Privacy and Data Protection Policy of Mayer Sitzmöbel GmbH & Co. KG

Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions on the protection of personal data, in particular the General Data Protection Regulation (GDPR) and the country-specific implementing laws applicable to us. With the help of this data protection declaration, we inform you comprehensively about the processing of your personal data by Mayer Sitzmöbel GmbH & Co. KG and the rights to which you are entitled. 

Personal data is information that makes it possible to identify a natural person. This includes in particular name, date of birth, address, telephone number, E-mail address but also your IP address.

Anonymous data exists when no personal reference to the user can be established.

Responsible body and data protection officer

Mayer Sitzmöbel GmbH & Co.KG (hereinafter „Mayer“), Am Brunnen 7, 96257 Redwitz, Germany

Contact information:
Webadress: www.mayersitzmoebel.de
Email: mensch@mayersitzmoebel.de
Phone: +49 9264 800-0, Fax: +49 9264 80 253
Contact of the data protection officer: dsb@mayersitzmoebel.de

Your rights as a data subject

First of all, we would like to inform you about your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR, and include:

• The right of access (Art. 15 GDPR),
• The right to erasure / right to be forgotten (Art. 17 GDPR),
• The right to rectification (Art. 16 GDPR),
• The right to data portability (Art. 20 GDPR),
• The right to restriction of data processing (Art. 18 GDPR),
• The right to object to data processing (Art. 21 GDPR).

To exercise these rights, please contact the data protection officer, Email: dsb@mayersitzmoebel.de. The same applies if you have any questions regarding data processing in our company or when you withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.

Rights of objection

Please note the following in connection with rights of objection:

If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling, insofar as it is related to direct advertising.   If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made form-free, if possible to: dsb@mayersitzmoebel.de   If we process your data to protect legitimate interests, you may object to this processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions.   We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.

Purposes and legal basis for data processing

When processing your personal data, the provisions of the GDPR and all other applicable data protection regulations are complied with. Legal bases for data processing result in particular from Art. 6 GDPR.

We use your data to initiate business, to fulfil contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.

Your consent to data processing may also constitute a permission requirement under data protection law. Before giving your consent, we will inform you about the purpose of the data processing and about your right of revocation.

Disclosure to third parties

We will only pass on your data to third parties within the framework of the statutory provisions or with the corresponding consent. Otherwise, we will not disclose your data to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).

Recipients of the data / categories of recipients

Within our company, we ensure that only those persons receive your data who need them to fulfil contractual and legal obligations.

In certain cases, service providers support our specialist departments in the fulfilment of their tasks. The necessary data protection contracts have been concluded with all service providers.

Third country transfer / intention to transfer to a third country

Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the implementation of the contractual relationship, is required by law or you have given us your consent.

We transfer your personal data to a service provider outside the European Economic Area, namely to the USA.

Compliance with the level of data protection is guaranteed by standard contractual clauses that we have concluded with the service provider.

Duration of data storage

We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. German Commercial Code, German Fiscal Code, etc.). If there are no further storage obligations, the data will be routinely deleted once the purpose has been achieved.

In addition, we may retain data if you have given us permission to do so or if there is a legal dispute and we use evidence under statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.

Secure transfer of your data

In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorised persons, we use appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

The exchange of data to and from our website and our "Mayer Nextcloud" image database (hereinafter "Nextcloud") is encrypted. We offer HTTPS as the transmission protocol for our website and our "Nextcloud", in each case using the current encryption protocols. The decryption of this data is only possible for us. There is also the option of using alternative communication channels (e.g. the postal service).

Obligation to provide data

Various personal data are necessary for the establishment, implementation and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

We have summarised the details for you in the point above. In certain cases, data must also be collected or made available due to legal requirements. Please note that it is not possible to process your enquiry or implement the underlying contractual relationship without providing this data.

Categories, sources and provenance of the data

The respective context determines which data we process: This depends on whether you place an order online, for example, or enter an inquiry in our contact form, whether you send us an application or submit a complaint.

Please note that we may also provide information for special processing situations separately at a suitable point, e.g. when uploading application documents or when making a contact request.

Provision of the website

When you visit our website, we collect and process the following data:

• Information about the website from which you are visiting us
• Web browser and operating system used
• Host name of the accessing computer
• The IP address assigned by your internet service provider
• Time of server request
• For reasons of technical security (in particular to prevent attempts to attack our web server), this data is stored in accordance with Art. 6 Paragraph 1 lit. f GDPR. After 7 days at the latest, the IP address is anonymized by shortening it so that no reference to the user is made.

We collect and process the following data for our newsletter:

• Name
• Company *
• Dealer number
• Email address *

(* = mandatory)

We collect and process the following data for our “Mayer Nextcloud” image database (hereinafter “Nextcloud”):

• Email address *
• Dealer number *
• Company *

(* = mandatory)

In the context of a contact request, we collect and process the following data:

• First name, last name
• Company
• Email address *
• Your message *

(* = mandatory)

In the course of a visit to our B2B store, we collect and process the following data:

• Email address *

(* = mandatory)

Contact form / contact by Email (Art. 6 para. 1 lit. a, b GDPR)

There is a contact form on our website that can be used for electronic contact. If you write to us via the contact form, we will process the data you provide in the contact form to contact you and answer your questions and requests.

Here, the principle of data economy and data avoidance is observed, in that you only have to provide the data that we absolutely need to contact you. These are your Email address and the message field itself. In addition, your IP address is processed for technical necessity as well as for legal protection. All other data are voluntary fields and can be provided optionally (e.g. to answer your questions more individually).

If you contact us by Email, we will process the personal data provided in the Email solely for the purpose of processing your request.

