We value your trust and take the utmost care and apply the highest security standards to protect your personal data from unauthorized access.
The processing of personal data on our website www.mayrhoenes.de (hereinafter referred to as the “Website”) is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR), the Telecommunications and Digital Services Data Protection Act (TDDDG), and the Federal Data Protection Act (BDSG), as well as on the basis of this Privacy Policy.
Data Controller
The data controller within the meaning of the General Data Protection Regulation (GDPR) is:
MAYRHÖNES Metallumformung GmbH
Boschstraße 6
73655 Plüderhausen
+49 (0) 7181-9880-0
datenschutz@mayrhoenes.de
Contact for Data Protection Inquiries
Our company has appointed a Data Protection Officer, as the legal requirements under Article 37 of the GDPR in conjunction with § 38 of the BDSG have been met.
If you have any questions regarding the collection, processing, or use of your personal data, or if you wish to request information, correction, restriction, or deletion of your data, please contact: datenschutz@mayrhoenes.de
Data Processing on Our Website
When you visit our website, our web server temporarily stores each visit in a log file. The following data is collected and stored until it is automatically deleted:
• IP address of the requesting computer
• Date and time of the visit
• Name and URL of the file accessed
• Amount of data transferred
• Indication of whether the request was successful
• Identification data of the browser and operating system used.
This data is processed for the purpose of enabling the use of the website (establishing a connection), system security, technical administration, network infrastructure, and to optimize the website. This data is not used to identify individuals. This data is not combined with other data sources. The log file data is deleted as soon as it is no longer required for the aforementioned purposes. IP addresses are deleted or anonymized after 30 days at the latest.
The legal basis for data processing is Article 6 (1) sentence 1 lit. f) of the GDPR. Our legitimate interest lies in providing you with a functional, user-friendly, and secure website.
Collection, Processing, and Use of Personal Data
When processing data, your legitimate interests are always taken into account in accordance with legal provisions. Personal data is collected only if you voluntarily provide it to us when contacting us - including via email (e.g., title, first name, last name, company affiliation, address, email address, phone number, and the content of your message).
This personal data is processed for the purpose of handling and responding to your contact request, as well as for communicating with you. The legal basis for the processing is Article 6 (1) sentence 1 lit. f) of the GDPR (legitimate interest in the efficient handling of inquiries and the maintenance of business relationships).
If your contact is aimed at concluding a contract or is made in connection with the implementation of pre-contractual measures, the additional legal basis for processing is Article 6 (1) sentence 1 lit. f) of the GDPR.
The personal data you provide when contacting us will be deleted as soon as the purpose of processing no longer applies, in particular after your inquiry has been fully processed. Statutory retention obligations or claims remain unaffected.
The legal basis for any further storage of personal data due to tax or commercial law retention obligations is Article 6 (1) sentence 1 lit. f) of the GDPR in conjunction with Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB).
Our Security Standards
Your personal data is transmitted over the Internet via our website using the SSL (Secure Socket Layer) security protocol. This technology offers a high level of security and is therefore also used by banks, for example, to protect data during online banking. We protect our websites and other systems through technical and organizational measures against the loss, destruction, unauthorized access, alteration, or disclosure of your data by unauthorized persons.
Automated Decision-Making and Profiling
Your personal data will not be used for automated decision-making or profiling.
Cookies
Our website uses cookies. These simplify and speed up your experience on our website. You can disable cookies in the settings of most browsers.
Essential Cookies
These cookies are necessary for the technical operation and secure use of the website. Without these cookies, the website cannot function properly.
| Cookie | Purpose | Retention Period |
| PHPSESSID | Storing the visitor's session while the page is being viewed | Until the end of the browser session |
| _language | Saving the language selected by the user | 30 days |
| _csrf | Protecting forms from abusive or automated requests | Until the end of the browser session |
| cookie_consent_status | Saving the user's selection in the cookie banner | 12 months |
Legal basis:
• § 25 Abs. 2 Nr. 2 TDDDG (storage strictly necessary for technical reasons)
• Art. 6 Abs. 1 lit. b GDPR (provision of the website)
• Art. 6 Abs. 1 lit. f GDPR (Ensuring stable and secure website operation)
These cookies are set automatically and cannot be disabled.
