1. data controller and data protection officer; scope of application

(1) We, MAS GmbH, Schmigalla Straße 1, 71229 Leonberg, Germany, Tel.: +49 7152-6065-0, Fax: +49 7152-6065-65, E-Mail: zentrale@mas-tools.de, are responsible for the processing of personal data of you as a user of the websites, available at www.mas-tools.de (hereinafter also referred to as "WEBSITE"), as our business partner (e.g. customer or supplier), as an applicant with us and as any other person with whom we communicate ("you") in accordance with Art. 4 No. 7 of the EU General Data Protection Regulation ("GDPR").

(2) Our data protection officer is: Dr. Norbert Kuhn, Alexanderstraße 4A, 70184 Stuttgart, Germany, e-mail: datenschutz@mas-tools.de

(3) The protection of your personal data is an important concern for us. Therefore, as part of our duty to inform you, we would first like to inform you in detail about the processing of your personal data in our other business transactions and communication with you as well as in your application to our company.

Supplementary information for our business partners and applicants in accordance with Art. 13, 14 GDPR can be found below:

a) Information on the processing of personal data of our  partners 
b) Information on the processing of your applicant data
c) Information on data processing when using MS Teams

(4) Furthermore, we would like to inform you in detail about the processing of your personal data on our social media platforms.

Additional information about our presence on social media platforms can be found below:

Information sheet data protection social

(5) Furthermore, we would like to inform you below about the processing of your personal data when you visit our WEBSITE, about the accompanying protective measures that we have also taken in technical and organizational terms on our WEBSITE, as well as your rights with regard to the processing of personal data concerning you.

2. general principles for the processing of your personal data

(1) Personal data is any information relating to an identified or identifiable natural person. Your personal data therefore includes all data that can be directly or indirectly assigned to your person, such as your name, your address, your telephone number or your e-mail address.

(2) Personal data is primarily processed by us if and to the extent that
- you have given us your consent to data processing for one or more specific purposes (Art. 6 para. 1 subpara. 1 letter a GDPR)
- the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (Art. 6 (1) (1) (b) GDPR)
- the data processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 para. 1 subpara. 1 letter c GDPR), or
- data processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Article 6(1)(1)(f) GDPR).

(3) In the following provisions of this privacy policy, we will explain to you which of the legal bases listed in paragraph 2 or other legal bases we use to process your personal data in individual cases.

(4) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. Furthermore, we may pass on your personal data to third parties if contracts or similar services are offered by us together with partners. You will receive more detailed information on this when you provide your personal data or in the following provisions of this privacy policy. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will also inform you of the consequences of this circumstance in the following provisions of this privacy policy.

(5) The scope and type of processing of your data differs depending on whether you visit our WEBSITE to retrieve information (see section 3 below) or contact us, register for an event or our newsletter (see section 4 below).

3. use of our WEBSITE

3.1 Log data when using our WEBSITE

(1) In connection with the use of our WEBSITE, we collect the data that your Internet browser automatically transmits to our server. The following data is collected:

- IP address of the requesting computer
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates
- browser
- Operating system and its interface
- Language and version of the browser software.

(2) This data is technically necessary for us to enable you to use and function our WEBSITE, in particular to display the WEBSITE and to ensure the security and stability of the WEBSITE. This data is not linked to the personal data of a specific natural person. Our legitimate interest lies in a functioning website. The legal basis is Art. 6 para. 1 subpara. 1 letter f GDPR.

(3) We delete your data as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the purely informative provision of our WEBSITE, the deletion takes place when the respective session has ended. Your IP address is stored for up to seven days. The temporary storage of the IP address by our system is necessary in order to rectify faults on our WEBSITE and to avert dangers.

3.2 Cookies and similar functionalities

(1) In addition to the aforementioned data, cookies and similar functionalities ("cookies") are stored on your computer when you use our WEBSITE. Cookies are small text files that are stored on your hard disk assigned to the browser you are using and through which certain information flows to the place that sets the cookie (here by us). A cookie cannot execute programs or independently transfer malware to your computer.

(2) Our WEBSITE uses the following types of cookies, the scope and function of which are explained below:

- Transient cookies (see a)
- Persistent cookies (see b).

a) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. Session cookies are deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

(3) Our WEBSITE uses different types of cookies. The cookies are classified as (a) "Necessary", (b) Preferences, (c) "Statistics" and (d) "YouTube".

