Privacy Policy

Thank you for visiting our website. Protecting your privacy is of the utmost importance to us; therefore, we collect, process, and use your personal data collected during your visit to our website only to the extent that you have consented to such processing or where there is a corresponding legal basis. We will neither publish your data nor unlawfully disclose it to third parties. This Privacy Policy applies to all data collection and other data processing by MEKRA Lang GmbH & Co. KG in connection with the operation of the company website.

We reserve the right to amend this Privacy Policy at any time with future effect. The current version of the Privacy Policy can be accessed, saved, and printed from our website at any time. Below, we provide detailed information about what data is collected during your visit to our website, to what extent and for what purposes it is used, and we inform you of the rights to which you are entitled as a data subject.

Contact Information of the Data Controller

The data controller is:

MEKRA Lang GmbH & Co. KG Buchheimer Str. 4 91465 Ergersheim

Management: Susanne Lang, Bernd Dehner, Thomas Kolodziej

Contact: Phone: +49 9847 989-0 Fax: +49 9847 989 8160 Email: info@mekra.de

Data Protection Contact: Email: datenschutz@mekra.de

Purposes and Legal Basis for Data Processing

When processing your personal data, we comply with the provisions of the GDPR and all other applicable data protection regulations. The legal bases for data processing are derived in particular from Article 6 of the GDPR.

We use your data to initiate business relationships, to fulfill contractual and legal obligations, to execute the contractual relationship, to offer products and services, and to strengthen customer relationships, which may also include analyses for marketing purposes and direct marketing.

Your consent to data processing may also constitute a legal basis under data protection law. Before you grant your consent, we will inform you of the purpose of the data processing and your right to withdraw consent.

If the consent also relates to the processing of special categories of personal data, we will expressly point this out to you in the consent form. Processing of special categories of personal data pursuant to Art. 9 of the GDPR will only take place if this is required by legal provisions and there is no reason to assume that your legitimate interest in excluding such processing outweighs this requirement.

Disclosure to Third Parties

We will only disclose your data to third parties within the scope of legal provisions or with your consent. Otherwise, no disclosure to third parties will take place, unless we are required to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).

Recipients of the Data / Categories of Recipients

Within our company, we ensure that only those individuals who need your data to fulfill contractual and legal obligations receive it.

In certain cases, service providers assist our departments in fulfilling their tasks. The necessary data protection agreements have been concluded with all service providers. This includes in particular the following categories of service providers:

  • Hosting: Hetzner Online GmbH (infrastructure and server operations)
  • Applicant management: Perbility GmbH / Concludis (applicant portal)
  • Map services: Google Ireland Limited / Google Maps (dealer search and location map)

Transfer to Third Countries / Intention to Transfer to Third Countries

Data transfers to third countries (outside the European Union or the European Economic Area) only take place to the extent that this is necessary for the performance of the contractual relationship, required by law, or you have given us your consent.

We transfer personal data to service providers outside the European Economic Area, namely to the USA (via the integration of Google Maps and YouTube, both services of Google Ireland Limited). Compliance with the level of data protection is ensured by EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

Data Retention Period

We store your data for as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g., the German Commercial Code, the German Fiscal Code, etc.). Unless further retention obligations exist, the data will be routinely deleted once the purpose has been fulfilled.

In addition, we may retain data if you have given us your consent to do so or if legal disputes arise and we use evidence within the scope of statutory limitation periods, which can be up to thirty years; the standard limitation period is three years.

Obligation to Provide Data

Various personal data are necessary for the establishment, performance, and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

We have summarized the details for you in the section above. In certain cases, data must also be collected or provided due to legal requirements. Please note that processing your request or fulfilling the underlying contractual relationship is not possible without the provision of this data.

Categories, Sources, and Origin of Data

The specific context determines which data we process: This depends on whether, for example, you place an order online or submit an inquiry via our contact form, whether you send us a job application or file a complaint.

Please note that we may also provide information for specific processing situations separately in the appropriate place, e.g., when uploading application documents or submitting a contact request.

