ISO 9001 certified // Direct from the manufacturer
Outstanding quality
Worldwide delivery
Wide selection of colors and products
From cutting to large delivery
Go to home page
+ 49 89 74 482 4-0
Select
Cart € 0,00 *

Privacy policy

 

1. Introduction

With the following information, we would like to provide you, as a "data subject," with an overview of how we process your personal data and your rights under data protection laws. In principle, you can use our website without providing any personal data. However, if you wish to use special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

 

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to "mah-ATN GmbH". This privacy policy is intended to inform you about the scope and purpose of the personal data we collect, use, and process.

 

As the data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. However, internet-based data transmissions can fundamentally have security vulnerabilities, meaning absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or mail.

 

You too can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to give you some tips on how to handle your data securely: 

l Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.

l Only you should have access to the passwords.

l Make sure you only ever use your passwords for one account (login, user or customer account).

l Do not use the same password for different websites, applications, or online services.

l Especially when using publicly accessible IT systems or systems shared with other people, it is essential that you log out after every login to a website, application or online service.

 

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name, or the names of relatives, but rather uppercase and lowercase letters, numbers, and special characters.

 

2. Responsible

The controller within the meaning of the GDPR is:

 

mah-ATN GmbH

Peter-Henlein-Straße 15, 85540 Haar, Germany

 

Telephone: +4989744824-0

 

Email: service@mah.de

 

Representative of the responsible party: Mercia Gottlieb

 

3. Data Protection Officer

You can reach the data protection officer as follows:

 

Rowidat GmbH, Robert Winkler

 

Email: dsb-mahatn@rowidat.de

 

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

 

4. Definitions

This privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for both the general public and our customers and business partners. To ensure this, we would like to explain the terminology used beforehand.

 

In this privacy policy, we use, among other things, the following terms:

 

1. Personal data

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Affected person

A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. application

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

5. Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

6. pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

7. processors

A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

8. Recipients

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not considered recipients.

9. third

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

10. consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

5. Legal basis for processing

Article 6 paragraph 1 letter a) GDPR (in conjunction with Section 25 paragraph 1 TDDDG (formerly TTDSG)) serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose.

 

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, then the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, such as in cases of inquiries about our products or services.

 

If our company is subject to a legal obligation which necessitates the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

 

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details, or other vital information had to be disclosed to a doctor, hospital, or other third party. In such a case, the processing would be based on Article 6(1)(d) GDPR.

 

Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted in particular because they have been specifically mentioned by the European legislator. The legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, second sentence, GDPR).

 

Our services are generally intended for adults. Individuals under the age of 16 may not submit any personal data to us without the consent of their parents or legal guardians. We do not request, collect, or share personal data from children and adolescents.

 

6. Transfer of data to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.

 

We only share your personal data with third parties if:

 

1. You have given us your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR,

2. the transfer is permissible under Art. 6 para. 1 lit. f) GDPR for the purposes of safeguarding our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred,

3. in the event that there is a legal obligation to disclose the data pursuant to Article 6(1)(c) GDPR, as well as

4. this is legally permissible and necessary for the performance of a contract with you pursuant to Art. 6 para. 1 lit. b) GDPR.

 

To protect your data and, where necessary, to allow us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission's Standard Contractual Clauses. If the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Art. 49 para. 1 lit. a) GDPR can serve as the legal basis for the transfer to third countries. This may not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

 

Your personal data will not be transmitted to third parties for purposes other than those listed below.

 

We only share your personal data with third parties if:

 

1. You have given us your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR,

2. the transfer is permissible under Art. 6 para. 1 lit. f) GDPR for the purposes of safeguarding our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred,

3. in the event that there is a legal obligation to disclose the data pursuant to Article 6(1)(c) GDPR, as well as

4. this is legally permissible and necessary for the performance of a contract with you pursuant to Art. 6 para. 1 lit. b) GDPR.

