Data Privacy

Information on the processing of personal data when visiting this website

This privacy policy informs you whether and how personal data is processed when you visit this website. As a rule, it is possible to use the website without providing personal data.

If personal data is processed, you will find detailed information on the data processing in this data privacy declaration.

Name and address of the responsible controller

Mona Lisa N.V.

Kapelstraat 1
3540 Herk-de-Stad Belgium

Tel.: +32 (0)11 45 59 90

Name and address of the data privacy officer:

Franz Obermayer, complimant AG
Edt 4, 84558 Kirchweidach


The web server automatically collects and stores information in so-called server log files, which your browser automatically transmits to the web server when visiting the website.

These are:

  • Visited website
  • Time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the site
  • Browser used
  • Operating system used
  • IP address used

The data collected is only used for statistical analysis and to improve the website. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

The legal basis for data processing is Art. 6 Para. 1 p. 1 Letter f GDPR. The legitimate interests lie in the error analysis of the website and to enable the blocking of the IP address and, if necessary, legal prosecution in the event of misuse of the website, for example in the event of denial-of-service attacks.

The data is deleted after 7 days.


This website uses cookies to provide the website. Cookies are small text files that are stored on your computer and contain information about your visit. You can find more information on cookies here (

You can change your browser settings in such a manner that it does not accept cookies or that they are deleted after a certain time. You can also delete existing cookies via the browser itself. Please visit the help pages of your browser.

The legal basis for data processing is Art. 6 Para. 1 p. 1 Letter f) GDPR or Art. 15 Para. 3 TMG. The legitimate interests lie in the presentation of a user-friendly website.

The cookies are stored on your computer until you delete them yourself. Please contact the help pages of your browser for this.

Contact option

The use of the contact option is voluntary. The data entered will be processed for the purpose of dealing with your enquiry. The data will be deleted immediately after processing your enquiry, unless there are legal retention periods. Data will not be passed on to third parties.

The page call is protected via a secure connection (TLS/SSL encryption).

The legal basis for data processing is Art. 6 Para. 1 p. 1 Letter a, b and c GDPR.

The data will be processed solely for the purpose of answering your enquiry and will be stored for the duration of the statutory storage obligation (6 years in accordance with Art. 257 Para. 1 No. 2, Para. 4 German Commercial Code), insofar as this concerns commercial letters. If the data entered is data that is not required for the fulfilment of the contract or for the implementation of pre-contractual measures and is not commercial correspondence, you can revoke your consent at any time by sending us a simple e-mail.

In the event that you contact us regarding an application, we will process the data solely for the purpose of completing the application process. Until the application process is completed, the processing is based on Art. 26 Para. 1 Federal Data Protection Act. After the procedure has been completed, your data will be stored for 6 months in order to be able to understand the reasons for the decision in the event of any complaints. After the 6 months, the data will be deleted. The legal basis for this storage is our legitimate interest according to Art. 6 Para. 1 Letter f GDPR für diese Speicherung ist unser berechtigtes Interesse nach Art. 6 Abs. 1 Buchst. f DSGVO.

Comment function

In the blog area of our website, you have the possibility to publish comments on the posted contributions. If you take advantage of this option, we process the data you provide and publish your chosen pseudonym and your comment.

The legal basis for this processing is Art. 6 Para. 1 Sentence 1 letter a GDPR – your consent to the publication of the comment.

You can revoke your consent at any time with effect for the future.

In addition, we process your IP and email address. The IP address is processed in order to safeguard our legitimate interest in taking further action or providing support if your contribution infringes the rights of third parties and/or is otherwise unlawful. The legal basis in this case is Art. 6 Para. 1 Sentence 1 Letter f GDPR – our legitimate interest in a possibly necessary legal defence.


This website uses Facebook plugins in the data privacy-friendly 2-click variant, i.e., personal data is only processed when you activate the plug-in by clicking on it. Facebook plugins are plugins of the social network Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA, which enable interactions with the social network, such as the notification that you like our website. You can recognise the plugins by the Facebook logo (a small “F”) or the “Like”, “Share” or “Send” label. You can find an overview of the Facebook plugins here:

When the plugins are activated, information is sent to Facebook in the USA. Facebook is thus able to see that you have visited our website. If you are logged into your Facebook account when the plugins are activated, Facebook can identify you directly.

