Privacy Policy

These are the privacy policies of

MainSent GmbH
Obere Wende 5
33739 Bielefeld

Below we inform you in detail about which personal data we collect on our websites and in connection with the services and offers mentioned in this privacy statement, for what purposes they are collected, and how long these data are stored. Subsequently, we inform you about your rights regarding data processing and how you can exercise these rights.

If you have any questions or comments regarding data protection on our website, please feel free to contact us at any time. You can, for example, contact us by email at datenschutz [at] mainsent.com. 

This privacy statement applies to the collection, processing, and use (“usage”) of your personal data when using our online offers as well as for all other deliveries and services that you wish to receive from us.

I. Name and Address of the Controller 

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is: 

MainSent GmbH.
Obere Wende 5,
33739 Bielefeld

E-mail: info [at] mainsent.com
Telephone: +49 (0) 151 - 46368236

II. Data Protection Officer 

You can reach our Data Protection Officer at: 

MainSent GmbH

Data Protection Officer
Obere Wende 5
33739 Bielefeld

datenschutz [at] mainsent.com

III. General Information on Data Processing 

1. Legal Basis for the Processing of Personal Data 

Insofar as we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. In the case of processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for pre-contractual measures. Insofar as processing personal data is required for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis. In cases where the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis. If the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override those interests, Article 6(1)(f) GDPR serves as the legal basis for the processing. 

2. Data Deletion and Retention Period 

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may, however, occur if this is provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned norms expires, unless further storage of the data is necessary for the conclusion or performance of a contract. 

IV. Provision of the Website and Creation of Log Files 

1. Description and Scope of Data Processing 

Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting device. 

The following data is collected in this process: 

1. Information about the browser type and the version used
2. The operating system of the user
3. The user’s internet service provider
4. The user’s IP address
5. Date and time of access
6. Websites from which the user’s system accessed our website
7. Websites that are accessed from the user’s system via our website

The data is also stored in our system’s log files. The IP addresses of the user or other data that would allow the assignment of the data to a user are not affected by this. Storage of these data together with other personal data of the user does not take place. 

2. Legal Basis for Data Processing

The legal basis for the temporary storage of the data is Article 6(1)(f) GDPR. 

3. Purpose of Data Processing 

The temporary storage of the IP address by the system is necessary to deliver the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session. 

This purpose also reflects our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR. 

4. Duration of Storage 

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session is terminated. 

V. E-Mail Contact

1. Description and Scope of Data Processing 

Email addresses are provided on our website that can be used for electronic contact. If a user takes advantage of this option, the personal data transmitted via email will be stored. 

In this context, the data is not passed on to third parties. The data is used exclusively for processing the conversation. 

2. Legal Basis for Data Processing 

The legal basis for processing the data transmitted during contact is Article 6(1)(f) GDPR. If the email contact is aimed at concluding a contract, then an additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of Data Processing 

The processing of personal data from the input form is solely for the purpose of handling the contact inquiry.

4. Duration of Storage 

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For the personal data from the input form of the contact form and those transmitted by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when the circumstances indicate that the matter has been conclusively resolved. 

If legal provisions prescribe retention periods (e.g., six years for received business letters, § 257 (4) HGB), deletion will take place after the expiration of the corresponding period. 

VI. Data Provided by You Upon Conclusion, Execution, and Termination of Legal Transactions or When Using Services 

1. Description and Scope of Data Processing 

In some areas, you may be asked to provide personal data in order to use the respective described paid offers or free functions, or to participate in special actions. You will be informed about which information you must necessarily provide for these offers and which data you can provide voluntarily. 

In particular, the following data may be collected: Name, address, bank details, password, date of birth, email address, telephone number, consent declarations, information about the concluded legal transaction. 

Within the framework of the data agreement, we will also pass your personal data on to third parties – but only if and to the extent that this is necessary for the respective contract processing (see also Section 5 below). 

2. Legal Basis for Data Processing 

If the data collection is aimed at concluding a contract, the legal basis for processing is Article 6(1)(b) GDPR. In addition, data is processed on the basis of consent provided by you (Article 6(1)(a) GDPR). 

3. Purpose of Data Processing 

The data processing is carried out for the purpose of enabling you to use the respective offers and functions. Insofar as you provide additional data voluntarily, we use it to tailor our services to your needs. 

4. Duration of Storage 

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is usually the case when the service you have used (e.g., newsletter subscription, creation of a personal user profile) is cancelled. 

If legal provisions prescribe retention periods (e.g., six years for received business letters, § 257 (4) HGB), deletion will occur after the expiration of the corresponding period. 

