Contact
Menu Close
Contact

Data Protection

We are pleased that you are visiting our website. In the following, we would like to inform you about which personal data we collect, for which purposes we process your personal data, and what rights you have.

Definitions

Following the model of Art. 4 GDPR, this privacy policy is based on the following definitions:

– “Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or to information about their physical, physiological, genetic, mental, economic, cultural, or social identity characteristics. Identifiability may also be established by linking such information or other additional knowledge. The form or embodiment of the information is irrelevant (photos, video, or audio recordings may also contain personal data).

– “Processing” (Art. 4 No. 2 GDPR) means any operation performed with personal data, whether or not by automated (i.e., technology-supported) means. This includes in particular the collection (i.e., acquisition), recording, organization, ordering, storage, adaptation or alteration, retrieval, querying, use, disclosure by transmission, dissemination or otherwise making available, alignment, linking, restriction, erasure, or destruction of personal data, as well as the modification of a purpose or objective originally underlying data processing.

– “Controller” (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

– “Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other affiliated legal entities.

– “Processor” (Art. 4 No. 8 GDPR) means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, in particular according to their instructions (e.g., IT service providers). In data protection law, a processor is not considered a third party.

– “Consent” (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Controller

Mahler AGS GmbH
Hedelfinger Straße 60
70327 Stuttgart
Germany

Phone: +49(711) 87030-0

Fax: +49(711) 87030-200
Email: info@mahler-ags.com

Data Protection Officer

We have appointed a data protection officer:

RA Kai Schützle
Schützle Rechtsanwaltsgesellschaft mbH
Gutbrodweg 6/3
74074 Heilbronn
Germany

Phone: +49 7131 12 08 73 00
Email: datenschutz@ra-schuetzle.de

Types of Data Processed

Master data (name, address, etc.) Contact data (email, phone number, etc.) Meta / communication data / usage data (IP address, operating system, etc.)

Data Subject Rights

Right of Access (Art. 15 GDPR)

You have the right to obtain from us confirmation as to whether we are processing personal data concerning you. If this is the case, you have a right of access to this personal data and to the information specified in Art. 15 para. 1 GDPR.

Right to Rectification (Art. 16 GDPR)

If we process inaccurate personal data concerning you, you have the right to request rectification of this inaccurate data. In addition, you have the right to request the completion of incomplete personal data.

Right to Erasure (Art. 17 GDPR)

If one of the grounds listed in Art. 17 para. 1 GDPR applies, you have the right to request the immediate erasure of your personal data. This does not apply if one of the grounds listed in Art. 17 para. 3 GDPR exists.

Right to Restriction of Processing (Art. 18 GDPR)

If one of the conditions listed in Art. 18 para. 1 GDPR applies, you have the right to request the restriction of the processing of your data.

Right to Object to Processing (Art. 21 GDPR)

If we process personal data concerning you on the basis of Art. 6 para. 1 lit. e) or f) GDPR, you have the right under Art. 21 para. 1 GDPR to object to this processing on grounds relating to your particular situation.

Right to Data Portability (Art. 20 GDPR)

If the conditions of Art. 20 para. 1 GDPR apply, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us.

Right to Withdraw Consent at Any Time (Art. 7 para. 3 GDPR)

You have the right to withdraw your consent at any time. The lawfulness of processing based on consent before its withdrawal remains unaffected.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

You may also lodge a complaint about the processing of your personal data with a data protection supervisory authority. The competent authority for the responsible party is:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Heilbronner Straße 35
70191 Stuttgart
Germany

Phone +49 711 / 61 55 41 – 0
Email: poststelle@lfdi.bwl.de

However, you can generally lodge your complaint with any data protection supervisory authority, especially the supervisory authority of your own place of residence, workplace, or the place of the alleged infringement.

Existence of Automated Decision-Making Including Profiling (Art. 13 para. 2 lit. f), Art. 22 para. 1, 4 GDPR)

Automated decision-making including profiling (Art. 13 para. 2 lit. f), Art. 22 para. 1, 4 GDPR) does not take place with us.

