Facebook Instagram Youtube Bimobject

Privacy policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data means any data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is
Mario Krajina, MK9 International, Ludwig-Roselius-Allee 180, 28327 Bremen, Germany,
Phone: +49 172 6018388, Email: mk9international@gmail.com.
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for information purposes only—i.e., you do not register or otherwise transmit information to us—we only collect the data that your browser transmits to our server (so-called server log files). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

The page you visited on our site

Date and time of access

Amount of data transferred (bytes)

Referrer/source from which you reached the page

Browser used

Operating system used

IP address used (where applicable: in anonymised form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is neither disclosed to third parties nor used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the lock symbol in your browser bar.

3) Cookies

To make your visit to our website attractive and to enable the use of certain functions, we use cookies—small text files that are stored on your device. Some cookies are automatically deleted after you close the browser (session cookies), while others remain on your device for longer and store site preferences (persistent cookies). In the latter case, you can find the storage duration in your browser’s cookie settings overview.

Where cookies used by us also process personal data, processing is carried out pursuant to Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (our legitimate interest in the best possible functionality of the website and a user-friendly, effective visit).

You can set your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or in general.

Please note that disabling cookies may limit the functionality of our website.

4) Contact

4.1 WhatsApp Business

You can contact us via the WhatsApp messenger service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the business version of WhatsApp.

If you contact us via WhatsApp in relation to a specific transaction (e.g., an order), we store and use the mobile number you use with WhatsApp and—if provided—your first and last name pursuant to Art. 6(1)(b) GDPR to process and respond to your enquiry. On the same legal basis, we may ask you via WhatsApp for additional data (order number, customer number, address or email address) to be able to assign your enquiry to a specific case.

If you use our WhatsApp contact for general enquiries (e.g., about services, availability or our website), we store and use your WhatsApp mobile number and—if provided—your name pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in providing the requested information efficiently and promptly.

Your data is used only to respond to your enquiry via WhatsApp. It will not be passed on to third parties.

Please note that WhatsApp Business gains access to the address book of the mobile device used by us for this purpose and automatically transfers the stored phone numbers to a server of the parent company, Meta Platforms Inc., in the USA. For our WhatsApp Business account we use a mobile device whose address book contains only the WhatsApp contact details of users who have contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact details are stored in our address book has already consented—when first using the app on their device and by accepting WhatsApp’s terms of use—to the transmission of their WhatsApp phone number from the address books of their chat contacts pursuant to Art. 6(1)(a) GDPR. No data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is transmitted.

For details on the purpose and scope of data collection and further processing by WhatsApp as well as your rights and settings options to protect your privacy, please refer to WhatsApp’s privacy policy:
https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a data processing agreement with the provider, which protects our site visitors’ data and prohibits disclosure to third parties.

In the context of the above processing, data may be transferred to Meta Platforms Inc. servers in the USA. For transfers to the USA, the provider participates in the EU-US Data Privacy Framework based on an adequacy decision of the European Commission.

4.2 Contact form / Email

When contacting us (e.g., via contact form or email), personal data is collected. Which data is collected can be seen from the respective form. This data is stored and used exclusively to respond to your enquiry and for the related technical administration.

The legal basis is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted after your enquiry has been finally processed—i.e., when it can be inferred from the circumstances that the matter has been conclusively clarified—and provided there are no statutory retention obligations.

5) Web Analytics Services

5.1 Google (Universal) Analytics

We use Google (Universal) Analytics, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables analysis of your use of our website.

By default, Google (Universal) Analytics sets cookies when you visit the site. These small text blocks are stored on your device and collect certain information. This includes your IP address, which is shortened by Google by the last digits to exclude direct identifiability.

The information is transmitted to Google servers and processed there; transfers to Google LLC in the USA may occur.

Google uses the information on our behalf to evaluate your use of the website, compile reports on website activity and provide other services related to website and internet usage. The IP address transmitted by your browser within Google Analytics is not merged with other Google data. Data collected via Google (Universal) Analytics is stored for two months and then deleted.

All processing described above—especially the setting of cookies—only takes place if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. Without your consent, Google (Universal) Analytics will not be used during your visit. You can withdraw your consent at any time with effect for the future via the cookie-consent tool on our website.

We have concluded a data processing agreement with Google. Further legal information:
https://business.safety.google/intl/de/privacy/

https://policies.google.com/privacy?hl=de&gl=de

https://policies.google.com/technologies/partner-sites

Demographics
Google (Universal) Analytics uses the “Demographics” feature to create statistics on visitors’ age, gender and interests. These data cannot be attributed to a specific person and are deleted after two months.

Google Signals
As an extension, Google Signals may be used to create cross-device reports if you have enabled personalised ads and linked your devices to your Google account and you have consented to Analytics. We receive only statistics, not personal data. You can disable “Personalised advertising” in your Google account settings:
https://support.google.com/ads/answer/2662922?hl=de

More info: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
As an extension, the “UserIDs” function can be used if you have consented to Analytics and created an account on our website and log in on multiple devices.

For transfers to the USA, the provider participates in the EU-US Data Privacy Framework.

5.2 Google Analytics 4

This website also uses Google Analytics 4 (Google Ireland Limited) to analyse usage. Cookies may be set; information including a truncated IP address may be processed and transmitted to Google. Transfers to Google LLC (USA) may occur. Data is stored for two months, then deleted.

