Data Protection

Thank you for visiting our website and for the interest you have shown in our company and our products. Protecting your privacy while processing your personal data and maintaining the security of all business data is an important issue to us that we take into account in all our business processes. The personal data that we collect from you during your visit to our website is processed confidentially and only in accordance with statutory provisions. Data protection and information security form part of our company policy. The websites accessible via the mapal.com domain are provided by MAPAL Dr. Kress KG (hereinafter referred to as MAPAL). MAPAL websites may contain links to websites of other providers which are not covered by this data protection policy.

Personal data are those items of data that make it possible to identify you. Here the issue is not whether it is possible to identify you based on a single piece of information. The more information and data that can be combined, the more accurately the person can be identified. Personal data include, e.g., the name, address, age, e-mail address and telephone number of a person.

1. Collection, processing and storage of personal data by MAPAL

MAPAL collects, processes and saves your personal data only if these actions are permitted by statutory regulations or you have given your consent. We obtain these data in two ways: either you provide the data to us or we collect the data during the utilisation of our services.

1.1. Data you share with us

Generally speaking, you can use our website without directly providing us with personal information. For some services, we will ask you to provide personal information that is needed for us to be able to provide the service, or so that we can carry out the respective service quickly and in a user-friendly manner. Detailed information on all of the services that are offered by MAPAL on this website can be found under “Individual services” (see below in section 4).

1.2. Data we obtain during your utilisation of our services

Some data are produced automatically and for technical reasons when you visit our website. The following information is acquired without any action on your part and saved until it is deleted automatically:
  • IP address,
  • Web browser used, including language and browser software version
  • Operating system and the respective interface
  • Web page from which access is made (Referrer URL)
  • Date and time of the access.
The data stated are processed by us for the following purposes:
  • To ensure the smooth establishment of a connection to the website,
  • To ensure our website is pleasant to use,
  • To evaluate the system security and system stability.
  • To evaluate statistics
The legal basis for the processing of the data is art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest stems from the purposes stated above for collecting the data. Under no circumstances do we use the data collected to identify you.

We also use cookies when you visit our website. You will find more detailed explanations in point 2 of this data privacy statement.

1.3. Forwarding of data

In general, we do not pass on personal data to third parties. If data is transferred to third parties in individual cases, then the transfer is carried out on the basis of appropriate agreements.

In individual cases, it may be necessary for us to transfer information to recipients in so-called “third countries” for other purposes, such as the execution of contracts. “Third countries” are countries outside of the European Union or the Agreement on the European Economic Area, where it cannot necessarily be assumed that there is a level of data protection comparable to that within the European Union. If the information that is transferred includes personal data, prior to any such transfer, we will ensure that the third country or the recipient in the third country guarantees the necessary adequate level of data protection. This may in particular result from an “adequacy decision” granted by the European Commission, which determines that there is an adequate level of data protection for a specific third country as a whole. Alternatively, we can base the transfer of data on “EU standard contractual clauses” that have been agreed with a data recipient. Further information on appropriate and adequate safeguards necessary for ensuring a sufficient level of data protection is available upon request.

Further information on EU standard contractual clauses can be found via https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and information on adequacy decisions via https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

Through appropriate measures and regular controls, we ensure that the data we collect cannot be viewed or accessed by unauthorized persons from outside.

2. Usage of cookies

2.1. Terminology

"Cookies" are small files that your browser creates automatically and saves on your device (laptop, tablet, smartphone, etc.).

Information related to the specific device used is saved in the cookies. This does not mean that we obtain direct knowledge of your identity by this means. The usage of cookies is to make it pleasanter for you to use our website. Here it is possible to differentiate between the following types of cookies.

Cookies that are imperative for the operation of a website and that are essential for navigating on the website and using its functions. These cookies are not saved permanently on your computer or device and are deleted when you close your browser (session cookies).

Statistical, analytical and performance cookies make it possible to acquire and count the number of visitors and traffic sources for measuring and improving the performance of the website. They are also used to find out whether problems or errors occur on certain pages, which pages are the most popular and how visitors navigate on the website. Analytical/performance cookies are deleted after a defined retention period.

Tracking cookies are used to track the visits and individual activities on websites. They are used to acquire and evaluate the utilisation of websites statistically. These cookies are automatically deleted after a defined time.

