:  

Do you have questions?

In case of any further questions please feel free to contact our officer for data protection: 

David Gabel - Email: david.gabel(at) 

General information concerning data protection and processing of personal data can be found at