Storage of Access Data

You can visit our website without providing any personal information. We only automatically store access data in so-called server log files each time you access our website. The following data is collected and stored at the time of access:

  • IP address
  • Browser type and browser version
  • Date and time of the request
  • Name of the requested file
  • Name of the file from which the file was requested
  • Amount of data transferred and access status
  • A description of the web browser and operating system used
  • The name of your Internet service provider

This data is technically necessary to display our website to you and to ensure the stability and security of the web service (e.g., for error diagnosis, to defend against attacks, or to track security-relevant access). The IP address is required for the technical delivery of content and is automatically deleted after 7 days at the latest, unless a security-relevant event requires longer retention.

No merging of this data with other personal data takes place. The log data is evaluated exclusively in anonymized form for statistical purposes and stored separately from other data.

The legal basis for the processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring smooth technical operations and the security of our systems.

Cookies

Our website uses so-called cookies. They serve to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your device and saved by your browser (locally). Cookies contain only pseudonymous data. Some cookies remain active for the duration of a browser session (so-called session cookies), while others are stored for a longer period (so-called persistent cookies, e.g., consent settings). The latter are automatically deleted after the specified time (usually 1 year). In addition to our own cookies, we also use cookies controlled by third-party providers. These providers use the information contained in the cookies to, for example, display content to you or track the pages you visit.

We use the following cookies:

  • gmapsConsent – stores your consent to the use of Google Maps for a period of one year.
  • concludisConsent – stores your consent to the use of the applicant portal (Concludis) for a period of one year.

Subject to your consent, additional cookies are used that enable us or third parties, for example, to analyze how our services are used. This allows us to tailor content to user needs. In addition, cookies allow us to measure the effectiveness of a specific advertisement and to place it, for example, based on the user's thematic interests. The legal basis for this is your explicit consent (Art. 6(1)(a) GDPR, § 25(1) TTDSG).

You can revoke your consent at any time via this Privacy Policy and the "Revoke consents" button in the footer of this website with future effect and change your cookie settings. Please note that changes must be made separately for each device.

If you maintain accounts with the third-party providers we use and are logged in there, your data may be linked to the respective account. You can prevent such a link by not granting or by revoking your consent to the relevant cookies, or by logging out of the respective third-party providers beforehand.

Most browsers accept cookies automatically. You can also manually disable, restrict, or delete cookies on your device via your browser settings or using software. If you disable cookies, full use of our website will not be possible or will be limited.

Matomo

To analyze our website, we use the open-source web analytics service Matomo (formerly PIWIK). The legal basis for the processing of personal data is Art. 6(1)(f) GDPR (legitimate interest in the analysis and improvement of our web services).

Matomo uses methods that enable an analysis of your use of our website, in particular which website you came from (so-called referrer), which subpage you access, and how often and for how long you view a subpage. Matomo does not use cookies, so no separate revocation is required. The information collected by Matomo regarding the use of this website is stored on our server. The IP address is anonymized before storage.

Processing this personal data enables us to analyze our users' browsing behavior. By evaluating this data, we are able to continuously improve our website and its user-friendliness. Anonymizing the IP address sufficiently addresses users' interest in the protection of their personal data.

When individual pages of our website are accessed, the following data is stored:

  • Two bytes of the IP address of the user's accessing system
  • The webpage accessed
  • The website from which the user accessed the visited webpage (referrer)
  • The subpages accessed from the visited webpage
  • The duration of the visit to the webpage
  • The frequency of visits to the website

The software runs exclusively on our website's servers. Users' personal data is stored only there. The data is not shared with third parties.

Google Maps

This website integrates the map service Google Maps on the basis of your consent (Art. 6(1)(a) GDPR, as well as § 25(1) TDDDG), a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Maps is a web service for displaying interactive maps to visually present geographical information.

Data Collection and Processing

When accessing pages that contain Google Maps, data such as IP address, browser information, and location data are transmitted to Google when you manually activate Google Maps. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account.

Data Transfer to Third Countries

In the context of data processing by Google Maps, your data may be transferred to third countries, including the USA, where there is no adequate level of data protection within the meaning of the GDPR.

Compliance with the European level of data protection for the transfer and processing of data to third countries is ensured through contractual arrangements and guarantees. If data processing in third countries takes place on the basis of your consent (Art. 49(1)(a) GDPR), you will be informed of this and given the opportunity to withdraw your consent.