 

As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly stated this for the service providers concerned in the privacy policy. To protect your data in all other cases, we have concluded data processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 para. 1 lit. a) GDPR can serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

 

7. Technique

7.1 SSL/TLS encryption

This page uses for warranty For the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that "https://" appears in the browser's address bar instead of "http://" and by the padlock symbol in your browser's address bar.

 

We use this technology to protect your transmitted data.

 

7.2 Data collection when visiting the website

When you use our website for purely informational purposes, without registering, otherwise providing us with information, or consenting to processing that requires consent, we only collect data that is technically essential for providing the service. This typically includes data that your browser transmits to our server ("in so-called server log files"). Our website collects a range of general data and information each time a page is accessed by you or an automated system. This general data and information is stored in the server's log files. The following data may be collected:

 

1. browser types and versions used,

2. the operating system used by the accessing system,

3. the website from which an accessing system reaches our website (so-called referrer),

4. the subpages which are accessed via an accessing system on our website,

5. the date and time of access to the website,

6. a shortened Internet Protocol address (anonymized IP address) as well as,

7. the Internet service provider of the accessing system.

 

We do not draw any conclusions about you personally when using this general data and information. Rather, this information is needed to

 

1. to deliver the content of our website correctly,

2. to optimize the content of our website and the advertising for it,

3. to ensure the continued functionality of our IT systems and the technology of our website, as well as

4. to provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack.

 

We therefore use this collected data and information for statistical analysis and to improve data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.

 

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes of data collection listed above.

 

7.3 Hosting by Hetzner

We host our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).

 

When you visit our website, your personal data (e.g. IP addresses in log files) will be processed on Hetzner's servers.

 

The use of Hetzner is based on Article 6 Paragraph 1 Letter f) GDPR. We have a legitimate interest in the most reliable possible presentation, provision, and security of our website.

 

We have concluded a data processing agreement (DPA) with Hetzner in accordance with Article 28 of the GDPR. This is a legally required contract under data protection law, which ensures that Hetzner processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

 

Further information on Hetzner's data protection regulations can be found at: https://www.hetzner.com/de/rechtliches/datenschutz

 

8. Cookies

8.1 General information about cookies

Cookies are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

 

The cookie stores information related to the specific device being used. However, this does not mean that we thereby gain direct knowledge of your identity.

 

We use cookies to make your experience on our website more enjoyable. For example, we use session cookies to recognize that you have already visited certain pages of our website. These are automatically deleted when you leave our site.

 

Furthermore, we also use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specific, predetermined period. When you revisit our site to use our services, it is automatically recognized that you have already been here and what entries and settings you have made, so you don't have to enter them again.

 

Secondly, we use cookies to statistically record the use of our website and to evaluate our services for optimization purposes. These cookies allow us to automatically recognize that you have already visited our website when you return. These cookies are automatically deleted after a defined period. The specific storage duration of the cookies can be found in the settings of the consent tool used.

 

8.2 Legal basis for the use of cookies

The data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

 

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a) GDPR.

 

8.3 Usercentrics (Consent Management Tool)

We use the consent management tool "Usercentrics" from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service allows us to obtain and manage the consent of website users for data processing.

 

Usercentrics collects data generated by end users who use our website. When an end user gives their consent, the following data is automatically logged by Usercentrics:

 

l Browser information.

l Date and time of access.

l Device information.

l The URL of the visited page.

l Geographic location.

l Website page path.

l The consent status of the end user, which serves as proof of consent.

The consent status is also stored in the end user's browser, allowing the website to automatically read and respect the end user's consent for all subsequent page requests and future user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. This retention period corresponds to the regular limitation period according to § 195 of the German Civil Code (BGB). The data is then deleted immediately or, upon request, provided to the responsible party in the form of a data export.

 

The functionality of the website cannot be guaranteed without the described processing. Users have no right to object as long as there is a legal obligation to obtain their consent for certain data processing operations (Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR).

