M&A Media Services GmbH

M&A Media Services GmbH attaches great importance to the protection of your privacy and your personal data as well as to the necessary data security and therefore collects, processes and uses your personal data exclusively in accordance with the principles described below as well as the requirements of the EU Data Protection Basic Regulation and the Federal Data Protection Act applicable to M&A Media Services GmbH.

I. Name and address of the person responsible

II. Your personal data

III. General information on data processing

IV. Provision of the website and creation of log files / log files

V. Communication

V.1 Email-communication

V.2 Newsletter and newsletter tracking

VI. Use of cookies

VII. Plugins and tools

VII.1 Use of Cookiebot

VII.2 Use of Matomo

VII.3 Use of Overloop

VII.4 Use of Ticketareo

VII.5 Use of Zapier

VII.6 Use of Vimeo

VIII. Rights of the data subject

IX. Automated decision making and profiling

X. Links to other Internet sites

XI. Security

XII. Availability and changes

I. Name and address of the person responsible

The person responsible within the meaning of the EU General Data Protection Regulation ("GDPR") and other national data protection laws of the EU member states as well as other applicable data protection regulations for the operation of the www.manda.co website and its sub-domains (here-inafter "website") is:

M&A Media Services GmbH
Habenschadenstrasse 16
82049 Pullach
Germany

tel.: +49 (0) 89 – 749 751 33
E-mail: hello@manda.co

represented by the managing director Stefan Schneider

(hereinafter referred to as "Company", "MAMS " or "we").

If you wish to object to the collection, processing or use of your data by us in accordance with this privacy policy as a whole or for individual measures, you can send your objection by e-mail or letter to the above-mentioned contact data or to our data protection officer. You can also obtain information regarding your personal data at any time and free of charge from the contact details mentioned above.

II. Your personal data

Personal data means any information relating to an identified or identifiable natural person (here-inafter referred to as 'data subject'). It is not necessary for you to provide us with personal data when you visit our website. Only personal data is collected, such as your name, telephone number, postal and e-mail address, date of birth and telephone number, if you provide us with this information voluntarily or have consented to its collection. For the technically required data, we refer to the execution under "IV. Provision of the website and creation of log files" and "V. Use of cookies".

III. General information on data processing

1. Scope of the processing of personal data

Through this website, we process personal data (hereinafter also referred to as "data") of affected persons, i.e. of website visitors, to the extent necessary to provide a functioning website and our contents and services. The processing of personal data of our users is regularly only carried out with the user's consent to the processing. An exception is made in those cases where processing of the data is permitted by legal regulations, necessary for the fulfilment of a contract or technically necessary.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6 paragraph 1 letter b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data erasure and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Blocking into further data processing or deletion of the data also occurs when a legally prescribed storage period expires, unless there is a need for further storage of the data for the fulfilment of a contract.

IV. Provision of the website and creation of log files / log files

1. Description and scope of data processing

When using the website for informational purposes only, we only collect the personal data that your browser sends to our server or provider and that is technically necessary for the purpose of displaying our website and ensuring its stability and security. This is information like your IP-address, information about your browser, operating system and device, referrer, date and time of access and others.


We have commissioned our service provider Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723 (hereinafter "Vercel") to host and technically provide our website manda.co. We have concluded with Vercel the agreement on order processing required by data protection law in accordance with Art. 28 GDPR. According to this agreement, Vercel undertakes to ensure the necessary protection of your data and to process them in accordance with the applicable data protection regulations exclusively on our behalf and in accordance with our instructions. Further information on Vercel can be found on the website: https://vercel.com/legal/privacy-policy.

2. Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's terminal device. For this purpose, the user's IP address must remain stored for the duration of the session.


All the above information is stored in log files to ensure the functionality of the website. In addition, the data serves us to ensure the necessary security of our information technology systems. The server-side log files are only used for error analysis. The data is not evaluated for marketing purposes.

4. Duration of storage

The IP addresses of users are anonymized as soon as they are no longer necessary for the purpose of their collection. This is the case at the end of the respective user session.
The storage period of log files for the above mentioned purposes is 14 days at the most.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is no possibility of objection on the part of the user.