Visiting Our Website

When using the website for informational purposes, the following categories of personal data are collected, stored, and further processed by us:

“Log data”: When you visit our website, a so-called log data set (so-called server log files) is temporarily and anonymously stored on our web server. This consists of:

– the page from which the page was requested (so-called referrer URL)
– the name and URL of the requested page
– the date and time of access
– the description of the type, language, and version of the web browser used
– the IP address of the requesting computer, which is truncated so that personal reference is no longer possible
– the amount of data transferred
– the operating system
– the message whether the access was successful (access status/HTTP status code)
– the GMT time zone difference

The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 sentence 1 lit. a) or f) GDPR).

Storage or Deletion of Data

For the processing operations we carry out, we specify below how long the data is stored with us and when it is deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply.

However, storage may continue beyond the specified period in the event of (imminent) litigation with you or other legal proceedings, or if storage is provided for by legal regulations to which we as controller are subject (e.g., § 257 HGB, § 147 AO). When the retention period prescribed by legal regulations expires, the personal data will be blocked or deleted, unless we require further storage and a legal basis exists for it.

Cookies

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (so-called persistent cookies).

You can configure your browser to be informed about the setting of cookies and to decide individually about their acceptance or to exclude the acceptance of cookies for certain cases or generally. If cookies are not accepted, the functionality of our website may be limited.

The purpose of processing is therefore the optimal use and functionality of our website and the provision of necessary services. The legal basis for technically non-essential cookies is your consent pursuant to Art. 6 para. 1 lit. a) GDPR, which we obtain via our so-called “cookie banner”. You can find more details in our consent tool, which we use to obtain your consent.

Consent-Tool: Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to obtain your consent to store certain cookies in your browser or to use certain technologies and to document this in a data protection compliant manner. The provider of this technology is Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of Borlabs Cookie.

The collected data is stored until you request us to delete it, delete the Borlabs cookie yourself, or the purpose for data storage ceases to apply. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The use of Borlabs Cookie consent technology is carried out to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Processing Activities

Personal data is processed in the following operations. The provision of data is neither legally nor contractually required:

Hosting

We host our website with the provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. When you visit our website, the data specified above (“Visiting Our Website”) is transmitted to the servers of the hoster we use.

Contact Form / Inquiry by Phone or Email

If you contact us via the contact form provided on our website, the data you enter there will be processed.

The purpose of processing is to respond to your inquiry and to fulfill any (pre-)contractual obligations. The legal basis is (implicit) consent pursuant to Art. 6 para. 1 lit. a) GDPR and, if applicable, Art. 6 para. 1 lit. b) GDPR.

The data will be stored by us as long as necessary to respond to your inquiry or to fulfill (pre-)contractual or legal obligations.

The same applies accordingly to telephone contact and contact via email.

eTracker

This website uses the analysis service etracker. The provider is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.

Usage profiles can be created from the data under a pseudonym. etracker uses technologies that enable user recognition (e.g., cookies or device fingerprinting) for this purpose. The data collected with etracker technologies is not used to personally identify visitors to this website without the separate consent of the data subject and is not merged with personal data about the bearer of the pseudonym.

Processing is carried out exclusively on the basis of your prior consent pursuant to Art. 6 para. 1 lit. a) GDPR. Consent can be withdrawn at any time.

Data Processing Agreement

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that they only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

Youtube

We have embedded YouTube videos in our online offering, which are stored on YouTube.com and can be played directly from our website. This service is a video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company of Google Ireland is the US-based company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

All YouTube videos are embedded in “extended data protection mode,” i.e., no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos is the data mentioned below transmitted. We have no influence on this data transmission. The legal basis for displaying the videos is Art. 6 para. 1 sentence 1 lit. a) GDPR, i.e., embedding occurs only with your consent.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the basic data mentioned above, such as IP address and timestamp, are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research, and/or needs-based design of its website. Such evaluation occurs in particular (even for non-logged-in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

When using YouTube, personal data may be transmitted to the USA. Since the parent company (of Google Ireland Limited) is a US company (Google LLC), data is transferred to third countries (Art. 44 ff. GDPR), or at least cannot be ruled out. From a data protection perspective, the USA is an insecure third country.

