Information on data processing according to Art. 13, 14 GDPR
We are pleased that you are visiting our homepage and thank you for your interest in our hotel. Dealing with the data of website visitors, but also of our customers and business partners, is a matter of trust. The trust placed in us is very important to us and therefore the significance and obligation to handle your data with care and to protect it from misuse.
THE MANDALA specifically follows the EU General Data Protection Regulation (GDPR) and the current Federal Data Protection Act (BDSG). When using the internet, we follow Telecommunications Digital Services Data Protection Act (TDDDG) of the Federal Republic of Germany to protect your personal data. In the following, we explain what information we collect during your visit to our website and how it is used. In the following, we explain what information we collect during your visit to our websites and how it is used. In addition, we would also like to inform you about how we store and use personal data that we have obtained via other channels.
The responsible person in the sense of the GDPR and other data protection regulations is the:
The Mandala Hotel GmbH
Potsdamer Str. 3
D-10785 Berlin
Tel.: +49 (0) 30 590 05 00 00
Mail: welcome@themandala.de
Name and address of the data protection officer
Andreas Thurmann
DataSolution LUD GmbH
Isarstr. 13
D-14974 Ludwigsfelde
Mail: mail@hoteldatenschutz.de
Scope of the processing of personal data
As a matter of principle, we collect and use personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The collection and use of our users' personal data regularly only takes place with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary to comply with a legal obligation (statutory provisions) to which our company is subject (e.g. federal registration laws), Art. 6 (1) c GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.
Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
Description and scope of data processing
Our website contains a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. These data are: First and last name, e-mail address and request.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail will be stored.
Legal basis for data processing
The legal basis for the processing of the data is firstly our legitimate interest in the processing of data in the context of contacting the enquirer. If the contact is aimed at the conclusion of a contract, the additional legal basis for processing is in the context of a contractual relationship.
Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The data is used exclusively for processing the booking and for communication.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
If the contact is a pre-contractual relationship (offer or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we delete the data after one year at the end of the year.
Possibility of objection
You have the option to object to the processing of your data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose. We would like to point out that in the event of an objection, the conversation cannot be continued or we cannot create any offers etc.
All personal data stored in the course of contacting us will be deleted in this case.
Description and scope of data processing
In order to be able to communicate with you better and to be able to answer questions about the online platform quickly, we use the chat function of LiveRate from the company LiveRate GmbH, Metzstraße 12, 81667 Munich, Germany on our website. The chat function of LiveRate is used as a communication medium and enables communication with website visitors. So-called chatbots can also be used here, which automatically answer standard questions. Within the chat, you have the option of entering your first and last name as well as your e-mail address. Otherwise, no personal data is stored.
Furthermore, you can use other messenger platforms (Facebook Messenger, Telegram) via LiveRate to send and receive messages. If you use Facebook Messenger, Facebook transmits to LiveRate, among other things, Facebook name, profile pictures, language and gender. If you use Telegram Messenger, your username and picture will be sent to LiveRate.
Legal basis for data processing
The legal basis for the processing is the common interest in data processing. We carry out the aforementioned processing for customer care and to increase our services.
You can also make a booking with us via the chat function of LiveRate. The data requested for the booking, e.g. e-mail address, name, address, are required for the initiation and conclusion of the contract. We process data for order processing, in particular we will forward payment data to your chosen payment service provider or our house bank. The legal basis for the processing is the contract or contract initiation relationship. To prevent unauthorised third parties from accessing your personal data, the ordering process on the website is encrypted using SSL/TLS technology.
Purpose of the data processing
The data is processed exclusively for the processing of the conversation.
Duration of storage
We delete the data accruing in this context after the processing is no longer necessary or we restrict the processing if there are statutory retention obligations.
In addition, as part of LiveRate, you are offered the opportunity to register to receive newsletters. The registration takes place via a registration link. If you have registered for the newsletter, our data processing will be carried out in accordance with the information on the point "Newsletter".
Possibility of objection
You have the option to object to the processing of your data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose.
We would like to point out that in the event of an objection, the booking cannot be completed or the conversation cannot be continued.
