Skip to content

Data Protection

We are pleased that you are visiting our website. Below, we would like to inform you about the personal data we collect, the purposes for which we process your personal data, and the rights you have.

Definitions

In accordance with Article 4 of the GDPR, the following definitions apply to this privacy policy:

Personal data (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or by means of information relating to their physical, physiological, genetic, mental, economic, cultural or social identity. Identifiability can also arise through the combination of such information or with additional knowledge. The nature, format, or embodiment of the information is irrelevant (e.g., photographs, video, or audio recordings may also contain personal data).

Processing (Art. 4 No. 2 GDPR) means any operation or set of operations which is performed on personal data, whether or not by automated means. This includes, in particular, the collection (i.e., acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data, as well as changing the original purpose or objective of the data processing.

Controller (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Third party (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data. This includes other legal entities belonging to the same corporate group.

Processor (Art. 4 No. 8 GDPR) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular according to the controller’s instructions (e.g., IT service providers). In terms of data protection law, a processor is not considered a third party.

Consent (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Controller

Mahler AGS GmbH
Hedelfinger Straße 60
70327 Stuttgart
Germany

Phone: +49 (711) 87030-0
Fax: +49 (711) 87030-200
Email: info@mahler-ags.com

Data Protection Officer

We have appointed a Data Protection Officer:

RA Kai Schützle
Schützle Rechtsanwaltsgesellschaft mbH
Gutbrodweg 6/3
74074 Heilbronn
Germany

Phone: +49 7131 12 08 73 00
Email: datenschutz@ra-schuetzle.de

Types of Data Processed

Inventory data such as name and address
Contact data such as email address and telephone number
Metadata, communication data, and usage data such as IP address and operating system

Rights of Data Subjects

Right of access (Art. 15 GDPR)
You have the right to obtain confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right to access such personal data and the information listed in Article 15(1) GDPR.

Right to rectification (Art. 16 GDPR)
If we process inaccurate personal data concerning you, you have the right to request the correction of such data. You also have the right to request the completion of incomplete personal data.

Right to erasure (Art. 17 GDPR)
If one of the reasons listed in Article 17(1) GDPR applies, you have the right to request the immediate deletion of your personal data. This does not apply if one of the exceptions in Article 17(3) GDPR exists.

Right to restriction of processing (Art. 18 GDPR)
If one of the conditions specified in Article 18(1) GDPR is met, you have the right to request the restriction of the processing of your data.

Right to object to processing (Art. 21 GDPR)
If we process your personal data based on Article 6(1)(e) or (f) GDPR, you have the right, pursuant to Article 21(1) GDPR, to object to the processing on grounds relating to your particular situation.

Right to data portability (Art. 20 GDPR)
Provided the conditions of Article 20(1) GDPR are met, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us.

Right to withdraw consent at any time (Art. 7(3) GDPR)
You have the right to withdraw your consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you have any complaints regarding the processing of your personal data, you may also contact a data protection supervisory authority. The authority responsible for the controller is:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Germany

Phone: +49 711 615541-0
Fax: +49 711 615541-15
Email: poststelle@lfdi.bwl.de

However, you may generally direct your complaint to any data protection supervisory authority, in particular to the one in your place of residence, place of work, or the place of the alleged infringement.

Existence of Automated Decision-Making Including Profiling (Art. 13(2)(f), Art. 22(1), (4) GDPR)
Automated decision-making, including profiling, as referred to in Art. 13(2)(f) and Art. 22(1), (4) GDPR, does not take place on our part.

Visiting Our Website
When using our website for informational purposes only, we collect, store, and process the following categories of personal data:

“Log data”: When you visit our website, a so-called log file (server log files) is temporarily and anonymized stored on our web server. This log file contains:

  • the page from which the request was made (so-called referrer URL)

  • the name and URL of the requested page

  • the date and time of the request

  • a description of the type, language, and version of the web browser used

  • the IP address of the requesting device, shortened to prevent any personal reference

  • the amount of data transferred

  • the operating system

  • a message indicating whether the request was successful (access status/HTTP status code)

  • the GMT time zone difference

The processing of log data is carried out for statistical purposes and to improve the quality of our website, particularly for connection stability and security (legal basis: Art. 6(1)(a) or (f) GDPR).

