Data Privacy Statement
Website and Services of Mayer & Cie. GmbH & Co. KG As of: 20.05.2018
1.About us We,
Mayer & Cie. GmbH & Co. KG, Tailfingen, Emil-Mayer-Strasse 10, D-72461 Albstadt, are responsible for the collection, processing and storage of your data. Our details are available at all times under the Imprint heading. Handling your personal data carefully is a top priority for us. We process it in accordance with statutory requirements, including those of the General Data Protection Regulation (GDPR) and of the national provisions relating thereto. This Data Privacy Statement applies to all of our company websites accessible in the following domains: www.mayercie.de, www.mayercie.com and https://mayercie-karriere.dvinci-easy.com. If you switch from one of our websites to other operators’ websites, their data protection provisions will apply and they are responsible for the contents of their websites. We would like to give you a comprehensive overview of how we process personal data in the Mayer & Cie. Group, so you will find in the following an overview of all of our services in the course of which we collect and process personal data. Where special or additional conditions apply to individual services or we request your consent, we will notify you separately before you make use of the service in question (such as registering for a newsletter, submitting a spare parts query or sending a sample). In addition, we take a wide range of security precautions to protect your personal data. Communication between your Web browser and our servers, for example, is encrypted as a matter of principle; we also have in place a large number of technical and organisational measures to ensure that your data is always protected.
2.Why we process your data
In principle you can use our website without revealing your identity. If, however, you want to register for one of our personalised services, to use our sample dispatch service or to contact us, we will ask for your name and other personal information. It is entirely up to you to decide whether or not to provide this additional information. Data of yours that we definitely require to provide our services is indicated as such. Collection and processing of your personal data is undertaken for the following purposes on the basis of the following legal foundations: -Contract initiation as per Art. 6 par. 1 lit. a) and b) GDPR -Contract fulfilment as per Art. 6 par. 1 lit. b) GDPR -Customer management as per Art. 6 par. 1 lit. b) and c), f) GDPR -Communication and data exchange as per Art. 6 par. 1 lit. a), b), c), f) GDPR -Public image and advertising as per Art. 6 par. 1 lit. a), f) GDPR -Implementation of declarations of consent as per Art. 6 par. 1 lit. a) GDPR -Ensuring the proper operation of a data processing system as per Art. 6 par. 1 lit. c) and f) GDPR -Applicant selection procedure as part of personnel and resource management as per Art. 6 par. 1 lit.a), b) GDPR in combination with Section 26 BDSG-Neu3.Data of yours that we collect and process
We collect different categories of personal data from you. Personal data is all information relating to an identified or identifiable individual; a natural person is deemed to be identifiable if he or she can be identified directly or indirectly, especially by means of attribution to an identifier such as a name. Personal data includes information such as your name, address, telephone number and date of birth (if stated). Statistical information that cannot be associated with you either directly or indirectly, such as the popularity of our individual website pages or the number of page users, is not personal data. Data is collected directly and indirectly. In both cases data is only collected to the extent required and is processed solely for purposes listed at 2. (above). Whether you wish to provide us with data that may optimise the use of our services for you but is not essential is for you to decide. These data fields are not stated to be mandatory. Directly collected data is as follows: -Title and name, such as for ordering a sample -E-mail address, such as for contacting us via our contact form -Address data, such as for order fulfilment (shipping) as part of our sample dispatch or spare partsservice -ob application data as part of our online application procedure -Data that you send us – actively and deliberately – as part of using our services -Further data that you provide voluntarily by, for instance, entering data in fields that are notdesignated as mandatory Minors: Our website is not aimed at minors and we do not knowingly collect minors’ personal data. If persons under the age of 16 send us personal data, it is only permissible if a parent or guardian has given consent or has approved the minor doing so. Art. 8 par. 2 GDPR specifies that we must be notified of the parent or guardian’s contact data as evidence of this consent or approval. That data, along with that of the minor, is then processed in accordance with this Data Privacy Statement. If we discover that a minor aged under 16 has sent us personal data without the parent or guardian’s consent or approval we will delete the data without delay. This section does not apply to job applications that minors submit to us.
4.Who has access to your data and who we transfer it to
a)Access Access to your personal data that we keep is limited to our employees and to the service providers that we employ and need to handle this personal data as part of their remit. If third parties are granted access to your data you have either given us your consent or there is a statutory basis for this access.