Description and scope of data processing
Our website offers the option of purchasing vouchers. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are: Salutation/title, first name, last name, e-mail address, address, voucher value, wishes, payment data, password for individual user account and, if applicable, date of birth and telephone number.
If you make a voucher purchase from our websites, this is done through the online ordering platform of INCERT eTourismus Gmbh & Co KG, Leonfeldner Straße 328, A-4040 Linz, Austria. All order data entered by you is transmitted in encrypted form. INCERT is committed to handling your transmitted data in accordance with data protection regulations. INCERT takes all organisational and technical measures to protect your data.
Legal basis for data processing
The legal basis for the processing of the data is the conclusion of a purchase contract.
Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the voucher purchase and to handle the payment transaction.
If there is a legitimate interest in obtaining information about the accessibility of natural persons who are commercially active and legal entities, and information about their creditworthiness, we can carry out an information request with IHD Gesellschaft für Kredit- und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen. You can find out more about this in IHD's data protection regulations.
Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial law, statutory or contractual retention requirements have been fulfilled.
Possibility of objection
The user has the option to object to the processing of his or her personal data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose.
Description and scope of data processing
For the support, advice and advertising of corporate customers, we collect and use the contact person, telephone number and postal address in addition to the business partner or potential business partner. We obtain the information from various sources, either through an enquiry (e-mail or telephone), but also via events, trade fairs, business cards that our sales staff receive, etc.
Legal basis for data processing
The legal basis for processing the data is our legitimate interest in data processing. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is the contractual relationship.
To increase our services, we manage all data received in the CRM module of our central hotel software within THE MANDALA. The responsible entity is the hotel with which a business contact exists. Central services such as sales, banqueting, reservations and marketing access this data. The legal basis for processing the data is our legitimate interest in data processing within the framework of central administration and use of the data of our customers and business partners within the hotel group.
Purpose of the data processing
We use this contact data exclusively for our own purposes and for the needs-based design of our own sales activities.
Duration of storage
In principle, no deletion period is foreseen. However, if our sales department has not had any contact with the company contact within 3 years, the sales department will decide whether the contact person of the company contact will be deleted.
If the contact is a pre-contractual relationship (offer, booking or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we delete the data after one year at the end of the year.
Possibility of objection
As the contact person of a company contact, you have the option to object to the processing of your data at any time. We have set up the e-mail address widerruf@themandala.de for this purpose. All personal data of the contact person that has been stored for the business partner will be deleted in this case.
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Personal user profiles cannot be formed. The stored data is only evaluated for statistical purposes.
Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is the processing to protect our legitimate interest.
Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing also lies in these purposes.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
We have integrated Microsoft Advertising on our website. Microsoft Advertising is a service provided by the Microsoft Corporation to display targeted advertisements to users. Microsoft Advertising uses cookies and other browser technologies to analyze user behavior and recognize users.
Microsoft Advertising collects information about visitor behavior across various websites. This information is used to optimize ad relevance. Additionally, Microsoft Advertising delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers such as your User-Agent are transmitted to the provider.
In this case, your data is transferred to the operator of Microsoft Advertising, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States.
The use of Microsoft Advertising is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfers to the USA are based on Art. 45 para. 1 GDPR and the adequacy decision of the European Commission. The involved U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where no adequacy decision exists (including U.S. companies not certified under the EU-U.S. DPF), we have agreed on other appropriate safeguards with the data recipients under Art. 44 et seq. GDPR. Unless otherwise stated, these are the Standard Contractual Clauses (SCCs) of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021.
Furthermore, we obtain your explicit consent for such third-country transfers in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR, which you provide via the consent manager (or other forms, registrations, etc.). Please note that third-country transfers may pose unknown risks (e.g., data processing by foreign security authorities, the exact scope and consequences of which we cannot control or fully inform you about).
The specific storage duration of the processed data is not determined by us but by Microsoft Corporation. Further details can be found in the Microsoft Advertising Privacy Policy.
We maintain so-called fan pages, accounts, or channels on the social networks listed below to provide you with information and offers within these platforms, as well as to offer additional ways for you to contact us and learn more about our services. Below, we inform you about which data we and the respective social networks process in connection with accessing and using our fan pages/accounts.
