We appreciate your interest in our company. Data protection is of particular importance to the management of Mader GmbH & Co. KG. It is generally possible to use the websites of Mader GmbH & Co. KG without providing any personal data. However, if a data subject wishes to use special services via our website, the processing of personal data might become necessary. Where the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with country-specific data protection regulations applicable to Mader GmbH & Co. KG. Through this privacy policy, we aim to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

Mader GmbH & Co. KG, as the data controller, has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, such as by telephone.

1. Definitions

This privacy policy of Mader GmbH & Co. KG is based on the terminology used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be legible and understandable for the general public as well as for our customers and business partners. To ensure this, we would like to first explain the terminology used.

[Definitions a–k are already provided above.]

2. Name and Address of the Controller

Mader GmbH & Co. KG Brühlhofstr. 5 70771 Leinfelden-Echterdingen Germany Tel.: +49 711 - 79 72 0 Email: info@mader.eu Website: www.mader.eu

3. Name and Address of the Data Protection Officer

SILISTA GmbH Attn. Peter Rappold – personally – Silvanerweg 24 73235 Weilheim/Teck Germany Email: peter.rappold@silista.de

Each data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

4. Web Hosting and Analytics on Framer

This website is hosted using the Framer platform. Framer processes data exclusively on our behalf and in accordance with our instructions. Data collected by Framer includes usage data (such as visited pages, interactions, time on page) and communication data (such as anonymized IP addresses, browser type, screen resolution, and language settings). IP addresses are hashed and stored pseudonymously. Framer does not combine this data with other information, nor is it shared with third parties.

All analytics data is processed within the European Union. The purpose of processing is to improve website performance, user experience, and design. The legal basis for this processing is our legitimate interest according to Art. 6(1)(f) GDPR.

For further details, please refer to Framer’s privacy policy: https://www.framer.com/privacy

5. Cookies

Our website uses cookies. Cookies are text files that are stored on a computer system via an Internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual's browser from other Internet browsers.

The use of cookies makes it possible to provide users with more user-friendly services. For example, a user does not have to enter access data again with each visit because the website and the cookie stored on the user's computer system do it for them. Another example is the cookie of a shopping cart in an online shop.

Data subjects can prevent the setting of cookies through our website at any time by adjusting the settings of the Internet browser used, and can thus permanently deny the setting of cookies. Already set cookies may be deleted at any time via a browser or other software programs. If cookies are deactivated, not all functions of our website may be fully usable.

6. Collection of General Data and Information

When our website is accessed by a data subject or an automated system, a series of general data and information is collected. This general data and information is stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our IT systems.

When using these general data and information, Mader GmbH & Co. KG does not draw any conclusions about the data subject. This information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and advertising, (3) ensure the long-term viability of our IT systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

Therefore, the anonymously collected data and information is evaluated statistically and with the aim of increasing the data protection and data security of our company. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

7. Registration on Our Website

Data subjects have the possibility to register on our website by providing personal data. The type of personal data transmitted to the controller is determined by the respective input mask used for the registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for their own purposes.

The controller may request the transfer to one or more processors (e.g., a parcel service) that also uses the personal data exclusively for an internal use attributable to the controller.

By registering on the website of the controller, the IP address assigned by the Internet Service Provider (ISP) and used by the data subject, as well as the date and time of the registration, are also stored. The storage of this data is necessary to prevent the misuse of our services and, if necessary, to make it possible to investigate committed offenses. In this respect, the storage of this data is necessary for the protection of the controller. This data is not passed on to third parties unless there is a legal obligation to do so or the disclosure serves law enforcement purposes.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject content or services that may only be offered to registered users. Registered persons are free to change the personal data specified during registration at any time or to have them completely deleted from the data stock of the controller.

The controller shall, at any time upon request, provide information to each data subject as to what personal data are stored about the data subject. In addition, the controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations. The entirety of the controller’s employees are available to the data subject in this respect as contact persons.

8. Subscription to Our Newsletter

On the website of Mader GmbH & Co. KG, users are given the opportunity to subscribe to our company's newsletter. The input mask used for this purpose determines what personal data are transmitted.

Mader GmbH & Co. KG informs its customers and business partners regularly by means of a newsletter about company offers. The newsletter may only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. A confirmation email will be sent to the email address registered by a data subject for the first time for newsletter delivery, for legal reasons, in the double opt-in procedure. This confirmation email is used to prove whether the owner of the email address as the data subject is authorized to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the ISP and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the email address of a data subject at a later date and therefore serves the legal protection of the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by email, as long as this is necessary for the operation of the newsletter service or a registration in question, as could be the case in the event of changes to the newsletter offer or changes in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties.

The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller or to communicate this to the controller in a different way.