 
 

Storage and Deletion of Data

For each processing activity we carry out, we indicate below how long the data is stored and when it is deleted or blocked. Unless a specific storage period is stated, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies.

However, storage may continue beyond the specified period in the event of (impending) legal disputes with you or other legal proceedings, or if storage is required by statutory provisions to which we, as the controller, are subject (e.g., § 257 of the German Commercial Code (HGB), § 147 of the German Fiscal Code (AO)). Once the legally prescribed retention period expires, the personal data will be blocked or deleted unless further storage is necessary and a legal basis exists for such continued storage.

Cookies

To make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (so-called persistent cookies).

You can configure your browser to inform you about the setting of cookies and to decide individually whether to accept them, or to exclude the acceptance of cookies for specific cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.

The purpose of processing is to ensure the optimal use and functionality of our website and the provision of necessary services. The legal basis for non-essential cookies is your consent in accordance with Art. 6(1)(a) GDPR, which we obtain via our “cookie banner.” You can find more detailed information in our consent tool, which we use to collect your consent.

Consent Tool: Borlabs Cookie

Our website uses the consent technology provided by Borlabs Cookie to obtain your consent for storing certain cookies in your browser or for the use of specific technologies, and to document this consent in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany (hereinafter referred to as “Borlabs”).

When you enter our website, a Borlabs cookie is stored in your browser, which contains the consents you have given or the withdrawal of such consents. These data are not transmitted to the provider of Borlabs Cookie.

The collected data will be stored until you request deletion, delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. For more information on data processing by Borlabs Cookie, please visit: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The use of Borlabs Cookie Consent technology serves to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content—such as orders or inquiries that you send to us as the website operator—this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address bar from “http://” to “https://” and by the lock icon in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Processing Activities

Personal data is processed in the following operations. The provision of such data is neither legally nor contractually required:

Hosting
We host our website with the provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you visit our website, the data described above under “Visiting Our Website” is transmitted to the servers of our hosting provider.

Contact Form / Inquiries by Phone or Email

If you contact us via the contact form provided on our website, the data you enter will be processed accordingly.

The purpose of the processing is to respond to your inquiry and to fulfill any (pre-)contractual obligations. The legal basis is your (implied) consent pursuant to Art. 6(1)(a) GDPR and, where applicable, Art. 6(1)(b) GDPR.

We store the data for as long as necessary to respond to your inquiry or to fulfill (pre-)contractual or legal obligations.

The same applies accordingly to contact made by telephone or email.

eTracker

This website uses the analytics service etracker. The provider is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.

Usage profiles can be created from the data under a pseudonym. etracker uses technologies that make it possible to recognize users (e.g., cookies or device fingerprinting). The data collected using etracker technologies will not be used to personally identify visitors to this website without the explicit consent of the data subject and will not be merged with personal data relating to the bearer of the pseudonym.

Processing is carried out exclusively on the basis of your prior consent pursuant to Art. 6(1)(a) GDPR. This consent can be withdrawn at any time.

Order Processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

 

YouTube

We have integrated YouTube videos into our online offering, which are stored on YouTube.com and can be played directly from our website. This service is provided by the video platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company of Google Ireland is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. All YouTube videos on our site are embedded in “enhanced privacy mode”, which means that no data about you as a user is transmitted to YouTube unless you play the videos. Only when you play a video will the data mentioned below be transmitted. We have no influence on this data transfer. The legal basis for displaying the videos is your consent pursuant to Art. 6(1)(a) GDPR; videos are only embedded after you have given your consent.

