Legal Information

Privacy Policy

← Back to Home

Last updated: September 11, 2025

This privacy policy explains how MBDH collects, uses, and protects your personal information when you use our website and specialized engineering services.

Important Service Notice

We operate primarily through direct client engagement. If you are interested in our engineering services, software development, or consulting, please contact us via email at [email protected]. Without direct contact from you, we have no way of knowing about your interest or requirements. All project engagements require initial consultation and formal agreements.

1. Controller Information

Data Controller:

MBDH UG (haftungsbeschränkt)

Friedenstraße 12
16341 Panketal
Germany

Contact:

Email: [email protected]

2. Data We Collect

2.1 Information You Provide

  • Contact information (name, email address, phone number)
  • Company information when requesting engineering services
  • Technical project details and requirements for autonomous systems, defense applications, or software development
  • Security clearance information (if applicable for defense projects)
  • Communication content when you contact us for consulting services
  • Technical specifications for feasibility studies and concept development

2.2 Information We Collect Automatically

  • Browser type and version
  • Operating system
  • IP address (for security and functionality purposes)
  • Date and time of access
  • Pages visited on our website
  • Referring website
  • Technical information for website optimization and security

2.3 Hosting and Infrastructure Data

Our website is hosted by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare processes certain data as part of their hosting and content delivery services:

  • IP addresses for routing and security purposes
  • Request headers and technical metadata
  • Security-related information (DDoS protection, bot detection)
  • Performance and analytics data (anonymized)

Legal Basis: Legitimate interest for website operation, security, and performance optimization (Art. 6(1)(f) GDPR).

Data Transfer: Cloudflare is certified under the EU-US Data Privacy Framework and has implemented appropriate safeguards for international data transfers.

3. How We Use Your Data

Legal Basis and Purposes

Contract Performance (Art. 6(1)(b) GDPR):

  • Providing specialized engineering services for autonomous systems and defense applications
  • Software development and technical consulting
  • Feasibility studies and concept development
  • Civil protection and security consulting
  • Project communication and management
  • Invoice processing and payment handling
  • Training and presentation services

Legitimate Interest (Art. 6(1)(f) GDPR):

  • Website operation and security
  • Business development and marketing
  • Quality improvement of our services

Consent (Art. 6(1)(a) GDPR):

  • Newsletter subscription (if applicable)
  • Marketing communications (where consent is required)

4. Data Sharing and Third Parties

We may share your data with:

  • Hosting Provider: Cloudflare, Inc. (USA) processes technical data for website hosting, security, and performance under a data processing agreement and EU-US Data Privacy Framework certification
  • Service Providers: Email providers and IT support services (under data processing agreements with appropriate safeguards)
  • Legal Requirements: When required by law, regulation, or legal process
  • Authorized Personnel: Qualified engineers and consultants working on your project (under strict confidentiality)
  • Business Partners: Only with your explicit consent for specific technical collaborations
  • Security Authorities: When required for defense or civil protection projects (with appropriate clearances)

We do not sell your personal data to third parties.

5. Data Security and Retention

Security Measures

  • SSL/TLS encryption for data transmission
  • Secure server infrastructure
  • Regular security updates and monitoring
  • Access controls and authentication
  • Employee training on data protection

Data Retention

  • Contact inquiries: 3 years
  • Project data: Duration of project + 10 years
  • Invoicing data: 10 years (German tax law requirement)
  • Technical logs (Cloudflare): 30 days maximum
  • Website access logs: 7 days for security purposes
  • Marketing data: Until consent withdrawal

6. Your Rights Under GDPR

You have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise your rights, please contact us at: [email protected]

7. Cookies and Tracking

Cookie Usage and Technical Storage

Our website uses minimal cookies and technical storage for essential functionality. We do not use tracking cookies or third-party analytics.

Essential Cookies (no consent required):

  • Session management and website functionality
  • Security features and CSRF protection
  • Basic website preferences

Cloudflare Technical Cookies:

Cloudflare may set technical cookies for:

  • __cflb, __cf_bm: Load balancing and bot management (session-based)
  • cf_clearance: Security challenge completion (security purposes)
  • _cfuvid: Rate limiting and DDoS protection (session-based)

These cookies are technically necessary for website operation and security.

8. International Data Transfers

Our primary data processing occurs within the European Union. However, some data transfers to third countries occur for technical reasons:

Cloudflare Services (USA)

Our hosting provider Cloudflare, Inc. processes technical data in the USA under:

  • EU-US Data Privacy Framework certification
  • Standard Contractual Clauses (SCCs)
  • Technical and organizational measures ensuring data protection

For all other international transfers, we ensure adequate protection through EU Commission adequacy decisions, standard contractual clauses, or other appropriate safeguards under GDPR.

9. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website with a new effective date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: [email protected]

Phone: +49 (0) 30 58895112

Address:

MBDH UG (haftungsbeschränkt)
Friedenstraße 12
16341 Panketal
Germany