Data Privacy

Name and Contact of the Responsible Party

This data privacy information applies to data processing by:

Person responsible:
Katharina Berres, Mountain Zebra GmbH, Amalienstr. 71 80799 Munich, Germany; e-mail:; phone: +49-(0)172 3092998; website:

This data privacy was last updated in August 2022.


Mountain Zebra takes the protection of your privacy very seriously. Personal data is processed in accordance with the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG). The following statement gives you an overview of what kind of data, to what extent and for what purpose is processed. This privacy statement applies when you access the materials and information on the website (hereinafter: the “Website”) or on other websites and apps that contain a link to this privacy statement and use our information and services offered there. This Privacy Policy also applies to information you provide to Mountain Zebra by email or other form of contact.

Mountain Zebra may change this Privacy Policy from time to time in its sole discretion. Material changes to this Privacy Policy will be displayed on this page to ensure that you remain informed about what information we collect and how we use it.

This website may contain links to external online sites that have been carefully selected by Mountain Zebra but are not governed by this Privacy Policy. Mountain Zebra assumes no responsibility for ensuring that the privacy practices of third-party websites to which we link meet privacy standards. We encourage you to familiarize yourself with the privacy practices of such websites before submitting any information to them.

Collection and Processing of Personal Data by Mountain Zebra

In the following, we inform you about the data we collect. If you do not wish to provide such information, you will not be able to register for the website, request copies of publications, subscribe to newsletters, or receive further information regarding our services.

1) What Information Do We Collect?

Mountain Zebra processes information that is usually transmitted by the browser when the web pages are called up or each time our online offer is accessed, insofar as the browser provides this information (so-called server log files). The access data includes: Name and URL of the file accessed, date and time of access, amount of data transferred, message about successful retrieval (HTTP response code), browser type and version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider. The temporary storage of the data is necessary for the correct delivery of the content and for the course of a website visit. In addition, the data is necessary to ensure the functionality of the website and the security of the information technology systems, as well as to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. These purposes are also our legitimate interest in data processing (Art. 6 para. 1 lit. f DSGVO).

Contacting, Requesting Information

You can send us inquiries via a contact form or by e-mail, request information and other materials. In this case, the data transmitted by you in the input mask or by e-mail will be stored by us. The following data may be collected and transmitted to us in this context: Name, contact details, your message, request, subscription. At the time of sending the message, the following data is also stored: Date and time of sending the message. The personal data transmitted by you are used by us solely for the purpose of processing the contact or the inquiry. The other personal data processed during the sending process serve to ensure the security of our information technology systems. The legal basis for this is Art. 6 para. 1 lit. b DSGVO.

Registration, Events, Seminars

Occasionally, you can register for events or other services. Which personal data is transmitted to the controller in the process is determined by the respective input mask used for registration. This includes personal data such as your name, address, e-mail address, telephone number, user ID, bank details, your inquiry or order. The data transmitted to us is used exclusively for the purpose of using the respective offer or service. The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. If the registration serves the fulfillment of a contract with you or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.

Newsletter / Sending of Informationen

If a newsletter can be subscribed to on our website, the data from the input mask is transmitted to us during registration. In order to provide you with our newsletter, we need your e-mail address. This will only be used to provide you with our news and information about our services. We use the “double opt-in” procedure when you subscribe to the newsletter on our website. After you have entered your e-mail address, you will receive a confirmation e-mail and have the opportunity to confirm the registration in a legally secure manner. Only if the confirmation is made, your address will be actively included in the distribution list. The collection of the user’s e-mail address is only used to deliver the newsletter. When registering for the newsletter, we sometimes store the IP address assigned by your Internet service provider (ISP) at the time of registration of the computer system used, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of your e-mail address at a later date and therefore serves as a legal safeguard for you and us. If we receive personal data from you in another way (e.g. by handing you a business card), whereby you wish to receive information, we will use your data for this purpose. The legal basis for the processing of data after registration, if the user has given his consent, is Art. 6 para. 1 lit. a DSGVO. If you have purchased a product or service from us, we will use your e-mail address to advertise our own and similar products or services. In this case, the processing is based on Section 7 (3) UWG.

