Privacy policy
Data protection at a glance
Thank you for visiting our website. The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is all data with which you can be personally identified - in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
I. Person responsible
Responsible for the following data collection and processing is:
- mantro GmbH
- Address: Zielstattstr. 19, 81379 Munich
- Phone: +49 89 416 177 - 099
- E-mail: hello@mantro.net
II Storage of your IP address
We host our website with Webflow. The provider is Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). When you visit our website, Webflow collects various log files including your IP address. IP addresses are anonymized and transferred from the Webflow server to another EU country and stored there for 24 hours. This anonymized storage for 24 hours serves to protect against brute force attacks. At the end of this period, the IP address is deleted. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.
Webflow Inc., based in the USA, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. You can find Webflow's current privacy policy at
- Privacy Policyof Webflow: Webflow Privacy Policy.
III. Usage data
When you visit our website, so-called usage data is temporarily stored on our web server as a log for static purposes in order to improve the quality of our web pages.
This data record consists of:
- The page from which the file was requested
- Name of the file
- Date and time of the query
- Amount of data transferred
- Access status (file transferred, file not found)
- Description of the type of web browser used
- Shortened IP address of the requesting computer
- Storage: The aforementioned log data is only stored anonymously.
IV SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
V. Hosting
We host our website with Webflow. The provider is Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). We have carefully selected this external service provider and concluded an order processing contract in accordance with Art. 28 GDPR. With regard to Webflow, an adequate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Webflow also undertakes to conclude standard contractual clauses with other sub-processors.
VI Consent management platform
We use the consent management platform "Cookiebot Consent Management Platform" on our website. A contract for order processing in accordance with Art. 28 GDPR has been concluded with the external service provider "Usercentrics", which obliges the service provider to process data in accordance with instructions. The processing of personal data in connection with the use of "Cookiebot Consent Management Platform" and the logging of the settings you have made is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest is to display our content according to your preferences and to be able to prove that you have given your consent. The settings you have made, the consent you have given and parts of your usage data are stored via a cookie. This means that it is retained for subsequent page requests and your consent can still be tracked.
VII Cookies
We use cookies on our websites. Cookies are small text files that are stored on your end device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data that makes it possible to restore the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable.
We use necessary session cookies to display and function our website. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR, § 25 para. 2 TTDSG. Our interest lies in enabling the presentation of our website. You can object to the processing at any time. To do so, please click on "Cookie Settings", which can be accessed at the bottom left of the website. You can set your browser so that it informs you about the placement of cookies. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. In this case, our website may not be displayed optimally and some functions may no longer be technically available.
We also use tracking tools on our website to track user behavior. The processing takes place on the basis of your consent in accordance with Art. 6 para. 1 s. 1 lit. a) GDPR, § 25 para. 1 TTDSG, if you have previously given your consent to tracking on our cookie banner.
We use the following tracking cookies on our website:
- Google Analytics/ Google Tag Manager
We use the web analysis tool "Google Analytics" for the needs-based design of our websites. Google Analytics creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognize returning visitors and count them as such. To control Google Analytics, we use Google Tag Manager, an auxiliary service that only processes personal data (IP address) for technically necessary purposes.
As part of the Google Analytics/ Google Tag Manager service, Google Ireland Limited supports us as a processor in accordance with Art. 28 GDPR. Data processing may also be carried out by Google outside the EU or the EEA (in particular in the USA). With regard to Google, an adequate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Google also undertakes to conclude standard contractual clauses with other sub-processors.
- Google Maps (Google Static)
We embed map services on our websites that are not stored on our servers. This includes Google Maps, the map service from Google. To ensure that accessing our websites with embedded map services does not automatically result in the third-party provider's content being reloaded, we only display locally stored preview images of the maps in a first step. This means that the third-party provider does not receive any information. Only after clicking on "Load external content" will the third-party provider's content be loaded. As a result, the third-party provider receives the information that you have accessed our site and the usage data technically required in this context. We have no influence on further data processing by the third-party provider.
By clicking on the "Load external content" button, you give us your consent to load content from the third-party provider and thereby transmit the aforementioned usage data to the third-party provider. If you do not wish such reloading on other pages, please do not click on the button.
As part of the Google Maps service, Google Ireland Limited supports us as a processor in accordance with Art. 28 GDPR. Data processing may also be carried out by Google outside the EU or the EEA (in particular in the USA). With regard to Google, an adequate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Google also undertakes to conclude standard contractual clauses with other sub-processors.
- Google Fonts (Google API)
We use so-called web fonts provided by Google LLC for the uniform display of fonts on our website. Google Fonts are installed on our local servers. A connection to Google servers does not take place at any time.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://policies.google.com/privacy?hl=de.
Revocation of your consent to tracking
You can revoke your consent to the use of tracking cookies at any time with effect for the future without affecting the legality of the previous processing. To do this, please click on "Cookie Settings", which can be accessed at the bottom left of the website.