Data we process from you
If you contact us via messenger or direct message through a social network, we generally process your username used to contact us, and may store any other data you voluntarily provide, to the extent necessary to process/respond to your inquiry.
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).
(Aggregated) Usage Data we receive from the social networks
We receive automatically generated statistics related to our accounts through the networks’ Insights functionalities. These statistics include, for example, the total number of page views, likes, information on page activity and post interactions, reach, video views, and the gender distribution of our fans/followers.
These statistics contain only aggregated data and cannot be linked to any individual person. We cannot identify you based on this information.
Data processed by the social networks
You do not need to be a member of the respective social network to view the content on our fan pages/accounts; therefore, a user account is not required.
However, please note that social networks may still collect and store data from website visitors without user accounts (e.g., technical data required to display the website) and may use cookies and similar technologies over which we have no control. For more information, please refer to the privacy policies of the respective social networks (see the relevant links above).
If you wish to interact with the content on our fan pages/accounts—for example, by commenting on, sharing, or liking our posts, or contacting us via messenger features—you must first register with the respective social network and provide personal data.
We have no influence over the data processing carried out by the social networks when you use their services. To the best of our knowledge, your data is stored and processed by the social networks in connection with providing their services, and also for analyzing user behavior (using cookies, pixels/web beacons, and similar technologies), which is used to deliver interest-based advertising both within and outside the respective network. It is possible that your data may be stored by the social networks outside the EU/EEA and shared with third parties.
For details about the scope and purposes of data processing, storage duration/deletion, as well as policies on the use of cookies and similar technologies in the context of registering and using social networks, please refer to the privacy and cookie policies of the respective platforms. There, you will also find information about your rights and how to object to certain data processing activities.
Facebook
When visiting our Facebook page, Facebook (Meta) collects your IP address as well as other information stored in cookies on your device. This information is used to provide us, as the operators of the Facebook page, with statistical insights regarding the use of the page. Facebook provides more information on this at the following link: https://facebook.com/help/pages/insights.
The statistical information transmitted to us does not allow us to draw conclusions about individual users. We only use these insights to better respond to the interests of our users, continuously improve our online presence, and ensure its quality.
We only collect your data via our fan page to facilitate communication and interaction with us. This typically includes your name, message content, comments, and any profile information you have made “publicly” available.
The processing of your personal data for the purposes stated above is based on our legitimate economic and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 lit. f GDPR. If, as a user, you have given consent to data processing to the social network provider, the legal basis for processing is Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR.
Since the actual data processing is carried out by the social network provider, our access to your data is limited. Only the provider of the social network has full access to your data. Therefore, only the provider can take appropriate actions to fulfill your data subject rights (e.g., access requests, deletion, objection). As such, asserting your rights is most effective when done directly with the provider.
We are jointly responsible with Facebook for the personal content of the fan page. Data subject rights can be exercised both with Meta Platforms Ireland Ltd. and with us.
According to the GDPR, Facebook holds primary responsibility for the processing of Insights data and fulfills all related obligations. Meta Platforms Ireland Ltd. provides affected individuals with the key terms of the Page Insights Supplement.
We do not make any decisions regarding the processing of Insights data or the storage duration of cookies on user devices.
Further information is available directly from Facebook in the Page Controller Addendum.
For more details about the exact scope and purposes of the processing of your personal data, data retention/deletion, and policies regarding the use of cookies and similar technologies in the context of registration and usage, please refer to Facebook’s Privacy Policy and Cookie Policy.
Facebook Fan Page
On our Facebook fan page, we use plugins provided by Facebook.com, which is operated by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA. When you use the fan page, data is transmitted to Facebook servers, including information about your visits to our fan page. For Facebook users who are logged in, this means that usage data can be linked to their personal Facebook account. As soon as you interact with a Facebook plugin while logged in (e.g., by clicking the “Like” button or using the comment function), that information is linked to your Facebook account and may be published. You can prevent this only by logging out of your Facebook account before using the plugin.
We are not exactly aware of what data Facebook stores and uses. As a user of our fan page, you must therefore assume that Facebook may fully track and store your activity on the page.