V. Communication

V.1 E-mail-communication

1. Description and scope of data processing

On our website, it is possible to contact us via an e-mail address provided. In all cases the transmitted personal data of the user will be stored. The scope of the personal data processed and the personal date processed in each individual case may vary depending on the contact. This includes in particular the following data:


(1) Your salutation and your first and last name;
(2) Your company;
(3) Your communication data (e-mail address, telephone number);
(4) Resulting correspondence.

Your data or the resulting correspondence will be processed exclusively by us. The data will not be passed on to third parties. The data will be used exclusively for the conversation started by the user to contact you by phone, mail or e-mail regarding your request. All data provided are on a voluntary basis.

2. Legal basis for the data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Par. 1 letter aGDPR. If the purpose of the user's contact is to conclude a contract, the legal basis for processing is Art. 6 para. 1 letter b GDPR.

3. Purpose of the data processing

The processing of the personal data you voluntarily provide us with by e-mail is solely for the purpose of contacting you or answering your questions about our activities.

3. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has been finally clarified.

4. Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail or via the form, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued. The revocation can be made at any time via the contact details under I. and II. as well as under the following e-mail address hello@manda.co. See also VI. All personal data stored in the course of the contact will be deleted in this case.

V.2 Newsletter and newsletter tracking

1. Description and scope of data processing

On our website it is possible to apply for an e-mail newsletter. If you register for our newsletter, we will use the necessary data provided by you to send you our e-mail newsletter in accordance with your consent. We send out newsletters at regular intervals in order to distribute news, offers and information from the field of MAMS.


If you register for an electronic newsletter, we might process the following data in particular:


(1) Your e-mail address,
(2) Whether you have consented to or objected to receiving such communications, including the date and time
(3) Company name 

(4) First and Last Name

If you have registered for the newsletter, we will collect, process and use the data you have provided us with exclusively for sending the newsletter and tracking its performance. We usually personalize our newsletters with the recipient’s name to offer a better experience for them.

For the technical implementation of the dispatch, your personal data will be transferred to the service Mailchimp of Intuit Inc. 2700 Coast Avenue, Mountain View, CA 94043, USA (hereinafter "Mailchimp"), which will process the data provided for us as a contractor in accordance with Art. 28 GDPR, while ensuring the necessary data security measures. The contractual relationship has been agreed on the basis of the Standard Contractual Clauses. Furthermore, Mailchimp is certified under the EU-US Data Privacy Framework DPF. Mailchimp will use the data exclusively for sending the newsletter and for evaluating the success of the newsletter.
Further information about Mailchimp can be found on the website: https://mailchimp.com/.
You can find more information about the handling of personal data by Mailchimp at https://www.intuit.com/privacy/statement/.

I acknowledge the data protection provisions of M&A Media Services GmbH and consent to the storage and processing of the data I have provided for newsletters addressed to me on products of your company. and the storage in our CRM-System for further marketing activities. I have noted that this consent is voluntary and that I can revoke this consent informally by telephone or in writing at any time without giving reasons (see the section about Overloop for further describtions).

The registration for the e-mail newsletter is done via a double-opt-in procedure set up by the system. This means that after entering your data you will receive an e-mail with a confirmation link. This confirmation e-mail is used to authorize the owner of the specified e-mail address to receive the newsletter. The e-mail address will only be added to the distribution list after confirmation. To be saved: Registration data, time of registration, confirmation, logout, IP address and changes to the stored data. The collection of this data is necessary to be able to trace any misuse of the e-mail address of the persons concerned and to protect the data controller.

In order to further improve the newsletter offer, opening rates are tracking to be able to evaluate the success of a newsletter campaign. For further information on data analysis by Mailchimp newsletter, please visit https://mailchimp.com/de/help/about-open-tracking/.

2. Legal basis for the data processing

The legal basis for the processing of the data transmitted in the course of giving consent for the sending of the newsletter and for the temporary storage of the data for the evaluation of success is Art. 6 para. 1 letter a GDPR. We have an interest in direct advertising and the success evaluation of your reaction to the contents of the newsletter in order to be able to assert ourselves successfully in the market.

3. Purpose of the data processing

The processing of personal data by us and our service provider Mailchimp serves us solely to process and send a newsletter and to evaluate the success of a respective newsletter. Statistics about your use and reaction to our newsletter help us to better align our offers to the interests of our subscribers. This is also the reason for the necessary legitimate interest in processing the data.

