The Mandala Hotel - Data Privacy Policy

• Name and Address of the Data Controller
• Name and Address of the Data Protection Officer
• Data Processing: General Information
• Provision of the Website and Creation of Log Files
• Contact Form and Email Contact
• Online Booking through the Website
• Online Booking through Other Websites
• Purchase of Vouchers through Our Website
• Consulting, Advertising and Market Research
• Online Reviews
• Newsletter Service
• Use of Cookies
• Protection of Minors
• Rights of the Data Subject
• Right of Appeal to a Supervisory Authority
• Security
• Declaration of Consent of the User

• Updated: May 2018

We use anonymized usage data from Google Analytics for the continuous improvement of our online services. You have the option to disable this feature here.

• Deactivate Google Analytics

Thank you for visiting our website and for your interest in our company. Contact with customers and stakeholders is a confidential matter for us. We attach great importance to the trust you place in us, and this obligates us to handle your data with care and protect it from misuse.

We want you to feel safe and comfortable when visiting our website, so we take the protection and confidentiality of your personal data very seriously. Therefore, we work in accordance with applicable legislation for the protection of personal data and data security. In this privacy policy, we would therefore like to make you aware of when we store data, what data we store, and how we use it - this, of course, is always done in accordance with current legislation.

In particular, THE MANDALA's privacy policy is based on the European Union General Data Protection Regulation (GDPR). In the following sections, we will explain which information we collect when you visit our website, and how we use it.

The Data Controller under the GDPR and other national data protection laws of Member States, as well as other data protection regulations, is:

The Mandala Hotel GmbH, Potsdamer Str. 3, D-10785 Berlin, Germany

• +49 (0) 30 590 05 00 00
• welcome@themandala.de

The Data Controller's Data Protection Officer is:

Andreas Thurmann, DataSolution Thurmann GbR, Isarstrasse 13, D-14974 Ludwigsfelde, Germany

• +49 (0) 3378 202513
• mail@hoteldatenschutz.de
• +49 (0) 3378 202514

1. Scope of processing of personal data
We collect and utilise our users' personal data only as far as this is necessary for provision of an operational website and of our content and services. Collection and utilisation of users' personal data is undertaken on a regular basis and only with the user's consent. An exception applies in those cases where prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.

2. Legal basis for processing personal data
Where we obtain the consent of the Data Subject to processing their personal data, article 6, section 1, subsection A of the GDPR forms the legal basis. For processing of personal data required to fulfil a contract to which the Data Subject is a party, article 6, section 1, subsection B of the GDPR forms the legal basis. This also applies to processing which is necessary for carrying out pre-contractual tasks. Where processing of personal data is necessary to fulfil a legal obligation (statutory provision) to which our company is subject (e.g. Bundesmeldegesetz/German Federal Act on Registration), article 6, section 1, subsection C of the GDPR forms the legal basis. If processing is necessary to safeguard a legitimate interest of our company or of a third party, and the interests, fundamental rights and freedoms of the Data Subject do not outweigh the aforementioned interest, article 6, section 1, subsection F of the GDPR forms the legal basis.

3. Data deletion and duration of storage
The Data Subject's personal data will be deleted or made inaccessible as soon as the purpose of storage ceases to apply. Data may be stored beyond this point if this has been provided for by European or national lawmakers in EU regulations, laws or other rules to which the Data Controller is subject. Data will still be made inaccessible or deleted when a storage period prescribed by the aforementioned rules expires, unless continued data storage is necessary for concluding or performing a contract.

• +49 (0) 30 590 05 00 00
• welcome@themandala.de

1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the system of the computer accessing the site. The following data is collected:

• Information on the browser type and version used
• The user’s operating system
• The user's IP address
• Date and time of access
• Websites from which the user's system accesses our website
• Websites accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Personal user profiles cannot be created from this data. This data is used solely for statistical purposes.

2. Legal basis for data processing
The legal basis for temporary storage of data and log files is processing to safeguard our (THE MANDALA's) legitimate interest.

3. Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable the website to be provided on the user's computer. This requires the user's IP address to be stored for the duration of the session.

The data is stored in log files to ensure the website's functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

Our legitimate interest in data processing is also a purpose of data processing.

4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for providing our website, this is the case once the user has ended their session.

In the case of data stored in log files, this is the case after no more than seven days. Data may be stored beyond this point, but the users' IP addresses will be deleted in this case, or disguised such that they can no longer be linked to the user in question.

5. Right to objection and removal
Collection of data to provide the website and storage of data in log files to run the website are absolutely necessary. The user therefore has no right to objection.