(a) Necessary cookies help us to make our WEBSITE usable by enabling basic functions such as page navigation, access to secure areas of the website and the correct display of the page on the respective end device. Our WEBSITE cannot function properly without these cookies. Furthermore, our site may be protected against attacks.
(b) Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in. We do not currently use these types of cookies.

(c) Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

(d) YouTube cookies are used to play YouTube videos on the website for visitors.

We only integrate cookies from the respective service providers of statistics and YouTube if you have given us your prior consent to do so via our consent manager. You can give us your consent via the consent manager of our WEBSITE by confirming the "Allow all" button or for individual areas by activating the area and "Allow selection". You can revoke your consent at any time with effect for the future, e.g. via the consent manager, which you can access at any time via the link at the bottom left of our WEBSITE. Of course, you can also (re)grant your consent at any time via the consent manager.

(4) If personal data is processed by necessary cookies, the processing is carried out in accordance with Art. 6 para. 1 subpara. 1 letter f GDPR to safeguard our legitimate interests in the best possible functionality of our WEBSITE and the correct display on the respective end device. With regard to the processing of personal data by cookies of the respective service providers, you will find the legal basis and further data protection information under the following sections 3.3 to 3.5 of this privacy policy.

(5) You can also prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our WEBSITE to their full extent.

3.3 Cookiebot consent manager

(1) Our WEBSITE uses the Cookiebot Consent Management Platform ("Cookiebot") of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark ("Usercentrics") to obtain, document and manage your consent to the storage of cookies on your device. We have concluded an order processing contract with Usercentrics.

(2) The purpose of integrating "consentmanager" is to allow you as a visitor/user of our WEBSITE to decide whether and which cookies and similar functionalities are set in the context of the further use of our WEBSITE. You can use the "consentmanager" tool to give and/or withdraw your consent for several or individual processing purposes. You can change the settings you have selected at any time afterwards using the "consentmanager" tool. Further information on this can be found above under section 3.2 para. 3 of this privacy policy.

(3) When you visit our WEBSITE and use Cookiebot, the following data is collected and transmitted to Usercentrics:

- Your IP number in anonymized form (the last two octets are anonymized).
- Date and time of consent.
- User agent of your browser.
- The URL from which the consent was sent.
- An anonymous, random and encrypted key.
- Your consent status, which serves as proof of consent.

(4) The key and the consent status are also stored in your browser in the cookie "CookieConsent" so that our WEBSITE can automatically read and follow your consent in all subsequent page requests and future sessions for up to 12 months. The key is used for proof of consent and for an option to check whether the consent status stored in your browser is unchanged compared to the original consent that was transmitted to Usercentrics.

(5) Insofar as the storage of your data is necessary in order to be able to prove your consent pursuant to Art. 7 para. 1 GDPR, the legal basis for the use of consentmanger is the fulfillment of our legal obligations pursuant to Art. 6 para. 1 subpara. 1 lit. c GDPR. Otherwise, Art. 6 para. 1 subpara. 1 letter f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and the evaluation of consent rates.

(6) Your data will be deleted as soon as it is no longer required for logging purposes and there are no statutory retention periods to the contrary. Twelve months after the user settings have been made, we will ask for your consent again. The user settings made will then be saved again for this period. However, you can delete the information about your user settings yourself at any time in the terminal device capacities provided for this purpose.

(7) Further information on the processing of your data by Usercentrics can be found in Usercentrics' privacy policy at https://www.cookiebot.com/de/privacy-policy/.

3.4 Matomo

(1) Our WEBSITE uses the web analysis service Matomo from InnoCraft Ltd (150 Willis St, 6011 Wellington, New Zealand; "Matomo") to analyze and regularly improve the use of our WEBSITE. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.

(2) As part of our web analysis, tracking cookies are set on your computer which support the analysis of user behavior.

(3) Our WEBSITE uses Matomo with the extension "AnonymizeIP". This means that the last two octets of IP addresses are truncated for further processing, so that they cannot be directly linked to individuals. The IP address transmitted by your browser via Matomo is not merged with other data collected by us or passed on to third parties.

(4) The legal basis for the processing of personal data in connection with Google Analytics is your consent pursuant to Art. 6 para. 1 subpara. 1 letter a GDPR. We also use cookies or comparable technologies with your consent on the basis of Section 25 (1) sentence 1 TTDSG in conjunction with Art. 6 para. 1 subpara. 1 letter a GDPR.

