Data Pro­tec­tion

LE­GAL IN­FOR­MA­TION

Privacy Policy

1. Data Protection at a Glance

General Information
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data by which you can be personally identified. Detailed information on the subject of data protection can be found in the privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Note on the Responsible Party” in this privacy policy.

How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may include, for example, data entered into a contact form.
Other data is automatically collected by our IT systems when you visit the website, either with your consent or automatically. This mainly includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?
Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior and, in part, for marketing and sales purposes. If contracts can be concluded or initiated via the website, the data submitted will also be processed for contractual offers, orders, or other inquiries.

What rights do you have regarding your data?
You have the right at any time to obtain free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you may withdraw this consent at any time with future effect. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

For this and other questions concerning data protection, you can contact us at any time.

Analysis Tools and Tools from Third Parties
When visiting this website, your browsing behavior may be statistically evaluated. This is primarily done using analytics programs. Detailed information about these tools can be found in the following privacy policy.

2. Hosting

Hosting by Amazon Web Services (AWS)
We host the content of our website with the following provider:
Amazon Web Services (AWS)
Provider: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter "AWS").

When you visit our website, your personal data is processed on AWS servers. Personal data may also be transferred to AWS’s parent company in the USA. This data transfer is based on the EU Standard Contractual Clauses.

Details: AWS GDPR DPA
Privacy policy: AWS Privacy

The use of AWS is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If consent has been obtained, processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TDDDG, to the extent that consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). Consent can be revoked at any time.

AWS is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures compliance with EU data protection standards in the USA. More information is available at:
Data Privacy Framework Certification

Use of Vercel (Hosting Provider)
We use Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA, to deliver and host our website.

When visiting our site, Vercel automatically processes technical data such as your IP address, access time, device and browser information, and error logs.

This processing ensures a secure, fast, and stable provision of our online offerings through a global Content Delivery Network (CDN). The legal basis is Art. 6(1)(f) GDPR. Data transfers to third countries (especially the USA) may occur.

Vercel ensures an adequate level of data protection through standard contractual clauses and compliance with the Data Privacy Framework:
Vercel Data Processing Addendum

Vercel also uses AWS infrastructure. For users in the EU, requests are typically processed via AWS data centers in Frankfurt am Main, ensuring most technical processing takes place within the EU:
AWS EU Data Privacy

Data Processing Agreement
A data processing agreement (DPA) has been concluded with Vercel Inc. in accordance with GDPR. This contract ensures that Vercel processes the personal data of website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this privacy policy.

When you use this website, various personal data is collected. Personal data refers to data that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this occurs.

Please note that data transmission over the internet (e.g., communication via email) can have security vulnerabilities. Complete protection of your data from access by third parties is not possible.

Information About the Responsible Party
The responsible entity for data processing on this website is:

ModellTechnik Rapid Prototyping GmbH
Ziegeleistraße 3b
D-99880 Waltershausen
Phone: +49 3622 44 24 0
Email: info@modelltechnik.de

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Data Protection Officer
Mr. Winfried Pelz on behalf of DEKRA Assurance Services GmbH
Email: datenschutz@modelltechnik.de

Storage Duration
Unless a specific retention period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you request deletion or revoke your consent, your data will be deleted unless we are legally obligated to retain it (e.g., due to tax or commercial retention periods). In the latter case, deletion will occur after these obligations no longer apply.

Legal Basis for Data Processing on This Website
If you have given consent, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (for special categories of data). If consent includes the transfer of data to third countries, processing is also based on Art. 49(1)(a) GDPR. If you consent to cookie storage or device access (e.g., device fingerprinting), § 25(1) TDDDG also applies.

If your data is required for contractual purposes or pre-contractual actions, we process it on the basis of Art. 6(1)(b) GDPR. If required for legal compliance, Art. 6(1)(c) GDPR applies. In other cases, processing is based on our legitimate interest (Art. 6(1)(f) GDPR). The specific legal basis will be stated in this policy where applicable.