VII. Data Processing for Advertising Purposes Without Consent

1. Description and Scope of Data Processing 

If you have entered into a contract with us for the purchase of goods or services, we process the data collected for this primary purpose as existing customers. In this case, we process your postal contact details (name and address) even without explicit consent, in order to provide you with information about new products and services via this channel. If we have received your email address in connection with the sale of a good or service, we process the email address to send you information about similar goods or services even without explicit consent. Additional voluntarily provided information is used to select and design advertising targeted to specific groups. 

2. Legal Basis for Data Processing 

The legal basis for processing the data is Article 6(1)(f) GDPR. 

3. Purpose of Data Processing 

The data processing is carried out for the purpose of advertising for our own similar goods or services. 

4. Duration of Storage 

The duration of storage depends on the primary purpose of the collection.

VIII. Hosting with Amazon Web Services (AWS)

1. Description and Scope of Data Processing 

We host our website with AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter: AWS).

When you visit our website, your personal data is processed on the servers of AWS. In this process, personal data may also be transferred to AWS’s parent company in the USA. The data transfer to the USA is based on the EU standard contractual clauses. You can find details here:

https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

For further information, please refer to the AWS privacy statement: https://aws.amazon.com/de/privacy/?nc1=f_pr.

We have concluded a data processing agreement with AWS. This is a legally required contract that ensures AWS processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

2. Legal Basis for Data Processing 

The use of AWS is based on Article 6(1)(f) GDPR. We have a legitimate interest in a reliable presentation of our website.

3. Purpose of Data Processing 

The data processing is carried out for the purpose of providing our online offer.

4. Duration of Storage 

Your personal data will be stored by AWS for as long as it is necessary for the purposes described above.

IX. Cloudflare

1. Description and Scope of Data Processing 

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”). Cloudflare offers a globally distributed Content Delivery Network with DNS. In this process, the information transfer between your browser and our website is technically routed through Cloudflare’s network. This enables Cloudflare to analyze the data traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the internet. In doing so, Cloudflare may also use cookies or other technologies to recognize internet users, which are solely used for the purpose described here. Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities in which Cloudflare processes personal data of natural persons in the EU. These measures are based on the EU standard contractual clauses (SCCs). For further information, please see: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf.

2. Legal Basis for Data Processing 

The legal basis for processing the data is Article 6(1)(f) GDPR. 

3. Purpose of Data Processing 

The data processing is carried out for the purpose of providing our online offer.

4. Duration of Storage 

Your personal data will be stored by Cloudflare for as long as it is necessary for the purposes described above.

X. Adobe Typekit Web Fonts

This website uses Adobe Web Fonts for a uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you visit this website, your browser loads the required fonts directly from Adobe in order to display them correctly on your device. In doing so, your browser establishes a connection to Adobe’s servers in the USA. This allows Adobe to become aware that this website was accessed via your IP address. According to Adobe, no cookies are stored when providing the fonts.

The storage and analysis of the data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform display of the fonts on his website. If a corresponding consent has been requested (e.g., consent to the storage of cookies), processing will be carried out exclusively on the basis of Article 6(1)(a) GDPR; the consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.adobe.com/de/privacy/eudatatransfers.html.

For further information on Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

You can find Adobe’s privacy policy at: https://www.adobe.com/de/privacy/policy.html

XI. Imgur

1. Description and Scope of Data Processing 

Our website uses plugins from the online service Imgur. The provider is Imgur, Inc., 415 Jackson Street, 2nd Floor, Suite 200, San Francisco, CA 94111, USA.

If you visit one of our pages equipped with an Imgur plugin, a connection to Imgur’s servers is established. In this process, the Imgur server is informed about which of our pages you have visited. In addition, Imgur obtains your IP address. This also applies if you are not logged into Imgur or do not have an account with Imgur. The information collected by Imgur is transmitted to the Imgur server in the USA.

If you are logged into your Imgur account, you enable Imgur to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your Imgur account.

For further information on how user data is handled, please refer to Imgur’s privacy policy at: https://imgur.com/privacy.

2. Legal Basis for Data Processing 

The use of Imgur is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

3. Purpose of Data Processing 

The data processing is carried out for the purpose of providing our online offer.

4. Duration of Storage 

Information on the retention period can be found in Imgur’s privacy policy at: https://imgur.com/privacy

XII Google & Google Services

1. Use of the Google APIs

The use of MediaFox and the transmission of information received from Google APIs to other apps is carried out in accordance with the Google API Services User Data Policy and the Google Privacy Policy. This includes compliance with the requirements for restricted use.

2. Use of the YouTube API

The use of the YouTube APIs is in accordance with the YouTube API Services Terms of Service.

By using the YouTube APIs within MediaFox, you agree to the YouTube Terms of Service.