In the case of a transfer to the USA, there is a risk that US authorities may access this data under certain circumstances. In this case, the protection of your data may not correspond to the level of data protection applicable in the EU, which may mean that your data may be used for profiling or surveillance measures without you being informed or without effective legal remedies being available.

Data Retention

The retention period of data collected by Google Maps is governed by Google's privacy policies. Since Google Maps may use data in connection with other Google services, you can find detailed information on the storage and processing of this data in Google's privacy policies.

Your Rights and Options

Withdrawal of consent: You can revoke your consent at any time with future effect via the "Revoke consents" button in the footer of this website.

Deleting cookies: You have the option of deleting the relevant cookies in your browser to prevent data processing.

Further Information

Further details on the terms of use and data protection can be found at the following links:

Google Maps Terms of Use: https://www.google.com/intl/de_US/help/terms_maps/

Google Privacy Policy and Terms of Use: https://policies.google.com/terms?hl=de&gl=de

YouTube Platform (Embeds)

On our website, we embed videos from the YouTube platform. The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the so-called "enhanced privacy mode" via the domain . According to YouTube, no cookies are set and no user data is stored in this mode as long as you do not play the video. However, when the page loads, a connection to YouTube's servers is established and your IP address is transmitted. A transfer to a third country (USA) may take place in this process.

The legal basis is Art. 6(1)(f) GDPR in conjunction with § 25(2) TDDDG (legitimate interest in embedding video content to inform users). Since is technically the most privacy-friendly embedding method and does not set tracking cookies, our legitimate interest in providing clear and informative content outweighs any potential impact on users.

In the context of data processing by Google, your data may be transferred to third countries, including the USA. Compliance with the European level of data protection is ensured by EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

For more information on data protection at YouTube, please refer to Google's Privacy Policy: https://policies.google.com/privacy

Social Media Links

On our website, you will find links to the social media services of YouTube and Instagram. You can recognize links to the websites of these social media services by the respective company name. If you follow these links, you will be directed to the MEKRA Lang GmbH & Co. KG profile on the respective social media service. When you click a link to a social media service, a connection is established with the servers of that social media service. This transmits to the social media service's servers that you have visited our website. Additionally, further data is transmitted to the provider of the social media service. This includes, for example:

  • The address of the webpage on which the activated link is located
  • Date and time of the website visit or activation of the link
  • Information about the browser and operating system used
  • IP address

If you are already logged in to the respective social media service at the time the link is activated, the provider of the social media service may be able to determine your username and, in some cases, even your real name from the transmitted data and associate this information with your personal user account. You can prevent this association by logging out of your account beforehand.

The servers of the social media services are located in the United States and other countries outside the European Union. The data may therefore also be processed by the social media service provider outside the European Union. Please note that companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as is the case in the member states of the European Union.

Please note that we have no influence over the scope, nature, and purpose of data processing by the social media service provider. For more information on how your data is used, please refer to the privacy policy of the respective social media service.

SSL Encryption

We use SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the website operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock icon in your browser bar.

When SSL encryption is enabled, the data you transmit to us cannot be read by third parties.

Data Security

We have implemented appropriate technical and organizational safeguards to protect your data from unauthorized access, misuse, unauthorized disclosure, and alteration, as well as loss and destruction. Your personal data is stored and processed exclusively within the European Union. We only make personal data available to those employees who need it to provide our websites and deliver the requested services and information.

However, you should also take precautions to protect your personal data, in particular by keeping your login information confidential and monitoring and controlling access to your computer.

Contact Form / Contact via Email (Art. 6(1)(a), (b) GDPR)

Our website features a contact form that can be used to contact us electronically. When you write to us via the contact form, we process the data you provide in the contact form to contact you and respond to your questions and requests.

In doing so, we adhere to the principles of data minimization and data avoidance, meaning you only need to provide the data that is strictly necessary for us to contact you. This data is marked with an asterisk (*) in the contact form. All other data fields are optional and may be provided at your discretion (e.g., to receive a more personalized response to your questions).

In the contact form, we collect and process the following data:

Required information:

  • Title*
  • Last name*
  • First name*
  • Email address*
  • Subject*

Optional information:

  • Department
  • Phone
  • Company
  • Country

In addition, your IP address is processed for technical reasons and to ensure legal compliance.