 

Usercentrics is the recipient of your personal data and acts as a data processor for us.

 

Detailed information on the use of Usercentrics can be found at: https://usercentrics.com/privacy-policy/.

 

9. Content of our website

9.1 Registration as a user

You have the option to register on our website by providing personal data.

 

The specific personal data transmitted to us during registration is determined by the respective input form used. The personal data you enter is collected and stored exclusively for our internal use and purposes. We may transfer this data to one or more processors, such as a parcel service provider, who will also use the personal data exclusively for internal purposes attributable to us.

 

By registering on our website, the IP address assigned to you by your internet service provider (ISP), as well as the date and time of registration, are also stored. This data is stored to prevent misuse of our services and to enable the investigation of criminal offenses if necessary. Therefore, storing this data is necessary for our protection. This data will not be shared with third parties unless we are legally obligated to do so or if disclosure is necessary for law enforcement purposes.

 

Your registration, including the voluntary provision of personal data, also enables us to offer you content or services that, by their very nature, can only be offered to registered users. Registered users have the option to modify the personal data provided during registration at any time or to have it completely deleted from our database.

 

We will provide you with information about what personal data we store about you upon request. Furthermore, we will correct or delete your personal data at your request, provided that no legal retention obligations prevent us from doing so. A data protection officer named in this privacy policy and all other employees are available to the data subject as points of contact in this regard.

 

Your data is processed in the interest of a comfortable and easy use of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.

 

9.2 Data processing when opening a customer account and for contract processing

In accordance with Article 6(1)(b) of the GDPR, personal data is collected and processed when you provide it to us for the performance of a contract or when opening a customer account. The specific data collected is evident from the respective input forms. You can delete your customer account at any time, for example, by sending a message to the data controller's address above. We store and use the data you provide for contract processing. After complete contract fulfillment or deletion of your customer account, your data will be blocked in accordance with tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use your data as permitted by law, about which we will inform you accordingly below.

 

9.3 Data processing for order processing

The personal data we collect will be shared with the transport company commissioned with delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will share your payment data with the commissioned bank as part of the payment processing, insofar as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b) GDPR.

 

9.4 Data processing for identity verification

Where necessary, we verify your identity on the legal basis of Article 6, paragraph 1, letters b) and f) of the GDPR, using information from service providers. This is justified by the need to protect your identity and prevent fraud against us. The fact and result of our inquiry will be stored in your customer or guest account for the duration of the contractual relationship.

 

9.5 Contract conclusions with online shops, retailers and shipping companies

We only transfer personal data to third parties if this is necessary for processing your order, for example, to the companies entrusted with delivering the goods or the bank responsible for processing payments. Your data will not be transferred beyond this scope unless you have expressly consented to it. Your data will not be shared with third parties without your explicit consent, for example, for advertising purposes.

 

The legal basis for data processing is Art. 6 para. 1 lit. b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

 

9.6 Contacting us / Contact form

When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected when using a contact form is indicated on the form itself. This data is stored and used solely for the purpose of responding to your inquiry, contacting you, and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry, pursuant to Article 6(1)(f) of the GDPR. If your inquiry aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted after your inquiry has been fully processed. This is the case when it is clear from the circumstances that the matter has been resolved and no legal retention obligations prevent its deletion.

 

10. Newsletter distribution

10.1 CleverReach

This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, (CRASH Building), Schafjückenweg 2, 26180 Rastede, Germany. CleverReach is a service that allows us to organize and analyze newsletter distribution. The data you enter for the purpose of subscribing to the newsletter (e.g., your email address) is stored on CleverReach's servers in Germany and Ireland.

 

Our newsletters, sent via CleverReach, allow us to analyze the behavior of newsletter recipients. This includes analyzing how many recipients opened the newsletter and how often each link within the newsletter was clicked. Using conversion tracking, we can also analyze whether a predefined action (e.g., purchasing a product on our website) occurred after clicking a link in the newsletter. Further information on data analysis through CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

 

Data processing is based on your consent (Art. 6 para. 1 lit. a) GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.