Contract Conclusion as Service Provider or Client

If you conclude a contract with us as a Client or service provider, personal data such as your name, address, e-mail address, telephone number, bank details, your inquiry or order will be collected. The data transmitted to us is used exclusively for the purpose of fulfilling a contract with you or carrying out pre-contractual measures. For this reason, the legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.

2) Where Do We Get the Personal Data About You?

We may collect or receive your personal information in a variety of ways:

  • When you provide us with personal information directly, such as through correspondence with us via email or other direct interactions with us, such as filling out a form on our website or registering and using one of our online tools;

  • When we use monitoring: use of or interaction with our websites, marketing we send to you, or other email messages sent by or received from Mountain Zebra;

  • Third party sources: for example, when we receive information about you from business partners in order to organize events, seminars and functions.


Otherwise, please refer to A) below to see where the information comes from.

3) How Do We Use Personal Data?

The purposes and uses of your personal data depend on the use of the website and the personal information provided. We process your personal data (unless already mentioned above) as follows:

  • Weighing of interests as a legal basis (Art. 6 para. 1 lit. f DSGVO) for the purpose of protecting the legitimate interests of Mountain Zebra. This includes data transmission during the submission process. The data is used to prevent misuse of the respective transaction and to ensure the security of our information technology systems.

  • Due to legal requirements (Art. 6 para. 1 lit. c DSGVO): 
    Furthermore, we process data for the purpose of complying with a legal obligation. This includes measures to combat fraud and money laundering as well as tax and social law requirements.

4) How We Might Share Information

We will not sell, share, rent, loan or otherwise make your personal information available to third parties, except that we may share the information with service providers who are working for us and need access to the information in connection with that work. Third parties, if applicable, will process this information only to the extent and within the limits that Mountain Zebra itself is permitted to process such data. In addition, Mountain Zebra may share your contact information in response to requests from bona fide rights holders related to alleged infringement of copyright or other proprietary rights in connection with information you have posted on the Site or otherwise provided to Mountain Zebra.

Third parties with whom we may need to share personal information in order to provide services and products to you and operate our website include:

  • our third-party service providers who process information on our behalf to help us operate some of our internal business operations, such as sending emails, and marketing and event services;

  • our business partners for publications, seminars and events that Mountain Zebra and these partners organize together;

  • Law enforcement agencies to comply with legal obligations or a court order.

5) Storage of Your Personal Data

Personal data of data subjects will be deleted or blocked as soon as the purpose of the storage no longer applies. If this data is no longer required to fulfill the respective purpose, it will be deleted. However, deletion does not occur if Mountain Zebra must retain the data for the following purposes:

  • Fulfillment of retention obligations under commercial and tax law (in particular, obligations under the German Commercial Code (Handelsgesetzbuch), German Tax Code (Abgabeordnung), which must be retained for up to 10 years).

  • Securing evidence within the framework of limitation periods (which are generally 3 calendar years, beginning at the end of the year).  

6) Withdrawal of Your Consent

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If you do not wish to receive any further newsletters from us, you can unsubscribe from such communications at any time via a link. You will find this link in every email you receive from us. You can also send your revocation to the contact details mentioned above.

If you would like to make use of your right of revocation and objection, an e-mail to info(a) is sufficient.

7) Cookies

Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

In some cases, cookies from third-party companies may also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a DSGVO); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

8) Hosting and Content Delivery Networks (CDN) | External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Our host will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

Execution of a Contract for Data Processing Agreement (DPA)

In order to guarantee processing in compliance with data protection regulations, we have concluded a Data Processing Agreement (DPA) with our host.

9) Analytics-Tools

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

IP Anonymization

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Browser Plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:

Objection Against Data Collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website: Google Analytics opt-out.