1. Description and scope of data processing
A contact form is provided on our website, which can be used to contact us electronically. If a user makes use of this facility, the data entered in the input screen will be transmitted to us and stored. The data in question are: first name and surname, email address and concerns.

Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

Data is not passed on to third parties in this context. The data is used exclusively for the conversation in question.

2. Legal basis for data processing
Our justified interest in data processing in the course of making contact with the user is the initial legal basis for data processing in this case. If this establishment of contact has the aim of concluding a contract, then the initiation of a business transaction or forming of a contractual relationship provides additional legal basis for data processing.

3. Purpose of data processing
Processing of personal data entered on the input screen is undertaken solely for the purpose of establishing contact. In the case of email contact, this also constitutes the necessary legitimate interest in the processing of the data.

The remaining personal data processed during the sending process is to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of personal data sent by email, this is the case once the conversation with the user has ended. The conversation will be deemed to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

In the case of correspondence concerning a pre-contractual relationship (enquiry regarding an offer or reservation), the data transmitted will additionally be stored in our hotel software and used for performing the contract. If no contractual relation is formed, we will delete the data at the end of the year after one year has elapsed.

5. Right to objection and removal
The user has the right to revoke his or her consent to the processing of his or her personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.

We would like to point out that, if you object, the conversation cannot be continued and we cannot make any offers, etc.

All personal data stored in the course of establishing contact with us will be deleted in such a case.

1. Description and scope of data processing
Our website includes an online booking facility for rooms and arrangements at THE MANDALA HOTEL. If a user makes use of this facility, the data entered in the input screen will be transmitted to us and stored. The data in question are: first name, surname, email address, arrival details, requests, payment data, address (if necessary), telephone, date, time.

Online bookings undertaken on our website are made through the synxis online reservation system from Design Hotels AG, Stralauer Allee 2c, D-10245 Berlin, Germany. All booking data you enter will be encrypted. Design Hotels AG, in contract with us, has committed itself to handling the data you send in accordance with data protection legislation and has adopted all organisational and technical measures to protect your data.

Data is not passed on to other third parties in this context. The data is used exclusively for processing the booking and for communication.

2. Legal basis for data processing
The legal basis for data processing is the conclusion of an accommodation contract with the user.

The data transmitted are stored in our hotel software and used for performing the contract. If no contractual relation is formed, we will delete the data at the end of the year after one year has elapsed.

For purposes of improving our services, we manage all data received in our central hotel software at THE MANDALA. The Data Controller is the hotel for which the booking is made. The relevant booking data are accessible only to the Data Controller; this data may be used together with a guest's data for purposes such as making a reservation at another hotel at a later date, rebooking or undertaking centralised marketing activities. To this end, central departments such as Reservations and Marketing may access this data. The legal basis for data processing is our justified interest in data processing as part of centralised administration and utilisation of customers' and business partners' data within the hotel group.

3. Purpose of data processing
Processing of personal data entered on the input screen is undertaken solely for the purposes of processing booking requests and transactions.

4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. Where a contractual relationship is formed, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations are fulfilled.

5. Right to objection and removal
The user has the right to revoke his or her consent to the processing of his or her personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.

We would like to point out that, if you object, bookings cannot be completed and any conversation cannot be continued.

1. Description and scope of data processing
THE MANDALA also enables rooms and arrangements to be booked via hotel booking sites (third-party providers). If a user makes use of this facility, the data entered in the input screen will be transmitted to us and stored to the extent that this is permitted by the relevant hotel booking site's privacy policy. This may include: first name, surname, email address, telephone, postal address, number of fellow travellers, expected arrival time, requests, payment details (credit card).

Data is not passed on to other third parties in this context. The data is used exclusively for processing the booking and, if necessary, for communication.

2. Legal basis for data processing
The legal basis for data processing is the conclusion of an accommodation contract with the user.

The data transmitted are stored in our hotel software and used for performing the contract. If no contractual relation is formed, we will delete the data at the end of the year after one year has elapsed.

For purposes of improving our services, we manage all data received in our central hotel software at THE MANDALA. The Data Controller is the hotel for which the booking is made. The relevant booking data are accessible only to the Data Controller; this data may be used together with a guest's data for purposes such as making a reservation at another hotel at a later date, rebooking or undertaking centralised marketing activities. To this end, central departments such as Reservations and Marketing may access this data. The legal basis for data processing is our justified interest in data processing as part of centralised administration and utilisation of customers' and business partners' data within the hotel group.

3. Purpose of data processing
Processing of personal data entered on the input screen is undertaken solely for the purposes of processing booking requests and transactions.

4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. Where a contractual relationship is formed, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations are fulfilled.

