Privacy Policy

Data Protection Declaration

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Mevalon-Produkte e.K.
Inhaber: Vladimir Vukovic, Heidenheimerstr. 11, 85748 Garching, Germany
Phone: +49 89 21964709
Fax: +49 89 21964710
Email: info@mevalon-produkte.de

2) Data Collection When You Visit Our Website

2.1 When using our website for information only, we collect only the data your browser transmits (server log files):

  • Visited website
  • Date and time of access
  • Amount of data sent
  • Source/referrer
  • Browser used
  • Operating system
  • IP address (possibly anonymized)

Processing is based on Art. 6 (1) f GDPR. We reserve the right to check logs if misuse is suspected.

2.2 This website uses SSL/TLS encryption (https + lock icon) to protect data transmission.

3) Hosting & Content Delivery Network

Hosting is provided within the EU.
All collected data is processed on these servers.
A data processing agreement ensures protection and prevents unauthorized disclosure.

4) Cookies

We use cookies to improve functionality:

  • Session cookies (deleted after browser closes)
  • Persistent cookies (stored longer)

Legal bases:

  • Art. 6 (1) b GDPR (contract)
  • Art. 6 (1) a GDPR (consent)
  • Art. 6 (1) f GDPR (legitimate interest)

You can configure your browser to control cookies. Disabling cookies may limit functionality.

5) Contacting Us

When contacting us (form/email), personal data is collected and used only to process your request.

Legal basis:

  • Art. 6 (1) f GDPR
  • Art. 6 (1) b GDPR (if contract-related)

Data is deleted after resolution unless legal obligations apply.

6) Data Processing When Opening a Customer Account

Data is processed under Art. 6 (1) b GDPR for account creation.

  • Data fields are visible in the form
  • Accounts can be deleted anytime
  • Data is deleted unless retention obligations exist

7) Use of Client Data for Direct Advertising

Newsletter to existing customers

We may send product offers via email based on prior purchases (Section 7 (3) UWG).

Legal basis:

  • Art. 6 (1) f GDPR

You can object at any time. After objection, emails stop immediately.

8) Processing of Data for Order Handling

8.1 Data is shared with:

  • Shipping providers
  • Payment providers

Legal basis: Art. 6 (1) b GDPR

We may also use contact data to inform about updates (Art. 6 (1) c GDPR).

8.2 Payment Providers

Apple Pay
Payment via Apple devices with Face ID / Touch ID.
Encrypted transaction processing.
Privacy info: https://support.apple.com/en-gb/HT203027

Google Pay
Payment via Android devices with NFC.
Uses tokenized transactions.
May process transaction metadata under Art. 6 (1) f GDPR.

PayPal
Provider: PayPal (Europe) S.a.r.l. et Cie, Luxembourg

  • Payment data shared for processing
  • May include credit checks
  • Score values based on statistical models

You can object, but processing may still be required for payments.

Stripe
Provider: Stripe Payments Europe Ltd., Ireland
Used for payment processing under Art. 6 (1) b GDPR.

9) Online Marketing

Google AdSense

Uses:

  • Cookies
  • Web beacons

Processes usage data and may transfer to Google servers (including USA).

Legal basis:

  • Art. 6 (1) a GDPR (consent required)

You can revoke consent via cookie settings.
Privacy info:
https://privacy.google.com
https://business.safety.google/privacy/

10) Web Analysis Services

10.1 Google Tag Manager

  • No direct data storage
  • May transmit IP address
  • Requires consent (Art. 6 (1) a GDPR)

10.2 Hotjar

Tracks:

  • Heatmaps
  • User interactions
  • Behavior analytics

Data is pseudonymized.

Legal basis:

  • Art. 6 (1) a GDPR

11) Tools and Miscellaneous

We use a cookie consent tool to manage user consent.

  • Only loads cookies after consent
  • Stores preferences via necessary cookies

Legal basis:

  • Art. 6 (1) f GDPR
  • Art. 6 (1) c GDPR

12) Rights of the Data Subject

12.1 Your rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction (Art. 18 GDPR)
  • Notification (Art. 19 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdraw consent (Art. 7 (3) GDPR)
  • Complaint (Art. 77 GDPR)

12.2 Right to Object

You may object to processing based on legitimate interest at any time.

If data is used for direct marketing, you can object immediately and processing will stop.

13) Duration of Storage of Personal Data

Storage depends on:

  • Legal basis
  • Purpose
  • Legal retention periods

Key rules:

  • Consent-based data → stored until withdrawn
  • Contract data → deleted after obligations expire
  • Legitimate interest → stored until objection
  • Marketing data → stored until objection

Data is deleted when no longer necessary.

Copyright Notice

This privacy policy was created by IT-Recht Kanzlei:
https://www.it-recht-kanzlei.de

Status: 25.04.2026, 19:48:49

Privacy Policy - Mevalon | Mevalon