Privacy Policy

Responsible Party

Mandalia GmbH

Paul-Lincke-Ufer 7d , 10999 Berlin



Managing Director: Tanja Wenzel

How we process data on our website

Cookies on the website

Cookies are small text files used by websites to make the user experience more efficient.

Technically necessary cookies are stored on the basis of Art. 6 (1) lit. f DSGVO. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. Statistics cookies, unlike tracking and marketing cookies, collect information anonymously. This information helps us to understand how our visitors use our website.

For all other cookie types, e.g. for marketing, analysis and personalisation purposes, we require your consent in accordance with Art. 6 (1) a) DSGVO, which we request via the cookie consent when you first visit the website. The legal basis may also arise from Art. 6 (1) (b) DSGVO, if the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures, which are carried out at the request of the data subject.

We use different types of cookies. Some cookies are placed by third parties whose offers and content appear on You can change or withdraw your consent at any time on our Privacy Policy page at the bottom.

You can also set your browser to allow you to

  • be informed about the setting of cookies,
  • allow cookies only in individual cases,
  • exclude the acceptance of cookies for certain cases or in general,
  • activate the automatic deletion of cookies when closing the browser.

Technically necessary cookies for visiting the website

When you use the website for informational purposes, we collect only the personal data transmitted by the browser you are using by means of the PHPSESSID cookie in order to ensure that all the functions of the site based on the PHP programming language can be fully displayed. The session-related cookie is deleted when you close your browser.

We use these essential cookies to store your cookie preferences. We store your cookie preferences via the cookie hint on your first website visit for 180 days. Of course, you can change your cookie preferences at any time before the 180 days expire here. The changes will then again be stored for 180 days.

Optional tracking and marketing cookies

Marketing cookies are used to follow visitors around websites. The intention is to show ads that are relevant and engaging to the individual user and therefore more valuable to publishers and third party advertisers. We use the marketing-activated cookie, which is deleted after 180 days.

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). On our behalf, Google processes the information collected via the cookies in order to evaluate your use of the website, create reports on website activity and provide other services for us to analyse user behaviour. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We only use Google Analytics with IP anonymisation activated.This means that the IP address of the user is shortened.

Google Optimize

In addition, the web analysis and optimization service "Google Optimize" is used on our website. We use the Google Optimize service to increase the attractiveness, content and functionality of our website by providing new functions and content to a percentage of our users and statistically evaluating the change in usage. Google Optimize uses cookies to optimize and analyze your use of our website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available here.

The Google Analytics terms of use and information on data protection can be accessed via the following link.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of data at user and event level linked to cookies, user IDs (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) takes place no later than 14 months after their collection.

Facebook pixel

We use "Facebook Pixel" on our website, a service of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. ("Facebook"). Facebook Pixel allows our ads on Facebook, so-called "Facebook Ads", to be displayed only to those Facebook users who were visitors to our website. Facebook Pixel makes it tauch traceable whether a user was redirected to our website after clicking on our Facebook Ads. If you are actively logged in to Facebook with your user account, the visit to our website will be noted there in your user account. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about your identity.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The data will be deleted no later than 3 months after it has been collected.

You can configure which types of ads are  displayed to you on Facebook in your Facebook account. We would like to point out that this setting is deleted when you delete permitted cookies on your end devices. In addition, you can deactivate cookies that are used for range measurement and advertising purposes via the following third-party websites:

You can find more information about Facebook privacy here. Information about Facebook Pixel can be found here.


We use the technical platform and services of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. When you visit our Instagram page, Instagram collects, among other things, your IP address and other information in order to provide us, as operators of the Instagram pages, with statistical information about the use of the Instagram page.
The data collected about you in this context is processed by Instagram Inc. and may be transferred to countries outside the European Union. Instagram describes in general terms what information it receives and how it is used in its privacy policy. There you will also find information on how to contact Instagram and on the settings options for advertisements. The privacy policy is available at this link.
In what way Instagram uses the data from the visit of Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties, is not conclusively and clearly stated by Instagram and is not known to us.
When you access an Instagram page, the IP address assigned to your end device is transmitted to Instagram. According to Instagram, this IP address is anonymised (for "German" IP addresses) and deleted after 90 days. Instagram also stores information about the end devices of its users (for example, as part of the "login notification" function); if necessary, Instagram is thus able to assign IP addresses to individual users.
If you are currently logged in to Instagram as a user, there is a cookie with your Instagram ID on your end device. This enables Instagram to track that you have visited this page and how you have used it. This also applies to all other Instagram pages. Via Instagram buttons embedded in websites, it is possible for Instagram to record your visits to these websites and assign them to your Instagram profile. Based on this data, content or advertising can be offered tailored to you.
If you want to avoid this, you should log out of Instagram or disable the "stay logged in" feature when browsing the web, delete the cookies on your device, and exit and restart your browser. This will delete Instagram information that can directly identify you. This will allow you to use our Instagram page without revealing your Instagram identifier. When you access interactive features of the site (likes, comments, messages, and more), an Instagram login screen will appear. After any login, you will again be identifiable to Instagram as a specific user.