THE MANDALA has no control over the storage periods of any external hotel booking sites.

5. Right to objection and removal
The user has the right to revoke his or her consent to the processing of his or her personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.

We would like to point out that, if you object, bookings cannot be completed and any conversation cannot be continued.

1. Description and scope of data processing
Our website includes an online purchase facility for vouchers. If a user makes use of this facility, the data entered in the input screen will be transmitted to us and stored. The data in question are: title/company, first name, surname, date of birth, email address, postal address, telephone/fax, value of voucher, requests, payment details, password for individual user account.

Voucher purchases on our website are made through an online ordering system provided by INCERT eTourismus GmbH & Co KG, Leonfeldner Strasse 328, A-4040 Linz, Austria. All order data you enter will be encrypted. INCERT has committed itself to handling the data you send in accordance with data protection legislation and has adopted all organisational and technical measures to protect your data.

Data is not passed on to other third parties in this context. The data is used exclusively for processing the booking and for communication.

2. Legal basis for data processing
The legal basis for data processing is the conclusion of a sales contract with the user.

3. Purpose of data processing
Processing of personal data entered on the input screen is undertaken solely for the purposes of processing voucher sales and transactions.

4. Duration of storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. Where a contractual relationship is formed, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations are fulfilled.

5. Right to objection and removal
The user has the right to revoke his or her consent to the processing of his or her personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.

1. Description and scope of data processing
To support, consult and advertise corporate customers, we, as well as current or potential business partners, collect and use data on contacts, telephone numbers and postal addresses. We receive this information from various sources, either by making a request (email or telephone), or through meetings, fairs, business cards received by our sales staff, etc.

Data is not passed on to third parties in this context. It is used exclusively for the purposes stated.

2. Legal basis for data processing
Processing of data is otherwise undertaken on the legal basis of our legitimate interest in data processing. If this establishment of contact has the aim of concluding a contract, then the initiation of a business transaction or forming of a contractual relationship provides additional legal basis for data processing.

For purposes of improving our services, we manage all data received in the CRM module of our central hotel software at THE MANDALA. The Data Controller is the hotel with which business contact has been made. Central departments such as Sales, Events, Reservations and Marketing may access this data. The legal basis for data processing is our justified interest in data processing as part of centralised administration and utilisation of customers' and business partners' data within the hotel group.

3. Purpose of data processing
We use this contact data exclusively for our own purposes and for needs-based planning of our own sales activities.

4. Duration of storage
There is no general deadline for deletion. Should, however, our sales department have no contact with a company for 3 years, our sales department will decide whether the details of the contact in the company in question should be deleted.

In the case of correspondence concerning a pre-contractual relationship (enquiry regarding an offer, booking or reservation), the data transmitted will additionally be stored in our hotel software and used for performing the contract. If no contractual relation is formed, we will delete the data at the end of the year after one year has elapsed.

5. Right to objection and removal
Corporate contacts have the right to revoke their consent to the processing of their personal data at any time. For this purpose, we have set up the email address widerruf@themandala.de.

In this case, all personal data of the contact associated with the company in question will be deleted.

1. Description and scope of data processing
Guests may submit a review of our hotel after check-out. For this purpose, we will send an email within 14 days of departure to request a review. Any review may be anonymised for publication, on request. If you were not satisfied with your stay at our hotel, we would like to take the opportunity to contact you.

If you submit an online review on our website, the data will be saved in the review tool provided by CA Customer Alliance GmbH, Ullsteinstrasse 118, Turm B, D-12109 Berlin, Germany. CA Customer Alliance GmbH has committed itself to handling the data you send in accordance with data protection legislation and has adopted all organisational and technical measures to protect your data.

If a guest submits an online review, his/her data will be stored in the review system. The data in question are: email address, as well as voluntary information such as first name, surname, language, and any other information given in the review.

Data is not passed on to other third parties in this context. The data is used exclusively for publishing the review and for settlement in case of negative reviews.

2. Legal basis for data processing
Processing of data is otherwise undertaken on the legal basis of our legitimate interest in data processing.

3. Purpose of data processing
The purpose of the reviews is to collate and communicate guest opinions through our website, so that potential guests can picture our services for themselves. The results are also used for internal quality management.

4. Duration of storage
This data will not be deleted.

5. Right to objection and removal
You have the right to have your published review deleted at any time (right to be forgotten). For this purpose, we have set up the email address widerruf@themandala.de. Please tell us which review is yours when doing this.

1. Description and scope of data processing
Our website includes various ways of registering for our newsletter. If a user makes use of this facility, the data entered in the input screen will be transmitted to us and stored. The data in question are: email address, title, first name, surname.

