Data protection

As of: October 30, 2025

1. Responsible body

mds. Agenturgruppe GmbH
Bunsenstraße 1
82152 Planegg / Martinsried, Germany
Phone: +49 89 747344-0
Email: info@mds.eu
Website: https://www.mds.eu

Represented by the management.

2. Data Protection Officer

Dr. Julian Oberndörfer
OC LEGAL Kanzlei Oberndörfer
Maximilianstr. 7b
82319 Starnberg, Germany
Phone: +49 8151 5566480
Email: office@oc-legal.de
Website: https://www.oc-legal.de

3. General information on data processing

We take the protection of your personal data very seriously. Your data will be processed exclusively in accordance with the legal provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications and Telemedia Data Protection Act (TTDSG).

It is generally possible to use our website without providing personal data. Personal data will only be processed if this is legally permitted or if you have given your consent.

4. Legal basis for data processing

Art. 6 (1) (a) GDPR – Consent
Art. 6 (1) (b) GDPR – Performance of a contract / pre-contractual measures
Art. 6 (1) (f) GDPR – Legitimate interest (e.g., website operation, security, direct marketing)
Art. 6 (1) (c) GDPR – Legal obligations

5. Your rights as a data subject

You have the right at any time to:

Information (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (“right to be forgotten,” Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to data processing (Art. 21 GDPR)
Withdrawal of your consent (Art. 7 (3) GDPR)

You also have the right to lodge a complaint with a supervisory authority.
Responsible: Bavarian State Office for Data Protection Supervision (BayLDA),
Promenade 18, 91522 Ansbach, Germany
Website: https://www.lda.bayern.de

6. Data collection when visiting the website (server log files)

When you visit our website, information is collected automatically:

IP address (truncated/anonymized)
Date and time of access
Browser type and version
Operating system
Referrer URL
Access status (HTTP code)
Amount of data transferred

Purpose: Ensuring system security and stability
Legal basis: Art. 6 (1) (f) GDPR
Storage period: max. 14 days

7. Cookies and consent management

We use cookies to enable basic functions, statistics, and marketing measures. Data is only collected with your consent via the consent management platform Usercentrics (Usercentrics GmbH, Munich, Germany).

Legal basis:

Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TTDSG (cookies that are not technically necessary)
Art. 6 (1) (f) GDPR (cookies that are technically necessary)

You can change or revoke your consent at any time via the following link:
Manage cookie settings

8. Contact form

If you contact us via the form, your details (name, email, message) will be stored for the purpose of processing your enquiry.
Legal basis: Art. 6 (1) (a) GDPR (consent)
Storage period: Until final processing or revocation of your consent.

9. Newsletter

For our newsletter, we need your email address and your consent. The newsletter is sent using a double opt-in procedure to confirm your registration.

Legal basis: Art. 6 (1) (a) GDPR, § 7 (2) No. 3 UWG (German Unfair Competition Act)
Storage period: Until you revoke your consent.
Each newsletter contains an unsubscribe link.

10. Use of analysis and marketing tools

a) Google Analytics (GA4)

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data processing is based on the EU-US Data Privacy Framework.

IP addresses are anonymized.

Purpose: Analysis of user behavior to improve our website.

Legal basis: Art. 6 (1) (a) GDPR (consent)

Storage period: up to 14 months

Opt-out: Manage cookie settings

b) Google Ads / Conversion Tracking

Used to measure the success of our advertisements.

Legal basis: Art. 6 (1) (a) GDPR

Opt-out: Manage cookie settings

c) LinkedIn Insight Tag

Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland.

Purpose: Analysis and personalized advertising

Legal basis: Art. 6 (1) (a) GDPR

Data transfer: EU-US Data Privacy Framework

Opt-out: LinkedIn Opt-Out

d) Zoho CRM & SalesIQ

Provider: Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands.

Data processing within the scope of order processing (Art. 28 GDPR).

Purpose: Customer management, support, chat analysis.

Legal basis: Art. 6 (1) lit. f GDPR

Storage period: According to business purpose, usually 6–24 months

11. Use of Google Web Fonts

Google Web Fonts (for uniform font display) are integrated.
Legal basis: Art. 6 (1) lit. f GDPR
Data transfer: EU-US Data Privacy Framework
More information: https://policies.google.com/privacy

12. Social plugins

We use a 2-click solution for social media plugins (e.g., LinkedIn, Facebook). Data is only transferred after activation by clicking.
Legal basis: Art. 6 (1) (a) GDPR

13. Use of the AI voicebot “Siona” (MySiona)

Provider & operation:

Siona is the voicebot of the MySiona brand, operated by

Thom & Co. GmbH, Scherzingerstraße 16, 8598 Bottighofen, Switzerland.

For Switzerland, there is an adequacy decision pursuant to Art. 45 GDPR.

A data processing agreement pursuant to Art. 28 GDPR has been concluded.

Data processing by the voicebot:

Date and time of the conversation
Chat or voice logs
Telephone number, if applicable, in the case of a call
Personal data, if applicable, provided voluntarily
Technical metadata (e.g., IP address, connection data)

Purpose: Testing and demonstration of the Siona voice system and answering questions about MySiona.

Legal basis:

Art. 6 (1) (b) GDPR (pre-contractual communication)
Art. 6 (1) (f) GDPR (proof of functionality, marketing)

Storage period: max. 7 days, then automatic deletion.

Note: Voice data is not used for further development or training of the AI.

Recommendation: Please do not disclose any sensitive or personal data during the conversation.

14. Data security

We use the latest technical and organizational measures (TOM) to protect your data from unauthorized access, loss, or manipulation.

These include in particular:

SSL/TLS encryption
Access restrictions
Regular data backups
Training of our employees

15. Changes to this privacy policy

We reserve the right to amend this privacy policy in order to adapt it to changed legal situations or new services.

The current version can be found at any time at:

https://www.mds.eu/datenschutz