When visiting the website, YouTube receives the information that you have accessed the corresponding subpage. In addition, basic data such as your IP address and timestamp are transmitted. This happens regardless of whether YouTube provides a user account through which you are logged in or if no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not want this association with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research, and/or the personalized design of its website. This analysis also occurs for users who are not logged in and is used, for example, to provide personalized advertising and to inform other users of the social network about your activity on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube directly.

The use of YouTube may involve the transfer of personal data to the USA. Since the parent company of Google Ireland Limited is a US-based company (Google LLC), data may be transferred to third countries (pursuant to Art. 44 et seq. GDPR), or at least such transfer cannot be ruled out. From a data protection perspective, the USA is considered an insecure third country.

There is currently no general level of data protection in the USA equivalent to that of the EU, meaning your personal data may be less protected, posing a potential risk to your rights and freedoms. In particular, due to US legislation, it cannot be ruled out that government authorities may gain access to data transmitted to or processed/stored by US companies. One such legal basis is Section 702 of the Foreign Intelligence Surveillance Act (FISA), a law governing foreign intelligence gathering and counterintelligence in the United States.

Additionally, US companies in the telecommunications and “remote computing services” sectors (which includes cloud providers) are subject to the “CLOUD Act” (Clarifying Lawful Overseas Use of Data Act). This law clarifies that access rights also apply when data is processed outside the USA, provided it is controlled by a US company.

There is, however, an adequacy decision for the USA under the Trans-Atlantic Data Privacy Framework pursuant to Art. 45 GDPR, which allows US companies to certify and thereby demonstrate that they provide an adequate level of data protection.

Google LLC is certified under the Trans-Atlantic Data Privacy Framework.
Information about your legal remedies against the processing of your data by certified US companies can be found at: https://www.dataprivacyframework.gov/s/.

By giving your consent, you do so with knowledge of the risks described above. Your consent constitutes the legal basis for the transfer of data to a third country pursuant to Art. 49(1)(a) GDPR.

Google Ireland Limited processes data from visitors to our website. For more information about the data Google Ireland Limited processes and how it is handled, please refer to Google’s privacy policy at: https://policies.google.com/?hl=en.

 

Google Search Console

We have integrated Google Search Console into our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company of Google Ireland is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We do not collect any personal data from you on our website through the use of Google Search Console. We only receive aggregated reports from Google based on data collected and analyzed via the Google search engine. No personal data is transmitted to us. The controller for this data processing is therefore Google Ireland Limited.

For more information on what data is processed by Google Ireland Limited and how your data is handled, please refer to Google’s privacy policy at: https://policies.google.com/?hl=en.

 

Handling of Applicant Data

We offer you the opportunity to apply to us (e.g., by email, post, or via an online application form).
If you send us an application, we process the personal data associated with it (e.g., contact and communication data, application documents, notes from interviews, etc.), insofar as this is necessary for the decision on establishing an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and—if you have given your consent—Art. 6(1)(a) GDPR. Consent can be withdrawn at any time.

Your personal data will be shared within our company only with persons involved in processing your application. In the course of the application process, we also work with an external recruitment agency, to whom we forward your application data. We have concluded a data processing agreement with this agency in accordance with Art. 28 GDPR.

If your application is successful, the data you submitted will be stored in our data processing systems for the purpose of carrying out the employment relationship, based on § 26 BDSG and Art. 6(1)(b) GDPR.

Data Retention Period

If we are unable to make you a job offer, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you provided for up to 6 months after the conclusion of the application process (rejection or withdrawal) based on our legitimate interests (Art. 6(1)(f) GDPR). The data will then be deleted and any physical application documents destroyed. This retention primarily serves as evidence in the event of a legal dispute.

If it is evident that the data will still be required after the 6-month period (e.g., due to a pending or threatened legal dispute), the data will only be deleted once the purpose for continued storage no longer applies.

Longer retention may also occur if you have given your explicit consent (Art. 6(1)(a) GDPR) or if legal retention obligations prevent deletion.

In the event of discrepancies or contradictions between the German and English versions, only the German version shall be authoritative and legally binding.