If we should receive an email address in any other way, and the recipient clearly states that they would like to receive our newsletter, we will collect their data through the input screen on our web page.

Data is not passed on to other third parties in this context. The data is used exclusively for sending newsletters.

2. Legal basis for data processing
The presence of the recipient's consent forms the legal basis for the processing of this data. This is ensured by a double opt-in procedure.

3. Purpose of data processing
Processing of this personal data is solely for the purpose of sending individual newsletters.

4. Duration of storage
The data will be deleted as soon as the recipient unsubscribes from the newsletter service.

5. Right to objection and removal
The recipient has the right to revoke his or her consent to the processing of his or her personal data at any time. The recipient can unsubscribe from the newsletter service from any individual newsletter. We have also set up the email address widerruf@themandala.de. Please tell us your email address when doing this.

1. Description and scope of data processing
Cookies are small files which enable us to save specific information related to you, the user, on your computer when you visit our website. Cookies help us to determine the frequency of use and the number of users of our website, as well as making our offers as convenient and efficient as possible for you.

We use so-called "session cookies", which are cached only for the duration of your visit to our website. Session cookies are stored on your disk in order to ensure certain settings and features on our website in your browser. The cookies used by us are deleted again after the end of your browsing session - i.e. when you close your browser.

We also use cookies on our website to enable analysis of the user's browsing habits. The following data can be transmitted in this way: search terms entered, frequency of page visits, use of website functions. Technological measures are used to pseudonymise the user data collected in this way. This means it is no longer possible to link the data to the user in question. The data is not stored together with users' other personal data. When accessing our website, the user is informed of the use of cookies for analytical purposes and their consent to the processing of personal data used in this context is obtained. Reference is also made to this privacy policy.

2. Legal basis for data processing
The legal basis for processing of personal data using technologically-essential cookies is our legitimate interest in data processing.

The presence of the user's consent to processing of personal data using cookies for analytical purposes is the legal basis for data processing.

3. Purpose of data processing
The purpose of using technologically-essential cookies is to simplify use of the website for users. Some features of our website cannot be provided without the use of cookies. In this case, it is necessary for the browser to be recognised again, even after just loading a new page. The user data collected by technologically-essential cookies will not be used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Analysis cookies tell us how our site is used and thus enable us to constantly optimise our service.

4. Duration of storage, right to objection and removal
Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict transmission of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features in full.

You can also use our services without cookies and scripts. You can deactivate storage of cookies and scripts in your browser, limit them to particular websites, or set the browser to notify you when a cookie is sent. You can delete cookies from the hard disk of your PC at any time.

You can install browser add-ons to block scripts. NoScript for Firefox and ScriptSafe for Google Chrome are examples of these add-ons. These block not only all kinds of Javascript, but also selected trackers, Java, Flash and other plugins on websites.

If you are concerned about third-party cookies, you can reject just these cookies and still receive those which enable our website to work properly.

Here is how to refuse cookies in each of the main browsers:

• Mozilla Firefox
• Google Chrome
• Internet Explorer
• Safari

However, please note that you should expect limitations in page display and user guidance if you choose to refuse cookies.

5. Supplementary information
In addition to the information above about the use of cookies, we would like to point out the following:

Use of Google Analytics, Google DoubleClick Cookies, Google Convers Tracking and Google Remarketing
Our internet presence may use Google Analytics, Google DoubleClick Cookies, Google Convers Tracking and Google Remarketing. These are services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies" - text files that are stored on your computer and which enable analysis of your use of the website. Information generated by cookies about your use of this website is normally transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will first be shortened by Google within member states of the European Union or in other countries that are signatories of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. IP anonymisation is active on this website. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website usage and internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google. You can prevent these cookies being stored by selecting the appropriate settings in your browser; however, please note that doing so may make you unable to use the full functionality of this website. You can also prevent the data generated by the cookies about your use of the website (including your IP address) being sent to and processed by Google by downloading and installing the browser plugin available from the following link: http://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to a browser add-on, or for browsers on mobile devices, please click this link to prevent future data collection by Google Analytics on this website. This will place an opt-out cookie on your device. If you delete your cookies, you will need to click the link again. Otherwise, the statements under sections XI.1 to XI.4 apply.

Deactivating Google Ads
(http://www.google.com/privacy_ads.html), or the Network Advertising Initiative's deactivation page (http://www.networkadvertising.org/managing/opt_out.asp)

Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which may collect data under certain circumstances. Google Tag Manager does not access this data. If deactivation is carried out at domain or cookie level, this will remain in force for all tracking tags implemented by Google Tag Manager.