Non-essential cookies (statistics/analysis)
These cookies are only set with your explicit consent. They are used to analyze how our website is used in order to improve its content and functionality.
Cookies used:
Cookie: _ga
Provider: Google Analytics
Purpose: To distinguish users using a unique ID for audience measurement
Duration: 12 months
Cookie: _ga_B0LNY9YBY3
Provider: Google Analytics (GA4)
Purpose: Session and usage tracking for the respective GA4 property
Storage period: 12 months
Legal basis:
• Section 14(1) TDDDG
• Art. 6 Abs. 1 lit. a GDPR (Consent)
Data processing will only take place if you have consented to the “Statistics” category in the cookie banner.
You may revoke your consent at any time with future effect via the cookie or consent settings. After revocation, these cookies will no longer be set.
Cookie Consent and Analytics Services
If you have consented to the “Analytics” category in the cookie banner, we use services to analyze website usage for statistical purposes. These services allow us to evaluate usage behavior in order to optimize our website in terms of both technology and content. In doing so, information such as page views, interactions, duration of use, or technical characteristics of the device used may be processed. Processing takes place exclusively with your express consent.
The following statistics services are used:
• cdn.trackboxx.info/p/tracker.js – Visitor tracking
• visableleads.com – B2B visitor and reach analysis
• Google Tag Manager / Google Analytics – Management and evaluation of tracking and statistics services
The storage and retrieval of information on your device are carried out exclusively on the basis of your consent in accordance with Section 25(1) TDDDG. The subsequent processing of personal data is carried out on the basis of your consent in accordance with Art. 6 Abs. 1 lit. a GDPR.
The information collected by the analytics services is stored as follows:
Google Analytics cookies (e.g., _ga, GA4 property cookies): 12 months
Other statistical identification or event data: up to 12 months, unless deleted earlier
After that, the data is automatically deleted or anonymized.
The analysis is performed anonymously or pseudonymously. We do not identify you personally.
You can revoke your consent at any time with future effect via the cookie or consent settings. After revocation, the statistical services will no longer be loaded.
Google Analytics
Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies (e.g., _ga, _ga_B0LNY9YBY3) that enable the analysis of how our website is used. These cookies are only set with your prior consent.
The following data, in particular, may be processed within the scope of Google Analytics:
• Online identifiers (e.g., cookie IDs),
• Usage data (e.g., page views, time spent on site),
• Device and browser information.
When using Google Analytics 4, IP addresses are processed in a truncated form by default.
Legal basis:
• Section 25(1) of the German Telemedia Act (TDDDG) for the storage and retrieval of information on your device (cookies)
• Article 6(1)(a) of the General Data Protection Regulation (GDPR) for the subsequent processing of personal data (consent)
Google processes the data on our behalf. A contract for data processing has been concluded with Google in accordance with Art. 28 GDPR.
It cannot be ruled out that personal data may be transferred to Google servers in the United States. Google is certified under the EU-US Data Privacy Framework and thus ensures an adequate level of data protection.
The data collected by Google Analytics is stored for a period of up to 12 months and is subsequently automatically deleted or anonymized, provided there are no legal retention obligations.
You may revoke your consent at any time with future effect via the cookie or consent settings. After revocation, the aforementioned statistical services - including Google Analytics - will no longer be loaded.
For more information on data processing by Google, please visit:
https://policies.google.com/privacy
Social Media
On our website, we use only simple links to our company profiles on social media platforms (LinkedIn, Instagram, YouTube). These links are not social media plugins. Simply visiting our website does not establish a direct connection between your browser and the servers of the respective social media platforms. Personal data is processed only when you actively click on the respective link.