We may use service providers to provide services and process your data. Insofar as special provisions apply, we explain them as follows under the heading of the service in question. Service providers process the data in strict accordance with our instructions and undertake to abide by data protection regulations. All contract processors are carefully chosen and only have access to your data to the extent and for the time required to provide their services or to the extent of data processing and usage to which you have given your consent.
b)Data transfer within the Mayer & Cie. Group Any transfer of your data within the group of undertakings to which we belong will take place solely within the EU/EEA and serve internal administrative purposes only. We define the term group of undertakings as laid down in Art. 4.19 GDPR.
c)Data transfer to third countries and its legal basis The servers of some service providers we use are located in the United States and other countries that are not members of the European Union. Companies in these countries are subject to data privacy legislation that does not protect general personal data to the same extent as the law in European Union member-states does. If your data is processed in a country that does not have such a recognised high standard of data protection as the EU we will ensure by means of contractual arrangements or other recognised instruments that your personal data is suitably protected. We will explicitly notify you of this in the course of individual services. If personal data is transferred to third countries it is done on the basis of the EU Commission’s ruling on the suitability of the EU-US Privacy Shield as per Art. 45 GDPR or based on the Commission’s 05.02.2010 decision on standard contractual clauses for the transfer of personal data as per Art. 46 par. 2 lit. c GDPR in combination with 2010/87/EU or with Art. 49 par. 1 lit. a GDPR.
d)Data transfer to law enforcement and criminal investigation authorities In exceptional cases we hand over personal data to law enforcement and criminal investigation authorities. We do so on the basis of statutory requirements such as the provisions of the Criminal Procedure Code, the Tax Code, the Money Laundering Act or state police legislation.
We retain personal data as required by law or as agreed with you. In determining the retention period we apply the following criteria: We retain personal data until the purpose for which it was collected no longer applies (or the termination of a contractual relationship or final activity if there are no continuing obligations or if you revoke your consent to specific data processing). Further retention is only undertaken if: -Statutory retention requirements (such as per Tax Code/AO or Commercial Code/HGB) apply -he data is required to enforce and exercise legal rights or to defend against legal claims, or in respectof technological and forensic requirements to ward off and pursue attacks on our web servers -Its deletion would run counter to the legitimate interests of the persons in question
or Another exception as per Art. 17 par. 3 GDPR should apply.
You have a number of statutory rights to which we would like to draw your attention as follows. In addition our Data Protection Officer (see contact data below) is of course at your disposal on all issues related to and arising from your personal data that we collect and process.
a)Right to information and data portability You have a right at all times to information about the personal data of yours that we process. If the data processing is based on your consent or, in accordance with Art 6 par. 1 b) GDPR, on a contract, Art. 20 par. 1 GDPR also entitles you to demand the personal data of yours that we hold in a structured, standard and machine-readable format. If you wish, we will also send the data directly to a recipient of your choice.
b)Right to rectification, restriction and erasure Articles 16–18 GDPR also entitle you to demand from us the rectification, restriction (blocking) or erasure of your personal data if it was wrongly processed by us, if there is a ground for restricting further data processing or the data processing has become illegal for whatever reason or its retention is impermissible on other statutory grounds. Please note that your right to erasure may be restricted by statutory retention periods.
c)Right to object If our data processing is based solely on our legitimate interest as per Art 6 par. 1 f) GDPR, you can lodge an objection to it in accordance with Art. 21 par. 1 GDPR. We will then cease processing your data unless we can demonstrate protection-worthy reasons for processing it that outweigh your interests, rights and freedoms or show that processing serves to enforce, exercise or defend a legal right. Furthermore, you are always entitled by Art. 21 par. 2 GDPR to veto the future use of your data for the purpose of direct advertising.
d)Right to cancel If you have consented to our processing of your personal data, Art. 7 par. 3 GDPR entitles you to cancel or withdraw your consent to its further processing. e)Right to complain to the supervisory authority You have the right to complain to a supervisory authority if you are of the opinion that our processing of your personal data is in breach of the EU’s GDPR or of other national and international data protection legislation. The contact data for our supervisory authority is as follows:
Dr. Stefan Brink
Postfach 10 29 32
f)Contact data.To exercise your rights or to withdraw your consent you can write to the following (please state which consent you are withdrawing):
Resposible party Data protection officer
Mayer & Cie. GmbH & Co. KG
D-72461 Albstadt Managing
directors of the Kommanditgesellschaft: Marcus Mayer, Benjamin Mayer
it.sec GmbH & Co.KG
7. Use of our website – Profiling, cookies and Web tracking
a) General remarks on cookies and opt-outsIn some areas of our website we use so-called cookies to, for example, identify visitor preferences and design the website optimally. This enables us to make navigation easier and ensure a high degree of user-friendliness. Cookies also help us to identify especially popular areas of our Internet offering. Cookies are small files that are placed on a visitor’s hard disk. They enable us to save information for a certain period and to identify the visitor’s computer. We use permanent cookies to improve user guidance and individual performance presentation. We also use session cookies that are deleted automatically when you shut down your browser. You can set your browser to notify you when cookies are placed. That makes their use transparent for you. We collect the following technical connection data: the page of our website that you have opened, your IP address (minus the last three digits), the date and time of your visit and the terminal device and browser configuration used. We do it to check the authorisation of actions and authenticate the user of our services on the legal basis of Art. 6 par. 1 lit.
