Privacy policy
1. general notes and mandatory information
We warmly welcome you to our website and are delighted that you are interested in our company. When you use this website, various personal data (data) is collected. This refers to data with which you can be personally identified. We take the protection of your personal data seriously. We therefore process your data in accordance with the EU General Data Protection Regulation (GDPR). This privacy policy informs you below about the processing of your personal data and the rights to which you are entitled.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Responsible person and data protection officer
The controller in accordance with the EU General Data Protection Regulation (GDPR) is
Mosca GmbH
Mosca 1
69429 Waldbrunn
Represented by: Timo Mosca (Managing Director), Simone Mosca (Managing Director), Alfred Kugler (Managing Director)
Phone: +49 6274 932-0
E-mail: info@mosca.com
You can reach our data protection officer at datenschutz@mosca.com.
1.1 Rights
You have extensive rights with regard to the processing of your personal data.
Right to information:
You have the right to information about the data stored by us, in particular for what purpose the data is processed and how long the data is stored (Article 15 GDPR).
Right to rectification of inaccurate data:
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Article 16 GDPR).
Right to erasure:
You have the right to request that we erase the personal data concerning you. These conditions stipulate that you can request the deletion of your data if, for example, we no longer need the personal data for the purposes for which it was collected or otherwise processed, if we process the data unlawfully or if you have legitimately objected to it or if there is a legal obligation to delete it (Article 17 GDPR).
Right to restriction of processing:
You have the right to request that the processing of your data be restricted. This right exists in particular for the duration of the review if you have disputed the accuracy of the data concerning you and in the event that you request restricted processing instead of erasure in the case of an existing right to erasure. Furthermore, processing will be restricted in the event that the data is no longer required for the purposes pursued by us, but you need the data to assert, exercise or defend legal claims and if the successful exercise of an objection is disputed between us and you (Article 18 GDPR).
Right to data portability:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format (Article 20 GDPR), unless it has already been erased.
Right of objection:
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (Article 21 GDPR). We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims. If you wish to object to the processing of your personal data, please send us an e-mail or write to the above-mentioned contact address of the controller. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.
Right of withdrawal:
A given consent can be revoked at any time, whereby the revocation does not affect the legality of the processing carried out until then on the basis of the consent.
Right to lodge a complaint with the supervisory authority:
You have the option of contacting the above-mentioned data protection officer or a data protection supervisory authority if you believe that the processing of your personal data violates the General Data Protection Regulation.
A list of data protection supervisory authorities can be found here:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
1.2 Processing of data
Below we inform you about the processing of your data as a visitor to our website. General information on the processing of personal data (information Art. 13 GDPR) can be found here:
Information on the processing of personal data
1.3 SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
1.4 Links
On our websites we offer you links to websites that may be of interest to you. We have no influence on their content. We assume no liability for this external content. The respective providers or operators of these websites are responsible for their content. The linked pages were checked for possible legal violations at the time the link was created. Such were not recognizable at the time the link was set. However, constant monitoring of the content of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of any legal infringements on the linked websites, we will remove the relevant links immediately.
2. data collection on our website
2.1 Server log files
The website operator or site provider collects data about access to the site and stores it as "server log files". The following data is logged in this way:
-
- IP address used (anonymized)
- Time at the time of access
- Visited website
- Protocols
- Statuscode
- Datenmenge
- Referrer URL
- User Agent
- Host name of the accessing computer
This data is not merged with other data sources. The basis for data processing is to display our website to you and to ensure stability and security, Art. 6 para. 1 lit. f GDPR.
Further details on the data collected can be found here: https://www.mittwald.de
2.2 Cookies and third-party services
Some of the Internet pages use so-called cookies. They serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. "Session cookies" are automatically deleted at the end of your visit. Other cookies remain stored on your end device for a longer period of time or until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Section 25 (2) TDDDG in conjunction with Art. 6 (1) lit. f GDPR. Art. 6 para. 1 lit. f GDPR stored. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.