2.2. Usage at MAPAL


By using cookies, which are necessary for the operation of our website, the processing of your personal data is carried out based on Art. 6(1)(f) GDPR for the purposes of safeguarding our legitimate interest in the smooth operation of our website. Otherwise, we will only process your personal data in connection with cookies (particularly for the purposes of analysis and advertising) if you have provided us with your prior consent in accordance with Art. 6 (1)(a) GDPR. Processing is carried out for the purposes of advertising, market research and designing our website so that it meets your needs.

In your browser you can display the cookies on your computer, delete the cookies or set up the configuration such that not all of the cookies or no cookies are saved any longer. Please note that some functions may not work or may not work correctly if you deactivate the usage of cookies.

3. Individual services

3.1. Contact form

If you contact us using the contact form, we will need your e-mail address. To be able to answer your query quickly and specifically, you should provide us with further information on your company, as well as your name and contact data.
The data are used only to reply to your query and for the purpose of providing a service. These data are processed based on art. 6 para. 1 sentence 1 lit. a and f GDPR. We would be pleased to provide you with information on the data saved. For more information, please refer to the section "Right to access" in this data privacy statement.​​​​
​​​​​​​

3.2. Email newsletter

If you register for the MAPAL Newsletter, you provide your express consent. For this purpose we will need your e-mail address. To be able to answer your query quickly and specifically, you should provide us with further information on your company, as well as your name and contact data.
Your data will be used only for the purpose of sending the newsletter as per art. 6 para. 1 lit. a GDPR. For this purpose we use a tool from a service provider; the service provider receives your data within the statutorily permitted, contractually regulated framework. You can view, change or delete your data at any time.

3.3. Online Shop

The data that we collect about you in our online shop (www.mapal-tools.com) is used exclusively to ensure a trouble-free ordering process. It is necessary to register and create a customer account before you can place an order in our online shop. To create a customer account, you will need to provide us with personal data such as your name, address, telephone number and e-mail address. We process your personal data in connection with the customer account, so that we can provide our services and protect our legitimate interests based on Art. 6 (1)(b) and (f) GDPR. We have a legitimate interest in being able to offer the service to our users and to avoid interruptions and attempted fraud.

We will delete your data stored within the customer account, at the latest when you inform us that we should delete your profile, unless applicable law obliges or entitles us to retain the data longer.

In the case of parcel deliveries and freight forwarding deliveries, we pass on your name, address and telephone number to our contractually bound service providers so that they can process the delivery and communicate with you if necessary to announce and coordinate the delivery. The legal basis for the associated data processing is Art. 6 Para. 1 b) GDPR, i.e. the processing of your data is necessary for the fulfilment of the purchase contracts and delivery agreements.

3.4. Catalogue mailing

To mail our catalogues we need your name, your address as well as how to contact you if you are absent. For this purpose we collect your telephone number as well as your e-mail address. These data are processed based on art. 6 para. 1 sentence 1 lit. f GDPR.
We use these data once for mailing the catalogues and brochures required. A service provider undertakes the picking and mailing of print media for us. This service provider uses your data once within the statutorily permitted, contractually regulated framework to safeguard the provision and mailing of catalogues and brochures. Your data will then be deleted without delay.

3.5. Google Analytics

We use Google Analytics on our website, which is a web analysis service from Google Inc. ("Google"). Google Analytics uses “cookies”. These are text files that are placed on your computer to help the website analyse how users use the site. The information that is generated by the cookie regarding your use of the website is usually transferred to a Google server in the US where it is stored. We have activated IP shortening on this website so that your IP address is shortened in advance by Google within member states of the European Union, or in other co-contracting countries to the agreement on the European Economic Area.

It is only in exceptional cases that your full IP address will be transferred to a Google server in the US and shortened there. Google will use this information on our behalf in order to evaluate your use of the website, to compile reports regarding website activities, and to provide us with further services that are related to website and internet usage. The IP address that your browser transmits within the framework of Google Analytics is not combined with other data from Google.

Any of your personal data that is collected in connection with Google Analytics will be deleted or anonymised after [26] months.

It is possible to stop cookies being saved on your computer by adjusting your browser software accordingly; however, it is important to note that if you choose to do this, you may not be able to use all the functionalities of the website to their full extent. You can also prevent data generated by the cookie and data relating to your use of the website (including your IP address) being collected by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin you can access via the link below:
https://tools.google.com/dlpage/gaoptout?hl=en.

3.6. Careers portal

When using our online recruitment portal, it is important to us that your personal data is protected to the greatest extent possible. All personal data that we collect and process as part of an application is protected against unauthorised access and manipulation through technical and organisational measures.

