Data Privacy Policy

The controller responsible for data processing on this website is:

When you visit our website or use our services, we may collect the following categories of personal information:

We use the personal information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our mandate registry services, process transactions, and send related information.
• Communication: To respond to your inquiries, provide customer support, and send you technical notices, updates, security alerts, and administrative messages.
• Marketing: To send marketing and promotional communications (with your consent where required), such as information about our products, services, and events.
• Analytics: To understand how our website and services are used, to improve user experience, and to develop new features and services.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities, and to protect the rights and property of Mandaitor and others.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

Under the GDPR, we process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR): Where you have given us explicit consent to process your personal data for specific purposes, such as marketing communications.
• Contract Performance (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legitimate Interests (Art. 6(1)(f) GDPR): Where processing is necessary for our legitimate interests, such as improving our services, ensuring security, and conducting analytics, provided these interests are not overridden by your rights.
• Legal Obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which we are subject.

We use cookies and similar tracking technologies to collect and use personal information about you, including to serve interest-based advertising. Cookies are small data files stored on your device that help us improve our website and your experience.

Most browsers automatically accept cookies by default, but you can choose to set your browser to remove or reject cookies through your browser controls. Please keep in mind that removing or blocking cookies can negatively impact your user experience and may cause some features to work incorrectly or no longer be available.

We may share your personal information with third parties in the following circumstances:

• Service Providers: With vendors and service providers who perform services on our behalf, such as hosting, analytics, payment processing, and customer support. These providers are contractually obligated to protect your data.
• Legal Requirements: When required by law, regulation, or legal process, or to protect the rights, property, and safety of Mandaitor, our users, or others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction.
• With Your Consent: When you direct us or otherwise consent to the disclosure of your personal information.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your data, and applicable legal requirements.

Mandaitor is based in Germany and our services are hosted exclusively on the AWS European Sovereign Cloud (ESC) in Brandenburg, Germany. We are committed to keeping your data within the European Union. In the event that data needs to be transferred outside the EU/EEA, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by the GDPR.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Our infrastructure is hosted on the AWS European Sovereign Cloud with EU-only data residency and EU-only operations staff.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we take steps to remove that information from our servers.

Our website may contain links to third-party websites and services that are not owned or controlled by Mandaitor. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of every site you visit.

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for Mandaitor is:

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at [email protected] or by mail using the details provided below: