Legal
Privacy Policy
Last updated: 8 August 2025; website compliance wording reviewed for DDG/TDDDG references on 8 June 2026.
1. Controller
Malex GmbH, Am Meerkamp 19 a, 40667 Meerbusch, Germany, email info@malex-germany.com, phone +49 2132 9143501, is responsible for the processing of personal data on this website.
2. Data Protection Officer
According to the supplied legal reference, Malex GmbH is not currently required to appoint a data protection officer under Sec. 38 German Federal Data Protection Act because fewer than 20 persons regularly process personal data. If a data protection officer is appointed, the contact details will be added here.
3. Processing Activities, Legal Bases and Retention
| Processing | Purpose | Legal basis | Retention |
|---|---|---|---|
| Server log files | Technical operation, IT security and abuse prevention | Art. 6(1)(f) GDPR | 7 days, then anonymised, unless longer storage is required for a security incident |
| Contact via form, email or phone | Quotes, support and responding to requests | Art. 6(1)(b) GDPR for pre-contractual or contractual communication; otherwise Art. 6(1)(f) GDPR | Completion of the request plus generally 3 years from the end of the year of final communication; longer where statutory retention duties apply, e.g. Sec. 257 HGB |
| Cookie consent record | Remembering and documenting your privacy choices in this browser | Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR; terminal-device access under Sec. 25(2) TDDDG where strictly necessary | Up to 6 months or until you change/delete the setting |
| External media after consent | Displaying embedded videos or other third-party media selected by the website operator | Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG | Depends on the selected third-party service after activation |
Newsletter, recruitment, statistics and marketing-cookie processing are not enabled in the recovered public frontend. If such functions are activated later, this policy and the consent banner must be updated before activation.
4. Hosting
The supplied legal reference states that this website is hosted by an ISO 27001-certified provider in a German data centre. Maintenance or support access from non-EU locations takes place only on the basis of EU Standard Contractual Clauses under Art. 46(2)(c) GDPR together with supplementary technical safeguards.
5. Cookies and Consent Banner
Technically necessary cookies and similar technologies are used for security, session handling, form protection and consent storage. External media and other non-essential technologies are loaded only after explicit consent. You can change or withdraw consent at any time via the "Cookie Settings" link in the footer.
6. Recipients / Categories of Recipients
Personal data may be processed by the external hosting provider in the EU, IT service providers, marketing agencies or group companies where required for website operation, communication and support. Third-party media providers receive data only if you consent to external media.
7. Third-Country Transfers
Beyond the maintenance/support cases described in section 4 and consent-based external media, Malex GmbH does not transfer website personal data to third countries. If non-EEA service providers are engaged in the future, transfers will rely on EU Standard Contractual Clauses, an adequacy decision or another valid transfer mechanism.
8. Your Rights under Articles 15 to 21 GDPR
| Article | Right | Summary |
|---|---|---|
| 15 | Access | Obtain information and a copy of the personal data held about you |
| 16 | Rectification | Correct inaccurate or complete incomplete data |
| 17 | Erasure | Have your data deleted where statutory obligations do not require retention |
| 18 | Restriction | Limit processing under certain conditions |
| 20 | Data portability | Receive your data in a structured, machine-readable format |
| 21 | Objection | Object to processing based on Art. 6(1)(e) or Art. 6(1)(f) GDPR |
Where processing is based on consent, you may withdraw consent at any time with future effect. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
9. Right to Lodge a Complaint
You may lodge a complaint with a supervisory authority. The competent authority for Malex GmbH is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, Germany.
10. Data Security
The supplied legal reference states that data is transmitted via TLS 1.3 and that the data centre provides redundant power, cooling and firewall systems; access is restricted through role-based permissions and multi-factor authentication.
11. Obligation to Provide Data
You are not legally obliged to provide personal data through this website. However, without certain information, such as contact details and the content of your request, Malex GmbH may be unable to respond.
12. Automated Decision-Making
No automated decision-making, including profiling as defined in Art. 22 GDPR, is carried out on this website.
13. Changes to This Policy
This policy may be updated to reflect technical or legal changes. The latest version is always available through the footer link.