Newsletter (Art. 6 para. 1 lit. a GDPR)

A free newsletter can be subscribed to on our website. We send newsletters with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. Here, the principle of data economy and data avoidance is observed, as only the company name and the E-mail address are marked as mandatory fields. Voluntary information is name and customer number. For technical necessity as well as for legal protection, your IP address is also processed when ordering the newsletter.

For the dispatch of newsletters so-called double opt-in procedure. I.e. you will only receive advertising by E-mail if you have previously expressly confirmed that you want us to activate the newsletter service. This is done by sending you a notification E-mail and asking you to confirm that you would like to receive our newsletter at this E-mail address by clicking on a link contained in this Email.

Please note that we also carry out personal tracking of the newsletter, for which you also give us your consent when you apply for the newsletter (Art. 6 para. 1 lit. a GDPR. For this purpose, we use the services of MailChimp. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of receiving newsletters (e.g. Email address), this will be stored on MailChimp's servers in the USA. Please note that your consent also explicitly includes this transfer to the USA (Art. 49 (1) p. 1 lit. a GDPR. In addition, we have concluded standard data protection clauses of the EU Commission with the provider.

With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to MailChimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

You can, of course, unsubscribe at any time via the unsubscribe option provided in the newsletter and thus revoke your consent. Furthermore, it is also possible to unsubscribe from our newsletter at any time directly by sending a message to mensch@mayersitzmoebel.de .

B2B shop (Art. 6 para. 1 lit. b GDPR)

We process the data you provide as part of the order form only for the execution or processing of the contractual relationship, unless you consent to further use.

The principle of data economy and data avoidance is observed in that you only have to provide us with the data that we absolutely need to execute the contract or to fulfill our contractual obligations (i.e. your Mayer customer number and E-mail address) or that we are legally obligated to collect. Payment is made by invoice as usual via our ERP system.

In addition, your IP address is processed for technical necessity and for legal protection. Without this data, we will unfortunately have to refuse to conclude the contract, as we will then not be able to do so or may have to terminate an existing contract. Of course, you can also provide more data of your own accord if you wish.

Registration "Mayer Nextcloud" / Dealer Login

On our website, we offer our dealers the option of registering for our "Nextcloud" by providing personal data in order to download digital communication media and image data there free of charge.

The principle of data economy and data avoidance is observed here, as only the data required for registration is requested. These are the E-mail address, dealer number and company when registering for the first time.

By registering on our "Nextcloud", the IP address of the user is stored in the error log of the "Nextcloud". Date and time are automatically removed after successful registration/activation. By triggering the button "Register now" you give your consent to the processing of your data.

Please note: The password automatically generated by our "Nextcloud" is "hashed" by us and can therefore no longer be decrypted. Employees of our company cannot read this password. They can therefore not give you any information if you have forgotten your password. In this case, please contact us by E-mail at mensch@mayersitzmoebel.de to have your password reset. No employee is authorized to request your password from you by telephone or in writing. Therefore, please never mention your password if you receive such requests.

Upon completion of the registration process, your data is stored with us for use within the protected customer area. As soon as you log in to our "Nextcloud" with your E-mail address as your user name and password, this data will be made available for actions performed by you on our "Nextcloud" (e.g. for downloading image material or digital advertising materials). Executed orders can be traced in the order history.

Registered persons are free to make changes / corrections to the billing or shipping address in the order history on their own. Changes / corrections are also gladly made by our customer service, if you contact them.

Of course, you can cancel or delete the registration or your user account at any time. To do so, please send a message to mensch@mayersitzmoebel.de.

Cookies (Art. 6 para. 1 p. 1 lit. f GDPR, § 25 para. 2 TTDSG)

Our website uses so-called cookies. They serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your terminal device and that your browser stores (locally). Cookies contain only pseudonymous, usually even anonymous data. Some cookies remain for the duration of a browser session (so-called session cookies), others are stored for a longer period of time (so-called persistent cookies, e.g. Consent settings). The latter are automatically deleted after the respective specified time (usually 6 months). In addition to our own cookies, those controlled by third-party providers may also be used. These use the information contained in the cookies, for example, to show you content or to record the pages you visit.

Based on our legitimate interest (Art. 6 para. 1 p. 1 lit. f GDPR, we use technically necessary cookies that are absolutely necessary for the operation of the website and to ensure its functionality. Furthermore, we use cookies without your consent insofar as their sole purpose is the storage of or access to information stored in the terminal device for the transmission of messages or they are absolutely necessary in order to be able to provide the service you have expressly requested, Section 25 (2) of the German Telecommunications and Telemedia Data Protection Act (hereinafter called “TTDSG”)

(Third-party) cookies requiring consent (e.g. marketing or tracking cookies) are not used on our website.

Most browsers accept cookies automatically. You can also manually deactivate, restrict or delete cookies on your end device via the settings of your browser or software-supported. If you deactivate the setting of cookies, the full use of our website is not possible or only possible to a limited extent.

Automated individual case decisions

We do not use any purely automated processing to arrive at a decision.

Advertising purposes existing customers (Art. 6 para. 1 lit. f GDPR)

The company Mayer is interested in maintaining the customer relationship with you and to send you information and offers about our products / services. Therefore, we process your data to send you relevant information and offers by Email. 

If you do not wish this, you can object at any time to the use of your personal data for the purpose of direct marketing; this also applies to profiling insofar as it is related to direct marketing. If you object, we will no longer process your data for this purpose.   The objection can be made free of charge and without formalities without giving any reasons and should preferably be addressed to +49 9264 800-0, by Email to mensch@mayersitzmoebel.de or by post to Mayer Sitzmöbel GmbH & Co.KG, Am Brunnen 7, 96257 Redwitz, Germany.

Links to other providers

Our website also contains - clearly recognisable - links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their content. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, such links will be removed immediately.