The general terms of use of Facebook Ireland Limited apply. For privacy-related matters, please refer to Facebook Ireland Limited's privacy policy.
The legal basis for this data processing is Art. 6 para. 1 lit. a and f GDPR.
Any individuals depicted in photos or other third parties have the right to object at any time to the publication of their personal data (e.g., photos). To do so, we have set up the following email address: widerruf@themandala.de. This right to object applies especially to the publication of images in the future.
It may happen unintentionally that we publish photos of individuals without their prior consent. If a publication is not desired, we will immediately take all necessary steps to comply with your rights. In the case of group photos, we reserve the right to obscure faces.
Instagram
When visiting our Instagram page, Instagram (Meta) collects your IP address and other information stored in cookies on your device. This information is used to provide us, as page operators, with statistical insights regarding the use of the Instagram page. Further information is available via the following link (please note: clicking the link will take you to the Facebook help page, also part of Meta; however, the information also applies to Instagram): https://facebook.com/help/pages/insights.
The statistical data made available to us does not allow us to identify individual users. We use this data only to better understand the interests of our audience, improve our online presence, and ensure its quality.
We collect your data through our fan page solely for the purpose of enabling communication and interaction with us. This typically includes your name, message content, comments, and any profile information you have made “publicly” available.
The processing of your personal data for the purposes described above is based on our legitimate business and communication interest in offering an information and communication channel pursuant to Art. 6 para. 1 lit. f GDPR. If you have given consent to the respective social network provider, the legal basis also includes Art. 6 para. 1 lit. a and Art. 7 GDPR.
As the data is processed by the social network provider, our ability to access or influence the data is limited. Only the provider has full access to your information and is therefore solely responsible for taking any action regarding your data subject rights (e.g., access, deletion, objection). Thus, it is most effective to assert your rights directly with the provider.
We are jointly responsible with Instagram for the personal content on our fan page. Data subject rights can be exercised with both Meta Platforms Ireland Ltd. and us.
According to the GDPR, Instagram holds primary responsibility for the processing of Insights data and fulfills all obligations relating to the handling of this data. Meta Platforms Ireland Ltd. provides the key elements of the Page Insights Supplement to the affected individuals.
We do not make decisions regarding the processing of Insights data or the storage duration of cookies on users' devices.
YouTube Video
We have integrated YouTube Video on our website. YouTube Video is a component of the video platform operated by YouTube, LLC, where users can upload content, share it over the internet, and access detailed statistics.
YouTube Video enables us to integrate content from the platform into our website.
YouTube Video uses cookies and other browser technologies to analyze user behavior, recognize users, and create user profiles. This information is used, among other things, to analyze the activity related to the viewed content and to compile reports. If a user is registered with YouTube, LLC, YouTube Video can associate the played videos with the user's profile.
When you access this content, a connection is established to servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, during which your IP address and, if applicable, browser data such as your user agent are transmitted.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular to the USA. Data transfers to the USA take place on the basis of Art. 45 para. 1 GDPR and the adequacy decision of the European Commission. The involved US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where no adequacy decision of the European Commission exists (including US companies not certified under the EU-U.S. DPF), we have concluded other appropriate safeguards with the recipients of the data in accordance with Art. 44 et seq. GDPR. These are – unless otherwise stated – the Standard Contractual Clauses of the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be viewed here.
Additionally, before such a data transfer to a third country, we obtain your consent pursuant to Art. 49 para. 1 sentence 1 lit. a GDPR, which you grant via the consent manager (or other forms, registrations, etc.). We would like to point out that third-country transfers may involve risks that are unknown in detail (e.g., data processing by security authorities of the third country, the exact scope of which and the consequences for you are not known to us, are beyond our control, and may not be apparent to you).
The specific retention period of the processed data is not determined by us but by YouTube, LLC. Further information can be found in the Privacy Policy for YouTube Video.
We have integrated components of the Hotelcareer Widget on our website. Hotelcareer Widget is a service provided by StepStone GmbH, Axel-Springer-Straße 65, 10969 Berlin, Germany, which offers applicant and personnel management software.