Use of CrazyEgg.com
This site uses the CrazyEgg.com tracking tool to record randomly selected individual visits (with anonymised IP addresses only). This service enables us to use cookies to analyse how you use the website (for example, what content you click on). It also creates a visual usage profile. This tool does not collect, process or use any of your personal data. Only pseudonymised user profiles are only created.

You can opt out of the collection, processing, and recording of data generated by the CrazyEgg.com service at any time by following the instructions at www.crazyegg.com/opt-out. Further information on data protection by CrazyEgg.com is available on www.crazyegg.com/privacy.

Use of Zopim Chat
This site uses Zopim. Zopim uses cookies to store your settings and other information on your computer. To save time, Zopim eliminates the need to repeatedly enter the same information and your personalised content and appropriate advertising will be displayed on subsequent visits to this website. Zopim saves your unique ID number and the your login time in an encoded cookie on your hard disk. This cookie allows you to navigate from page to page on the website without having to log in again on every page. When you log out, this cookie is deleted from your computer.

Use of Facebook Plugins (Like button), Instagram and Youtube
Plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated into our website. Facebook plugins can be identified by the Facebook logo or the "Like button" on our site. For an overview of Facebook plugins, please visit developers.facebook.com/docs/plugins.

When you visit our site, a direct connection is established between your browser and the Facebook server via the plugin. This enables Facebook to receive information that you have visited our site with your IP address. If you click the Facebook "Like button" while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the provider of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses this data.

For more information, please refer to Facebook's privacy policy on de-de.facebook.com/policy.php. If you do not want Facebook to associate visits to our site with your Facebook account, please log out of your Facebook account.

This service is aimed primarily at adults. We do not currently market any services for children. Therefore, we neither knowingly collect information to determine user age, nor do we knowingly collect personal data from children under 16 years of age. We would, however, like to advise all visitors to our website under 16 years of age not to disclose or make available any personal data. If we discover that a child under 16 years of age has provided us with personal data, we will delete the personal data of the child from our files, as far as this is technologically possible.

If your personal data are processed, you are a Data Subject under the GDPR and you have the following rights with regard to the Data Controller:

You have the right to information on the data stored about you, the purposes for which your data are being processed, any transferring of this data to other bodies that may occur, and the length of time for which your data will be stored.

Should data be incorrect or no longer required for the purposes for which they were collected, you have the right to demand their correction or deletion, or restriction of data processing. Where provided for by the data processing methods used, you can view and, if necessary, correct the data yourself.

If special personal circumstances provide reasons against processing of your personal data, you have the right to object to such data processing, provided that the processing is based on a legitimate interest. The Data Controller will then no longer process your personal data, unless the Data Controller can provide evidence of compelling legitimate reasons for processing which outweigh your interests, rights and freedoms; or if processing serves to assert, exercise or defend legal claims. If your personal data are processed for direct marketing purposes, you have the right, at any time, to object to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to data processing for purposes of direct advertising or profiling, your personal data will no longer be processed for these purposes.

You have the right to revoke your declaration of consent for data protection at any time. Withdrawal of consent shall not affect the legality of processing undertaken on the basis of this consent before its withdrawal.

If you have questions on your rights and exercising them, please contact:

The Mandala Hotel
The Mandala Hotel GmbH
Potsdamer Str. 3
D-10785 Berlin
Deutschland

Tel.: +49 (0) 30 590 05 00 00
Mail: welcome@themandala.de

Data Protections Officer
DataSolution Thurmann GbR
Herr Andreas Thurmann
Isarstr. 13
D-14974 Ludwigsfelde
Deutschland

Tel.: +49 (0) 3378 202513
Fax: (0) 3378 202514
Mail: mail@hoteldatenschutz.de

As a Data Subject, irrespective of any other administrative or judicial remedy, you have the right of appeal to a supervisory authority for data protection, more specifically in the member state where you reside or where the alleged offence was committed, if you believe that the processing of your personal data violates data protection law.

The supervisory authority to which the complaint is submitted will inform you of the status and the findings of your complaint, including whether or not a judicial remedy is possible.

More information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information. Please click this link.

THE MANDALA uses technological and organisational security precautions, in accordance with article 32 of the GDPR, in order to protect your data administered by us from accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our security precautions are continually improved as technology develops. Access is only granted to a small number of authorised persons, and persons committed specifically to data protection who are concerned with technical, administrative or editorial management of data.

By using our websites and the services contained therein, you agree that the personal data you have voluntarily provided may be stored by us, and processed and used in accordance with this privacy policy.

We reserve the right to change, update or supplement this privacy policy at any time. All revised privacy policies apply only to personal data which were collected or changed after the entry into force of the revised policy.