To best protect the security and confidentiality of your data, we implement appropriate security measures. Your inquiry is transmitted to us in encrypted form.

If you contact us via email, we will process the personal data provided in the email solely for the purpose of handling your inquiry. If you do not use the contact forms provided, no further data will be collected.

Job Applicant Portal (Art. 6(1)(a), (b) GDPR)

We appreciate your interest in working at MEKRA Lang GmbH & Co. KG. We are aware of the importance of your data and process the personal data you provide in the application form solely for the purpose of effectively and correctly handling the application process and for contacting you during the application process. Your data will not be disclosed to third parties without your consent.

For the technical provision of the application form, we use the Concludis service provided by Perbility GmbH, Starkenfeldstraße 21, 96050 Bamberg. The form is only loaded upon your explicit consent, during which your IP address is transmitted to the servers of mekralang.concludis.de. The legal basis for the integration of Concludis is Art. 6(1)(a) GDPR. You can revoke your consent at any time via the "Revoke consents" button in the footer of this website. A cookie (concludisConsent) is set for a period of one year. The applicant data itself is processed exclusively for handling your application and will not be disclosed to any third parties without your consent.

In the application form, you will be asked to provide personal data. In doing so, we adhere to the principles of data minimization and data avoidance, meaning you are only required to provide the data we need to fully review your application documents—such as your resume, certificates, and similar documents—or data that we are legally obligated to collect. These required fields are marked with an * (asterisk). For technical reasons and to ensure legal compliance, your IP address is also processed.

For online applications, we collect and process the following data:

Required information:

  • First name*
  • Last name*
  • Street, house number, ZIP code, city*
  • Country*
  • Email address*
  • Resume, etc.*
  • Salary expectations*
  • Availability*

Optional information:

  • Title
  • Academic title
  • Phone number
  • Additional information, if relevant

Unfortunately, without this information, we cannot review your application materials; therefore, our application system will not allow you to upload your application materials in this case. Of course, you have the option to provide additional information in the application form.

To ensure the best possible protection of the security and confidentiality of your data, we implement appropriate security measures. Your application documents are transmitted to us in encrypted form via our application system.

We store your data for the purpose mentioned above until the application process is complete and any related deadlines have expired—no later than six months after receiving a decision.

For online applications, we use—subject to your consent (Art. 6(1)(a) GDPR)—the software solution Concludis provided by Perbility GmbH, Starkenfeldstraße 21, 96050 Bamberg. This is an applicant management system. Further details on data protection can be found at the following link: Privacy Policy of Perbility GmbH.

Social Media Presence

MEKRA Lang GmbH & Co. KG maintains presences on social media platforms, specifically on Facebook, Instagram, YouTube, and LinkedIn. To the extent that we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with.

Below you will find the most important data protection information regarding our presences.

Name and Address of the Controllers

Responsible for the company presences within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations, in addition to MEKRA Lang GmbH & Co. KG, are:

Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)

You use these platforms and their features at your own risk. This applies in particular to the use of interactive features (e.g., commenting, sharing, rating).

We also wish to inform you that your data may be processed outside the European Union in this context.

Purpose and Legal Basis

We maintain the fan pages ourselves to communicate with visitors to these pages and to inform them about our offerings.

We also collect data for statistical purposes in order to further develop and optimize content and make our offering more attractive. The data required for this purpose (e.g., total number of page views, page activities, and data provided by visitors, interactions) is compiled by the social networks and made available to us. We have no influence over the generation and presentation of this data.

In addition, your personal data is processed by the providers of the social media platforms for market research and advertising purposes. It is possible, for example, that usage profiles are created based on your usage behavior and the resulting interests. This may allow, among other things, advertisements to be placed within and outside the platforms that correspond to your interests. Cookies are typically stored on your computer for this purpose. Regardless of this, data that is not collected directly from your devices may also be stored in your usage profiles. Storage and analysis also take place across devices, particularly, but not exclusively, if you are registered as a member and logged in to the respective platforms.

Beyond this, we do not collect or process any personal data from your use of our social media presences — neither through surveys, prize draws, nor through forms.