You will find the related data protection notice in the "Declaration of consent to the privacy policy" while setting up the user account in the careers portal.
​​​​​​​

3.7. Social media

On our pages in social media (YouTube, Twitter, Xing, kununu, Facebook) we offer you, based on art. 6 para. 1 sentence 1 lit. f GDPR, comprehensive personal support and the possibility of remaining in contact with us. These media services collect, in certain circumstances, personal data, e.g. via the profile you have saved there.
It cannot be excluded that data on every visitor to these pages will be collected by the companies listed above. For information on the purpose and scope of the collection of data and the further processing and utilisation of the data by these companies, as well as your related rights and the settings you can make to protect your privacy, please refer to the data privacy notices issued by:


4. Your rights

Of course, you retain control over all the personal data you make available to us on visiting the website and using our services. The following rights are available to you; you can make use of these rights free of charge.

4.1. Right to access

You have the right at any time to receive information, free of charge, about any of your personal data that we retain. This includes information regarding how long and for which purpose we process the data, where it comes from, and to which recipients or categories of recipients we transfer it. You can also obtain a copy of this data from us.

4.2. Right to revoke consent granted

You have the right to revoke consent you have granted to process personal data at any time with effect for the future. If you revoke your consent, we will delete the related data without delay, provided further processing cannot be allowed on a legal basis for processing. The revocation of your consent does not affect the legality of processing undertaken up until revocation.

4.3. Right to object

If we process your personal data in the context of a weighing of interests in our legitimate interest, you have at any time the right, for reasons based on your specific situation, to object to this processing with effect for the future.
If you make use of your right to object, we will cease the processing of the related data. The right to continue processing is retained, however, if we can demonstrate compelling, legitimate reasons for the processing that outweigh your interests, fundamental rights and fundamental freedoms, or if processing is for the purpose of the assertion, exercise or defence of legal claims.
If we process your personal data for direct advertising, you have the right to appeal against the processing of your personal data for the purpose of such advertising.

4.4. Right to data portability

You have the right to request for your personal data to be transferred from us to another entity. Art. 20 GDPR sets out the relevant details and restrictions. The exercise of this right is without prejudice to your right of deletion.

4.5. Right to rectification, deletion or restriction of the processing

You have the right to correct, delete or restrict the processing of your personal data.

4.6. Right to lodge a complaint

You have the right to complain to a supervisory authority or our company if you should have a reason for complaint. To make use of rights in relation to our company, please contact the persons listed at the end of the data privacy statement.

5. Retention period

Generally speaking, we retain personal data for as long as it is necessary for the purposes of processing, or we have a legitimate interest in such retention and your interests in not retaining the data do not outweigh our own. This means that we only retain your data for as long as this is necessary for the provision of our website and associated services, or for as long as we are legally obliged to retain your data. As soon as personal data is no longer required for the purposes of processing, or retention of this data is not legally permissible, we will delete any personal data without the data subject needing to intervene.

Personal data that we are required to retain in order to fulfil our retention obligations will be retained until the end of the respective retention requirement. If we retain personal data exclusively for the fulfilment of retention requirements, any processing in this respect is generally restricted, so that the data can only be accessed if this should be necessary in relation to the legal obligation to retain data.​​​​​​​

6. Automated decision making

In connection with the processing of your personal data as described in this data protection policy, we do not, as a matter of principle, use automated decision making (including profiling) in terms of Art. 22 GDPR. If we make use of such procedures in individual cases, we will naturally inform you of this separately.
​​​​​​​

7. Data security

We use the widespread SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser. You can see whether an individual page from our website is transmitted encrypted by the closed depiction of the key or lock symbol in the status bar in your browser.

We also make use of suitable technical and organisational measures to protect your data against accidental or wilful manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with the state-of-the-art.
​​​​​​​

8. Responsible for data collection

The Data Protection Office is responsible for the processing of personal data (in terms of Art. 4 (7) GDPR) and therefore responsible for any questions, requests for information, applications, complaints or criticism regarding our data protection:

MAPAL Dr. Kress KG
Data protection department
Obere Bahnstraße 13
73431 Aalen
Germany

Data protection officer
The correct implementation of data protection in our organisation is undertaken by a data protection officer. If you have issues in relation to the processing of your personal data, you can also contact this officer directly:
datenschutz(at)mapal.com