More information on how Google Analytics handles user data can be found in Google’s privacy policy:

Execution of a Contract for Data Processing Agreement (DPA)

In order to guarantee processing in compliance with data protection regulations, we have concluded a Data Processing Agreement (DPA) with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage Duration

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link:

10) Plugins and Tools

a) Google Maps

This site uses the map service Google Maps via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

More information on the handling of user data can be found in Google’s privacy policy:

b) Calendly

This site uses the planning and organization tool Calendly via an API. The service provider is the American company Calendly LCC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA.

The booking system allows you to easily coordinate appointments with us. To do this, you enter your data into a form with a mouse click and details. Please be aware that all data you enter may be stored and managed in a database. Usually, data such as IP address, name, contact details, technical details of your device and time of booking are processed. 

Legal Basis

If you have consented to booking systems being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), it represents the legal basis for the processing of personal data as it may occur through booking systems.

Furthermore, we also have a legitimate interest in using booking systems because, on the one hand, this allows us to expand our customer service and, on the other hand, to optimize our internal booking organization. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the tools if you have given your consent.

Objection Against Data Collection

The easiest way to revoke the data agreement is via a cookie consent tool or via the specified opt-out functions. You can also manage the data storage by cookies directly in your browser, for example. Until your revocation, the legality of the data management remains unaffected. 

Data Processing by Calendly

Calendly also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may be associated with various risks to the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there, Calendly uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige Calendly to comply with the EU level of data protection when processing relevant data also outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among others, here:

You can learn more about the data processed through the use of Calendly in the privacy policy at

Execution of a Contract for Data Processing Agreement (DPA)

In order to guarantee processing in compliance with data protection regulations, we have concluded a Data Processing Agreement (DPA) with Calendly.

11) Security Processes

Mountain Zebra uses appropriate technical and organizational security measures to protect personal data from loss, misuse, alteration or deletion. Only authorized employees and contractors have access to information you have provided, and such access is granted only when necessary. Any employee or contractor who has access to personally identifiable information is required to keep it confidential. Although we have taken state-of-the-art measures to protect your personal information, Mountain Zebra cannot guarantee that your personal information will not be accessed by unauthorized persons.

In this context, we use SSL or TLS encryption on this site for security reasons and to protect the transmission of confidential content, such as requests that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

12) Links to other Websites

This website contains links to other websites that are not operated by Mountain Zebra. By clicking on these links, you will leave Mountain Zebra’s website.

Mountain Zebra is not responsible for the privacy practices or the content of non-Mountain Zebra websites to which we link from our website. We are not responsible for the security or privacy of information you provide when visiting other websites and pages to which our Privacy Policy does not apply. We cannot control the content or security of such websites.

13) Compliance with Law

Mountain Zebra may be required to release user or customer personal information to judicial authorities in order to comply with a court subpoena or similar judicial or administrative order, or if we are required or authorized to do so by the laws, regulations, and legal requirements of any country, state, or other jurisdiction having jurisdiction. Also, in the event of a violation of the Website’s Terms of Use or a violation of restrictions on the use of materials made available on the Website, we may release personal user information to our affected business partners or to legal authorities.

14) Access Rights

In accordance with applicable data protection regulations, including but not limited to the GDPR, you have the right of access. If the data stored about you is incorrect or out of date, you have the right to correct it (right to rectification). You also have the right to erasure and the right to restrict the processing of your personal data. Furthermore, you have the right to portability of your personal data as well as the right to withdraw your consent and the right to object. This provision may not apply if the restrictions under Sections 34 and 35 BDSG-neu apply. If you wish to exercise your rights, please send an e-mail to: info(at)

You also have the right to lodge a complaint with the competent supervisory authority.

15) Children

Mountain Zebra recognizes the importance of protecting the privacy of children, especially with regard to Internet communications. This website is not intended for and does not target minors, that is, persons under the age of 18.