3. Protection and Security of Your Data

We place great importance on the protection of our users’ data and implement appropriate security measures to ensure the confidentiality and integrity of the data received from Google. These include, among other things:

• Encryption: All data received via Google APIs is protected with modern encryption technologies both during transmission and storage.
• Access Controls: Access to the data is strictly limited and granted only to authorized systems and personnel.
• Regular Security Audits: Our systems are regularly checked for security vulnerabilities to ensure a high level of protection.
• Minimization of Data Usage: We only collect and process the data that is absolutely necessary for providing our services, and we do not store it longer than necessary.

4. Revoke Access

You can revoke MediaFox’s access to your Google accounts at any time via the Google Security Settings.

XIII. Rights of the Data Subject 

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller: 

1. Right of Access 

You can request confirmation from the controller as to whether personal data concerning you is being processed.

If such processing exists, you can request the following information from the controller: 

1. the purposes for which the personal data is processed;
2. the categories of personal data that are processed;
3. the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
4. the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, the criteria for determining the period of storage;
5. the existence of a right to rectification or deletion of the personal data concerning you, a right to restrict processing by the controller, or a right to object to this processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information about the origin of the data, if the personal data was not collected from the data subject;
8. the existence of automated decision-making including profiling pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the involved logic as well as the significance and the envisaged consequences of such processing for you.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer. 

2. Right to Rectification 

You have the right to rectification and/or completion against the controller if the processed personal data concerning you is incorrect or incomplete. The controller must carry out the rectification without delay. 

3. Right to Restrict Processing 

Under the following conditions, you can request the restriction of processing of the personal data concerning you: 

1. if you contest the accuracy of the personal data concerning you for a period that allows the controller to verify its accuracy;
2. if the processing is unlawful and you refuse deletion of the personal data and instead request the restriction of its use;
3. if the controller no longer needs the personal data for the purposes of processing but you require it for the establishment, exercise, or defense of legal claims, or
4. if you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate interests of the controller override your objections.

If the processing of the personal data concerning you is restricted, these data – aside from their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State. 

If the restriction of processing has been imposed under the aforementioned conditions, the controller will inform you before the restriction is lifted. 

4. Right to Deletion 

a) Obligation to Delete 

You can request the controller to delete the personal data concerning you without delay, and the controller is obliged to delete this data immediately if one of the following reasons applies: 

1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
2. You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
4. The personal data concerning you has been processed unlawfully.
5. The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
6. The personal data concerning you was collected in relation to services offered by the information society pursuant to Article 8(1) GDPR.

b) Information to Third Parties 

If the controller has made the personal data concerning you public and is obliged to delete them pursuant to Article 17(1) GDPR, then, taking into account the available technology and implementation costs, he shall take appropriate measures, including technical measures, to inform the controllers who process the personal data that you, as the data subject, have requested the deletion of all links to these personal data or copies or replications of these personal data. 

c) Exceptions 

The right to deletion does not exist if the processing is necessary 

1. for exercising the right to freedom of expression and information;
2. for compliance with a legal obligation that requires the processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) GDPR, insofar as the right mentioned in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
5. for the assertion, exercise, or defense of legal claims.

5. Right to Notification 

If you have asserted your right to rectification, deletion, or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed about the rectification or deletion of the data or the restriction of processing, unless this proves to be impossible or is associated with disproportionate effort. 

You have the right to be informed by the controller about these recipients. 

6. Right to Data Portability 

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit these data to another controller without hindrance by the controller to whom the personal data have been provided, provided 

1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the controller ensure that the personal data concerning you is transmitted directly from one controller to another, as far as technically feasible. However, the freedoms and rights of other persons must not be impaired by this. 

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object 

You have the right to object at any time, for reasons arising from your particular situation, to the processing of the personal data concerning you that is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. 

The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims. 

If personal data concerning you is processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for such advertising; this also applies to profiling insofar as it is related to such direct advertising. 

If you object to processing for direct advertising purposes, the personal data concerning you will no longer be processed for these purposes. 

You have the opportunity, in connection with the use of services of the information society – regardless of Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications. 

8. Right to Withdraw the Data Protection Consent 

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent prior to the withdrawal. 

9. Automated Decision-Making Including Profiling 

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision 

1. is necessary for the conclusion or performance of a contract between you and the controller,
2. is permitted by the legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
3. is made with your explicit consent.

However, such decisions must not be based on special categories of personal data pursuant to Article 9(1) GDPR unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests. 

For the cases mentioned in (1) and (3), the controller takes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, which include at least the right to request human intervention by the controller, to state your point of view, and to contest the decision. 

10. Right to File a Complaint with a Supervisory Authority 

Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, particularly in the Member State of your habitual residence, your workplace, or the place of the alleged infringement, if you consider that the processing of the personal data concerning you violates the GDPR. 

The supervisory authority where the complaint has been filed will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR. 

Last updated: 30.01.2025