This site uses different types of cookies (e.g. cookies to analyze your surfing behavior). Some cookies are placed by third parties that appear on our pages. The legal basis for the processing of personal data using cookies that are not technically necessary is Section 25 (1) TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. You can change or revoke your consent to the setting of cookies on our website at any time:
You can also contact us regarding your consent. Please enter your consent ID and the date.
2.3 Request by contact form, e-mail, telephone or fax
If you contact us by contact form, e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
3. social media
As we are represented with our content on platforms such as YouTube, Facebook, Instagram or Twitter, we would like to inform you here about data processing in connection with platforms, insofar as we know and can influence them.
If we open a profile or channel on a platform, the operator sets cookies (explanation, see above) as soon as a user visits the profiles or channels. The platform operators use cookies or other technologies to collect personal data from users in order to evaluate user behavior. This applies in particular if you are already registered on these platforms. You can find more detailed information on this in the respective data protection information of the platforms.
We only receive evaluations of the use of our content from the operators of the platforms in non-personal form, which are used for the analysis of user behavior for statistical purposes. This enables us to better tailor our offers to the needs and interests of the target group.
We can use the filters provided by the operators of the platforms to select the categories of data according to which the operators provide visitor statistics in aggregated form. The operators provide us with the following criteria or categories to evaluate the activities of our content in aggregated form, provided that the corresponding information has been provided by the user or is collected by the operator. These may be Age range, gender, location (state and country), language, mobile or stationary page views (YouTube additionally individual device types and operating system), interactions in the context of posts (e.g. reactions, comments, shares, clicks, views, video usage time), time of use.
We do not know what personal data the operators of the platforms collect overall and for what other purposes the operators process user data. We have no influence on the data protection regulations of a platform or the collection, analysis and use of user data. As we do not process any personal data from users, but only receive anonymized statistical data, it is not possible for us to establish a reference to individuals and provide corresponding data information. Please contact the operator of the respective platform for this purpose.
We advise you to use the various data protection and security settings on the respective platform and to check them regularly.
In its data guidelines, the respective platform operator explains which data is collected during use:
https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
Users have the option of requesting a copy of the recorded data https://www.linkedin.com/help/linkedin/answer/50191
https://privacy.xing.com/de/datenschutzerklaerung
Users have the option of requesting a copy of the recorded data: https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen/auskunftsrecht
YouTube
https://policies.google.com/privacy
Users have the option of requesting a copy of the recorded data: https://takeout.google.com/
https://www.facebook.com/policy
Users have the option of requesting a copy of the recorded data: https://www.facebook.com/settings?tab=your_facebook_information
https://twitter.com/de/privacy
Users have the option of requesting a copy of the recorded data: https://twitter.com/personalization
YouKu
3.1 Meta Platforms
We operate so-called fan pages on the social media platforms Facebook and Instagram (Meta Platforms Ireland Limited (Facebook), 4 Grand Canal Square, Dublin 2, Ireland) in order to communicate with the users active there who have marked our fan page with "Like" and to inform them about our products and services, among other things.
Facebook generally stores cookies on users' devices, in which the usage behavior and interests of the users are stored. The user data processed in this way is used in particular for market research and advertising purposes. Among other things, user profiles are created from the usage behavior and the resulting interests. These can be used, for example, to display interest-based advertising within and outside of Facebook. In addition, data can also be stored in the user profiles independently of the devices used by the users, especially if the users are logged in as registered members of Facebook.
This data processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR (information about our products and services; communication with users).
If requests for information or other data subject rights are asserted in accordance with the GDPR, we would like to point out that these should be asserted most effectively with Facebook or Instagram. As the operator of the fan page, we generally have no access to the data processed by Facebook itself. Although we and Facebook are considered joint controllers within the meaning of the GDPR, only Facebook as the provider can access user data and therefore provide full information or fulfill other obligations, such as user requests for deletion.