4. Duration of storage

Your data is stored on certified servers of Mailchimp worldwide or in the USA. The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. This is the case for the personal data that you have provided us with for the purpose of applying for and sending the newsletter, if your consent for processing has been revoked. After cancellation of the newsletter all deposited data will be deleted.

5. Possibility of objection and removal

You have the possibility to revoke your consent to the processing of personal data for the subscription of the newsletter at any time. You can unsubscribe from the newsletter at any time. It can be done by sending a message via the contact form, or by sending an e-mail (hello@manda.co) to us or via a cancellation link provided for this purpose in the newsletter.

VI. Use of cookies

1. Description and scope of data processing

We use cookies to make your visit to our website more convenient. Cookies are small text files that are stored on your device and enable us to recognize your browser, among other things. Cookies enable us to improve the comfort and quality of the services provided on the website. Cookies are also used to analyze the use of the website.

Some of the cookies we use are deleted when your browser session ends, i.e. after you close your browser (so-called “session cookies”). Other cookies remain on your device during their respective validity period (see below) and enable us to recognize your browser on your next visit.

When users access our website, we inform them by means of a cookie banner (see section “Use of Cookiebot”) about the use of cookies (technically necessary cookies, statistics cookies and marketing cookies) and have technically set up the consent required under data protection law to set the cookies for which consent is necessary. With the exception of technically necessary cookies, consent must always be granted in advance for cookies to be set on the user’s device. Users are also made aware of this Data Privacy Policy via an info banner.

For a list of cookies in use please check the specific tool section in this privacy policy or Cookiebot about an overview of the cookies used, their validity period and the respective opt-out options. Please note that you can adjust and revoke your consent at any time with future effect. You will also find a detailed list of all cookies, including the purpose, provider and validity period, in our cookie banner.

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 letter f GDPR. The setting of these cookies complies with § 25 (2) (2) TTDSG.

The legal basis for the processing of personal data using cookies for statistical or marketing purposes is your consent granted via the cookie banner pursuant to Art. 6 para. 1 letter a GDPR. For setting the cookies § 25 (1) TTDSG applies.

3. Purpose of data processing

The purpose of using technically necessary cookies is to enable you to use our website. Some functions on our website cannot be provided without using cookies. For these it is necessary for the browser to be recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.

The use of the statistics and personalization cookies is for the purpose of improving the quality of our website and its content based on the consent you have granted. Using cookies enables us to learn how our website is used so that we can continue to optimize our services.

For information on the purpose and objection options for cookies used for statistical and marketing purposes please refer to the explanations in the specific section of this privacy policy.

4. Storage period, objection and removal option

Cookies are stored on the user’s device, which transmits them to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. In addition, we offer you the option to change the settings made via our cookie banner at any time or to revoke consent you have granted with future effect. It is also possible to use our website without optional cookies. However, this may lead to certain restrictions in the functions and user-friendliness of our services on the website. If cookies are disabled for the website, it may no longer be possible to fully use all functions of the website.

VII. Plugins and tools

VII.1 Use of Cookiebot

1. Description and scope of data processing

We use the consent management platform (CMP) Cookiebot provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”) on our website for the provision of our cookie banner. The system manages the use of third-party providers, technical measures and cookies by means of granted or refused consent.

We have concluded the required data protection agreement with Cookiebot for processing pursuant to Art. 28 DSGVO. According to this agreement, Cookiebot undertakes to guarantee the necessary protection of your data and to process it exclusively on our behalf and as instructed by us in accordance with the applicable data protection provisions.

Cookiebot processes the following data to provide and manage the CMP:

(1) Your IP address, anonymized by Cookiebot during collection (the last three digits are set to “0”);

(2) Other information on the browser and version used;

(3) Date and time of your visit to our website and the settings you have made via our cookie banner;

(4) The URL of the accessed website;

(5) An anonymous, random and encrypted key (ID);

(6) Your given consent or individual privacy settings;

and uses the local storage on your end device and the placement of cookies (see section “Use of cookies”) to store this information locally in your browser. For this purpose, your individual settings as well as your ID are stored in a cookie so that the settings made are taken into account the next time you visit our website.

The cookie is called „CookieConsent“ and expires after one year.