Recipients of Personal Data
In the course of our business operations, we collaborate with external parties, some of whom may receive personal data. Data is only shared when necessary for contract fulfillment, when legally required (e.g., tax authorities), when there is a legitimate interest under Art. 6(1)(f) GDPR, or another legal basis allows the transfer. Data processors act on the basis of valid data processing agreements. In the case of joint processing, a joint controller agreement is concluded.

Withdrawal of Your Consent to Data Processing
Many data processing operations are only permitted with your explicit consent. You may withdraw any previously granted consent at any time. The legality of data processed up until the withdrawal remains unaffected.

Right to Object to Data Collection in Special Cases and Direct Marketing (Art. 21 GDPR)
If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time on grounds relating to your particular situation. This also applies to profiling based on these provisions. The specific legal basis is outlined in this privacy policy.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (Art. 21(1) GDPR).

If your personal data is processed for direct marketing, you have the right to object at any time to such processing. This also applies to profiling associated with direct marketing. After you object, your data will no longer be used for these purposes (Art. 21(2) GDPR).

Right to Lodge a Complaint with a Supervisory Authority
If you believe that your rights under the GDPR have been violated, you have the right to lodge a complaint with a supervisory authority, especially in the member state of your habitual residence, your place of work, or the location of the alleged infringement. This does not affect any other administrative or judicial remedies.

Right to Data Portability
You have the right to receive data that we process based on your consent or in fulfillment of a contract in a common, machine-readable format. If you request a direct transfer to another controller, this will be done only if technically feasible.

Right to Access, Rectification, and Erasure
Within the scope of applicable legal provisions, you have the right at any time to request information about your stored personal data, its origin, recipient, and purpose. You may also request correction or deletion of this data. For this and other questions, you may contact us at any time.

Right to Restriction of Processing
You have the right to request restriction of processing of your personal data. This applies in the following cases:

  • You contest the accuracy of the data – processing will be restricted while this is verified.
  • Processing is unlawful, and you oppose erasure and instead request restriction.
  • We no longer need the data, but you require it for legal claims.
  • You have objected under Art. 21(1) GDPR – processing will be restricted while the balance of interests is assessed.

If processing is restricted, such data may only be processed with your consent or for legal purposes.

SSL or TLS Encryption
This site uses SSL or TLS encryption for security and to protect transmission of confidential content (e.g., orders or inquiries). You can recognize an encrypted connection by the change in the browser address bar from “http://” to “https://” and the lock icon. When encryption is active, transmitted data cannot be read by third parties.

Objection to Promotional Emails
We hereby object to the use of contact data published under the legal notice obligation for the purpose of sending unsolicited advertising and information materials. We reserve the right to take legal action against unsolicited promotional emails (spam).

4. Data Collection on This Website

Cookies
Our website uses “cookies.” Cookies are small data packets that do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are deleted automatically after your visit. Persistent cookies remain stored until you delete them or they are automatically deleted by your browser.

Cookies may be placed by us (first-party cookies) or by third-party providers (third-party cookies). Third-party cookies enable integration of certain services from third-party companies (e.g., payment service providers).

Cookies serve various purposes. Many are technically necessary to enable core website functions (e.g., shopping cart or video display). Others are used to analyze user behavior or for advertising purposes.

Cookies necessary for electronic communication, requested functions (e.g., shopping cart), or website optimization (e.g., measuring website audience) are stored based on Art. 6(1)(f) GDPR unless another legal basis is stated. The website operator has a legitimate interest in the storage of necessary cookies for technically error-free and optimized service provision. Where consent is required, processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDDG; consent can be revoked at any time.

You can configure your browser to notify you when cookies are set, allow cookies only in individual cases, block them in general or in specific cases, and activate automatic deletion when the browser is closed. Deactivating cookies may limit website functionality.

Details on the specific cookies and tools used can be found in this privacy policy.

CookieFirst
We use CookieFirst, a service provided by Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, Netherlands, to manage cookie consent in a GDPR-compliant manner.

Data Processing by CookieFirst
CookieFirst processes technical data such as IP address, browser information, and consent status. This data is used solely to manage and document your cookie consent and is processed in accordance with data protection regulations.