Hotelcareer Widget is used in the context of application processes to optimize applicant management, for example, through the automated analysis of job references. Furthermore, Hotelcareer Widget enables us to create and evaluate job advertisements.
The use of this service is based on our legitimate interests, i.e., our interest in optimizing our application processes pursuant to Art. 6 para. 1 lit. f GDPR.
The specific retention period of the processed data is not determined by us but by StepStone GmbH. Further information can be found in the Privacy Policy for Hotelcareer Widget.
We use Crazy Egg by Crazy Egg, Inc. to conduct so-called A/B tests on our online offering. In this process, different versions of our online offering are published simultaneously, and it is measured which of these versions is more user-friendly.
During the testing of the versions, data such as the operating system used, the browser’s user agent, and the time of access may be collected to measure the success of the version.
Web tracking technologies are used to associate the aforementioned data with the version of our online offering being tested.
The use of Crazy Egg is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
The specific retention period of the processed data is not determined by us but by Crazy Egg, Inc. Further information can be found in the data protection declaration for Crazy Egg.
We have integrated components of Cognito Forms on our website. Cognito Forms is a service provided by Cognito LLC and offers marketing automation software.
Cognito Forms enables us to create and display online forms and pop-ups on our website. Furthermore, Cognito Forms is used to process data entered into forms, such as when users contact us via a contact form or subscribe to a newsletter.
Cognito Forms uses cookies and other browser technologies to analyze user behavior and recognize users. This information is used, among other things, to compile reports on website activity.
In this case, your data is transferred to the operator of Cognito Forms, Cognito LLC, 929 Gervais Street, Suite D, Columbia, SC 29201, United States.
The use of Cognito Forms is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
The specific retention period of the processed data is not determined by us but by Cognito LLC. Further information can be found in the privacy policy for Cognito Forms CDN.
We have integrated components of the MailChimp service on our website. MailChimp is a service provided by The Rocket Science Group, LLC and offers marketing automation for businesses.
MailChimp is used to store and transmit data entered into forms via cookies, to send marketing emails and automated messages, and to create targeted campaigns.
In addition, MailChimp allows us to analyze whether sent emails were opened, how many users received an email, and whether users unsubscribed from the newsletter after receiving an email.
In this case, your data is transferred to the operator of MailChimp, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, United States.
The use of MailChimp is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
The specific retention period of the processed data is not determined by us but by The Rocket Science Group, LLC. Further information can be found in the privacy policy for MailChimp.
We have integrated components of Stripe Payments on our website. Stripe Payments is a service provided by Stripe, Inc. and offers online payment solutions worldwide.
If you choose Stripe Payments as a payment method, the data required to process the payment will be automatically transmitted to Stripe, Inc., San Francisco, California, US.
In this context, the following data is usually collected: name, address, company (if applicable), email address, telephone and mobile number, and IP address.
The use of this service is based on the performance of a contract, i.e., for the processing of payment transactions.
The specific retention period of the processed data is not determined by us but by Stripe, Inc. Further information can be found in the Privacy Policy for Stripe Payments.
This service is mainly aimed at adults. We do not currently market any specific areas for children. Accordingly, we do not knowingly collect age-identifying information, nor do we knowingly collect personal information from children under the age of 16. However, we caution all visitors to our website under the age of 16 not to disclose or provide any personally identifiable information through our service. In the event that we discover that a child under the age of 16 has provided us with personal information, we will delete the child's personal information from our files to the extent technically feasible.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. For this purpose, we have set up the e-mail address widerruf@themandala.de.
As a data subject, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence or of the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection.
The supervisory authority to which the complaint is submitted will inform you of the status and outcome of your complaint, including the possibility of a judicial remedy.
You can find more information on the website of the Federal Commissioner for Data Protection and Freedom of Information.
Insofar as personal data is processed outside the European Union, you can see this in the previous explanations.
We use technical and organisational security measures in accordance with Art. 32 GDPR to protect your data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments. Access is only possible for a few authorised persons and persons who are obliged to provide special data protection and who are involved in the technical, administrative or editorial care of data.
We reserve the right to change, update or amend this privacy notice at any time. Any revised information on data processing will only apply to personal data collected or modified after the effective date.
Status | May 2025