The retention period is the period of time during which the data processed by the cookie banner is stored for the purpose of consent management. Consent data (granting and revoking of consent) is kept for one year. No new consent is required within this period, unless new systems are introduced or a new legal or regulatory framework makes it necessary to obtain new consent. You can find further information on data processing by Cookiebot in Cookiebot’s data privacy policy at https://www.cookiebot.com/de/privacy-policy/.

2. Purpose and legal basis for data processing

The purpose of the data processing by Cookiebot is to provide and manage the consents granted by our website visitors in such a way that the management of consent is data protection-compliant. Cookiebot is used for verifying granted and non-granted consent and managing the individual privacy settings of our users. Processing is carried out for the purpose of obtaining the website visitor’s consent, providing revocation and objection options, providing evidence that the consent has been obtained (time of consent, end device used) and identifying the user in order to manage their individual privacy settings.

The use of a cookie banner and the management and storage of your consent to the processing of your personal data is based on our legal obligation to provide a data protection-compliant website according to Art. 6 para. 1 letter c GDPR. The legal basis for the use of the Cookiebot service provider is also Art. 6 para. 1 letter f GDPR. We have a legitimate interest in legally compliant documentation and verifiability of consent as well as the control of our analysis campaigns based on your consent through the use of specialized contract processors and the associated technical implementation.

3. Objection and removal option

The processing of data to provide a cookie banner is essential for operating the website. The user has no possibility to object as long as we are legally obligated to obtain the user’s consent to certain data processing operations.

VII.2 Use of Matomo

1. Description and scope of data processing

We have integrated the open source web analysis service Matomo (formerly Piwik) on our website.

We use cookies on our website that allow us to analyze the browsing behavior of our users. This enables us to analyze how frequently webpages are viewed or website functions are used. 

If individual pages of our website are accessed, the following data is automatically transmitted to our web server by means of the integrated script via the Internet browser used on your end device:

(1) IP address of the user’s accessing system

(2) The website accessed and the time of the call

(3) The website from which the user came to the website accessed (referrer)

(4) The subpages viewed from the website accessed

(5) The length of time spent on the website

(6) The frequency of access to the website

(7) Country of origin – the device, operating system and browser used.

Following analysis – Cookies are set on your device:

(1) pkid: Differentiation between users and sessions. Validity 13 months,

(2) pkses: Identification of visitors. Validity 30 minutes.

2. Purpose and legal basis for data processing

Statistics cookies are used for the purpose of improving the quality of our website and its contents. By using statistics cookies, we can find out how our website is used and continually optimize our services.

The legal basis for the processing of personal data using cookies for statistical or marketing purposes (tracking cookies) is, based on the consent you have granted, Art. 6 para. 1 letter a GDPR.

3. Revocation, objection and removal option

You can object to the collection, storage and use of information by Matomo at any time with future effect using the following methods:

a) You can prevent the storage of cookies set by Matomo by setting your browser software accordingly.

b) You can revoke your consent to the collection of your data by Matomo at any time by deactivating it in our consent banner (CMP) .

However, please note that if you deactivate or opt-out, you may not be able to use all the functions of the website to their full extent.

For more information about Matomo’s open source project and the software’s privacy settings, visit https://matomo.org/.

VII.3 Use of Overloop

1. Description and scope of data processing

Overloop is a sales engagement and CRM platform that collects and processes data for personalized outbound campaigns, integrating email, LinkedIn, and call activities.

Overloop processes personal information like user details, contact information, and usage data. This data is used for service improvement, user support, and campaign management.

Overloop processes server logs, including IP address, geolocalization, and browser type, to monitor usage, which is stored for a month and backed up for a year. For sales prospecting, Overloop collects and enriches prospect details (names, emails, positions, etc.) provided by customers, using third-party services like Hunter.io and Briteverify. Additionally, user-uploaded contact files are stored until account closure. This data supports service improvement, customer support, and user experience enhancement.

More information on Overloops data processing can be found here https://overloop.com/.

2. Legal basis and purpose for the data processing

The legal basis for the use of Overloop as sales prospecting and CRM platform is Art. 6 para. 1 lit. a GDPR.

3. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. Server logs are deleted after one month and backed up for a year.

4. Possibility of objection and removal

You have the possibility to revoke your consent to the processing of personal data for the CRM at any time and without stating a reason to object to future processing. The revokation can be made at any time via the contact details above as well as under the following e-mail address hello@manda.co.