We use the platform to post our own videos and make them publicly accessible. YouTube is the service of Google Ireland Limited. The authorised representative for Google Ireland Limited in the sense of § 5 para. 1 NetzDG as well as § 92 MStV, § 21 para. 2 JMStV and § 24d JuSchG is Google Germany GmbH, - Legal Department -, ABC-Straße 19, 20354 Hamburg.
We also embed videos stored on YouTube directly on our website, i.e. content from the YouTube website is displayed in the browser window ("framing"). However, the YouTube videos are only called up by clicking on them separately.
YouTube content is only integrated in "extended data protection mode". YouTube itself provides this mode and thus ensures that YouTube does not initially save any cookies on your device. When you call up the videos in question, your browser transmits usage data to YouTube, such as your IP address and which of our Internet pages you have visited, as is always the case when surfing the Internet. However, this information can only be assigned to you if you are also actively logged in to YouTube or another Google service when you access the page. You can find the YouTube privacy policy here.
As soon as you start the playback of an embedded video by clicking on it, YouTube only saves cookies on your device through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented or you have the option of an opt-out through appropriate browser settings and extensions here.

Data processing for contact requests

If you contact us via contact form, email, fax, social accounts via direct message or telephone, we process your personal data in accordance with Article 6 (1) b) DSGVO until completion of the request or, if a contractual relationship is established, regularly until ten years after the end of the year in which the last transactions subject to retention were processed. In the event that the year in question is the subject of a tax audit, we will only delete the data after the audit has been completed or, if other legitimate interests entitle us to further processing pursuant to Article 6 (1) c) or f) DSGVO, after the legitimate interests no longer apply.

We mark form fields with an * if the response is required to accept the request. For free text fields, you decide what data you want to enter and we recommend to discuss detailed information in the spot accordingly.

Website functions

Newsletter subscription

 If you would like to receive our newsletter, we require a name and an email address from you, as well as technical information that allows us to verify via a double-opt-in confirmation link that you are the owner of the specified email address and agree to receive the newsletter. The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO).
You can revoke your consent to the storage of data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.


We use the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of receiving newsletters (e.g. email address), this data will be stored on MailChimp's servers in the USAth the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to MailChimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. For more details, please refer to the privacy policy of MailChimp at: We have concluded a so-called "Data Processing Agreement" with MailChimp, in which we oblige MailChimp to protect the data of our newsletter subscribers and not to pass it on to third parties. This agreement can be viewed here.

Social media links

Social networks (Facebook, Twitter, LinkedIn, XING and Instagram) are only integrated on our website as a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. User information is only transferred to the respective provider after the forwarding. For information on the handling of your personal data when using these websites, please refer to the respective data protection provisions of the providers you use.

Content from video platforms and social media platforms is blocked by default. If cookies from external media are accepted during the cookie query, access to this content no longer requires consent when retrieving it in individual cases.

Transmission to third parties

No data is transferred to third parties outside the respective purposes of data processing. Within the scope of our task fulfillment, we involve third parties by way of commissioned processing or transmit data to third parties on the basis of Article 6 (c) DSGVO for the fulfillment of our legal obligations.
Since a transfer of personal data to the USA takes place when using the google analysis and optimization services, the Facebook pixel and the newsletter subscription via Mailchimp further protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA. For details, please refer to the data protection information of the providers linked to the respective service.

Data subject rights

You, as the person affected by the data processing, have the following rights vis-à-vis us:
The right to request information about the personal data processed by us about you in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
The right, pursuant to Art. 16 DSGVO, to request without undue delay the rectification of inaccurate or incomplete personal data processed by us about you.
The right to request, pursuant to Article 17 DSGVO, the erasure of your personal data processed by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, a legitimate interest or for the establishment, exercise or defence of legal claims.
The right to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse the erasure of the data, although we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO.
You have the right to be informed in accordance with Art. 19 DSGVO if you have asserted the right to rectification, erasure or restriction of processing against us.
You have the right to data transfer in accordance with Art. 20 DSGVO, i.e. you can, upon request, receive the data provided to us in a structured, common and machine-readable format or demand that it be transferred to another responsible party, insofar as this is not technically feasible only with disproportionate effort with the cooperation of the third party.
In accordance with Art. 7 (3DSGVO, you have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Please address your revocation by email to or by post to Mandalia GmbH, Datenschutz, Paul-Lincke-Ufer 7d, 10999 Berlin, Germany. You can change your consent to the use of cookies here.

If you have any questions and/or notifications of changes concerning the nature and scope of the processing of your personal data, please send an e-mail to The processing of your request for information will require the sufficiently clear identification of your identity.

IT Security

SSL/TSL certificate

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the operator of the website. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Server log files

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request and the IP address. A combination of this data with other data sources is not made.

The aforementioned data will be processed by us for the following purposes:

  • ensuring a proper and smooth connection of the website,
  • ensuring a comfortable use of the website,
  • evaluation of system security and stability, and
  • for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

Complaint to the data protection supervisory authority

You have the right to complain to a supervisory authority in accordance with Art. 77 DSGVO. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Information Security. You can complain about the processing of your data by Mandalia GmbH there or to the supervisory authorities at your place of residence or place of work.

September 2021

Subscribe to our newsletter and get our Mandalia Birth Plan workbook, valuable insights and updates about upcoming classes and events. We respect your time and send an email not more than once per week. Join the Mandalia community!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By clicking “Accept ”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our privacy policy for more information.