Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in connection with the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Last updated: 29 April 2026

Table of Contents

Controller

Franz Gross
Dovestraße 5, 10587
Berlin, Germany

Authorised representative: Franz Gross

Email address: info@mac-and-cheap.de

Overview of Processing Activities

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of Data Processed

  • Master data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of Data Subjects

  • Communication partners.
  • Users.

Purposes of Processing

  • Communication.
  • Security measures.
  • Organisational and administrative procedures.
  • Feedback.
  • Provision of our online offering and user experience.
  • Information technology infrastructure.

Relevant legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations may apply in your or our country of residence.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • Compliance with a legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (BDSG). State data protection laws of the individual German federal states may also apply.

Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements. These measures include in particular securing the confidentiality, integrity and availability of data by controlling physical and electronic access.

TLS/SSL encryption (HTTPS): To protect data transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL.

General Information on Data Storage and Deletion

We delete personal data in accordance with statutory provisions as soon as the underlying consents are revoked or no further legal grounds for processing exist.

Statutory retention periods under German law:

  • 10 years – Books, records, annual financial statements (§ 147 AO, § 257 HGB).
  • 8 years – Accounting documents, invoices (§ 147 AO, § 257 HGB).
  • 6 years – Other business documents, commercial correspondence (§ 147 AO, § 257 HGB).
  • 3 years – Contractual claims; standard statutory limitation period (§§ 195, 199 BGB).

Rights of Data Subjects

As a data subject, you have the following rights under the GDPR (Arts. 15–21 GDPR):

  • Right to object: You have the right to object at any time to the processing of your personal data on the basis of Art. 6(1)(e) or (f) GDPR.
  • Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
  • Right of access: You have the right to obtain confirmation as to whether your personal data is being processed and to receive a copy of that data.
  • Right to rectification: You have the right to request the completion or correction of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right to request the immediate erasure of your data or, alternatively, a restriction of processing.
  • Right to data portability: You have the right to receive your data in a structured, machine-readable format.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.

Provision of the Online Offering and Web Hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data; meta, communication and procedural data; log data.
  • Data subjects: Users (e.g. website visitors).
  • Purposes of processing: Provision of our online offering; IT infrastructure; security measures.
  • Storage and deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymised.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Web host: To provide our online offering, we use storage space, computing capacity and software rented from IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. Privacy policy of the provider: https://www.ionos.de/terms-gtc/datenschutzerklaerung/. Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Use of Cookies

We use cookies in accordance with statutory provisions. Where required, we obtain prior consent from users. Where consent is not required, we rely on our legitimate interests. Consent may be withdrawn at any time.

  • Temporary cookies (session cookies): Deleted once a user leaves the online offering and closes their browser.
  • Permanent cookies: Remain stored after the browser is closed, for up to two years.
  • Types of data processed: Meta, communication and procedural data.
  • Data subjects: Users.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication. Readers' data is processed only to the extent necessary for the presentation of the publication medium and communication between authors and readers, or for security reasons.

  • Types of data processed: Master data; contact data; content data; usage data; meta, communication and procedural data.
  • Data subjects: Users.
  • Purposes of processing: Feedback; provision of our online offering; security measures; organisational and administrative procedures.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored on the basis of our legitimate interests. Information provided in comments and contributions will be stored by us until the user objects.

Contact and Enquiry Management

When you contact us (e.g. by post, contact form, email, telephone or via social media), the details of the enquiring person are processed to the extent necessary to respond to the contact enquiries.

  • Types of data processed: Contact data; content data; meta, communication and procedural data.
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organisational and administrative procedures; feedback; provision of our online offering.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).

Contact form: When you contact us via our contact form or by email, we process the personal data transmitted to us solely for the purpose of responding to and handling your enquiry.

Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We will update the privacy policy as soon as changes to the data processing carried out by us make this necessary.

Definitions

  • Master data: Essential information required for the identification and management of contractual partners, user accounts, profiles and similar assignments (e.g. names, contact information, customer numbers).
  • Content data: Data generated in the course of creating, editing and publishing content of any kind (texts, images, videos, audio files, etc.).
  • Contact data: Information enabling communication with persons or organisations (telephone numbers, addresses, email addresses).
  • Meta, communication and procedural data: Information about the manner in which data is processed, transmitted and managed (e.g. IP addresses, timestamps, identification numbers).
  • Usage data: Information about how users interact with digital products (e.g. page views, click paths, time spent on pages).
  • Personal data: Any information relating to an identified or identifiable natural person.
  • Log data: Information about events or activities recorded in a system or network (e.g. timestamps, IP addresses, error messages).
  • Controller: The natural or legal person, authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: Any operation or set of operations performed on personal data, whether or not by automated means (collection, storage, transmission, deletion, etc.).

Created with the free privacy policy generator by Dr. Thomas Schwenke