VII.4 Use of Ticketareo

  1. Description and scope of data processing

Ticketareo is an event management platform offered by ticketareo GmbH, Jakob-Huber-Str. 2, 82110 Germering (in the following „Ticketareo“) and is designed to facilitate the organization and management of various types of events. We utilize Ticketareo, an event management platform, for organizing and managing various types of events. This includes creating event websites, managing registrations and ticket sales, and facilitating live event streaming.

Through Ticketareo, we collect personal data necessary for event registration and participation. This typically includes:

  1. Name and contact information (e.g., email, phone number);

  2. Payment information for ticket purchases;

  3. Any additional information provided during event registration.

More information on Ticketareo‘s data processing can be found here https://ticketareo.de/.

  1. Legal basis for the data processing

The legal basis for the use of Ticketareo as event management platform is Art. 6 para. 1 lit. f GDPR.

  1. Purpose of the data processing

The processing of personal data via Ticketareo is carried out for the purpose of event organization, ticket sales, and providing event-related information. The legal basis for this processing is the performance of a contract according to Art. 6 para. 1 lit. b GDPR to which the data subject is party, as well as our legitimate interest according to Art. 6 para. 1 lit. f GDPR in organizing and managing events effectively.

  1. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. Server logs are deleted after one month.

  1. Possibility of objection and removal

You have the right to object, on grounds relating to his particular situation, at any time to processing of personal data concerning you. We will no longer process the personal data unless our legitimate grounds for the processing override your interests, rights and freedoms. The objection can be made at any time via the contact details above as well as under the following e-mail address hello@manda.co.

VII.5 Use of Zapier

1. Description and scope of data processing

We employ the tool Zapier, provided by Zapier, Inc., located at 548 Market St. #62411, San Francisco, CA 94104-5401, USA, to automate processes between different online software applications, specifically to transfer data from our newsletter tool, Mailchimp, to our CRM system, Overloop. Zapier facilitates the integration and creation of actions or commands between various third-party applications. 

Zapier gains access to information necessary to perform the actions or commands. This includes collecting necessary access data and all relevant contents from the integrated third-party applications. It is important to note that Zapier is not responsible for the data processing practices of the third-party applications and that the processing of information by these applications is governed by their own policies.

2. Legal basis for the data processing

The legal basis for the use of Zapier is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is in the automation of e.g. the newsletter process to increase the customer experience.

3. Purpose of the data processing

The purpose of the data processing is to connect different software applications with each other to improve the data flow and in the end result to improve your customer experience.

4. Duration of storage

The duration of data storage at Zapier varies depending on the category:

(1) Zap Content: Stored for 7 days in logs, 29-69 days in the account, and up to 4 months in backups.

(2) Zap Metadata: Same storage duration, additional use for internal analyses at Zapier.

(3) Zap Metrics/Statistical Metadata: Stored in our own Zapier account, also used for internal analyses.

5. Possibility of objection and removal

You have the right to object, on grounds relating to his particular situation, at any time to pro-cessing of personal data concerning you. We will no longer process the personal data unless our legitimate grounds for the processing override your interests, rights and freedoms. The objection can be made at any time via the contact details above as well as under the following e-mail address hello@manda.co.

VII.6 Use of Vimeo

1. Description and scope of data processing

We integrate videos on our website using Vimeo. Vimeo is a platform offered by Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York 10001 in the USA. We embed our videos via Vimeo because local hosting is not powerful enough to display the videos. 

When you click on one of our videos, a connection is established to Vimeo in order to embed the video provided for you on our site. The integration of the video results in a call to the Vimeo servers for technical reasons. The servers are located worldwide, including some in the EU and UK. We have no influence on which data is transmitted to Vimeo after clicking. Therefore, for the associated use of data from your browser or device, we refer you to the privacy notice of Vimeo, which you can find here.

When you visit our website with an embedded Vimeo video, Vimeo receives information about the specific website you are visiting. In the process, your personal data is transmitted to Vimeo as just described. Such transmission takes place regardless of whether you have logged into your Vimeo account or whether you do not have a corresponding account at all. If you have logged into your Vimeo account, your personal data will be assigned to your Vimeo profile. If you do not want your personal data to be assigned to your profile, you should log out of your Vimeo account before accessing one of our videos. Vimeo use this data for advertising, market research and/or a demand-based design of their website. The processing of the data might also take place outside of the EU. The necessary contractual measures have been made to ensure a adequate level of protection.

