Policy

PRIVACY POLICY

Mars (“we”, “us”, “our”) operates the website at
https://mars-engineer.com. We take data protection seriously and process personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications-Telemedia Data Protection Act (TTDSG).

1) Controller & Contact

Controller: [Mars Engineering GmbH / Mars Engineering]
Main establishments: Germany and Syria
German contact address: [Street, No., City, ZIP, Germany]
Syrian contact address: Damascus — Al-Marjah Square, Syria
Email: privacy@mars-engineer.com  | 
Website: https://mars-engineer.com

2) Scope & Purpose

This Policy explains what personal data we collect on our website, why we collect it, the legal bases for processing, whom we share it with, retention periods, and your rights.
It applies to online activities on Mars and not to offline processing.

3) Legal Bases (Art. 6 GDPR)

  • Performance of a contract / pre-contractual steps (Art. 6(1)(b)) — e.g., responding to project inquiries.
  • Consent (Art. 6(1)(a)) — e.g., optional analytics, marketing cookies, newsletters. Consent can be withdrawn at any time.
  • Legitimate interests (Art. 6(1)(f)) — e.g., server security, preventing fraud, basic web analytics without cookies, only where your interests do not override ours.
  • Legal obligations (Art. 6(1)(c)) — e.g., statutory retention or compliance requests.

4) Data We Process on the Website

  • Log files: IP address (shortened/anonymized where feasible), date/time, URLs visited, referrer URL, HTTP status, user agent, operating system, time zone. Purpose: security, troubleshooting, and service quality; Basis: Art. 6(1)(f) GDPR.
  • Contact forms / Email: name, email, phone, company, message content, attachments. Purpose: respond to your inquiry; Basis: Art. 6(1)(b) or (f) GDPR.
  • [Optional] Newsletter: email, name; Basis: consent (Art. 6(1)(a) GDPR) and German UWG; we use double opt-in and store opt-in time, IP, and proof.
  • [Optional] Embedded third-party content (e.g., Google Maps, YouTube/Vimeo, reCAPTCHA): may set cookies or read device identifiers. Basis: consent for non-essential cookies; see Cookies section.

5) Cookies & Similar Technologies

We use essential cookies to operate this site and, where you consent, additional cookies for analytics/functional content. Under German law (TTDSG), non-essential cookies require your prior opt-in consent. You can change or withdraw your consent at any time via our cookie settings.

  • Essential cookies (strictly necessary): enable core functions; no consent required.
  • [Optional] Analytics / performance cookies: only load after consent; used to understand site usage and improve our services.
  • Cookie lifetime: session or limited persistent periods as shown in the cookie banner details.

Manage preferences anytime via the [Cookie Settings] link in the footer. For browser-level controls, see your browser’s help pages.

6) Analytics, Advertising & Third Parties

We do not run third-party advertising networks by default. If we add such services, we will list each provider, purpose, legal basis, data categories, and retention in our cookie banner/details.

  • [Optional] Google Analytics: used only with consent; IP anonymization enabled; retention per GA settings. Provider: Google Ireland Ltd. International transfers possible (see Transfers below). Legal basis: consent.
  • [Optional] reCAPTCHA / Maps / Video embeds: load only after consent (where required); providers may receive usage and device data.

7) Recipients & Processors

We use service providers (e.g., hosting, maintenance, security, communications) under Art. 28 GDPR with data processing agreements. We disclose data to authorities only where legally required.

8) International Data Transfers

We primarily host/process in the EU/EEA. Where data is transferred to countries outside the EEA:

  • United States: to providers that have certified under the EU-U.S. Data Privacy Framework or via Standard Contractual Clauses (2021/914), plus transfer impact assessments and supplementary safeguards as needed.
  • Syria: as a non-adequate country under GDPR, transfers occur only where necessary and protected by Standard Contractual Clauses and appropriate safeguards, or applicable derogations under Art. 49 GDPR for specific cases.

9) Retention

We keep personal data only as long as necessary for the stated purposes or as required by law, then delete or anonymize it. Typical periods:

  • Log files: [e.g., 7–30 days] unless needed for incident investigation.
  • Inquiry records: [e.g., 6–24 months] after closure, unless statutory retention applies.
  • [Optional] Newsletter data: until you withdraw consent.

10) Your Rights (GDPR)

  • Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Portability (Art. 20), and Objection (Art. 21, incl. to processing based on legitimate interests).
  • Withdraw consent at any time without affecting prior processing (Art. 7(3)).
  • Lodge a complaint with a supervisory authority. The competent authority generally depends on your main German establishment (e.g., state data protection authorities).

11) Children’s Data

Our services are not directed to children. For information society services in Germany, if consent is relied upon, valid consent must be given by or authorized by a holder of parental responsibility where the child is under 16. We do not knowingly collect data from children under 16.

12) Security

We implement appropriate technical and organizational measures to protect data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, considering the state of the art and risks.

13) Do Not Track / Automated Decision-Making

We do not use automated decision-making (including profiling) that produces legal or similarly significant effects. We currently do not respond to browser “Do Not Track” signals.

14) Data Protection Officer

[If required] Data Protection Officer (DPO): [Name], [Address], [dpo@email].

15) How to Contact Us

For privacy questions or to exercise your rights, contact us at
privacy@mars-engineer.com.

16) Supervisory Authority

You may contact your local supervisory authority. For our German main establishment, the competent authority is: [Name of the German state DPA where your main office is located (e.g., Hamburg Commissioner for Data Protection and Freedom of Information)].

Last updated: October 2025