Currently, there is no generally equivalent level of data protection in the USA compared to the EU, which means your personal data is less protected and there is a risk to your rights and freedoms. In particular, due to the legal situation in the USA, it cannot be ruled out that government agencies will have access to data transmitted to the USA or processed/stored by US companies. Such a legal basis for US authorities is Section 702 of the Foreign Intelligence Surveillance Act (“FISA”, a law that regulates foreign intelligence and counterintelligence of the United States).

In addition to this legal regulation, US companies in the telecommunications sector and “remote-computing services” (particularly cloud providers) are subject to the so-called “Cloud Act” (Clarifying Lawful Overseas Use of Data Act). This is a legal clarification according to which access rights also apply when this data is processed outside the USA, provided the data is controlled by US companies.

For the USA, there is an adequacy decision under Art. 45 GDPR with the Trans-Atlantic Data Privacy Framework, whereby US companies have the opportunity to certify themselves and thus demonstrate that the company has an adequate level of data protection.

Google LLC has received appropriate certification under the Trans-Atlantic Data Privacy Framework.

Information on the various legal remedies against the processing of your data by certified US companies can be found at https://www.dataprivacyframework.gov/s/.

If you give your consent, you do so with knowledge of the risks just described. Your consent pursuant to Art. 49 para. 1 a) GDPR is the legal basis for data transfer to a third country.

Google Ireland Limited processes data from visitors to our website. More information about which data is processed by Google Ireland Limited and how the data is handled can be found in Google’s privacy policy at https://policies.google.com/?hl=de.

Microsoft Clarity

We use the analysis service Microsoft Clarity on our website. The provider of this service is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The parent company of this company is Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, USA.

Microsoft Clarity is used to analyze user behavior on our website. The service records, among other things, mouse movements and can create so-called heatmaps. Sessions can also be recorded and information about general user behavior can be created. When using Microsoft Clarity, cookies are also set for user recognition, among other things.

The legal basis for the use of Microsoft Clarity is Art. 6 para. 1 lit. a), Art. 49 para. 1 lit. a) GDPR. Processing is carried out exclusively on the basis of your consent if you have given such consent. Consent can be withdrawn at any time.

When using Microsoft Clarity, personal data may be transmitted to the USA. Since the parent company Microsoft Corporation is a US company, data is transferred to third countries (Art. 44 ff. GDPR), or at least cannot be ruled out. From a data protection perspective, the USA is an insecure third country.

Currently, there is no generally equivalent level of data protection in the USA compared to the EU, which means your personal data is less protected and there is a risk to your rights and freedoms. In particular, due to the legal situation in the USA, it cannot be ruled out that government agencies will have access to data transmitted to the USA or processed/stored by US companies. Such a legal basis for US authorities is Section 702 of the Foreign Intelligence Surveillance Act (“FISA”, a law that regulates foreign intelligence and counterintelligence of the United States).

In addition to this legal regulation, US companies in the telecommunications sector and “remote-computing services” (particularly cloud providers) are subject to the so-called “Cloud Act” (Clarifying Lawful Overseas Use of Data Act). This is a legal clarification according to which access rights also apply when this data is processed outside the USA, provided the data is controlled by US companies.

For the USA, there is an adequacy decision under Art. 45 GDPR with the Trans-Atlantic Data Privacy Framework, whereby US companies have the opportunity to certify themselves and thus demonstrate that the company has an adequate level of data protection.

Microsoft Corporation has received appropriate certification under the Trans-Atlantic Data Privacy Framework.

Information on the various legal remedies against the processing of your data by certified US companies can be found at https://www.dataprivacyframework.gov/s/.

If you give your consent, you do so with knowledge of the risks just described. Your consent pursuant to Art. 49 para. 1 a) GDPR is the legal basis for data transfer to a third country.

