Privacy Policy

§ 1 Information about the collection of personal data

  1. In the following, we inform about the collection of personal data when using our website. According to Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR), “personal data” is any information relating to an identified or identifiable natural person (data subject); a natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
  2. The responsible party in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Michael Bauer International GmbH Greschbachstr. 12, 76229 Karlsruhe, Germany (see our imprint).
  3. We have appointed a data protection officer for our company.
    Andreas Hirsch
    Branch Office Stuttgart / Böblingen
    Otto-Lilienthal-Straße 36
    71034 Böblingen
    Phone: +49 151 68842560

§ 2 Your rights

  1. You have the following rights with regard to the personal data concerning you:  
    1. Art. 15 GDPR – Right of access by the data subject,
    2. Art. 16 GDPR – Right to rectification,
    3. Art. 17 GDPR – Right to erasure (“right to be forgotten”),
    4. Art. 18 GDPR – Right to restriction of processing,
    5. Art. 21 GDPR – Right to object,
    6. Art. 20 GDPR – Right to data portability.
  2. With regard to the right to access and the right to erasure, however, the restrictions pursuant to Sections 34 and 35 Federal Data Protection Act (BDSG) apply. You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us, Article 77 GDPR in conjunction with Section 19 BDSG. The lead supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link:

§ 3 Collection of personal data when contacting us via our website

  1. When you contact us by e-mail or using a contact form, the contact details you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.
  2. We delete the data accruing in this context after storage is no longer necessary in this respect, or restrict processing if there are statutory retention obligations.
  3. If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.

§ 4 Collection of personal data when visiting our website

  1. If you only use the website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal communication and usage data that your browser transmits to our server. If you wish to view our website, we therefore collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR): 
    1. IP address
    2. Date and time of the request
    3. Time zone difference to Greenwich Mean Time (GMT)
    4. Content of the request (specific page)
    5. Access status/HTTP status code
    6. Amount of data transferred in each case
    7. Website from which the request comes
    8. Browser
    9. Operating system and its interface
    10. Language and version of the browser software.
  2. In addition to the aforementioned data, so-called cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the place that sets the cookie (in this case us). Cookies cannot run programs or transfer viruses to your computer. They serve to make our website more user-friendly and effective for you overall; we use cookies in order to be able to identify you for subsequent visits, or cookies which are necessary to carry out the electronic communication process or to provide certain functions desired by you (e.g. booking functions), the legal basis in this respect is Art. 6 para. 1 p. 1 lit. f GDPR): As website operator, we have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. Insofar as other cookies (e.g. cookies for the analysis of your surfing behavior) are stored, these will be treated separately in this privacy policy.
  3. Use of cookies:
    1. This website uses the following types of cookies, the scope and functionality of which are explained below:
  • Transient cookies (see b)
  • Persistent cookies (see c).
    1. Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
    2. Persistent cookies are deleted automatically after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
    3. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

§ 5 Further functions and offers on our website

  1. In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data, which we use exclusively to provide the respective service and for which the aforementioned data processing principles apply.
  2. In some cases, we use external service providers to process your data in accordance with and on the basis of Art. 28 GDPR. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. We only work with service providers that provide sufficient guarantees that appropriate technical and organizational measures are implemented in such a way that the processing is carried out in accordance with the requirements of the GDPR and ensures the protection of the rights of the data subject.
  3. Furthermore, we may pass on your personal data to third parties if participation in promotions, conclusion of contracts or similar services are offered together with partners. You will receive more detailed information on this in advance of providing your personal data or in the respective description of the offer. The legal basis for this processing is then your consent in accordance with Art. 6 Para. 1 lit. a GDPR. However, your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

is necessary and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

  1. If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of our services. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
  2. Automated decision-making including profiling does not take place.

§ 6 Use of Google Analytics

  1. This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
  2. Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is summarized in a user-ID and assigned to the respective end device of the website visitor.
  3. Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.
  4. Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
  5. This analysis tool is used on the basis of Art. 6(1)(f) GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
  6. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:

§ 7 Newsletter

  1. With your consent you can subscribe to our newsletter, which we use to inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
  2. For the registration to our newsletter, we use the so-called double-opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. In addition, we save the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
  3. The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and will be used in order to address you personally. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.
  4. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in each newsletter email, using this form on the website, by sending an email to or by sending a message to the contact details provided in the imprint. The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply.

§ 8 Sendinblue

  1. We use Sendinblue to send our newsletter. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
  2. Sendinblue is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter will be stored on the Sendinblue servers in Germany. If you do not want Sendinblue to analyze your data, you have to unsubscribe from the newsletter or revoke your consent (see above).
  3. With the help of Sendinblue, it is possible for us to analyze our newsletter campaigns. For more information on Sendinblue’s features, please refer to the following link: The use of this service provider is therefore based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and a data processing agreement pursuant to Art. 28 para. 3 p. 1 GDPR.
  4. For more information on data protection, please refer to Sendinblue’s data protection regulations at:
  5. We have concluded a contract with Sendinblue in which we oblige Sendinblue to protect the data of our customers and not to pass them on to third parties.

§ 9 Free Risk Reports download

  1. On our website, we also provide you with the option of downloading “Risk Reports” for individual countries listed there as PDF files free of charge. In order to exclude possible misuse, we will send you a link by e-mail. After clicking on it, the desired report will be downloaded. The only required information for sending a download link is your e-mail address. The provision of further data not marked separately is voluntary. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. After 24 hours, your contact details will be blocked and automatically deleted after one month, unless you have expressly consented to other use. The data will not be passed on.
  2. Irrespective of this, you can also consent to the use of your data for the purpose of sending you updated country-specific reports. After your confirmation, we will then store your e-mail address for the purpose of sending you updated reports. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. You can revoke your consent at any time. You can declare the revocation via this form on the website, by e-mail to or by sending a message to the contact details provided in the imprint.

§ 10 External hosting

  1. This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.
  2. The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
  3. Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
  4. We are using the following host:
    SaaS Web Internet Solutions GmbH
    Steinstraße 25
    76133 Karlsruhe
  5. We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

§ 11 Data security and encryption

  1. For security reasons and to protect the transmission of confidential content, such as bookings or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. We use 256-bit SSL encryption. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
  2. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

§ 12 Objection or revocation against the processing of your data

  1. According to Art. 21 GDPR you have the right to object to the processing of your personal data.
  2. You can inform us of your objection or revocation using the following contact details:

Michael Bauer International GmbH

Greschbachstr. 12
76229 Karlsruhe

Tel.: +49 721 1618566

§ 13 Updating and changing this privacy policy

  1. This privacy policy is currently valid and has the status of May 2022.
  2. Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. You can access and print out the current data protection declaration at any time on the website at