Privacy Policy Regarding the Use of LinkedIn
We maintain a publicly accessible company profile on the social network LinkedIn.
Visiting our LinkedIn profile results in the processing of personal data by us and by the operator of the social network. Below, we provide information about the nature, scope, and purpose of data processing in connection with our LinkedIn profile.
The joint controllers within the meaning of Article 26 of the GDPR for the processing of personal data in connection with visits to our LinkedIn profile are:
MAYRHÖNES Metallumformung GmbH, Boschstraße 6, 73655 Plüderhausen
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
LinkedIn provides the joint controller agreement pursuant to Article 26 of the GDPR: https://legal.linkedin.com/pages-joint-controller-addendum
When you visit our LinkedIn profile, LinkedIn processes personal data, in particular:
This data processing takes place even if you do not have your own LinkedIn account or are not logged in to LinkedIn.
We ourselves can only view publicly visible profile information and content with which you actively interact on our LinkedIn profile. In addition, LinkedIn provides us with aggregated and anonymized usage statistics (“LinkedIn Page Insights”).
We do not have access to individual or raw personal data.
Personal data is processed for the following purposes:
The processing of personal data in connection with the operation of our LinkedIn profile is based on our legitimate interest, pursuant to Article 6(1)(f) of the GDPR, in conducting modern public relations and corporate communications.
If you contact us directly via LinkedIn (e.g., through messages or public interactions), the processing of your data is additionally based on:
When using LinkedIn, personal data may be transferred to third countries (in particular the United States).
LinkedIn uses appropriate safeguards for this purpose, in particular standard contractual clauses pursuant to Art. 46 GDPR.
However, there is a risk that U.S. authorities may access personal data without you having access to legal remedies comparable to those available within the EU.
The personal data we store in connection with communication via LinkedIn will be deleted as soon as the purpose of the processing no longer applies or you request that we delete it, provided there are no legal retention requirements. In such cases, processing will be restricted.
We have no influence over the retention period of the personal data processed by LinkedIn. You can find information on this in LinkedIn’s privacy policy.
LinkedIn uses cookies and similar technologies to:
These cookies may also be stored on your device even if you do not have your own LinkedIn profile or are not logged in. For more information on data processing and the cookies used, please refer to LinkedIn’s Privacy Policy at: https://www.linkedin.com/legal/privacy-policy
You may generally exercise your data subject rights (e.g., access, rectification, erasure, restriction of processing, objection) with both us and LinkedIn. Under the joint controller arrangement pursuant to Article 26 of the GDPR, LinkedIn assumes primary responsibility for fulfilling data subject rights.
Privacy Policy Regarding the Use of Instagram
We maintain a publicly accessible company profile on the social media platform Instagram.
Visiting our Instagram profile results in the processing of personal data by both us and the platform operator. Below, we provide information about the nature, scope, and purpose of data processing in connection with our profile on this social media platform.
For the processing of personal data in connection with visits to our Instagram profile, we are joint controllers with the platform operator within the meaning of Article 26 of the GDPR:
MAYRHÖNES Metallumformung GmbH, Boschstraße 6, 73655 Plüderhausen
Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
The agreement on joint responsibility (“Page Controller Addendum”) is provided by Meta Platforms at: https://www.facebook.com/legal/controller_addendum
In this agreement, Meta Platforms assumes primary responsibility for fulfilling data subjects’ rights under data protection law (e.g., access, erasure).
When you visit our Instagram profile, Meta Platforms processes the following personal data in particular:
This data processing takes place even if you do not have your own Instagram profile or are not logged in.
We ourselves receive only anonymized and aggregated usage statistics (so-called “Page Insights”) from Meta Platforms, which do not allow us to identify individual persons. We have no access to the underlying raw personal data.
The processing of personal data in connection with our Instagram profile is based on our legitimate interest, pursuant to Article 6(1)(f) of the GDPR, in conducting modern public relations and corporate communications.