 

If you do not wish to have your data analyzed by CleverReach, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter email. You can also unsubscribe directly on the website.

 

You can withdraw your consent at any time. You can also prevent processing at any time by unsubscribing from the newsletter. Furthermore, you can prevent the storage of cookies by adjusting your web browser settings. You can also prevent the storage and transmission of personal data by disabling JavaScript in your web browser or by installing a JavaScript blocker (e.g., https://noscript.net or https://www.ghostery.com). Please note that these measures may prevent you from using all the features of our website.

 

The data you provided for the purpose of subscribing to our newsletter will be stored by us until you unsubscribe. After you unsubscribe, this data will be deleted from both our servers and CleverReach's servers. Data stored for other purposes (e.g., email addresses for the members' area) will remain unaffected.

 

You can view CleverReach's privacy policy at: https://www.cleverreach.com/de/datenschutz/.

 

11. Our activities on social networks

To enable us to communicate with you on social networks and inform you about our services, we maintain our own pages there. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by this visit, in accordance with Article 26 of the GDPR.

 

We are not the original provider of these pages, but merely use them within the framework of the possibilities offered to us by the respective providers.

Therefore, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Using these services may therefore involve data protection risks for you, as exercising your rights, e.g., to access, erasure, or objection, could be more difficult. Furthermore, processing on social networks is often carried out directly by the providers for advertising purposes or to analyze user behavior, without our being able to influence this. If the provider creates user profiles, cookies are frequently used, or your usage behavior is associated with your own social network member profile.

 

The processing of personal data described above is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a modern manner and/or to inform you about our services. If you are required to give your consent to data processing as a user to the respective providers, the legal basis is Article 6(1)(a) GDPR in conjunction with Article 7 GDPR.

 

Since we have no access to the providers' data, we advise you to assert your rights (e.g., to information, rectification, erasure, etc.) directly with the respective provider. Further information on the processing of your data on social networks is listed below for each of the social network providers we use:

 

11.1 Facebook

(Joint) controller for data processing in Europe:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

 

Privacy Policy (Data Policy):

https://www.facebook.com/about/privacy

 

11.2 Instagram

(Joint) controller for data processing in Germany:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

 

Privacy Policy (Data Policy):

https://instagram.com/legal/privacy/

 

11.3 LinkedIn

(Joint) controller for data processing in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

 

Data protection statement:

https://www.linkedin.com/legal/privacy-policy

 

12. Web Analysis

12.1 Google Analytics 4 (GA4) - Additional information on consent mode, extended implementation

Under the Digital Markets Act, Google is required to obtain user consent before processing user data for personalized advertising. Google fulfills this requirement with its "Consent Mode." Users are obligated to implement this mode to demonstrate that they have obtained consent from website visitors.

 

Google offers two implementation modes: the simple and the advanced implementation.

 

We use the extended implementation method of Google Consent Mode. If you consent to data processing in connection with the use of GA4 (so), a connection to Google will be established, Google Analytics cookies will be set, and the corresponding processing will be carried out. If you refuse consent, no Google Analytics cookies will be set. However, a unique "ping ID" will be generated and transmitted to Google. The Google code will be executed, transmitting only limited user data to Google, including information such as:

 

l The IP address

l Browser details

l Visited URL

A personalized user ID will not be assigned.

 

If you have consented to the use of Google Analytics 4, Consent Mode, extended implementation, the legal basis for processing your personal data is Article 6(1)(a) GDPR. Furthermore, it is in our legitimate interest, within the meaning of Article 6(1)(f) GDPR, to use Google Analytics 4, Consent Mode, extended implementation, to obtain conversion data without creating user profiles and thereby improve efficiency.