Microsoft Corporation processes data from visitors to our website. More information about which data is processed by Microsoft and how the data is handled can be found in Microsoft’s privacy notices at https://www.microsoft.com/de-de/privacy/privacystatement. Further information on how Microsoft Clarity works can be found at https://learn.microsoft.com/de-de/clarity/faq.

Google ReCaptcha

We use the Google ReCaptcha service on our website, an offering from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company of Google Ireland is the US-based company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google ReCaptcha is a security service for fraud prevention, which serves to determine whether actions on our website actually originate from people or from a computer program or bot.

The legal basis for the use of Google ReCaptcha is Art. 6 para. 1 lit. a), Art. 49 para. 1 lit. a) GDPR. Processing is carried out exclusively on the basis of your consent if you have given such consent. Consent can be withdrawn at any time.

When using Google ReCaptcha, personal data may be transmitted to the USA. Since the parent company (of Google Ireland Limited) is a US company (Google LLC), data is transferred to third countries (Art. 44 ff. GDPR), or at least cannot be ruled out. From a data protection perspective, the USA is an insecure third country.

Currently, there is no generally equivalent level of data protection in the USA compared to the EU, which means your personal data is less protected and there is a risk to your rights and freedoms. In particular, due to the legal situation in the USA, it cannot be ruled out that government agencies will have access to data transmitted to the USA or processed/stored by US companies. Such a legal basis for US authorities is Section 702 of the Foreign Intelligence Surveillance Act (“FISA”, a law that regulates foreign intelligence and counterintelligence of the United States).

In addition to this legal regulation, US companies in the telecommunications sector and “remote-computing services” (particularly cloud providers) are subject to the so-called “Cloud Act” (Clarifying Lawful Overseas Use of Data Act). This is a legal clarification according to which access rights also apply when this data is processed outside the USA, provided the data is controlled by US companies.

For the USA, there is an adequacy decision under Art. 45 GDPR with the Trans-Atlantic Data Privacy Framework, whereby US companies have the opportunity to certify themselves and thus demonstrate that the company has an adequate level of data protection.

Google LLC has received appropriate certification under the Trans-Atlantic Data Privacy Framework.

Information on the various legal remedies against the processing of your data by certified US companies can be found at https://www.dataprivacyframework.gov/s/.

If you give your consent, you do so with knowledge of the risks just described. Your consent pursuant to Art. 49 para. 1 lit. a) GDPR is the legal basis for data transfer to a third country.

Google Ireland Limited processes data from visitors to our website. More information about which data is processed by Google Ireland Limited and how the data is handled can be found in Google’s privacy policy at https://policies.google.com/?hl=de.

Google Web Fonts

We use Google Web Fonts on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We have integrated Google Web Fonts locally on our website, so there is no connection to Google servers and therefore no data transmission to or storage at Google in connection with the use of Google Web Fonts.

The processing of your personal data is based on our legitimate interest pursuant to Art. 6 para. 1, lit. f) GDPR.

Handling of Application Data

We offer you the opportunity to apply to us (e.g., by email, mail, or via online application form). When you submit an application to us, we process your associated personal data (e.g., contact and communication data, application documents, notes during interviews, etc.), insofar as this is necessary for deciding on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b) GDPR (general contract initiation), and – if you have given consent – Art. 6 para. 1 lit. a) GDPR. Consent can be withdrawn at any time. Your personal data will only be passed on within our company to persons involved in processing your application. If the application is successful, the data you submitted will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b) GDPR for the purpose of carrying out the employment relationship.

Retention Period for Data

If we cannot make you a job offer, you reject a job offer, or you withdraw your application, we reserve the right to retain the data you transmitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). Subsequently, the data will be deleted and the physical application documents destroyed. The retention serves in particular for evidentiary purposes in the event of legal disputes. If it is evident that the data will be required after the expiry of the 6-month period (e.g., due to an imminent or pending legal dispute), deletion will only take place when the purpose for further retention ceases to apply.

Longer retention may also occur if you have given corresponding consent (Art. 6 para. 1 lit. a) GDPR) or if statutory retention obligations prevent deletion.

Consent History

Service List