Legal Basis and Purpose
Processing is based on Art. 6(1)(c) GDPR due to our legal obligation to obtain and document cookie consent. It is also based on our legitimate interest (Art. 6(1)(f) GDPR) in providing a transparent and legally compliant consent management system.

Storage Duration
CookieFirst retains consent-related data as long as needed for documentation purposes. You may change or revoke your consent at any time.

For more information: CookieFirst Privacy Policy

Server Log Files
The provider of this website automatically collects and stores information in server log files, which your browser transmits to us. This includes:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing device
  • Time of server request
  • IP address

This data is not merged with other data sources.
The basis for this processing is Art. 6(1)(f) GDPR – the website operator has a legitimate interest in technically error-free and optimized website performance.

Contact Form
If you submit inquiries via the contact form, your details (including contact information) will be stored to process your request and follow-up questions. This data is not shared without your consent.

Processing is based on Art. 6(1)(b) GDPR if your inquiry relates to a contract or pre-contractual steps. Otherwise, it is based on our legitimate interest in handling inquiries (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), if applicable. You may revoke your consent at any time.

Your form data will remain stored until you request deletion, revoke your consent, or the storage purpose ceases to apply. Legal retention obligations remain unaffected.

Inquiries via Email or Phone
If you contact us via email or telephone, your inquiry and related personal data (e.g., name, inquiry details) will be stored and processed for handling your request. This data will not be shared without your consent.

Processing is based on Art. 6(1)(b) GDPR if your request relates to a contract or is necessary for pre-contractual actions. In other cases, processing is based on our legitimate interest in efficiently handling inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if applicable.

Data from such inquiries will be stored until you request deletion, revoke consent, or the storage purpose no longer applies. Mandatory legal retention periods remain unaffected.

5. Plugins and Tools

Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to determine whether data entered on this website (e.g., in a contact form) is submitted by a human or an automated program. This analysis begins automatically when the website is accessed and evaluates various user behaviors (e.g., IP address, time spent on the site, mouse movements). This data is forwarded to Google.

reCAPTCHA runs entirely in the background. Website visitors are not notified that an analysis is taking place.

The processing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting the site from automated misuse and spam. If consent has been obtained, processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TDDDG, where applicable. Consent can be revoked at any time.

For further information, please refer to Google's privacy and terms pages:
Privacy Policy
Terms of Use

Google is certified under the EU-U.S. Data Privacy Framework (DPF):
DPF Certification

Google Tag Manager
Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Tag Manager allows us to manage website tags via an interface. The tool itself does not set cookies or collect personal data. It only triggers other tags that may collect data.

Google Tag Manager does not access this data. If cookies or tracking have been deactivated at the domain or cookie level, this setting remains in effect for all tracking tags implemented via Google Tag Manager.

Legal Basis and Purpose
The use of Google Tag Manager is based on our legitimate interest in efficient tag management and website optimization according to Art. 6(1)(f) GDPR.

Further information:
Google Tag Manager Help

Server Data
For technical reasons, the following data is automatically collected and stored in server log files by our hosting provider:

  • Browser type and version
  • Operating system
  • Referrer URL (the previously visited website)
  • Pages visited on our site
  • Date and time of access
  • Public IP address

This data is stored anonymously and separately from any personal data you may have provided. It is analyzed for statistical purposes to improve our website and services. This analysis may be conducted using Google Analytics.

Sanity.io
We use Sanity.io, a service provided by Sanity AS, Trondheimsveien 2K, 0560 Oslo, Norway, to enhance performance and content delivery through a Content Delivery Network (CDN).

Personal Data Processed by Sanity
When using Sanity’s CDN, the following personal data may be processed:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL
  • Date and time of request

Data is usually stored on servers within the EU or the USA.

Sanity processes this data in accordance with applicable data protection laws, including the GDPR.

More information: Sanity Privacy Policy

Legal Basis
The use of Sanity is based on our legitimate interest (Art. 6(1)(f) GDPR) to ensure secure, efficient, and stable website performance.

Data Transfers to Third Countries
Data may be transferred to the USA. Sanity ensures adequate safeguards are in place to meet European data protection standards.