 

13. Plugins and other services

13.1 Google Tag Manager

This website uses the Google Tag Manager service. The operator of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

This tool allows you to implement and manage "website tags" (i.e., keywords embedded in HTML elements) via a single interface. By using Google Tag Manager, we can automatically track which button, link, or personalized image you have actively clicked and thus determine which content on our website is of particular interest to you.

 

The tool also triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If you have deactivated tracking at the domain or cookie level, this deactivation will remain in effect for all tracking tags implemented with Google Tag Manager.

 

These processing operations are carried out exclusively with explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

 

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework as a US company. This constitutes an adequacy decision pursuant to Article 45 of the GDPR, meaning that the transfer of personal data may take place without further safeguards or additional measures.

 

Further information about Google Tag Manager and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

 

 

13.2 Doofinder

Our website uses the service doofinder from the company DooFinder SL, Madrid 28037, Rufino Gonzalez 23 bis 1´1, Spain.

This service allows us to integrate a search function into the website. For this purpose, a connection is established to doofinder's servers. When content is retrieved from the provider's server, data is transmitted to them and typically stored there, such as your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which you accessed our site (so-called referrer), the date and time of the request, and possibly your internet service provider.

For more information on how user data is handled, please see doofinder's privacy policy: https://www.doofinder.com/de/privacy-policy

The legal basis for the use of doofinder is Article 6(1)(f) GDPR (legitimate interest in data processing). This legitimate interest arises from our interest in being able to offer you a functional and engaging website.

14. Payment service providers

14.1 PayPal

We have integrated components from PayPal on this website. The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which are virtual personal or business accounts. PayPal also allows users to make virtual payments via credit card if they do not have a PayPal account. A PayPal account is linked to an email address, so there is no traditional account number. PayPal enables users to send and receive online payments. PayPal also acts as an escrow service and offers buyer protection.

 

If you select "PayPal" as your payment method during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data necessary for payment processing.

 

The personal data transmitted to PayPal typically includes first and last name, address, email address, IP address, telephone number, mobile phone number, and other data necessary for payment processing. Personal data related to the specific order is also necessary for processing the purchase agreement.

 

The purpose of transmitting this data is payment processing and fraud prevention. We will transmit personal data to PayPal, in particular, when there is a legitimate interest in doing so. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reference agencies. This transmission is for the purpose of identity and creditworthiness verification.

 

PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process the data on its behalf.

 

You have the right to withdraw your consent to the processing of your personal data by PayPal at any time. Such withdrawal will not affect personal data that must be processed, used, or transmitted for the (contractual) processing of payments.

 

The use of PayPal is in the interest of proper and smooth payment processing. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. Your personal data will only be transferred with your explicit consent in accordance with Article 6(1)(a) GDPR.

 

PayPal's current privacy policy can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

 

15. Your rights as a data subject

15.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

 

15.2 Right of access Art. 15 GDPR

You have the right to obtain from us, at any time and free of charge, information about the personal data stored about you and a copy of this data in accordance with the legal provisions.

 

15.3 Right to rectification Art. 16 GDPR

You have the right to request the correction of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

 

15.4 Deletion Art. 17 GDPR

You have the right to request that we delete your personal data without undue delay, provided that one of the legally stipulated grounds applies and insofar as the processing or storage is not necessary.

 

15.5 Restriction of processing Art. 18 GDPR

You have the right to request that we restrict the processing of your data if one of the legal requirements is met.

 

15.6 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

 

Furthermore, when exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

 

 

15.7 Objection Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) of Article 6(1) (processing in the public interest) or point (f) of Article 6(1) (processing based on legitimate interests) of the GDPR.

 

This also applies to profiling based on these provisions within the meaning of Article 4 No. 4 GDPR.

 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

 

In certain cases, we process personal data for direct marketing purposes. You can object to the processing of your personal data for such marketing at any time. This also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

 

Furthermore, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

 

You are free, in connection with the use of information society services and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

 

 

15.8 Revocation of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

 

15.9 Complaint to a supervisory authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

 

16. Routine storage, deletion and blocking of personal data

 

We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by the legal regulations to which our company is subject.