As a Fanpage operator, we cannot guarantee that all data subject rights can be enforced against Facebook or that user data will not be processed outside the European Union.
For more information on the purpose and scope of data collection and processing, your rights as a data subject within the meaning of the GDPR and your objection and setting options to protect your personal data on Facebook, please refer to Facebook's privacy policy: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland - Privacy Policy: https://www.facebook.com/about/privacy/.
Facebook offers the option to remove cookies by opting out:
https://www.facebook.com/settings?tab=ads.
4. Analysis Tools
4.1 Web analytics with Matomo
We use the web analytics service Matomo on our website, provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Processing is carried out via the Matomo Cloud on servers within the European Union. For more information about data processing by Matomo, please refer to Matomo's privacy policy at: https://matomo.org/privacy-policy/
Purpose of processing
Matomo is used to evaluate the use of our website and to improve its functionality and content.
Processed data
The following information may be processed:
- Shortened and anonymized IP address
- Technical data of the end device (e.g., browser type, operating system, screen resolution)
- Usage data (e.g., pages accessed, length of stay)
- Date and time of access
- Referrer-URL
Matomo uses first-party cookies for analysis, which are read exclusively via our website.
legal basis
Processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. You may revoke your consent at any time with future effect.
IP anonymization
The IP address is anonymized before storage, so that it cannot be linked to a specific person.
storage period
Cookies can be stored for up to 13 months. Analysis data is deleted after 24 months at the latest.
Withdrawal of consent
You can disable the use of Matomo at any time via the cookie settings on our website.
4.2 Google Tag Manager
We use Google Tag (Google Tag Manager) on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This service allows website tags to be managed and played centrally via a user interface.
Functionality
The Google tag itself:
- According to Google, it does not process any personal data for analysis or marketing purposes.
- does not set its own cookies,
- is used exclusively for the technical provision and management of tracking and marketing tags.
However, when you visit our website, Google receives information about the retrieval of the Tag Manager script, including:
- IP address of the terminal device
- Browser and device information
- Date and time of access
- URL of the page accessed
- technische Informationen zum Container und den ausgelösten Tags
This processing takes place on Google servers. Google may also involve Google LLC ("1600 Amphitheatre Parkway, Mountain View, CA 94043, USA") as an additional responsible party.
For further information, please refer to Google's statements on data protection under Data privacy and security - Tag Manager Help.
Additional services The Google tag integrates additional tools and scripts (e.g., Google Analytics, conversion tracking, or marketing pixels). The respective data processing only takes place after you have given your consent and only in accordance with the information provided in the relevant sections of this privacy policy.
legal basis
Google Tag Manager is used:
• with your consent in accordance with Art. 6 (1) (a) GDPR, provided that analysis or marketing tags are loaded.
• Based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR, if only technically necessary tags are used.
Consent can be revoked at any time for the future via our cookie banner.
Data transfer to the USA
Depending on the Google tools used, personal data may be transferred to Google LLC servers in the USA. Google is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection.
storage period
The Google tag itself does not store any personal data. The storage period for cookies or tracking data depends exclusively on the services integrated via Tag Manager.
4.3 Friendly Captcha
We use the Friendly Captcha service on our website to protect our website from abusive automated spying and spam (e.g., by so-called bots). The use of this service serves to ensure the security of our website and is in our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
Friendly Captcha is a privacy-friendly bot protection service that does not set cookies or create user profiles. Instead, a cryptographic calculation task is solved in the background of the user's device. The following information in particular is processed:
- IP address (abbreviated or anonymized),
- Information about the browser and operating system used,
- Anonymized counters for detecting misuse.
Processing is carried out solely for the purpose of preventing abuse and spam.
Transfer to third countries
According to the provider, personal data is not transferred to third countries outside the European Union or the European Economic Area, and processing takes place exclusively on servers within the EU.
