Data protection

Status: 07/2021

We process personal data (hereinafter called “data”) of the User only to the extent that is necessary to provide a functional, user-friendly website, as well as our content and services.

The term “processing” refers to the collection, use, transfer and/or storage of data. According to the General Data Protection Regulation (hereinafter “GDPR”), “personal data” refers to all data with which a natural person can be identified. The exact definitions of the terms are defined in Art. 4 of the GDPR.

The following information informs you in particular about the nature, scope, purpose, duration and legal basis of the processing of personal data, regarding which we alone, or together with others, decide on the purposes and means of the processing, as well as about the components of third parties, who process data on their own responsibility, that we likewise use for optimisation and quality of use:




The Data Controller (hereinafter referred to as the “Provider”) within the meaning of the GDPR and other national data protection laws of the member states, as well as other data protection regulations, is:

mb-Vermarktung Martin Bauer e.K.
Hohenlohestr. 22, 74523 Schwäbisch Hall, Germany
Tel.: +49 791 202139-0
Fax: +49 791 202139-20

External Data Protection Officer:

Killian Hedrich
c/o DatCQ GbR, Katharinenstraße 16, 73728 Esslingen, Germany
Tel.: +49 711 932779-55
Fax: +49 711 932779-56



In relation to the processing of their personal data described below by the Provider, the User has the right:

  • to request confirmation as to whether the data concerning them are being processed and to obtain precise information about the said data, as well as further information and copies of the data in accordance with Art. 15 GDPR;
  • to request the immediate rectification of incorrect data concerning them or the completion of that data, in accordance with Art. 16 GDPR;
  • to request that the data concerning them be immediately erased in accordance with Art. 17 GDPR, or alternatively, if for example further processing is necessary, in accordance with Art. 17 (3) GDPR, to request a restriction of the data processing, in accordance with Art. 18 GDPR;
  • to request to receive the data concerning them and provided by them in accordance with Art. 20 GDPR, and to request that the data be transferred to other data controllers;
  • to submit a complaint to the Supervisory Authority in accordance with Art. 77 GDPR if the User believes that the processing of their data by the Provider violates the GDPR.
  • In principle, the User may, in accordance with Art. 21 GDPR, object at any time to the future processing of the data concerning them, which is carried out by a data controller on the basis of Art. 6 (1) (f) GDPR. The said objection may, in particular, be filed against the processing of the data for direct marketing purposes.
  • The Provider is also obliged to notify all recipients of the data to whom the data has been disclosed by the Provider, of any rectification or erasure of the personal data or restriction of processing that is carried out on the basis of Art. 16 GDPR, Art. 17 (1) GDPR and Art. 18 GDPR. The said obligation shall not apply in the event that the said notification proves to be impossible or involves a disproportionate effort. The User has the right to receive information regarding the said recipients of the data.


If no detailed information on the individual data processing is subsequently provided, the User’s data processed by the Provider shall be erased or blocked as soon as the purpose of storage ceases to apply and provided the erasure does not conflict with any statutory retention obligations.

Server data

For communication and security reasons, the following data (among other things), which the User’s internet browser transmits to the Provider or to its web space provider, will be collected during the User’s visit to the website (so-called “server log files”):

– Browser type and version
– Operating system used
– Website from which the User has accessed the website of the Provider (referrer URL)
– Website visited by the User
– Date and time of access
– Internet protocol (IP) address of the User

The data will also be stored temporarily. This data will not be stored together with other personal data of the User. The legal basis for the said temporary storage is Art. 6 (1)(f) GDPR, based on the Provider’s legitimate interest in improving the stability, functionality and security of the website.

After seven days at the latest, the data will be erased. Any data whose further retention is required for evidentiary purposes will be excluded from erasure until the final clarification of the respective incident.


The Provider does not use cookies on the website.

Cookies are small text files or other storage technologies that the internet browser used by the User deposits and stores on the terminal device. These cookies process certain information of the User, such as browser and location data and IP address values, on an individual basis.

Contract implementation

a) Data processing

The personal data provided by the User for the purpose of purchasing goods or services will be processed by the Provider for the purpose of contract implementation. Entry of the data is necessary for the conclusion of the contract; without the provision of the data, the conclusion of the contract is not possible. The legal basis for the processing is Art. 6 (1)(b) GDPR. After the full implementation of the contract, the User’s data will be erased, taking into account tax and commercial retention periods.

B) Data transfer

As part of the process of implementing the contract, the User’s personal data will be transferred to a service provider used to process the purchase of the goods or services, to the transport company commissioned with the delivery or to the financial service provider, insofar as this is necessary for the processing, delivery or payment of the goods.

The legal basis for the transfer of data is thereby Art. 6 (1)(b) GDPR.

Contact enquiries

Should the User contact the Provider, the User’s personal data entered on this occasion will be used to process their enquiry. The entry of the data is required to answer the enquiry; without the provision of the data, it is not possible to answer the enquiry, or only to a limited extent.

Should the contact enquiry be for the purpose of fulfilling a contract or implementing pre-contractual measures, the legal basis is Art. 6 (1)(b) GDPR.

The User’s data shall be erased if the User’s enquiry has been conclusively answered and there are no legal data retention obligations such as exist, for example, in the case of a subsequent implementation of a contract.

The legal basis may also be the User’s consent, in accordance with Art. 6 (1)(a) GDPR.

The User may at any time withdraw the consent they have granted for the contact enquiry by notifying the Provider thereof in accordance with Art. 7 (3) GDPR at any time. The data processed in connection with the contact enquiry will be erased as soon as their processing is no longer necessary.