If you contact us directly via Instagram (e.g., through comments, posts, or direct messages), the processing of your personal data is additionally based on:
Article 6(1)(b) of the GDPR (pre-contractual measures / communication) or
Article 6(1)(a) of the GDPR (consent)
The personal data we process in the context of communication via Instagram will be deleted as soon as the purpose of the processing no longer applies and there are no legal retention obligations.
We have no influence over the retention period of the personal data processed by Meta Platforms. You can find information on this in Instagram’s Privacy Policy.
When you visit Instagram, Meta Platforms uses cookies and similar technologies to analyze user behavior, create user profiles, and display personalized advertising both on and off Instagram. These cookies may also be stored on your device even if you do not have your own profile or are not logged in.
For more information about Instagram’s data processing practices and the cookies it uses, please refer to Meta Platforms’ Privacy Policy at: https://privacycenter.instagram.com/policy
You may generally exercise your data subject rights (e.g., access, rectification, erasure) with both us and Meta Platforms. Meta Platforms assumes primary responsibility for fulfilling these rights within the framework of joint controllership pursuant to Article 26 of the GDPR.
YouTube Videos
Our website embeds videos from the YouTube streaming service. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
YouTube videos are embedded via a consent mechanism (consent banner). No connection to Google’s servers is established and no personal data is transmitted to Google before you give your consent.
The respective YouTube video is loaded only after you have given your explicit consent. In doing so, Google processes personal data on its own responsibility. The data processed may include, in particular, the IP address, browser and device information, the referrer URL, and information about the videos played. In addition, YouTube may store information in local storage on your device.
The videos are embedded in YouTube’s enhanced privacy mode. According to Google, no cookies for usage analysis are set initially. However, further data processing by Google cannot be ruled out.
It cannot be ruled out that personal data may also be transferred to Google servers in the United States. Google uses appropriate safeguards for this purpose in accordance with Art. 44 et seq. of the GDPR, in particular the EU Standard Contractual Clauses.
The legal basis for storing and reading information on your device is Section 14(1) of the TDDDG. The subsequent processing of personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR.
You may revoke your consent at any time with future effect via the consent settings.
Further information on data processing by Google can be found in Google’s Privacy Policy at: https://policies.google.com/privacy
Google Maps (external link)
We provide an external link to Google Maps on our website to help you find your way to our location.
This is a simple link. Simply visiting our website does not result in any personal data being transmitted to Google.
A connection to Google’s servers is established only when you click on the link.
From that point on, Google LLC is responsible for the processing of personal data. For more information on data processing, please refer
to Google’s Privacy Policy: https://policies.google.com/privacy
Newsletter
To subscribe to our newsletter, we require your email address and, if applicable, additional voluntary information.
We use the CleverReach service to send out the newsletter. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.
CleverReach is a service that allows us to organize the distribution and analysis of newsletters. The data transmitted during the newsletter sign-up process (e.g., email address) is stored on CleverReach servers in Germany or within the European Union.
Our newsletters sent via CleverReach allow us to analyze user behavior, such as whether an email was opened or which links were clicked. Additionally, using so-called conversion tracking, we can analyze whether a predefined action (e.g., a purchase or page view) occurred after clicking a link in the newsletter.
The processing of your data is based solely on your consent in accordance with Article 6(1)(a) of the GDPR. This consent also covers the analysis of newsletter behavior described above.
You may revoke your consent at any time with future effect by using the unsubscribe link at the end of each newsletter. The lawfulness of the processing carried out prior to revocation remains unaffected.
After unsubscribing from the newsletter, your data will be deleted from both our systems and CleverReach’s servers, provided there are no other legal retention obligations.
We have entered into a data processing agreement with CleverReach in accordance with Article 28 of the GDPR.
For more information on data protection at CleverReach, please visit: https://www.cleverreach.com/de/datenschutz/
reCAPTCHA
To protect our online forms from abusive automated submissions (spam), we use the reCAPTCHA service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA analyzes the behavior of the website visitor (e.g., IP address, time of entry, mouse movements, device and browser information) to determine whether an entry is being made by a human. This analysis takes place automatically in the background.