By using our website, you consent to the processing of your data by Sanity for the purposes described above.

AMFG.AI Webshop

1. Controller

The controller responsible for processing personal data within the AMFG.AI online shop is:

ModellTechnik Rapid Prototyping GmbH
Ziegeleistraße 3b
D-99880 Waltershausen
Phone: +49 3622 44 24 0
Email: info@modelltechnik.de

2. Purpose of Data Processing

Personal data is processed to provide and manage orders placed through the AMFG.AI online shop. This includes:

  • Capturing and processing customer orders
  • Payment processing
  • Delivery of purchased products or services
  • Customer communication, including support requests
  • Processing uploaded 3D files for manufacturing
  • Fulfilling legal obligations (e.g., tax and commercial retention laws)

When creating a customer account, you consent to the use of your provided data (such as name, email address, and other contact details) for marketing and sales purposes. This includes receiving product updates, offers, and event information via email or other means. You may withdraw this consent at any time with future effect.

3. Processing of Uploaded 3D Files

Customers can upload 3D files to order customized products. These files are processed solely for:

  • Analyzing 3D files to verify manufacturability and, if needed, optimize them
  • Manufacturing the desired product using additive manufacturing or other processes

Processing is based on Art. 6(1)(b) GDPR (contract performance). If permanent storage is requested, it is based on the customer's consent in accordance with Art. 6(1)(a) GDPR.

3D files may be shared with technical service providers and production partners if necessary for manufacturing. Transfers to third countries only occur if appropriate data protection safeguards under the GDPR are in place.

4. Legal Basis

Data processing is based on the following legal grounds under the GDPR:

  • Art. 6(1)(b) GDPR (performance of a contract)
  • Art. 6(1)(c) GDPR (legal obligation to retain accounting and business data)
  • Art. 6(1)(f) GDPR (legitimate interests, e.g., IT security, fraud prevention, or user experience improvement)

5. Collected Data and Storage Duration

Depending on how you use the shop, we process the following data:

  • When placing an order: Name, billing and delivery address, payment information, email address, phone number
  • When creating an account: Username, email address, encrypted password
  • When using customer service: Email address, order history, communication content
  • When using the 3D upload function: Uploaded 3D models and metadata

Data is stored only for as long as necessary for the intended purpose. Legal retention obligations (e.g., HGB or AO in Germany) remain unaffected.

6. Disclosure to Third Parties

Personal data is only disclosed to third parties when necessary to fulfill a contract. Recipients include:

  • Payment service providers (e.g., PayPal, credit card companies)
  • Shipping providers (e.g., DHL, UPS)
  • IT service providers (for hosting and shop functionality)
  • Production partners (for manufacturing uploaded 3D files)

Data transfers to third countries are only made if an adequate level of data protection is ensured or if explicit consent is provided.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance user experience and for analytics. For more information, see our [Cookie Policy].

8. Data Subject Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure ("right to be forgotten", Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)

Requests regarding these rights can be sent to [email address].

Customer Account in the AMFG.AI Shop

1. Purpose of Processing

To provide you with a convenient and efficient shopping experience, we offer the option to create a personal customer account. The processing of your personal data serves the following purposes:

  • Managing your personal data for faster order processing
  • Displaying your order history and invoices
  • Managing billing and shipping addresses
  • Facilitating communication with our customer service
  • Personalizing your shopping experience
  • Processing uploaded 3D data for manufacturing your desired product

2. Legal Basis for Processing

The processing of your data is based on Art. 6(1)(b) GDPR (performance of a contract), as the customer account is necessary for handling and managing your orders.

If you voluntarily provide additional information (e.g., product preferences), processing is based on your consent under Art. 6(1)(a) GDPR. You may revoke your consent at any time.