 

If the purpose for which the data was stored ceases to exist or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

 

 

17. Duration of storage of personal data

 

The criterion for the duration of storage of personal data is the respective statutory retention period. After this period expires, the corresponding data is routinely deleted, unless it is still required for the performance of a contract or for initiating a contract.

 

 

18. Updates and changes to the privacy policy

This privacy policy is currently valid and was last updated in January 2025.

 

Due to the ongoing development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on the website at "https://www.mah.de/Rechtliches/Privatsphaere-und-Datenschutz/".

 

This privacy policy was created with the support of the privacy software: audatis MANAGER.

 

Direct mail

mah-ATN GmbH regularly informs its customers via newsletter about its own offers, which are similar to the products and services the customers have already used. Data subjects have the right to object at any time to the processing of their personal data for such advertising purposes. If a data subject objects to processing for direct marketing purposes, mah-ATN GmbH will no longer process the personal data for these purposes. Contact details for exercising this right to object can be found in the legal notice. Alternatively, the unsubscribe link provided in every promotional email can be used. Customers will incur no costs other than standard transmission fees.

Subscription to our newsletter

Subscribe to our company's newsletter. The personal data transmitted when subscribing to the newsletter is determined by the input form used. Registration for the mah-ATN GmbH newsletter generally uses a double opt-in process. This means that after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing using someone else's email address. Newsletter subscriptions are logged to document the registration process in accordance with legal requirements. This includes storing the registration and confirmation times as well as the IP address.

The registration process is logged based on the legitimate interest of mah-ATN GmbH for the purpose of documenting its proper execution. If a service provider is commissioned to send emails, this is done based on the legitimate interest in an efficient and secure email delivery system.

The data is used exclusively for sending the newsletter with information about the company, its services, promotions, and offers. Furthermore, newsletter subscribers may be contacted by email if this is necessary for the operation of the newsletter service or for registration purposes, such as in the event of changes to the newsletter content or technical modifications.

The newsletter subscription can be cancelled by the subscriber at any time. The consent to the storage of personal data, which the subscriber has given for sending the newsletter, can be revoked at any time. Contact details for exercising this right can be found in the legal notice. Alternatively, the unsubscribe link provided in every promotional email can be used.

mah-ATN GmbH may store unsubscribed email addresses for up to three years based on legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed. In cases where we are obligated to permanently respect objections, we reserve the right to store the email address solely for this purpose in a blocklist (so-called "blacklist").

Newsletter tracking

The newsletters of mah-ATN GmbH contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in HTML emails to enable log file recording and analysis. This allows for statistical evaluation of the success or failure of online marketing campaigns. The embedded tracking pixel collects technical information such as browser and system details, as well as your IP address and the time of access.

This information is used to technically improve the newsletter based on technical data or target groups and their reading behavior, determined by their location (identifiable via IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened, and which links are clicked. While this information can be technically associated with individual newsletter recipients, neither mah-ATN GmbH nor, if applicable, the mailing service provider intends to monitor individual users. Rather, the evaluations serve to understand users' reading habits and to tailor the content accordingly, or to send different content based on users' interests.

A separate revocation of the performance measurement is unfortunately not possible, in this case, the entire newsletter subscription must be terminated, or it must be contradicted.

Types of data processed: Inventory data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), meta/communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, interest in content, access times). Data subjects: Communication partners. Purposes of processing: Direct marketing (e.g., by email or post). Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Services and service providers used: Avis: Email marketing platform; Service provider: Birdsview GmbH, Reudnitzer Straße 1, 04103 Leipzig; Website: https://www.birdsview.com/; Data protection: https://www.birdsview.com/birdsview-datenschutz

Files are being uploaded, please wait...