You can withdraw your consent at any time without this affecting the lawfulness of processing up to the point of withdrawal. The easiest way to withdraw your consent is via our Consent Manager.

(5) In addition, the "Do not track" function is activated in our Matomo installation. If your browser supports this function and you have activated it in your browser settings, Matomo will not collect any data.

(6) We use Matomo in the cloud-based solution. Your data is transmitted to "Matomo" in New Zealand. With regard to New Zealand, there is a so-called adequacy decision of the European Commission. Detailed information on the existence of the Commission's adequacy decision can be found here:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en?prefLang=de
(7) If you consent to and enable the storage of cookies, we will store the data for a maximum of 14 months. Data that has reached the end of this retention period will be deleted automatically.

(8) The Matomo program is an open source project. Information from the third-party provider on data protection can be found at https://matomo.org/privacy-policy/.

3.5 YouTube

(1) The "YouTube" service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). With your consent by activating the button in our YouTube notice window, videos from YouTube are integrated into our online offer, which are stored on http://www.YouTube.com and can be played directly from our WEBSITE. YouTube videos are integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in the next paragraph be transmitted. We have no influence on this data transfer.

(2) Upon activation, YouTube receives the information that you have accessed the corresponding subpage of our WEBSITE. In addition, the data mentioned under section 3 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our WEBSITE. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

(3) The legal basis for the processing of personal data in connection with YouTube is your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR. We also use cookies or comparable technologies with your consent on the basis of § 25 para. 1 sentence 1 TTDSG i.V.m. Art. 6 para. 1 subpara. 1 letter a GDPR.

(4) You can withdraw your consent at any time without affecting the permissibility of the processing up to the time of withdrawal. The easiest way to withdraw your consent is via our Consent Manager.

(5) When using YouTube, it cannot be ruled out that personal data will be transmitted to the servers of Google LLC in the USA. Google is certified in accordance with the "EU-US Data Privacy Framework". This is an agreement between the European Union and the USA to comply with European data protection standards for data processing in the USA. Certified companies undertake to comply with these data protection standards. You can find more information on this here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

The transfer is also carried out by Google on the basis of standard contractual clauses of the EU Commission as suitable guarantees for the protection of personal data, available at: https://privacy.google.com/businesses/controllerterms/mccs/

(6) Further information on the purpose and scope of data collection and processing by YouTube can be found in Google's privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

4. contact / newsletter

In addition to the purely informational use of our WEBSITE, we process personal data when you contact us or register for our events or our newsletter. In detail:  

4.1 Contact

(1) If you contact us, for example to provide us with your feedback, the contact data you provide (e.g. first and last name, e-mail address, telephone number) will be processed to answer your inquiries and/or suggestions sent by e-mail or otherwise. The processing of your data serves exclusively to process the contact.

(2) The legal basis for the processing of the data is Art. 6 para. 1 subpara. 1 letter f GDPR. If your message is aimed at the conclusion of a contract, the additional legal basis for the processing of your data is Art. 6 para. 1 subpara. 1 letter b GDPR.

(3) Insofar as no statutory or contractual retention periods prevent the deletion of your personal data, we will delete it as soon as it is no longer required to achieve the purpose for which it was collected.

4.2 Registration for MAS events (workshops)

(1) If you wish to register for a workshop on our WEBSITE, it is necessary for the conclusion of the contract that you provide your (personal) data, which we require for the processing of your registration. Further information from you is voluntary and can be provided via the message field. We also process the voluntary data you provide to process your registration. The legal basis is Art. 6 para. 1 subpara. 1 letter b GDPR or Art. 6 para. 1 subpara. 1 letter f GDPR for the voluntary data you provide.

(2) Due to commercial and tax law requirements, we are obliged to store your data for a period of ten years. However, we restrict processing after two years, i.e. your data will only be used to comply with legal obligations.

(3) To prevent unauthorized access to your personal data by third parties, the registration process is encrypted using TLS technology.

4.3 Ordering our newsletter

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers and activities. The advertised offers and activities are named in the declaration of consent.

(2) The newsletter is sent via the technical service provider CleverReach GmbH & Co KG (Schafjückenweg 2, 26180 Rastede, Germany; "CleverReach"). For this purpose, it is necessary for us to transmit the data you provided when registering for the newsletter to CleverReach. This data is stored on CleverReach's servers in Germany or Ireland. Further information on data protection can be found in CleverReach's privacy policy at CleverReach privacy policy

(3) We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data or to cooperate in the clarification.