The legal basis for the processing is Article 6(1)(f) of the GDPR. Our legitimate interest lies in protecting our website from abusive automated spying and spam.
To the extent that reCAPTCHA stores or reads information on your device, this is done on the basis of Section 14(2) of the German Telemedia Act (TDDG), as its use is necessary to ensure the functionality of the website.
It cannot be ruled out that personal data may also be transferred to Google servers in the United States. Google is certified under the EU-US Data Privacy Framework and thus ensures an adequate level of data protection.
For more information on data processing by Google, please visit: https://policies.google.com/privacy
Applications via Email and Mail
We offer you the option to apply for our job openings via email and mail. Below, we provide information about how we process your personal data as part of the application process.
As part of your application, we process the following personal data in particular:
Your personal data will be processed exclusively for the following purposes:
The processing of your personal data is based on:
If you voluntarily provide us with special categories of personal data (e.g., health data), such data will be processed on the basis of Article 9(2)(b) of the GDPR in conjunction with Section 26(3) of the BDSG.
Your application data will be processed exclusively by the persons within our company responsible for the application process.
No data will be disclosed to third parties unless there is a legal obligation to do so.
Your personal data will be stored only for as long as is necessary to make a decision regarding your application. If no employment relationship is established, your application documents will be deleted no later than six months after the conclusion of the application process, unless longer storage is based on your consent or statutory retention obligations apply.
Application via Email
Alternatively, you can also send us your application via email. Please note that data transmitted via email is generally unencrypted and may therefore be vulnerable to security breaches, such as unauthorized access by third parties during transmission. The use of email is therefore voluntary.
If you wish to avoid security risks, we recommend that you send your application to us by mail.
Please do not send us any special categories of personal data (e.g., health information) via unencrypted email unless absolutely necessary.
Application by Mail
You may also send us your application materials by mail.
Personal data submitted as part of a mail-in application will be processed solely for the purpose of conducting the application process.
Once the application process is complete, application documents submitted by mail will be either destroyed in accordance with data protection regulations or - if you so desire - returned to you.
Data will only be retained beyond the specified period if there is a legal obligation to do so or if you have expressly consented to longer-term storage.
Data Transfer Upon Conclusion of a Contract for Services and Digital Content
We transfer personal data to third parties only to the extent necessary to fulfill the contract. This includes, in particular, service providers for payment processing, IT services, or shipping.
The data transfer is based on Article 6(1)(b) of the GDPR (for the performance of a contract or the implementation of pre-contractual measures).
Any further transfer of personal data takes place only if you have expressly consented (Art. 6(1)(a) GDPR) or if we are legally obligated to do so (Art. 6(1)(c) GDPR). Your data will not be shared for advertising purposes without your express consent.
Your Rights
Under the GDPR, you are entitled to the following legal rights as a data subject, provided that the relevant conditions are met:
Right to Object / Competent Data Protection Supervisory Authority
If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) of the GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 of the GDPR, provided there are grounds for doing so arising from your particular situation.
If you wish to exercise your right to object, simply send an email to: datenschutz@mayrhoenes.de
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The competent data protection supervisory authority is:
The State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg (LfDI BW), Heilbronner Straße 35, 70191 Stuttgart, Germany
Phone: +49 (0)711 615541-0
Email: poststelle@lfdi.bwl.de
Changes and Updates to the Privacy Policy
This Privacy Policy is currently in effect and is dated May 2026.
As our website and services evolve, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy.
This website uses cookies for functional and processing purposes. Because we value your privacy, we are asking for your consent. You can view or change your cookie settings at any time in the Privacy Policy
| PHPSESSID | Saving the current user session. Duration of storage: Session. |
| _language | Saving the user's preferred display language. Retention period: 30 days. |
| _ga | To uniquely identify the user. Storage period: 2 years |