3. Collected Data

For the creation and use of your customer account, we process the following personal data:

  • First and last name
  • Company name
  • VAT ID number
  • Email address
  • Encrypted password
  • Billing and shipping addresses
  • Order history
  • Payment method (without storing full payment details)
  • Optional information (e.g., wish lists, preferences)
  • Uploaded 3D files for the production of custom products

4. Processing of Uploaded 3D Data

Customers can upload 3D files through their account to order personalized products. These files are processed for the following purposes:

  • Checking technical feasibility and optimizing the data
  • Manufacturing the desired product using the uploaded file
  • Temporary storage during the order process
  • Optional: Permanent storage of 3D files for future reorders (only with explicit consent)

The processing is based on Art. 6(1)(b) GDPR (contract fulfillment). Permanent storage for future use requires consent under Art. 6(1)(a) GDPR.

Uploaded files are deleted automatically after the order is completed, unless legal or contractual retention obligations apply. If permanent storage is desired, you may manage this in your customer account settings.

5. Disclosure to Third Parties

Personal data from your customer account is used solely for processing your orders. Data is only shared with third parties if necessary, e.g.:

  • To payment service providers for processing payments
  • To shipping providers for delivering goods
  • To IT service providers for platform operations
  • To production partners for manufacturing uploaded 3D models

Transfers to third countries are only made in compliance with applicable data protection regulations.

6. Data Subject Rights

You have the right to:

  • Access your stored data (Art. 15 GDPR)
  • Correct inaccurate data (Art. 16 GDPR)
  • Delete your data (“right to be forgotten”, Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

You can exercise these rights by contacting us at [email address].

7. Deletion of the Customer Account

You may delete your customer account at any time via your account settings. Alternatively, you can send a deletion request to [email address]. All data not subject to legal retention obligations will be deleted following account termination.

Payment Processing with Stripe

1. Use of Stripe as Payment Service Provider

To process payments in our online shop, we use Stripe Payments Europe, Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”).
Stripe handles payment data to complete transactions and offers various payment methods, including credit cards, SEPA direct debit, and digital wallets like Apple Pay and Google Pay.

2. Processing of Personal Data by Stripe

When using Stripe for payment processing, the following personal data may be collected:

  • Customer’s name
  • Company name
  • Billing and shipping address
  • Email address
  • Payment method (e.g., credit card, SEPA, invoice)
  • Transaction details (amount, date, currency)
  • IP address and device information (for fraud prevention)
  • Any other information required by Stripe to process the payment

These data are collected and processed directly by Stripe. AMFG.AI does not have access to full payment details such as credit card numbers.

3. Legal Basis for Processing

The processing of personal data as part of the payment process is based on:

  • Art. 6(1)(b) GDPR – necessary for the performance of a contract
  • Art. 6(1)(f) GDPR – legitimate interest in fraud prevention and secure payment processing

4. Data Storage and Disclosure

Stripe stores your payment information in accordance with applicable data protection laws and based on statutory retention periods (e.g., for tax and commercial law).

Stripe may share data with affiliated companies and service providers, where necessary for processing payments.
Data transfers to third countries (e.g., the United States) may occur. In such cases, Stripe relies on EU Standard Contractual Clauses to ensure adequate protection.

You can find more details in Stripe’s privacy policy:
🔗 Stripe Privacy Policy

5. Your Rights as a Data Subject

As a data subject, you have the following rights under the GDPR:

  • Right to access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR), provided no legal obligation prevents it
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)

For requests regarding your payment data processed by Stripe, please contact:

Stripe Payments Europe, Ltd.
Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland
Email: privacy@stripe.com

6. Security and Encryption

Stripe complies with the Payment Card Industry Data Security Standard (PCI-DSS) and uses encryption and tokenization to protect your payment data.
AMFG.AI does not store complete payment details such as full credit card numbers.

Changes to This Privacy Policy

This privacy policy may be updated to reflect changes in legal requirements or business processes.
The current version is always available on our website.

Source:
https://www.e-recht24.de and custom content

Con­tact us

Whether you’ve got technical, commercial or specialist questions – we’re here to help.

START A QUERY NOW
„ It is impressive how MODELLTECHNIK has set up complete small series production including quality assurance in a very short time.“
Stefan PulsfortLeiter Versuchsaufbau, Austattung und Prozesssteuerung, Volkswagen Osnabrück GmbH