(4) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 subpara. 1 letter a GDPR.

(5) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to datenschutz@mas-tools.de or by sending a message to the contact details given in Section 1.

(6) We will delete your data as soon as it is no longer required for the purpose for which it was collected or one month after you have revoked your declaration of consent to receive newsletters.

5. data security

(1) We use technical and organizational security measures to protect personal data that is generated or collected, in particular against accidental or intentional manipulation, loss, destruction or attack by unauthorized persons. Our security measures are continuously improved in line with technological developments.

(2) Our WEBSITE is encrypted using SSL technology to prevent access by unauthorized third parties. You can recognize the secure transmission by the protocol designation "https://" in the URL line.

6. your rights

(1) With regard to the processing of personal data concerning you, you are entitled to the rights listed below under letters a - h vis-à-vis us under the legal requirements. Please contact us or our data protection officer for this purpose. You will find the contact details under Section 1.

a) Right to information
In accordance with Art. 15 GDPR, you can request confirmation from us as to whether personal data concerning you is being processed by us. In this case, you have a right to information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned storage period or criteria for determining the storage period, the existence of a right to data portability in accordance with Art. 15 para. 1 GDPR. the criteria for determining the storage period, the existence of a right to rectification or erasure of your personal data and to restriction of processing or objection to processing, the existence of a right of appeal to a supervisory authority, the origin of the data if we have not collected your data from you, the existence of automated decision-making including profiling and, pursuant to Art. 15 para. 2 GDPR, the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in the context of the transfer of personal data to third countries.

b) Right to rectification 
In accordance with Art. 16 GDPR, you have the right to obtain from us without undue delay the rectification and/or, taking into account the purposes of the processing, the completion of your personal data if your data is inaccurate or incomplete.

c) Right to erasure 
In accordance with Art. 17 GDPR, you can demand that we erase your personal data without undue delay if there is a reason in accordance with Art. 17 (1) (a-f) GDPR. However, the right to erasure of your personal data does not exist in particular if processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims (Art. 17 para. 3 GDPR).

d) Right to restriction of processing 
You can demand that we restrict the processing of your personal data in accordance with Art. 18 GDPR as long as we verify the accuracy of your data that you dispute, if you refuse to delete your data due to unlawful processing and instead demand the restriction of the use of your data, if you need your data to assert, exercise or defend legal claims, or if you have lodged an objection to the processing as long as it is not yet clear whether our legitimate reasons prevail.

e) Right to information 
We will inform all recipients to whom your personal data has been disclosed of any rectification or erasure of your personal data or restriction of processing in accordance with Art. 16, 17 (1) and 18 GDPR, unless this proves impossible or involves disproportionate effort. According to Art. 19 p. 2 GDPR, you have the right to be informed about these recipients upon request.

f) Right to data portability 
In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller, provided that the other requirements of Art. 20 GDPR are met, in particular that this is technically feasible.

g) Right to object 
Insofar as we base the processing of your personal data on the legitimate interests pursuant to Art. 6 para. 1 subpara. 1 letter f GDPR, you may object to the processing pursuant to Art. 21 GDPR. This is the case if the processing is not necessary in particular for the performance of a contract with you, which is described by us in each case in the above description of the offers. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection , we will examine the situation and, in accordance with Art. 21 para. 1 sentence 2 GDPR, either no longer process the personal data or provide you with evidence of our compelling legitimate grounds for processing that outweigh your interests, rights and freedoms. We also reserve the right to further processing if the processing serves the assertion, exercise or defense of legal claims. Of course, you can object to the processing of your personal data for advertising and profiling purposes in connection with direct advertising at any time in accordance with Art. 21 para. 2 GDPR. You can inform us or our data protection officer of your objection using the contact details provided in section 1.

h) Right to withdraw consent 
In accordance with Art. 7 (3) GDPR, you have the right to withdraw any consent you have given us under data protection law at any time with effect for the future. However, this does not affect the lawfulness of the processing that took place on the basis of your consent up to the time of withdrawal.

(2) If you believe that the processing of your data violates data protection regulations, you also have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Please contact a supervisory authority in the member state of your place of residence, your place of work or the place of the potential infringement.

7. amendment of these data protection provisions

We reserve the right to change this privacy policy at any time with effect for the future. A current version is always available on our WEBSITE. Please visit the WEBSITE regularly and inform yourself about the applicable data protection provisions.

Effective: January 27th, 2025