VIII Embedded YouTube videos
On subpages of our website, we embed YouTube videos that are not stored on our servers. A locally stored preview image of the video is displayed so that content from YouTube is not reloaded when these subpages are accessed. This means that the third-party provider does not receive any information about you. Only by clicking on the "Load external content" button do you give us your consent to load content from YouTube, for example. In this context, YouTube may receive information about you and your IP address, which is technically required to retrieve the content. We always embed YouTube videos in extended data protection mode, which means that no cookies should be set. However, we have no influence on further processing by YouTube.
Embedding is based on your consent, provided that you have given your consent by clicking on the preview image. Please note that embedding videos will result in your data being processed outside the EU or EEA. As part of the YouTube service, Google Ireland Limited supports us as a processor in accordance with Art. 28 GDPR. Data processing may also be carried out by Google outside the EU or the EEA (in particular in the USA). With regard to Google, an adequate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Google also undertakes to conclude standard contractual clauses with other sub-processors.
IX. Social media plugins
We enable the use of social plugins. For data protection reasons, we do not integrate any social plugins directly into our website. Therefore, when you visit our site, no data is transmitted to social media services such as Twitter. Profiling by third parties is therefore excluded.
You still have the option of sharing and viewing selected pages on social media platforms with one click.
The use of social plugins is based on your consent, provided that you have given your consent by clicking on the link. Please note that embedding social plugins means that your data will be processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security purposes without you being informed or being able to take legal action. If we use providers in unsafe third countries and you give your consent, the transfer to an unsafe third country is based on Art. 49 para. 1 sentence 1 lit. a) GDPR.
Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that social media services can create usage profiles from your data and use them for the purpose of personalized advertising.
X. Making contact
You have the option of contacting us via our Calendly appointment scheduling tool. When you access the Calendly appointment scheduling tool, additional personal data is processed. Categories of data processed: Contact details such as name or e-mail address. Purpose of processing: Display and selection of appointments. The legal basis for processing: the need to fulfill an agreement or pre-contractual measures in response to your request (Art. 6 (1) b GDPR). A transfer of data takes place: to the processor Calendly, Inc, 115 E Main St., Ste. A1B, Bufort, GA 30518, USA represented by DPO Center Europe, Friedrichstraße 88, 10117 Berlin, Germany, eurep@calendly.com. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Pricacy Framework (DPF).
XI. Newsletter registration and dispatch
Currently not implemented, but possibly in the future - you can order a newsletter on our website. Please note that we need your email address to subscribe to the newsletter. We base the sending of the newsletter on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR, Section 7 para. 2 no. 3 UWG. We use the so-called double opt-in procedure for the newsletter subscription. This means that after you have registered, we will send you an email to the email address you have provided, in which we ask you to confirm that you are the owner of the address provided and that you wish to receive the newsletter notifications. You can revoke your consent at any time at [hello@mantro.net].
As part of the registration process, we also store your full IP address at the time you subscribe to the newsletter and a copy of the confirmation email sent, if this is required for verification purposes. We base data processing on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in being able to account for the lawfulness of sending the newsletter.
XII. Your rights as a user
When processing your personal data, the GDPR grants you certain rights as a website user:
1. right to information (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
2. right to rectification and erasure (Art. 16 and 17 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed.
You also have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.
3. right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection to the processing pursuant to Art. 21 GDPR or for the duration of any examination as to whether our legitimate interests outweigh your interests as a data subject.
4. right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.
5. right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR (data processing to safeguard legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
6. right of revocation (Art. 7 para. 3 GDPR)
If the data processing is based on your consent, you can revoke this consent at any time without affecting the legality of the data processing up to the time of revocation.
7. right of appeal to the supervisory authority
In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the supervisory authority if you believe that the processing of the data concerning you violates data protection regulations. The right to lodge a complaint can be exercised in particular with the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
XIII Contact details of our data protection officer
Our data protection officer will be happy to provide you with information or suggestions on the subject of data protection:
- Phone: 0931 30 49 76 0
- E-Mail: office@datenschutz-sued.de
Cookie banner
We use cookies to store and retrieve information on user devices. We require your consent for this use. With your consent, you agree to both the storage and retrieval of information on your device (§ 25 para. 1 TDDDG) and the subsequent data processing for the processing purposes described (Art. 6 para. 1 sentence 1 lit. a) GDPR). You have the option to withdraw your consent at any time with effect for the future. You will find the 'Privacy settings' in the bottom left-hand corner of the website. By clicking on 'Accept & continue', you agree to the use of all cookies. You can make individual settings by clicking on 'Configure'."
The use of technically necessary cookies and similar technologies in the "Essential" category is based on Section 25 (2) TDDDG. Subsequent data processing is carried out on the basis of legitimate interests in accordance with Art. Art. 6 para. 1 sentence 1 lit. f) GDPR.
This privacy policy gives you a comprehensive overview of how your data is handled on our website. If you have any further questions, please do not hesitate to contact us.