We would like to point out that we, as the provider of this website, have no information about the data transmitted to Facebook, the purposes of the data collection as well as the use by Facebook. For more information about the data collected, please refer to Facebook’s privacy policy, which can be found at

The legal basis for data processing is Article 6 Para. 1 Sentence 1 Letter a GDPR.

We cannot provide any information on the storage period, as this lies solely within the sphere of influence and responsibility of Facebook.

Google Maps

On our website, we use the online map service Google Maps, which is operated by Google Inc. to provide you with a map of our company and the properties we offer. By using the functions of the external service Google Maps, you agree to the processing, collection and use of the data entered by you as well as the automatically collected data by Google, its representatives and also third party providers. For more information on Google’s privacy policy and terms of use, please click on the following link: Under the item Privacy settings you have the option of changing your basic settings, but this may mean that you can no longer use the functions of Google Maps without restriction.

Data subject rights

You have the right:

  • In accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • demand the correction of inaccurate or incomplete personal data stored by us without delay in accordance with Art. 16 GDPR;
  • pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
  • pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
  • revoke your consent at any time in accordance with Art. 7 Para. 3 GDPR. This has the consequence that we may no longer continue the data processing based on this consent in the future;
  • complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose; and
  • object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. You have the possibility to inform us of your objection informally by telephone, by e-mail, by fax or to our address listed at the beginning of this data privacy declaration.

Data security

We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is a 256 bit

encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

Status of the data privacy declaration, update

This data privacy declaration is currently valid and was updated in August 2020.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data privacy declaration. The current data privacy declaration can be viewed and printed at any time by you on the website at

Facebook Page

This privacy information applies to our Facebook page, which you can find at .

Responsible in terms of data privacy law for the Facebook page with regard to the analytics tool Insights are Facebook Ireland Limited (hereinafter: “Facebook”), 4 Grand Canal Square, D2 Dublin, IRELAND, and we as joint controllers within the meaning of Art. 26 GDPR. Both have concluded a contractual agreement for this purpose, which regulates the data privacy obligations between them. You can access this agreement under the following link:

Insights is an analysis tool from Facebook, which creates statistics about how you use the Facebook page. In the process, personal data, e.g. your IP address, but also information that is read from cookies on your computer, is transferred to Facebook in order to create statistics about the use of the Facebook page; we can view these statistics.

Regarding the Insights data, the above-mentioned agreement regulates, among other things, the following:

  • Facebook assumes primary responsibility under the GDPR for the processing of Insights data and complies with all obligations under the GDPR with respect to the processing ofInsights data.
  • We do not make any decisions regarding the processing of Insights data and all other information arising from Article 13 of the GDPR, including legal basis, identity of the controller and cookie retention period on user devices.
  • If you wish to exercise your data subject rights in accordance with this privacy policy, you can contact Facebook or us. You can find our contact details in this privacy policy. If you contact us, we will forward your request to Facebook for a response.

We would like to point out that data processing is carried out solely by Facebook and personal data may also be transferred to countries outside the European Union.

Facebook is solely responsible for all processing of personal data that does not concern Insights. We would like to point out that you use the Facebook internet platform and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings options for advertisements. The data usage guidelines are available at the following link:

Facebook’s full data policy can be found here:

In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your terminal device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the “registration notification” function); this may enable Facebook to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your end device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons embedded in websites enable Facebook to record your visits to these website pages and assign them to your Facebook profile. This data can be used to offer content or advertising tailored to you.

If you wish to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies present on your device and close and restart your browser. This will delete Facebook information that can directly identify you. This allows you to use our Facebook page without revealing your Facebook identifier. When you access interactive features of the page (Like, Comment, Share, Message, etc.), a Facebook login screen will appear. Once you have logged in, you will again be recognisable to Facebook as a specific user.

Information on how to manage or delete information about you can be found on the following Facebook support pages: