Data Privacy Statement

1. About us

We, Mayer & Cie. GmbH & Co. KG, Tailfingen, Emil-Mayer-Strasse 10, D-72461 Albstadt, are responsible for the collection, processing and storage of your data. Our details are available under the Imprint heading at all times.

Exercising care in handling your personal data is a top priority for us. We process it in accordance with statutory requirements, including those of the General Data Protection Regulation (GDPR) and related national provisions.

This data protection declaration applies to all of our corporate websites in the following domains: (, and If you switch from one of our websites to those of other website operators, they will have data protection regulations of their own for the contents of which the operators of the website in question are responsible.

As we would like to give you a comprehensive overview of how we process personal data in the Mayer & Cie. Group, you will find in the following an overview of all our services in the course of which we collect and process personal data.

Where special or additional conditions apply to individual services or we request your consent, we will notify you separately before you make use of the service in question, such as registering for a newsletter, submitting a spare parts query or sending a sample.

In addition we take a wide range of security precautions to protect your personal data. Communication between your Web browser and our servers, for example, is encrypted as a matter of principle; we also have in place a large number of technical and organisational measures to ensure that your data is always protected.

2. Why we process your data

In principle you can use our websites without revealing your identity, but if you want to register for one of personalised services, to use our sample dispatch service or to contact us, we will ask for your name and other personal information. It is entirely up to you to decide to provide this (additional) information. Data of yours that we definitely require in order to provide our services is indicated as such.

Collection and processing of your personal data is undertaken for the following purposes on the basis of the following legal foundations:

  • Contract initiation as per Art. 6 par. 1 lit. a) and b) GDPR
  • Contract fulfilment as per Art. 6 par. 1 lit. b) GDPR
  • Customer management as per Art. 6 par. 1 lit. b) and c), f) GDPR
  • Communication and data exchange as per Art. 6 par. 1 lit. a), b), c), f) GDPR
  • Publicity and advertising as per Art. 6 par. 1 lit. a), f) GDPR
  • Implementation of declarations of consent as per Art. 6 par. 1 lit. a) GDPR
  • Ensuring proper operation of a data processing system as per Art. 6. par. 1 lit. c) and f) GDPR
  • Applicant selection procedure as part of personnel and resource management as per Art. 6 par. 1 lit. a), b) GDPR in combination with Section 26 BDSG-Neu.

3. Which data of yours we collect and process

We collect different categories of personal data of yours. Personal data is all information about an identified or identifiable person; a natural person is deemed to be identifiable if he or she can be identified directly or indirectly, especially by means of attribution to an identifier such as a name. Personal data includes information such as your name, address, telephone number and date of birth (if stated). Statistical information that cannot be connected with you either directly or indirectly, such as the popularity of our individual website pages or the number of page users, is not personal data. Data is collected directly and indirectly. In both cases data is only collected to the extent required and is processed solely for purposes listed at 2. (above). Whether you wish to provide us with data that may optimise the use of our services for you but is not eseential is for you to decide. These data fields are not stated to be mandatory.

Directly collected data is as follows:

  • Title and name, such as when ordering a sample
  • E-mail address, such as when contacting us via our contact form
  • Address data, such as for order fulfilment (shipping) as part of our sample dispatch or spare parts service
  • Job application data as part of our online application procedure
  • Data that you send us actively and deliberately as part of using our services
  • Further data that you provide voluntarily by, for example, entering data in fields that are not stated to be mandatory

In addition, data of yours is collected indirectly when you use our services:

  • Technical collection data or the Web page of ours you have opened, your IP address, excluding where possible the last three digits, the date and time of your visit and the terminal device used


Our website is not aimed at minors and we do not knowingly collect personal information of minors.

If persons under the age of 16 send us personal data it is only permissible if a parent or guardian has given consent or has approved the minor doing so. Art. 8 par. 2 GDPR specifies that we must be notified of the parent or guardian’s contact data as evidence of this consent or approval. This data, along with that of the minor, is then processed in accordance with this data protection declaration.

If we discover that a minor under the age of 16 has sent us personal data without the parent or guardian’s consent or approval we will delete the data without delay.

This section does not apply to job applications that minors submit to us.

4. Who has access to your data and who we transfer it to

a) Access

Access to personal data of yours that we keep is limited to our employees and to the service providers that we employ and need to handle this personal data as part of their remit.  

If third parties have access to your data, either you have given us your consent or there is  a statutory basis for this access.

We may use service providers to provide services and process your data. Insofar as special provisions apply, we explain them as follows under the heading of the service in question. The service providers process the data in strict accordance with our instructions and undertake to comply with current data protection regulations. All contract processors are carefully chosen and only have access to your data to the extent and for the time required to provide their services or to the extent of data processing and usage to which you have given your consent.

b) Data transfer within the Mayer & Cie. Group

Any transfer of your data within the group of companies to which we belong will take place only within the EU/EEA and will serve administrative purposes only. We define the term group of companies as laid down in Art. 4. 19 GDPR.

c) Data transfer to third countries and its legal basis

The servers of some service providers we use are located in the United States and other countries that are not members of the European Union. Companies in these countries are subject to data protection legislation that does not protect general personal data to the same extent as the law in European Union member-states does. If your data is processed in a country that does not have such a recognised high standard of data protection as the EU does we will ensure by means of contractual arrangements or other recognised instruments that your personal data is suitably protected. We will explicitly notify you of this in the course of individual services.

If personal data is transferred to third countries it is done on the basis of the EU Commission’s ruling on the suitability of the EU-US Privacy Shield as per Art. 45 GDPR or is based on the Commission’s 05.02.2010 decision on standard contractual clauses for the transfer of personal data as per Art. 46 par. 2 lit. c GDPR in combination with 2010/87/EU or as per Art. 49 par. 1 lit. a GDPR.

d) Data transfer to law enforcement and criminal investigation authorities

In exceptional cases we hand over personal data to law enforcement and criminal investigation authorities. We do so on the basis of statutory requirements such as the provisions of the Criminal Procedure Code, the Tax Code, the Money Laundering Act or state police legislation.

5. Retention periods

We retain personal data as required by law or as agreed with you.

In determining the retention period we apply the following criteria:

We retain personal data until the purpose for which it was collected no longer applies (or the termination of a contractual relationship or final activity if there are no continuing obligations or if you revoke your consent to specific data processing).

Further retention is only undertaken if:

  • Statutory retention requirements (such as per Tax Code/AO or Commercial Code/HGB) apply;
  • The data is required to enforce and exercise legal rights or to defend against legal claims or in respect of technological and forensic requirements to ward off and pursue attacks on our web servers;
  • Its deletion would run counter the legitimate interest of the persons in question;


  • Another exception as per Art. 17 par. 3 GDPR should apply.

6. Your rights

You have a number of statutory rights to which we would like to draw your attention as follows. In addition, our Data Protection Officer (see contact data below) is of course at your disposal on all issues relating to and arising from your personal data that we collect and process.

a) Right to information and data portability

You have a right at all times to information about the personal information of yours that we process.

If the data processing is based on your consent or, as per Art. 6 par. 1 b) GDPR, on a contract, Art. 20 par. 1 GDPR entitles you to demand to be sent the personal data of yours that we hold in a structured, standard, machine-readable format. If you wish, we will also send the data directly to a recipient of your choice.

b) Right to rectification, restriction and deletion

Articles 16–18 GDPR also entitle you to demand from us the rectification, restriction (blocking) or deletion of your personal data if it was wrongly processed by us, if there is a ground for restricting further data processing or the data processing has become illegal for whatever reason or its retention is impermissible on other statutory grounds. Please note that your right to deletion may be restricted by statutory retention periods.

c) Right to object

If our data processing is based solely on our legitimate interest as per Art. 6 par. 1 f) GDPR, you can lodge an objection to it in accordance with Art. 21 par. 1 GDPR. We will then cease processing your data unless we can demonstrate protection-worthy reasons for processing it that outweigh your interests, rights and freedoms or show that processing serves to enforce, exercise or defend a legal claim. Furthermore you are always entitled by Art. 21 par. 2 GDPR to veto the future use of your data for the purpose of direct advertising.

d) Right to cancel

If you have given your consent to our processing of your personal data Art. 7 par. 3 GDPR entitles you to cancel or withdraw your consent to its further processing.

e) Right to complain to the supervisory authority

You are at liberty to complain to a supervisory authority if you are of the opinion that our processing of your personal data is in breach of the European GDPR or of other national or international data protection legislation.

The contact data of our supervisory authority is as follows:

Dr. Stefan Brink

Postfach 10 29 32

70025 Stuttgart


Königstrasse 10a

70173 Stuttgart

f) Contact data

To exercise your rights or withdraw your consent you can write to the following (please state which consent you are withdrawing:

Responsible party

Data protection officer

Mayer & Cie. GmbH & Co. KG
Emil-Mayer-Strasse 10
D-72461 Albstadt

Managing directors of the Kommanditgesellschaft:
Marcus Mayer, Benjamin Mayer

it.sec GmbH & Co.KG
Einsteinstrasse 55
89077 Ulm

7. Use of our website – Profiling, cookies and Web tracking

a) Google Maps


Our website uses Google Maps. When you use Google Maps on the website data is sent to Google.

Responsible party with whom Google Maps is jointly operated on our website (“Google”):

Google LLC
1600 Amphitheatre Pkwy
Mountain View
CA, 94043 USA

Responsible for processing the data of persons living in the EU/EEA and Switzerland:

Google Ireland Ltd.
Gordon House, Barrow Street, Dublin 4

An agreement between the jointly responsible parties as per Art. 26 par. 1 GDPR specified who fulfils which undertaking in respect of the GDPR

For the agreement with Google as per Art. 26 par. 1 GDPR use the following link:

Data protection contact data:

Google’s data protection officer can be contacted by using the following Web form:

Categories of persons affected:

Visitors to our website who use Google Maps

Categories of personal data:

Use the following link to find out what data of our website visitors Google processes:, plus the separate data protection regulations for Google Maps:

Origin of data

Google receives the data of persons affected directly from our website.

Legal basis for data processing

We only use Google Maps with your consent as per Art. 6 par. 1 lit. a) GDPR.

Visit the following link for the legal basis on which Google undertakes the data processing:, plus the separate data protection regulations for Google Maps:

Purposes of data processing

We use Google Maps to enable you to plan your route and for the following purposes:

–        Publicity and advertising

–        Communication and exchange of data

–        Event management

–        Contract initiation and fulfilment as applicable

For the purposes that Google pursues in processing the data visit the following link:, plus the separate data protection regulations for Google Maps:

Storage period

We store no data.

Data retention and deletion are Google’s responsibility. For details visit the following link:, plus the separate data protection regulations for Google Maps s:

Categories of recipient

We and our employees and service providers have no access to the data that Google processes.

For the categories of recipient to whom Google disclose the data and for information about data exchange within the Google Group visit the following link:, plus the separate data protection regulations for Google Maps:

Data transfer to third countries

When you use Google Maps, data is processed by Google LLC. The data transfer to the United States, a third country without an adequaste level of data protection, is covered by Google LLC’s EU-US Privacy Shield certification:

On the basis of EU-US Privacy Shield agreements Google LLC is required to grant persons affected various rights they can then assert directly against Google LLC:

Google will transfer the data irrespective of the place of residence of persons affected to the United States, Ireland and any other country in which Google does business for storage and processing of any kind there. Data transfer to tird countries is covered by a suitability ruling of the EU Commission as per Art. 45 GDPR or by suitsble guarantees as per Art. 46 GDPR:

Logic involved and scope of profiling or automated individual decision on the basis of data collected

If persons affected can be tracked by collecting their data, be it by using cookies or comparable technologies or by storing the IP address, Google has an obligation to inform them.

For further information use the following link:, plus the separate data protection regulations for Google Maps:

Rights of persons affected

The jointly responsible parties must grant the persons affected various rights in respect of processing of their data.

The rights to which the persons affected are entitled are stated in our data protection regulation. They can be asserted directly against Google.

The supervisory authority responsible for Google is:
Data Protection Commission
21 Fitzwilliam Square, Dublin 2
D02 RD28, Ireland
Web address:

b) YouTube video embedded by iFrame in extended data protection mode

We use YouTube, a Google service, to show you video content. To protect your privacy we have activated the extended data protection mode.

YouTube uses cookies to collect information about visitors to its website. YouTube uses it inter alia to record video statistics, to prevent fraud and to improve user friendliness. Accessing a video also leads as a rule to a connection with the Google DoubleClick network. Playing the video can also trigger further data processing, especially if you are already logged in to YouTube. That is something on which we have no influence.

By pressing the video’s start button you consent to the transfer of data to YouTube LLC:

For further information about data protection at YouTube read the company’s data protection declaration at

Data recipient: YouTube LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy Shield:

c) MyFonts Counter

On this website we use MyFonts Counter, a Web analysis service of MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA. On the basis of the license terms page view tracking is used to count the number of page views for statistical purposes and send the figures to MyFonts. MyFonts collects only anonymised data. Data is passed on as required by activating JavaScript code in your browser. To prevent entirely the execution of JavaScript code by MyFonts you can install a JavaScript blocker such as

For further information about the MyFonts Counter see the MyFonts data protection notice at

8. Additional notes and regulations governing individual services

a)    Data transfer via the contact form

We retrieve the following data from the Web form:

  • Company (mandatory)
  • Name and first name (mandatory)
  • Function/Position
  • Street and house number
  • Post code and city
  • State (mandatory)
  • E-mail address (mandatory)
  • Phone number (mandatory)
  • Fax number/Callback request (mandatory)
  • Message

Data that you send us via the contact form is processed for the purpose of communication and data exchange as per Art. 6 Abs. 1 lit. a), b), f) GDPR. This data is stored for as long as required for processing or until the end of any subsequent retention period.

e) Online job application procedure

We provide you with the opportunity to submit a job application online to karriere-ausbildung/offene-stellen. You will then be redirected to

You can apply online for a specific job or submit an unsolicited job application.

In either case we will request the following data as part of your online application:

Mandatory fields:

  • Name and first name
  • Street and house number
  • Post code and city
  • Phone number (optional)
  • State
  • E-mail address (optional)
  • Area in which you are interested
  • Expected salary (optional for an unsolicited application)

Voluntary disclosures:

  • Salutation and title
  • Alternative phone number
  • Date of birth
  • Expected salary
  • Job title
  • How you found out about us
  • Last job (not for unsolicited applications)
  • Highest educational qualification (not for unsolicited applications)
  • Vocational training (not for unsolicited applications)
  • Studies (not for unsolicited applications)

When applying online you must also attach your application documents in full and may upload an application photo.

The data you have entered and the attachments you have sent with it are transferred via a secure connection.

When your unsolicited application is uploaded your data from the letter and your CV are read automatically and inserted into our form. This data is transferred to Textkernel. Textkernel evaluates it and transfers the result of the evaluation to our application system d.vinci. The documents are stored temporarily in Textkernel for processing. Once the result has been sent to d.vinci, Textkernel deletes the document. Appropriate data protection agreements have been concluded with Textkernel.

By using the appropriate buttons on the website you can also share your data with us via LinkedIn or Dropbox. If you share your data via LinkedIn we will request your permission to access your name, your photo, your slogan and your current positions and to use the primary e-mail address that is linked with the account.

In addition, the data protection notice of the service that you use to send your data will be applicable.

Your electronic job application data will be received by the relevant personnel department and passed on only to the department that is responsible for the position in question or to the persons tasked with dealing with it. Everyone involved will treat your application documents with all due care and as absolutely confidential.

Once the selection process is over we keep your application documents for a further three months and then delete them and destroy any copies if we have not signed a contract of employment with you. If we would like to include your application documents in our pool of applicants we will contact you accordingly. In the notification you can consent actively to the further retention of your documents. Your application account and the data stored in it will remain stored irrespective of any specific active application as long as you don’t deactivate it so that you can apply for further jobs at Mayer & Cie.

Please note that applications you send to us by e-mail are sent to us unencrypted. So we recommend you use the online application portal.