Note on job applications via Perspective Funnels: An exception applies to our Perspective Funnels used for job applications on our social media channels. If you apply through these, the relevant personal data will be collected. For further information, please visit: https://mekra.de/de/service/informationspflichten-perspectivefunnel

The processing of your personal data by MEKRA Lang GmbH & Co. KG is carried out on the basis of our legitimate interests in effective information and communication in accordance with Art. 6(1)(f) GDPR.

If you are asked to consent to data processing, i.e., if you give your consent by confirming a button or similar (opt-in), the legal basis for the processing is Art. 6(1)(a) and Art. 7 GDPR.

Your Rights / Right to Object

If you are a member of a social network and do not want the network to collect data about you via our presence and link it to your stored member data on the respective network, you must:

  • log out of the respective network before visiting our fan page,
  • delete the cookies stored on your device, and
  • close and restart your browser.

However, once you log in again, you will once more be recognizable to the network as a specific user.

For a detailed description of the respective processing activities and opt-out options, please refer to the information provided by the providers:

Facebook Privacy Policy: https://www.facebook.com/about/privacy/ Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

Instagram Privacy Policy: https://help.instagram.com/519522125107875 Opt-out: optout.networkadvertising.org/ and http://www.youronlinechoices.com

LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy Opt-out: https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com

YouTube Privacy Policy: https://policies.google.com/privacy Opt-out: https://tools.google.com/dlpage/gaoptout?hl=de and http://www.youronlinechoices.com

In total, you have the following rights regarding the processing of your personal data: Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint about unlawful processing of your personal data with the competent data protection authority.

Since MEKRA Lang GmbH & Co. KG does not have full access to your personal data, you should assert your rights directly with the providers of the social media platforms, as they have access to the personal data of their users and can take appropriate measures and provide information.

Should you nevertheless need assistance, we will of course try to support you. Please contact us at datenschutz@mekra.de.

Notes on Copyright and Art Copyright

Should you wish to publish images, texts, plans, videos, music, etc. on our presence, you should be aware that you may thereby transfer all usage rights to the network, which could ultimately have legal consequences for you if you are not yourself the author or rights holder.

Right to Access, Erasure, Restriction, and Withdrawal

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have data subject rights vis-à-vis the controller (= website operator). These rights are set out in Art. 15 – 22 GDPR. This includes:

  • The right of access (Art. 15 GDPR),
  • The right to erasure (Art. 17 GDPR),
  • The right to rectification (Art. 16 GDPR),
  • The right to data portability (Art. 20 GDPR),
  • The right to restriction of data processing (Art. 18 GDPR),
  • The right to object to data processing (Art. 21 GDPR).

To exercise these rights, please contact: datenschutz@mekra.de. The same applies if you have questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.

For Bavaria, this is the:

Bavarian State Office for Data Protection Supervision Promenade 27 (Schloss) 91522 Ansbach Phone: +49 (0) 981 53 1300 Fax: +49 (0) 981 53 98 1300 Email: poststelle@lda.bayern.de

If you have consented to the use of your personal data, you may revoke your consent at any time without providing a reason by sending an email to datenschutz@mekra.de, effective for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to the revocation.

Right to Object

Please note the following in connection with rights to object:

If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing reasons. This also applies to profiling, insofar as it is related to direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and may be submitted in any form, preferably to: datenschutz@mekra.de

In the event that we process your data to safeguard legitimate interests, you may object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Automated Individual Decision-Making

We do not use fully automated processing to make decisions.

Online Services for Children

Persons under the age of 16 may not submit any personal data to us or provide a declaration of consent without the consent of their legal guardians. We encourage parents and legal guardians to actively participate in their children's online activities and interests.

Links to Other Providers

Our website also contains—clearly identifiable—links to the websites of other companies. Where links to websites of other providers are present, we have no influence over their content. Therefore, we cannot assume any liability or guarantee for this content. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognizable infringements at the time the links were created. No illegal content was identifiable at the time the links were created. However, continuous monitoring of the content of the linked pages is not reasonable without concrete evidence of a legal violation. If legal violations become known, such links will be removed immediately.

Other Information

Please note that complete confidentiality and data security cannot be guaranteed when communicating via the Internet (e.g., via email). We therefore recommend sending confidential information by mail.


Privacy policy :: MEKRA Lang