8.Additional notes and regulations on individual services
a)Data transfer via the contact form We retrieve the following data from the www.mayercie.de/kontakt/kontaktformular/ Web form: -Company (mandatory) -Name and first name (mandatory) -Function / Position -Street and house number -Postcode and city -State (mandatory) -E-mail address (mandatory) -Phone number (mandatory) -Fax number/ Callback request (mandatory) -Message Data that you send us via the contact form is processed for the purpose of communication and data exchange as per Art. 6 par. 1 lit. a), b), f) GDPR. This data is stored for as long as required for processing or until the end of any subsequent retention period.
b)Data transfer via the contact form and Amtek service contact form or generalqueries about the spare parts service We retrieve the following data from the www.mayercie.de/mayer-cie-rundstrickmaschinen-service Web form: -Name and first name (mandatory) -E-mail address (mandatory) -Message (mandatory) Data that you send us via the contact form is processed for the purpose of communication and data exchange as per Art. 6 par. 1 lit. a), b), f) GDPR. This data is stored for as long as required for processing or until the end of any subsequent retention period.
c)Data transfer for the spare parts service We retrieve the following data from the www.mayercie.de/mayer-cie-rundstrickmaschinen-service Web form: -Name and first name (mandatory) -E-mail address (mandatory) -Message (mandatory) -Machine number (mandatory) -MCT part number (falls vorhanden) -Description of the part required (mandatory) Data that you send us via the contact form is processed for the purpose of communication and data exchange as per Art. 6 par. 1 lit. a), b), f) GDPR. This data is stored for as long as required for processing or until the end of any subsequent retention period.
d)Data transfer for sending samples We retrieve the following data from the www.mayercie.de/mayer-cie-rundstrickmaschinen-service Web form: -Name and first name (mandatory) -Street and house number (mandatory) -Postcode and city (mandatory) -State (mandatory) -E-mail address (mandatory) -Sample required (mandatory) -Message Data that you send us via the contact form is processed for the purpose of communication and data exchange as per Art. 6 par. 1 lit. a), b), f) GDPR. This data is stored for as long as required for processing or until the end of any subsequent retention period.
e)Online job application procedure We offer you the opportunity to submit a job application online to www.mayercie.de/unternehmen/karriere-ausbildung/offene-stellen. You will be redirected to https://mayercie-karriere.dvinci-easy.com. You can apply online for a specific job or send us an unsolicited application. In either case we will request the following data as part of your online application: Mandatory data fields: -Name and first name -Street and house number -Postcode and city -Phone number (optional) -State -E-mail address (optional) -Area in which you are interested -xpected salary (optional for unsolicited applications) Optional data -Title -Alternative phone number -Date of birth -Expected salary -Job title -How you found out about us -Last job (not for unsolicited applications) -Highest educational qualification (not for unsolicited applications) -Vocational training (not for unsolicited applications) -Studies (not for unsolicited applications) When applying online you must attach all your application documents and may upload an application photo. Your data and attachments are sent via a secure connection. When you upload your unsolicited application your data is retrieved automatically from your CV and covering letter and entered into our form. It is then transferred to Textkernel. Textkernel evaluates it and sends the evaluation result to our application system d.vinci. Textkernel stores the documents temporarily for processing. Once the result has been sent to d.vinci, Textkernel deletes the document. Suitable data privacy agreements have been concluded with Textkernel.
By using the appropriate buttons on the website you can also share your data with us via LinkedIn or Dropbox. When sharing your data via LinkedIn we request your permission to access your name, your photo, your slogan and your current position and to use your LinkedIn account’s primary e-mail address. For your data transfer the data protection notice of the service that you use will apply. Your electronic application data will be received by the relevant personnel department and passed on solely to the department that is responsible for the job or to the people in charge of dealing with the application. Everyone involved will treat your application documents with the requisite care and as absolutely confidential. Once the selection procedure is completed we will retain your application documents for three months and then delete them and any copies if we have not signed a contract of employment with you. Should we want to include your application documents in our pool of applicants we will contact you accordingly. You can then consent to the further retention of your documents. Your application account and the data it contains will remain stored, irrespective of a specific, active job application, for as long as you do not deactivate them to enable you to apply for further jobs with us. Please note: applications that you e-mail to us are sent unencrypted. That is why we advise you to use the online application portal.