2. Legal basis and purpose for the data processing

The legal basis for the use of Vimeo to display videos is Art. 6 para. 1 lit. a GDPR.

3. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected or until you revoke your consent. 

4. Possibility of objection and removal

You can object to the collection, storage and use of information by Vimeo at any time with future effect using the following methods:

a) You can prevent the storage of cookies set by Vimeo by setting your browser software accordingly.

b) You can revoke your consent to the collection of your data by Vimeo at any time by deactivating it in our consent banner (CMP).

c) The revokation can be made at any time via the contact details above as well as under the following e-mail address hello@manda.co.

However, please note that if you deactivate or opt-out, you may not be able to use all the functions of the website to their full extent.

For more information about Vimeo, visit https://vimeo.com/.

VIII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the responsible body or the person responsible:

1. Right of access to information

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.
In the event of such processing, you may request the following information from the data controller:


(1) The purposes for which the personal data are processed;
(2) The categories of personal data which are processed;
(3) The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) The planned duration of the storage of personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage;
(5) The existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
(6) The existence of a right of appeal to a supervisory authority;


You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
To exercise your right to free information, please contact us directly using the contact details in our imprint (see section I).

2. Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.

3. Right to limit processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:


(1) If you dispute the accuracy of the personal data concerning you for a period of time that allows the person responsible to verify the accuracy of the personal data;
(2) The processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data;
(3) The controller no longer needs the personal data for the purposes of the processing, but you need it in order to exercise or defend your rights; or
(4) If you have lodged an objection to the processing pursuant to Art. 21 para. 1 DPA and it has not yet been established whether the legitimate reasons of the controller outweigh your reasons.
Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right of cancellation


a) Obligation to delete

You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:


(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) You withdraw your consent on which the processing is based pursuant to Art. 6(1)(a) and there is no other legal basis for the processing;
(3) You object to the processing pursuant to Art. 21(1) DPA and there are no legitimate grounds for processing that take precedence, or you object to the processing pursuant to Art. 21(2) DPA;
(4) The personal data concerning you have been processed unlawfully;
(5) The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject;
(6) The personal data concerning you has been collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.


b) Information to third parties

If the controller has made public the personal data concerning you and is obliged to delete them pursuant to Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.


c) Exceptions

The right of cancellation does not exist insofar as the processing is necessary:


(1) To exercise the right to freedom of expression and information;
(2) In order to comply with a legal obligation imposed on the controller under Union or national law to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) For reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DPA;
(4) For archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DPA, insofar as the right referred to in section a) is likely to make it impossible or seriously prejudicial to the attainment of the objectives of such processing, or
(5) To assert, exercise or defend legal claims.


d) Revocation of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

5. Right to information

If you have exercised your right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the person responsible.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without interference from the controller to whom the personal data was provided, provided that


(1) processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) or on a contract pursuant to Art. 6(1)(b) GDPR and
(2) processing is carried out using automated procedures.


In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) DPA; this also applies to profiling based on these provisions.
The controller no longer processes the personal data concerning you, unless he can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision


(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is admissible by Union or Member State law to which the controller is subject and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is made with your express consent.


However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his or her point of view and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR.
The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

IX. Automated decision-making and profiling

As a responsible company, we do not use your data for profiling or automated decision-making.

X. Links to other websites

This Data Privacy Policy applies exclusively to the Internet presence of MAMS. Certain webpages on this website may contain links to third-party websites or social media platforms. Our Data Privacy Policy does not cover these websites or providers. When you leave the website, we recommend that you carefully read the privacy policies of every website that collects personal data.

XIII. Security

We take the necessary security measures to protect your personal data from unlawful or unintended access or erasure, modification or loss or unauthorized disclosure. We encrypt your data during transmission via our website and use SSL (Secure Socket Layer) and TLS (Transport Layer Security) connections. We protect our website and our other systems and personal data by means of appropriate technical and organizational measures against, in particular, loss, destruction, unauthorized access, modification or disclosure to third parties.

XIV. Availability and changes

This data protection declaration is currently valid and has the status as of December 2023. 

Due to the further development of our website and offers above or due to changed legal or official requirements, it may be necessary to change this data protection declaration. The current data protection declaration can be called up and printed out by you at any time on the website at https://www.manda.co/privacy-policy.