The provider of the service is:
Friendly Captcha GmbH
Am Anger 3–5
82237 Wörthsee
Germany
Further information on data processing by Friendly Captcha can be found in the provider's privacy policy at: https://friendlycaptcha.com/privacy/
5th Newsletter
5.1 Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
5.1.1 Legal basis
The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
5.2 Sendinblue
This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH (Sendinblue), Köpenicker Str. 126, 10179 Berlin, Germany.
Sendinblue is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter is stored on Sendinblue's servers in Germany.
If you do not wish to be analyzed by Sendinblue, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
5.2.1 Data analysis by Sendinblue
With the help of Sendinblue, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine which links were clicked on particularly often.
We can also recognize whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can recognize whether you have made a purchase after clicking on the newsletter.
Sendinblue also allows us to subdivide ("cluster") the newsletter recipients according to various categories. The newsletter recipients can be subdivided according to age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.
Detailed information on the functions of Sendinblue can be found at the following link: https://de.sendinblue.com/newsletter-software/?rtype=n2go
5.2.2 Legal basis
The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
5.2.3 Storage period
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and Sendinblue's servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
For more information, please refer to Sendinblue's privacy policy at: https://de.sendinblue.com/datenschutz-uebersicht/?rtype=n2go.
5.2.4 Conclusion of a contract for commissioned data processing
We have concluded a contract with Sendinblue in which we oblige Sendinblue to protect our customers' data and not to pass it on to third parties. The new sample contract from Sendinblue can be viewed at: https://de.sendinblue.com/wp-content/uploads/sites/3/2021/08/AV_Muster_DE_18.02.2021_aktualisiert.pdf
6. plugins and tools
6.1 Using the Pimcore content management system
Our website uses Pimcore, an open source content management system (CMS) from Pimcore GmbH (Salzbergstraße 15, 5081 Anif, Austria), to manage and provide web content.
What data is processed?
The following data is processed when using Pimcore:
- Technically necessary cookies for storing user settings and session information
- Server log files that are automatically stored by the web server:
o IP address of the user
o Date and time of the request
o Browser type and version
o Operating system used
o Referrer URL (previously visited page)
This data is required to ensure technical operation and for error analysis.
Legal basis for processing
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in providing a technically flawless, secure and high-performance website.
Storage and disclosure of data
- The server log files are stored for a limited time and then deleted.
- They are not disclosed to third parties unless there is a legal obligation to do so.
Further information on data processing by Pimcore can be found in Pimcore's privacy policy at https://pimcore.com/de/datenschutz.
6.2 YouTube
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used with your consent (Art. 6 para. 1 lit. a GDPR). A transfer of data to the United States of America by Google cannot be ruled out on our part.
Further information on the handling of user data can be found in YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy.
6.3 Vimeo
Our website uses plugins from the video portal Vimeo. The provider is Vimeo.com, Inc (Vimeo). 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with a Vimeo plugin, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA. Vimeo is used with your consent (Art. 6 para. 1 lit. a GDPR).
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
Further information on the handling of user data can be found in Vimeo's privacy policy at https://vimeo.com/privacy.
6.4 Google Maps
This site uses the map service Google Maps via an API. The provider is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps takes place with your consent (Art. 6 para. 1 lit. a GDPR). A transfer of data to the United States of America by Google cannot be excluded on our part.
You can find more information on the handling of user data in Google's privacy policy: www.google.de/intl/de/policies/privacy/.
6.5 Weglot
Our website uses Weglot, an online translation service provided by Weglot SAS (138 rue Pierre Joigneaux, 92270 Bois-Colombes, France), to provide content in several languages.
What data is processed?
When our website is accessed, Weglot processes:
- The IP address of the visitor
- The selected language
- URL of the page accessed
- Browser and device information
This data is required to automatically provide the correct language version.
Legal basis for processing
The processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to make our website usable for international visitors.
Storage and disclosure of data
- Weglot does not store any personal data permanently, but only processes it during the translation request.
- The data will not be passed on to unauthorized third parties.
Further information on data processing by Weglot can be found in Weglot's privacy policy at https://weglot.com/privacy/.