2.1 Scope of Personal Data Processing

We generally process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly carried out only after consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by law.

2.2 Legal Basis for Processing Personal Data

2.3 Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

3.1 Microsoft Azure

3.2 SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5.1 General Information about Cookies

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is called up again.

A distinction is made between the following cookie types:

• Session cookies are automatically deleted after the end of the browser session.
• Persistent cookies remain on your device for a specified period and enable recognition upon repeat visit.
• First-party cookies are set by our own domain (maindtec.eu).
• Third-party cookies are set by third-party providers (e.g., HubSpot, Google) and require your prior consent in accordance with § 25(1) TDDDG.

5.2 Technically Necessary Cookies

We use technically necessary cookies on all pages of our website that are required for the operation of the website. These cookies enable basic functions and are essential for the proper operation of the website.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in functional website operation).

5.3 Third-Party Cookies (only on contact page)

On the page with the contact form, additional cookies are set through the integration of the HubSpot form. These cookies are only loaded after explicit consent of the user via the cookie banner.

Legal basis: Article 6(1)(a) GDPR (consent).

5.4 Revocation of Consent / Deleting Cookies

You can revoke your consent at any time by calling up the cookie settings again via the cookie banner. Furthermore, you can set your browser to inform you about the setting of cookies and only allow cookies on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser.

6.1 Description and Scope of Data Processing

Our website has a contact form that is provided via the HubSpot Forms service. When you use the contact form, the data you enter (e.g., name, email address, message and any other information) is transmitted to HubSpot and stored in our HubSpot CRM system.

Provider: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.

European branch: HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland.

When using the contact form, the following data is collected:

• The personal data entered into the form (e.g., name, email address, phone number, message)
• IP address of the user
• Date and time of submission

6.2 Legal Basis

The processing of data entered into the contact form is based on Article 6(1)(b) GDPR, insofar as your request is directed towards the conclusion of a contract or the implementation of pre-contractual measures. Otherwise, Article 6(1)(f) GDPR serves as the legal basis (legitimate interest in efficient processing of requests). The loading of the HubSpot form and the associated cookies on your device only takes place after your prior consent in accordance with Article 6(1)(a) GDPR in conjunction with § 25(1) TDDDG.

6.3 Storage Duration

Data collected via the contact form is stored for as long as necessary to process your request. If a contractual relationship is established, the data is subject to statutory retention periods (up to 10 years in accordance with HGB and AO). Otherwise, the data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

6.4 Data Processing Agreement

We have concluded a data processing agreement (DPA) with HubSpot that complies with the requirements of Article 28 GDPR. HubSpot processes personal data on our behalf and exclusively according to our instructions.

HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework, thus ensuring an adequate level of data protection in accordance with Article 45 GDPR. In addition, HubSpot uses EU Standard Contractual Clauses (SCC) as an additional protective measure. HubSpot Privacy Policy

7.1 Scope of Processing

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). Google Analytics uses cookies and similar technologies that enable analysis of your use of the website.

The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there. Google Analytics 4 no longer uses full IP addresses by default; IP anonymization occurs automatically.

Within the scope of Google Analytics 4, the following data is collected, among others:

• Anonymized IP address
• Pages visited and duration
• Technical information (browser, operating system, screen resolution)
• Referrer URL (origin of visitor)
• Interactions on the website (clicks, scroll behavior)
• Location (based on anonymized IP address, at country or city level)

7.2 Legal Basis

The use of Google Analytics is based exclusively on your consent in accordance with Article 6(1)(a) GDPR in conjunction with § 25(1) TDDDG (Telecommunications-Digital Services-Data Protection Act). Google Analytics is only activated after your explicit consent via the cookie banner.

7.3 Data Transfer to Third Countries

Google is certified under the EU-U.S. Data Privacy Framework. This ensures an adequate level of data protection within the meaning of Article 45 GDPR. In addition, EU Standard Contractual Clauses are used.

7.4 Storage Duration

Cookies set by Google Analytics are deleted after the respective lifetime defined in the cookie. At user level, data is deleted according to the retention period set in the Google Analytics 4 configuration (2 months by default, configurable up to 14 months).

7.5 Objection / Opt-out

You can revoke your consent at any time by calling up the cookie settings again via the cookie banner. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout

8.1 Description and Scope of Data Processing

We use Google reCAPTCHA on our contact page. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA is used to verify whether data entries on our website (e.g., in a contact form) are made by a human or by an automated program (bot).

For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information, including:

• IP address of the user
• Duration of stay on the website
• Mouse movements and keyboard inputs
• Information about the operating system, browser and screen resolution
• Browser language settings
• Embedded plugins

8.2 Legal Basis

The loading of reCAPTCHA on your device is based on your consent in accordance with Article 6(1)(a) GDPR in conjunction with § 25(1) TDDDG via the cookie banner. reCAPTCHA is only activated after consent has been granted. Our legitimate interest in protecting our website from abusive automated use and spam (Article 6(1)(f) GDPR) additionally justifies its use. If you do not consent to the use of reCAPTCHA, you can alternatively contact us by email or phone.

8.3 Data Transfer

Data collected within the scope of Google reCAPTCHA is transmitted to Google. Google is certified under the EU-U.S. Data Privacy Framework. Further information can be found in Google's privacy policy: https://policies.google.com/privacy

12.1 Right of Access (Article 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed by us. If this is the case, you have a right to information about this personal data and to the information specified in detail in Article 15 GDPR.

12.2 Right to Rectification (Article 16 GDPR)

You have the right to request the immediate rectification of inaccurate or completion of your personal data stored with us.

12.3 Right to Erasure (Article 17 GDPR)

You have the right to request the erasure of your personal data stored with us, unless processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

12.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request restriction of processing of your personal data if one of the conditions specified in Article 18 GDPR is met.

12.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from us, provided that processing is based on consent or a contract and is carried out using automated procedures.

12.6 Right to Object (Article 21 GDPR)

12.7 Automated Decision-Making / Profiling (Article 22 GDPR)

We do not make any decisions based solely on automated processing – including profiling – that produce legal effects concerning you or similarly significantly affect you. Google Analytics and HubSpot may perform automated analyses (e.g., audience segmentation), but these serve exclusively statistical purposes and have no individual legal effects on you.

12.8 Right to Withdraw Consent (Article 7(3) GDPR)

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can declare the withdrawal at any time via the cookie banner or by email to info@maindtec.de.

12.9 Exercising Your Rights

To exercise your data subject rights, please contact us by email at info@maindtec.de or in writing to the address stated above. We will process your request immediately, but no later than one month after receipt (Article 12(3) GDPR).

12.10 Right to Lodge a Complaint with a Supervisory Authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision (BayLDA) Promenade 18 91522 Ansbach Phone: +49 981 180093-0 Email: poststelle@lda.bayern.de Website: https://www.lda.bayern.de