Processing (especially cookies) takes place only with your consent under Art. 6(1)(a) GDPR, which you can withdraw at any time via the cookie-consent tool. We have a DPA with Google. More legal info:
https://business.safety.google/intl/de/privacy/
• https://policies.google.com/privacy?hl=de&gl=de
• https://policies.google.com/technologies/partner-sites

Demographics, Google Signals, UserIDs may be used under the same conditions as above. GA4 also participates in the EU-US Data Privacy Framework.

5.3 Google Tag Manager

We use Google Tag Manager (Google Ireland Limited). The Tag Manager provides a technical framework to bundle and manage various web applications (including tracking/analytics) via a single interface. The service itself does not store or read information on devices and does not perform its own analyses. However, your IP address is transmitted to Google when pages are called; transfers to Google LLC (USA) may occur.

Processing takes place only with your consent under Art. 6(1)(a) GDPR, which you can withdraw at any time via the cookie-consent tool. We have a DPA with the provider. The provider participates in the EU-US Data Privacy Framework. More info:
https://business.safety.google/intl/de/privacy/
• https://policies.google.com/privacy?hl=de&gl=de

6) Site Functionality

6.1 Google Web Fonts

For consistent font display we use web fonts from Google Ireland Limited. When a page is called, your browser loads the required web fonts into its cache and establishes a direct connection to Google’s servers. Certain browser information, including your IP address, is transmitted to Google. Transfers to Google LLC (USA) may occur.

Processing in this context takes place only with your consent under Art. 6(1)(a) GDPR, which you can withdraw at any time via the cookie-consent tool. If your browser does not support web fonts, a standard font is used. The provider participates in the EU-US Data Privacy Framework. More info: https://business.safety.google/intl/de/privacy/

6.2 Google reCAPTCHA

We use Google reCAPTCHA (Google Ireland Limited) to verify that inputs are made by a human and to block spam, DDoS attacks and automated abuse. Data may also be transferred to Google LLC (USA). For the visual design of the captcha window, Google uses Google Fonts; no processing beyond what reCAPTCHA already transmits occurs.

The service collects the IP address, device/browser identification, and date/time of visit and transmits it to Google for evaluation. Cookies may be used.

If cookies are used, processing is based on your consent under Art. 6(1)(a) GDPR (revocable via the cookie-consent tool). If no cookies are used, the legal basis is our legitimate interest under Art. 6(1)(f) GDPR in ensuring individual responsibility online and preventing misuse and spam.

We have a DPA with the provider. The provider participates in the EU-US Data Privacy Framework. More info: https://business.safety.google/intl/de/privacy/

7) Tools and Miscellaneous

7.1 Cookie-Consent Tool

We use a cookie-consent tool to obtain valid user consent for cookies and cookie-based applications. The tool appears as an interactive interface when the page is loaded and allows consent by ticking boxes. Consent-requiring cookies/services are loaded only after consent is granted.

The tool sets technically necessary cookies to store your preferences; personal user data is generally not processed. If, in individual cases, data (e.g., IP address) is processed to store/assign/log consent settings, processing is based on our legitimate interest under Art. 6(1)(f) GDPR in lawful, user-specific consent management and a legally compliant online presence. Additional legal basis is Art. 6(1)(c) GDPR (legal obligation to obtain consent for non-essential cookies).

Where necessary, we have concluded a DPA with the provider. Further information is available directly in the consent tool interface on our website.

7.2 Wordfence

For security purposes we use Wordfence (Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA).

The provider protects the website and IT infrastructure from unauthorised access, cyber-attacks, viruses and malware. The provider collects users’ IP addresses and, where applicable, further behavioural data (especially accessed URLs and header information) to detect and prevent illegitimate access. The IP address is compared with a list of known attackers; if identified as a risk, access can be blocked automatically. Information is transmitted to and stored on the provider’s server.

Processing is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR in protecting the website and maintaining data integrity and security.

If visitors have login rights, cookies are also set to read location/device information and assess whether access is legitimate, manage internal firewall rules and notify administrators of irregular access. These cookies are set only for users with login rights.

Where personal data is processed via cookies, processing is based on our legitimate interests under Art. 6(1)(f) GDPR in preventing illegitimate administrative access. We have a DPA with the provider. For transfers to the USA, the provider relies on Standard Contractual Clauses.

8) Rights of the Data Subject

8.1 Under applicable data protection law, you have the following rights against the controller with regard to the processing of your personal data (see the cited legal provisions for conditions):

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to notification (Art. 19 GDPR)

Right to data portability (Art. 20 GDPR)

Right to withdraw consent (Art. 7(3) GDPR)

Right to lodge a complaint (Art. 77 GDPR)

8.2 Right to Object

IF, FOLLOWING A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. FURTHER PROCESSING MAY BE RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

9) Storage Duration of Personal Data

The storage period depends on the legal basis, the purpose of processing and—where applicable—statutory retention periods (e.g., commercial and tax retention obligations).

Where processing is based on consent under Art. 6(1)(a) GDPR, data is stored until you withdraw your consent.

Where statutory retention periods apply to data processed under Art. 6(1)(b) GDPR (contractual/pre-contractual obligations), such data is routinely deleted after the retention periods expire, provided it is no longer required for contract performance or initiation and/or we no longer have a legitimate interest in further storage.

Where processing is based on legitimate interests under Art. 6(1)(f) GDPR, data is stored until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where processing is for direct marketing under Art. 6(1)(f) GDPR, data is stored until you exercise your right to object under Art. 21(2) GDPR.

Unless otherwise stated above for specific processing situations, personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Copyright notice: This privacy policy was created by the specialist attorneys of IT-Recht Kanzlei and is protected by copyright (https://www.it-recht-kanzlei.de
)

Last updated: 09/10/2025, 18:25:36

Scroll to Top