9. Newsletter Tracking

The newsletters of Mader GmbH & Co. KG contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns.

Based on the embedded tracking pixel, Mader GmbH & Co. KG may see if and when an email was opened by a data subject and which links in the email were called up by them. Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimize the delivery of the newsletter and to better adapt the content of future newsletters to the interests of the data subject. These personal data are not passed on to third parties.

Data subjects are entitled at any time to revoke the respective separate declaration of consent issued via the double opt-in procedure. After a revocation, these personal data will be deleted by the controller. Mader GmbH & Co. KG automatically interprets a withdrawal from the receipt of the newsletter as a revocation.

10. Contact Option via the Website

Due to legal regulations, the website of Mader GmbH & Co. KG contains information that enables a quick electronic contact to our company, as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored.

Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

11. Routine Erasure and Blocking of Personal Data

The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

12. Rights of the Data Subject

(a) Right of confirmation Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning them are being processed. If a data subject wishes to avail themselves of this right of confirmation, they may contact an employee of the controller at any time.

(b) Right of access Each data subject shall have the right granted by the European legislator to obtain from the controller free information about their personal data stored at any time and a copy of this information. Furthermore, the European legislator grants the data subject access to the following information:

• the purposes of the processing;

• the categories of personal data concerned;

• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

• the existence of the right to request rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;

• the existence of the right to lodge a complaint with a supervisory authority;

• where the personal data are not collected from the data subject, any available information as to their source;

• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and—at least in those cases—meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right of access, they may contact an employee of the controller at any time.

13. Legal Basis for Processing

Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party (e.g., processing operations necessary for the supply of goods or the provision of another service), processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations necessary to carry out pre-contractual measures.

If our company is subject to a legal obligation that requires the processing of personal data (e.g., to fulfill tax obligations), processing is based on Art. 6(1)(c) GDPR. In rare cases, processing might be necessary to protect the vital interests of the data subject or another natural person. Then, processing would be based on Art. 6(1)(d) GDPR.

Finally, processing operations could be based on Art. 6(1)(f) GDPR. This legal basis is used for processing operations not covered by any of the above, if processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

14. Legitimate Interests Pursued by the Controller or a Third Party

Where processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business in favor of the well-being of all our employees and shareholders.

15. Period for Which the Personal Data Will Be Stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data are routinely deleted, as long as they are no longer necessary for the fulfillment of the contract or the initiation of a contract.

16. Provision of Personal Data as Statutory or Contractual Requirement

We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with them. Non-provision of the personal data would have the consequence that the contract could not be concluded.

Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee will clarify on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

17. Existence of Automated Decision-Making

As a responsible company, we do not use automatic decision-making or profiling.

18. Use of Google Analytics

This website uses Google Analytics 4, a web analysis service provided by Google LLC, after obtaining user consent. For users in the EU/EEA and Switzerland, the responsible body is Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland.

Google Analytics 4 uses cookies and similar technologies to collect information about your use of this website and to provide statistical reports on website activity. IP anonymization is enabled by default in Google Analytics 4. This means your IP address is shortened before being stored or processed by Google. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The legal basis for data processing is your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. You can withdraw your consent at any time via the cookie settings.

Further information on Google Analytics' terms of use and data protection policies can be found here: https://policies.google.com/privacy

19. Use of Google reCAPTCHA

To protect our forms from misuse, we use the service "reCAPTCHA" provided by Google Ireland Ltd. This service checks whether the data entered in a form comes from a human or from an automated program. The service includes the transmission of IP address and possibly other data required by Google for the reCAPTCHA service.

The processing is based on our legitimate interest under Art. 6(1)(f) GDPR to prevent abuse and spam. Google's privacy policy can be found at: https://policies.google.com/privacy

20. Use of YouTube

Our website integrates components of YouTube. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them.

YouTube is operated by YouTube, LLC, a subsidiary of Google Inc. If you are logged into YouTube, YouTube can associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account before accessing our website.

YouTube's privacy policy is available at: https://policies.google.com/privacy

21. Liability for Content and External Links

The content of our pages has been created with the utmost care. However, we cannot guarantee the contents' accuracy, completeness, or topicality. According to legal regulations, we are responsible for our own content on these web pages. In this context, please note that we are not obliged to monitor merely the transmitted or saved information of third parties or investigate circumstances pointing to illegal activity.

Our website contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the sites is always responsible for the contents of the linked sites.

22. Copyright

The contents and works on these pages created by the site operators are subject to copyright. Duplication, processing, distribution or any form of commercialization of such material beyond the scope of copyright law shall require the prior written consent of its respective author or creator. Downloads and copies of this site are only permitted for private, non-commercial use.

Where the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is marked as such. Should you nevertheless become aware of a copyright infringement, please inform us accordingly. Upon notification of violations, we will remove such content immediately.